Search Results

Search found 8983 results on 360 pages for 'active attr'.

Page 47/360 | < Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >

  • How to add NT Virtual Machine\Virtual Machines to GPO

    - by Nicola Cassolato
    I have a Windows 2012 Server with Hyper-V enabled and a few virtual machines. My current configuration has a few account in the "Log on as a service" list in the domain policies, and sometimes this prevent my virtual machines from starting (I get this error: 'Error 0x80070569 ('VM_NAME' failed to start worker process: Logon Failure: The user has not been granted the requested logon type at this computer.') As described in this KB I would like to add NT Virtual Machine\Virtual Machines to my "Log on as a service" list to resolve my problem. My problem is that when I try to add that user to my domain policy I get an error message: "The following account could not be validated". My domain controller obviously doesn't know about that user since it's not an Hyper-V enabled server. How can I add that account to my Domain Policies?

    Read the article

  • Problems with cross forest authentication in SQL Reporting

    - by chunkyb2002
    We're currently running an SQL 2008 R2 Cluster with Reporting Services running, all for use with System Center Operations Manager 2007 R2 (RU3). Our users are on a different domains to the SCOM and SQL servers (we have two domains as we are in the process of a domain migration) We have no problems at all with users accessing reports via the SCOM Console or the Web interface if they are on the new domain which runs at 2008 R2 functional level. However users on the old domain (which runs at a 2003 functional level) cannot access reports on SCOM or via the web interface (http://sqlserver/reports) The error we get is: An error occurred when invoking the authorization extension. (rsAuthorizationExtensionError) For more information about this error navigate to the report server on the local server machine, or enable remote errors Taking the errors advise we logged on to the SQL server as a user on the old domain (which works fine!) and then try to authenticate with the reporting via the web interface which produces this most useful of errors: An error occurred when invoking the authorization extension. (rsAuthorizationExtensionError) The creator of this fault did not specify a Reason. Things we've tried: Recreating the trust between domains Ensuring the SQL Reporting service account was a member of Windows Authorization Access Group on the 2003 domain Added users on the 2003 domain explicitly to the Reporting Users group on the SQL Server Has anyone come across this issue before perhaps in a different scenario? If so how was it resolved? Thanks in advance for any help.

    Read the article

  • IIS7.5 Domain Account Application Pool Identity for SQL Server Authentication

    - by Gareth Hill
    In Windows Server 2003/IIS6 land we typically create an app pool that runs as the identity of an AD account created with minimal privileges simply for that purpose. This same domain user would also be granted access to SQL Server so that any ASP.NET application in that app pool would be able to connect to SQL Server with Integrated Security=SSPI. We are making a brave move to the world of Windows Server 2008 R2/IIS7.5 and are looking to replicate this model, but I am struggling with how to make the application pool in IIS7.5 run as the identity of an AD account? I know this sounds simple and hopefully it is, but my attempts so far have been fruitless. Should the application pool identity be a 'Custom account' for a domain account? Does the domain account need to be added to any groups?

    Read the article

  • Group Policy error 1006 with and error code 52

    - by Bernesto
    I have a hyper-v cluster operating on win2k8 R2 in a 2003 forest. These servers are at our NOC with a DC that connects to our PDC at HQ via a persistent VPN. The cluster boxes are reporting a error event ID 1006 shown below. The DC is also reporting an error 5805 also shown below. I have found numorus posts regarding 1006 errors, but none for error ID 52's. It's weird, I can ping and I can browse network shares on the DC from each. I thought maybe a DNS or net work issue, but nslook up works too. Event 1006 <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" /> <EventID>1006</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>1</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2013-12-17T00:08:19.582292600Z" /> <EventRecordID>41808</EventRecordID> <Correlation ActivityID="{26B10592-6228-4A3E-845B-E04B49702A54}" /> <Execution ProcessID="964" ThreadID="1384" /> <Channel>System</Channel> <Computer>NEOREEFVH1.neoreef.com</Computer> <Security UserID="S-1-5-18" /> </System> <EventData> <Data Name="SupportInfo1">1</Data> <Data Name="SupportInfo2">5012</Data> <Data Name="ProcessingMode">0</Data> <Data Name="ProcessingTimeInMilliseconds">1138</Data> <Data Name="ErrorCode">52</Data> <Data Name="ErrorDescription">Unavailable</Data> <Data Name="DCName" /> </EventData> </Event> Event 5805 Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 5805 Date: 12/16/2013 Time: 2:32:01 PM User: N/A Computer: NEOREEFSRV15 Description: The session setup from the computer NEOREEFVH3 failed to authenticate. The following error occurred: Access is denied. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 22 00 00 c0 "..À Here are the networks on the hosts: Any with a "Enabled" Are virtual switches.

    Read the article

  • Can't view database on SQL Server 2008 with domain user

    - by abatishchev
    I created a login for a domain user (domain admin) and added it to role serveradmin, but after logging in I still can't list databases getting next error: The database MyDB is not accessible. (ObjectExplorer) Program Location: at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.DatabaseNavigableItem.get_CanGetChildren() at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.NavigableItem.GetChildren(IGetChildrenRequest request) at Microsoft.SqlServer.Management.UI.VSIntegration.ObjectExplorer.ExplorerHierarchyNode.BuildChildren(WaitHandle quitEvent) How can I fix that?

    Read the article

  • ADFS 2.1 proxy trust establishment error

    - by Tommy Jakobsen
    I'm trying to install an ADFS proxy. In our intranet we have a ADFS 2.1 server running on Windows 2012 which is working fine. Now we're trying to deploy a proxy to this one for internet access, using Windows 2012 R2's Web Application Proxy. I'm getting the following error on the proxy server, event ID 393: Message : An error occurred while attempting to establish a trust relationship with the Federation Server. An error occurred when attempting to establish a trust relationship with the federation service. Error: Forbidden Context : DeploymentTask Status : Error I'm not getting any errors on the ADFS server. I've tried with different credentials. The ADFS service account, a domain administrator who is a member of the local administrators group on the ADFs server, and the local administrator account on the ADFS server. Same error message. Both port 80 and 443 is accessible from the proxy server to the internal ADFS server, and I can access the ADFS metadata endpoint from the proxy server. I'm using the same trusted SSL certificate (wildcard) on both machines. Do you have any ideas that can help me troubleshoot this problem?

    Read the article

  • IIS 7 Authentication: Certain users can't authenticate, while almost all others can.

    - by user35335
    I'm using IIS 7 Digest authentication to control access to a certain directory containing files. Users access the files through a department website from inside our network and outside. I've set NTFS permissions on the directory to allow a certain AD group to view the files. When I click a link to one of those files on the website I get prompted for a username and password. With most users everything works fine, but with a few of them it prompts for a password 3 times and then get: 401 - Unauthorized: Access is denied due to invalid credentials. But other users that are in the group can get in without a problem. If I switch it over to Windows Authentication, then the trouble users can log in fine. That directory is also shared, and users that can't log in through the website are able to browse to the share and view files in it, so I know that the permissions are ok. Here's the portion of the IIS log where I tried to download the file (/assets/files/secure/WWGNL.pdf): 2010-02-19 19:47:20 xxx.xxx.xxx.xxx GET /assets/images/bullet.gif - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 200 0 0 218 2010-02-19 19:47:20 xxx.xxx.xxx.xxx GET /assets/images/bgOFF.gif - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 200 0 0 218 2010-02-19 19:47:21 xxx.xxx.xxx.xxx GET /assets/files/secure/WWGNL.pdf - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 401 2 5 0 2010-02-19 19:47:36 xxx.xxx.xxx.xxx GET /assets/files/secure/WWGNL.pdf - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 401 1 2148074252 0 2010-02-19 19:47:43 xxx.xxx.xxx.xxx GET /assets/files/secure/WWGNL.pdf - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 401 1 2148074252 15 2010-02-19 19:47:46 xxx.xxx.xxx.xxx GET /manager/media/script/_session.gif 0.19665693119168282 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 200 0 0 203 2010-02-19 19:47:46 xxx.xxx.xxx.xxx POST /manager/index.php - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 200 0 0 296 2010-02-19 19:47:56 xxx.xxx.xxx.xxx GET /assets/files/secure/WWGNL.pdf - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 401 1 2148074252 15 2010-02-19 19:47:59 xxx.xxx.xxx.xxx GET /favicon.ico - 80 - 10.5.16.138 Mozilla/5.0+(Windows;+U;+Windows+NT+6.1;+en-US)+AppleWebKit/532.5+(KHTML,+like+Gecko)+Chrome/4.0.249.89+Safari/532.5 404 0 2 0 Here's the Failed Logon attempt in the Security Log: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 2/19/2010 11:47:43 AM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: WEB4.net.domain.org Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: jim.lastname Account Domain: net.domain.org Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc000006a Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: - Source Network Address: 10.5.16.138 Source Port: 50065 Detailed Authentication Information: Logon Process: WDIGEST Authentication Package: WDigest Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" /> <EventID>4625</EventID> <Version>0</Version> <Level>0</Level> <Task>12544</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords> <TimeCreated SystemTime="2010-02-19T19:47:43.890Z" /> <EventRecordID>2276316</EventRecordID> <Correlation /> <Execution ProcessID="612" ThreadID="692" /> <Channel>Security</Channel> <Computer>WEB4.net.domain.org</Computer> <Security /> </System> <EventData> <Data Name="SubjectUserSid">S-1-0-0</Data> <Data Name="SubjectUserName">-</Data> <Data Name="SubjectDomainName">-</Data> <Data Name="SubjectLogonId">0x0</Data> <Data Name="TargetUserSid">S-1-0-0</Data> <Data Name="TargetUserName">jim.lastname</Data> <Data Name="TargetDomainName">net.domain.org</Data> <Data Name="Status">0xc000006d</Data> <Data Name="FailureReason">%%2313</Data> <Data Name="SubStatus">0xc000006a</Data> <Data Name="LogonType">3</Data> <Data Name="LogonProcessName">WDIGEST</Data> <Data Name="AuthenticationPackageName">WDigest</Data> <Data Name="WorkstationName">-</Data> <Data Name="TransmittedServices">-</Data> <Data Name="LmPackageName">-</Data> <Data Name="KeyLength">0</Data> <Data Name="ProcessId">0x0</Data> <Data Name="ProcessName">-</Data> <Data Name="IpAddress">10.5.16.138</Data> <Data Name="IpPort">50065</Data> </EventData> </Event>

    Read the article

  • Server 2012 AD-DS Setup Fails (Microsoft.Directory.Services.Deployment.DeepTasks.DeepTasks not found)

    - by Daniel Steiner
    Good Morning everyone, I am currently trying to promote my 2012 Server to a Domain Controller but when I am at the first step in the setup I get the Error Message (German, Original Message): [Bereitstellungskonfiguration] Fehler bei der Bestimmung, ob der Zielserver bereits ein Domänencontroller ist: Der Typ [Microsoft.Directory.Services.Deployment.DeepTasks.DeepTasks] wurde nicht gefunden: Vergewissern Sie sich, dass die Assembly, die diesen Typ enthält, geladen ist. (Translated to English): Error while determining, if the Targetserver already is a Domain Controller: The Type [Microsoft.Directory.Services.Deployment.DeepTasks.DeepTasks] was not found: Make sure, that the assembly, that contains this type, is loaded. Thus I can neither Configure the AD-DS nor deinstall them via Server Manager. Any Help how to fix that problem would be greatly appricieated.

    Read the article

  • Thunderbird msi installer package

    - by Comradin
    Hello, I am in need of a thunderbird msi (Microsoft Installer) package which can be deployed via group policies using Microsoft ActiveDirectory. I am very pleased with the Firefox packaged provided by FrontMotion but unfortunately they do not have packages for Thunderbird. sob sob I guess, I could try to do the packaging myself, or do all of the installations by hand :( I did some searches and found very outdated packages by ZettaServe, but no current releases, yet.. Anyone using .msi packaged Thunderbird installations? If you have msi packages, where did you get them from? regards, Comradin

    Read the article

  • LDAP authentication issue with Kerio Connect

    - by djk
    We have Kerio Connect (mail server) running on a Windows Server 2003 server on a domain. In the webmail client, users are able to change their domain password. This functionality used to work fine until a user tried to change their password a few days ago, when every password they'd try would result in the webmail client claiming their password was "invalid". I spoke to Kerio about this and they claim that this error is returned by the domain controller, which supports my initial investigations. The error that the DC is logging when an attempt is made to change the password is this: "80090308: LdapErr: DSID-0C090334, comment: AcceptSecurityContext error, data 52e, vece" The "data 52e" part indicates that this is an "invalid credentials" error. I don't see how this can be as I've tried (in the Kerio Connect configuration) various accounts that have privileges to modify accounts, including my own as I am a domain admin. I have ran 'dcdiag' (all tests) on the DC and it came back passing every single one of them. I've searched high and low for an answer to this and came up empty. Does anyone have any idea why this may have suddenly started happening? Thanks! Edit: I should mention that the passwords we are changing to do comply with the complexity policy.

    Read the article

  • ActiveSync devices causing accounts to lockout

    - by Abdullah
    When a user changes his account password for whatever reason (read: expired), and the old password is stored in his mobile device connected through EAS. This will cause his account almost immediately - as it should according to the lockout policy defined in the AD. It was easy to figure out that part. The hard part is keeping it from happening. I looked everywhere. Nothing. Basically there are four parts to the puzzle: the EAS device, the TMG (ISA) server, the EAS protocol and finally the AD. None of them have a way to stop the EAS device from failing to authenticate. So I figured I'll have to come up with a clever workaround. And the only thing I could come up with is to create a group for all EAS users and exclude them from the lockout policy, which obviously defeats the whole purpose of the policy, or to educate the users to update their devices with the new passwords, which is impossible. The question: Can you think of any other way to prevent EAS from locking out the accounts? Environment: Mostly iOS devices all through EAS. TMG 2010. Exchange 2007. AD 2008 R2.

    Read the article

  • Share folder and access this folder on different domain

    - by michel
    the following situations: i have two pc's. My work desktop with XP and logged on in domain mywork.com. This desktop also has two network card. one for logging on the mywork.com domain and using the intranet etc. this desktop also has a network card with access to a switch. the other pc is a windows 7 pc. with is logged in to workgroup domain and also access the switch. now i want to access a shared folder from XP with my 7. but this is not possible because XP is in a different domain. 7 is asked for a user and password but i can't fill in my "mywork.com" login. how can i solve this?

    Read the article

  • Clients not updating with approved updates from WSUS

    - by Ross
    Hi All, I've been a bit behind in my windows XP updates recently, and I have about 18 or so I need to roll out to all our users, according to WSUS. I'm trying it on a couple of test PCs, and so far i've had no luck. On each one, one update would install (and need a reboot), and nothing else since. When I run wuauclt.exe /detectnow, I get this in the windowsupdate.log: 2009-10-29 17:27:10:624 1128 93c AU Triggering AU detection through DetectNow API 2009-10-29 17:27:10:624 1128 93c AU Triggering Online detection (non-interactive) 2009-10-29 17:27:10:624 1128 504 AU ############# 2009-10-29 17:27:10:624 1128 504 AU ## START ## AU: Search for updates 2009-10-29 17:27:10:624 1128 504 AU ######### 2009-10-29 17:27:10:624 1128 504 AU <<## SUBMITTED ## AU: Search for updates [CallId = {59353978-CBA7-4B0B-AFD3-515577D3C16B}] 2009-10-29 17:27:10:624 1128 a14 Agent ************* 2009-10-29 17:27:10:624 1128 a14 Agent ** START ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-10-29 17:27:10:624 1128 a14 Agent ********* 2009-10-29 17:27:10:624 1128 a14 Agent * Online = Yes; Ignore download priority = No 2009-10-29 17:27:10:624 1128 a14 Agent * Criteria = "IsHidden=0 and IsInstalled=0 and DeploymentAction='Installation' and IsAssigned=1 or IsHidden=0 and IsPresent=1 and DeploymentAction='Uninstallation' and IsAssigned=1 or IsHidden=0 and IsInstalled=1 and DeploymentAction='Installation' and IsAssigned=1 and RebootRequired=1 or IsHidden=0 and IsInstalled=0 and DeploymentAction='Uninstallation' and IsAssigned=1 and RebootRequired=1" 2009-10-29 17:27:10:624 1128 a14 Agent * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} 2009-10-29 17:27:10:624 1128 a14 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-10-29 17:27:10:655 1128 a14 Misc Microsoft signed: Yes 2009-10-29 17:27:10:702 1128 a14 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wuident.cab: 2009-10-29 17:27:10:702 1128 a14 Misc Microsoft signed: Yes 2009-10-29 17:27:10:780 1128 a14 Misc Validating signature for C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.cab: 2009-10-29 17:27:10:780 1128 a14 Misc Microsoft signed: Yes 2009-10-29 17:27:10:796 1128 a14 Setup *********** Setup: Checking whether self-update is required *********** 2009-10-29 17:27:10:796 1128 a14 Setup * Inf file: C:\WINDOWS\SoftwareDistribution\SelfUpdate\Default\wsus3setup.inf 2009-10-29 17:27:10:796 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\cdm.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:796 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:796 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuapi.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:796 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuauclt.exe: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuaucpl.cpl.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuaueng.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wucltui.dll.mui: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wups.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wups2.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup Update NOT required for C:\WINDOWS\system32\wuweb.dll: target version = 7.1.6001.65, required version = 7.1.6001.65 2009-10-29 17:27:10:874 1128 a14 Setup * IsUpdateRequired = No 2009-10-29 17:27:17:468 1128 a14 PT +++++++++++ PT: Synchronizing server updates +++++++++++ 2009-10-29 17:27:17:468 1128 a14 PT + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = hxxp://dublindc2/ClientWebService/client.asmx 2009-10-29 17:27:55:157 1128 a14 Agent * Found 0 updates and 46 categories in search; evaluated appl. rules of 478 out of 678 deployed entities 2009-10-29 17:27:55:173 1128 a14 Agent ********* 2009-10-29 17:27:55:173 1128 a14 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates] 2009-10-29 17:27:55:173 1128 a14 Agent ************* 2009-10-29 17:27:55:189 1128 f1c AU >>## RESUMED ## AU: Search for updates [CallId = {59353978-CBA7-4B0B-AFD3-515577D3C16B}] 2009-10-29 17:27:55:189 1128 f1c AU # 0 updates detected 2009-10-29 17:27:55:189 1128 f1c AU ######### 2009-10-29 17:27:55:189 1128 f1c AU ## END ## AU: Search for updates [CallId = {59353978-CBA7-4B0B-AFD3-515577D3C16B}] 2009-10-29 17:27:55:189 1128 f1c AU ############# 2009-10-29 17:27:55:189 1128 f1c AU AU setting next detection timeout to 2009-10-29 21:01:30 2009-10-29 17:27:55:189 1128 f1c AU Setting AU scheduled install time to 2009-10-30 13:00:00 2009-10-29 17:27:55:251 1128 a14 Report Uploading 2 events using cached cookie, reporting URL = hxxp://dublindc2/ReportingWebService/ReportingWebService.asmx 2009-10-29 17:27:55:267 1128 a14 Report Reporter successfully uploaded 2 events. 2009-10-29 17:28:00:173 1128 a14 Report REPORT EVENT: {BD891590-784B-4001-8116-D83962DAB749} 2009-10-29 17:27:55:173-0000 1 147 101 {00000000-0000-0000-0000-000000000000} 0 0 AutomaticUpdates Success Software Synchronization Windows Update Client successfully detected 0 updates. 2009-10-29 17:28:00:173 1128 a14 Report REPORT EVENT: {E578C377-5E09-4F4C-AB28-FE5131E2D6A7} 2009-10-29 17:27:55:173-0000 1 I've tried deleting everything in the C:\Windows\SoftwareDistribution, stopping the services, rebooting etc. Can anyone decipher the log to see where it's going wrong? Many thanks!

    Read the article

  • JoinDomainOrWorkgroup Method FJoinOptions help

    - by Ben
    Anyone have experience of using the JoinDomainOrWorkgroup Method of the Win32_ComputerSystem Class? I want to write a powershell script to join a machine to a domain. There may be an existing computer account for the machine, and if so I want to delete it and rejoin to the domain. I've already scripted the "search and destroy" part that will delete the computer account if it exists, but just noticed the FJoinOptions switches on Technet. Trouble is - they're a bit ambiguous. Does 4 (0x4) Deletes an account when a domain exists. mean it will delete the computer account if it already exists on the domain? Also, can you specify the computername you want to join the machine under with this method, or should you do a rename and then join the domain. Cheers, Ben NB - I've been using the guide at http://msdn.microsoft.com/en-us/library/aa392154(VS.85).aspx - not sure if there's a better resource out there.

    Read the article

  • how to extract all permissions that a domain user have on the network

    - by Alexandre Jobin
    I would like to know all the permissions a windows domain user have in my network. Is there a way, with a script file or a tool, that can extract this kind of information by checking all the servers and computers in my network? I'm on a Microsoft network with Windows Server 2008 R2, Windows XP, Windows 7. The report should include these kind of informations: report all permissions that the domain user have (read, write, etc...) if the domain user is in a domain group, tell me the permissions that this group have in my network so the report could be something like this: Permissions for USER_A in the DOMAIN.COM the user is part of theses domain groups: GROUP_A GROUP_B SERVER_A W:\wwwRoot (R/W inherited from GROUP_A) W:\sharedFolder (R) SERVER_B c:\projects (R/W) c:\projects\project_a (R/W) c:\projects\project_b (R/W) c:\dumpfolder (R/W inherited from GROUP_B) COMPUTER_A LOCAL\Administrator c:\ (R/W)

    Read the article

  • Group policy waited for the network subsystem

    - by the-wabbit
    In an AD domain with Windows Server 2008 R2 DCs users are complaining about delays in the bootup process of the clients. The group policy log reveals that the client is waiting ~ 20-50 seconds for "the network subsystem": Event 5322, GroupPolicy Group policy waited for 29687 milliseconds for the network subsystem at computer boot. This appears to be domain-specific as machines joining a different domain from the same network do not experience any delays and Event 5322 reports <1000 ms wait times at startup. It happens on virtual and physical machines alike, so it does not look like a hardware- or driver-related issue. Further investigation has shown that the client is taking its time before issuing DHCP requests. In the network traces, I can see IPv6 router solicitations and multicast DNS name registrations as soon as the network driver is loaded and the network connection is reported "up" in the event log (e1cexpress/36). Yet, the DHCPv4 client service seems to take another 15-50 seconds to start (Dhcp-Client/50036), so the IPv4 address remains unconfigured for a while. The DHCP client's messages in the event log are succeeding the service start of the "Sophos Anti-Virus" service (Sophos AV 10.3 package), which I suspect to be the culprit - the DHCP client service dependencies include the TDI Support driver which might be what Sophos is using to intercept network traffic: Network Location Awareness seems to break at startup as a side-effect, I see that off-site DCs are contacted due to what seems like a race condition between the GP client and the DHCP client / NLA service startup. I could set the Group Policy Client service to depend on NLA, yet this still would not eliminate the delay. Also, I am not all that sure that this is a good idea. Is there a known resolution which would eliminate the startup delay?

    Read the article

  • Two-way Trust relationship between Samba 3 and AD 2008 R2

    - by Romain
    Did somebody already make a two-way trust relationship between Samba 3 and AD ? I've got Samba 3.5 domain (ES02) controller and AD 2008 R2 domain (ES01) controller. Trust domain seems to be ok: Trusted domains list: ES01 S-1-5-21-1816646249-803782145-3669927669 Trusting domains list: ES01 S-1-5-21-1816646249-803782145-3669927669 I can login AD domain workstation with a Samba user account and access to AD domain workstation shares from Samba workstation with Samba user account. BUT, when I try to access to Samba domain workstation shares from AD domain workstation with AD account (test), I've got this: [2012/12/16 23:00:26.146090, 5] auth/auth.c:268(check_ntlm_password) check_ntlm_password: winbind authentication for user [test] FAILED with error NT_STATUS_NO_SUCH_USER [2012/12/16 23:00:26.146123, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [test] - [test] FAILED with error NT_STATUS_NO_SUCH_USER When I try to access samba share with the Administrator account that I create on both side with same password, I've got this: [2012/12/16 22:57:22.701841, 1] rpc_server/srv_pipe_hnd.c:1602(serverinfo_to_SamInfo_base) _netr_LogonSamLogon: user ES01\Administrator has user sid S-1-5-21-1816646249-803782145-3669927669-500 but group sid S-1-5-21-3405883886-2425668597-4100599511-513. The conflicting domain portions are not supported for NETLOGON calls I don't know if winbind is working because of this: wbinfo -u root nobody smb3user administrator "wbinfo -u" should list all local and trusted users, no ? Any fresh idea would be appreciated, I've been reading all the Internet for 1 week... Regards,

    Read the article

  • an attempt was made to logon, but the network logon service was not started

    - by RodH257
    We've recently had a catastrophic raid failure on our servers, which were being backed up with shadow protect. After 3 days of copying I finally got our file server back in a VM. As we used a 'virtualboot' for the file server in the meantime, I effectively had two copies of the server on the network at once. In order to copy back the files that changed, I tried to rename the file server, and change its IP address (I should also mention, the file server is a backup DC). When I renamed it, it came up with an error, so I rebooted. Now I can't login, it says "an attempt was made to logon, but the network logon service was not started" I don't care if I have to recreate the Vm and reinstall windows, but I would like to be able to get the files off this VM. How can I get access to it?

    Read the article

  • Domain Controllers group not reflected in domain controllers credentials

    - by Molotch
    I set up a small testlab in vbox consisting of four servers. Two domain controllers dc01, dc02, one offline root ca and one online enterprise sub ca, ca01. All servers are based on Windows Server 2008 R2 Standard. Everything works as excpected except one thing. If I issue a certificate template with read, enroll and autoenroll rights to the security group "domain controllers" it does not let dc01 or dc02 to enumerate or enroll for the certificate. I've restarted both domain controllers several times to update their credential tokens with the correct group memberhips. So I added dc01 to the "domain computers" group and gave that group read, enroll and autoenroll rights in the template, bam, the certificate was issued. So my question is, why isn't the domain controllers group memberhips reflected in the domain controllers (dc01 and dc02) credentials? Can I view the computers credentials somehow and how should I go about trying to resolve the issue?

    Read the article

  • Windows Server 2008 R2 Print Server - Change Printer Names on All Client Systems

    - by Jeramy
    I have a Windows Server 2008 R2 print server set up hosting out multiple printers to my end users. I would like to change the naming convention for all of the printers hosted on the print server and want this change reflected on the client end. For example: I have a HP4000 printer named "Cottage" on the print server. I want to rename the printer "HR-1stFloor-220a" on the print server and I want this printer to appear on every client system with the new name. Simply renaming the printer on the server automatically creates a link from the old printer name to the new one, so all the clients work but the actual name, from their perspective, has not changed. Renaming the share name also does not visibly effect the end user (though it does update the port information). I would like to have the names of the printers be meaningful information regarding department and location, but this means that when they change hands or move I would need to update this information, and currently I am not seeing a way short of writing custom start-up scripts and remove/replacing them through AD. Is there a simple way of accomplishing this task? Thank you for your help.

    Read the article

  • Windows Domain Controller: Create a test environment from a production environment

    - by Robert Coggins
    I need to create a working test environment of a domain we have. I need to have all the data from the production environment in the test environment. What is the best way to go about doing this? Here are some ideas I have but I am not sure if there is a better/recommended way of doing this. Use Vmware converter to create a VM of one of the production DCs create a VM and promo it on the real domain and move the vm to my test environment. use some kind of backup utility to backup the domain info and restore it to my vm I created. Thanks in advance for any help!

    Read the article

  • SharePoint 2010 User Profile Synchronization

    - by manemawanna
    Hello, I'm completely new to working with SharePoint and Windows Server, but last week I was given a small brief to play with SharePoint 2010 to see how I got along with it. Anyway I've set up a SharePoint server and had a mess around to get some new sites and pages created etc, but I'm now looking to have a try at importing some AD groups. As part of this I've look at these tutorials, here and here. So far I've got through to the process of starting the User Profile Service which works fine, but when I get it starting the User Profile Synchronization service it sits on starting. But when I refresh the page or go to the monitoring section it shows it as aborted. Now I'm new to administering servers like I say and when I start the User Profile Synchronization service it tries to run as NT AUTHORITY\NETWORK SERVICE and asks for a password so I've been providing it with the admin password, now I'm not sure if this is part of the issue or not as I've checked the log files and they seem to say that it doesn't have permissions, which is fair enough, but I can't see how you can change the account even if I wanted to. So if anyone could help it would be appreciated, if you need any further information to help with an answer, just let me know.

    Read the article

  • Reboot loop after sysprep of AD machine

    - by rboarman
    Major screw-up here and I need to find out how much trouble I am in. I have an AD machine that is running Server 2008 R2, hyperv, DHCP and DNS. On the hyperv machine, I have a backup AD instance running along with a handfull of other server 2008 instances. Sysprep was run on the hyperv machine instead of one of the instances. I am attempting to bring the machine back up so I can try a system restore. When I boot the hyperv machine, I get an error that says “Windows could not complete the installation. To install windows on this computer , restart the installation” This message occurs in safe mode, AD restore mode and in last known configuration mode. How can I get my OS to boot at this point? Do I need to reinstall 2008 R2 from scratch?

    Read the article

  • Winbind group lookup painfully slow

    - by Marty
    I am running winbind on an RHEL 6 system. Everything works fine except group lookups, so many commands (including sudo) are painfully slow. I did an strace which shows that winbind looks up every group and every user within each group for the current user. Some of these groups have 20000+ users so a simple sudo can take 60 seconds to complete. I really only care about speeding up the sudo command. Ideal solutions would make it so either: groups with more than X number of users will not be looked up, or sudo bypasses group lookups altogether. Here is my current "smb.conf" for winbind: workgroup = EXAMPLE password server = AD1.EXAMPLE.ORG realm = EXAMPLE.ORG security = ads idmap uid = 10000-19999 idmap gid = 10000-19999 idmap config EXAMPLE:backend = rid idmap config EXAMPLE:range = 10000000-19999999 winbind enum users = no winbind enum groups = no winbind separator = + template homedir = /home/%U template shell = /bin/bash winbind use default domain = yes winbind offline logon = false

    Read the article

< Previous Page | 43 44 45 46 47 48 49 50 51 52 53 54  | Next Page >