Search Results

Search found 8983 results on 360 pages for 'active attr'.

Page 49/360 | < Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56  | Next Page >

  • VM image including ready-to-use Kerberos server?

    - by Nicolas Raoul
    I implemented client-side Kerberos support to an open source software, and I want to test it. I don't have a Kerberos network at home and unfortunately don't have the skills/time to reliably set up one. Is there a Virtual Machine image that I could fire up, and that would include a properly working Kerberos environment, so that I can test my client app? (freely downloadable Linux/Microsoft/anything all acceptable)

    Read the article

  • SCCM 2007 managing hosts in non trusted forest

    - by BoxerBucks
    I have an implementation of SCCM 2007 in forest "A" that manages hosts in that Windows 2008 forest. There is another forest/domain, "B", which I have no trust with that I need to manage hosts in as well. I don't need to push out clients from the SCCM console, I am going to install them manually. I just need the hosts in domain "B" to connect back to the forest/domain "A" for management purposes. To date, I have not added any AD objects to domain "B" for hosts to query for site, SLP or management point info. I am installing the hosts with the command line: ccmsetup.exe /mp:SCCM_Server /site:mysite SCCM_Server = FQDN of my sccm server (which is resolvable by the client) There are no ACL's between the two servers. From the logs, I can see the install complete and the client tries to query the local AD for the site info for "mysite" but it can't find it and it stops and never connects. Can anyone give me some direction as to how this should be setup?

    Read the article

  • Windows computer account appears to reset its own password, why?

    - by David Yu
    Has anyone seen this where a computer account appears to reset its password? The password for user 'WEST\SQLCLUSTER$' was reset by 'WEST\SQLCLUSTER$' on 'DOMAINCONTROLLER.WEST.company.corp' at '04/23/10 20:47:41' Event Type: Success Audit Event Source: Security Event Category: Account Management Event ID: 628 Date: Friday, April 23, 2010 Time: 8:47 PM User: WEST\SQLCLUSTER$ Computer: DOMAINCONTROLLER.WEST.company.corp Description: User Account password set: Target Account Name: SQLCLUSTER$ Target Domain: WEST Target Account ID: WEST\SQLCLUSTER$ Caller User Name: SQLCLUSTER$ Caller Domain: WEST Caller Logon ID: (0x0,0x7A518945)

    Read the article

  • How to set the SPN for Postgres SSPI

    - by chotchki
    I am trying to setup Postgres to support SSPI/Kerberos, however I think that I have not found out what the correct SPN that is needed to get it working. The background details: Service account for postgres: 'postgres' Domain Name: 'testdomain.com' Domain Controller: 'dc.testdomain.com' I have tried the following SPNs and have had zero luck: setspn -A HOST/testdomain.com postgres setspn -A HOST/testdomain postgres setspn -A POSTGRES/testdomain.com postgres setspn -A POSTGRES/testdomain postgres setspn -A POSTGRES/dc.testdomain.com postgres Does anyone have some suggestions?

    Read the article

  • Exclude client from sync with roaming profile?

    - by MAD9
    Hello friends, is it possible to exclude one machine from syncing its profile with the server? The situation is as follows: Our CEO wants to use her semi-private laptop in our network, which means she wants to be able to log in with her account (to be able to access files and all) but does not want her (private) profile to be synced. How can this be achieved?

    Read the article

  • A Domain Admin user doesn't have effective Administrative rights on a Domain Computer

    - by rwetzeler
    I am a developer who is setting up a virtual domain environment of testing purposes and am having trouble with the setup. I have created a new DC on a new Forest... call it dev.contoso.com. I have setup a virtual internal network for all machines that are going to be apart of this virtual test environment and have given each machine a static IP address in the 192.169.150.0 subnet. I have added machine1.dev.contoso.com to the domain dev.contoso.com. I have also provisioned a user account (adminuser) in the domain and made that user a member of Domain Admins group. Upon logging into machine1 using my newly created Domain Admin account, I cannot access/run any files on machine1. When I go into the advanced permissions for the c:\ folder and goto properties - Security Tab - Advanced - Effective Permissions and search for the dev\adminuser (mentioned above), I get an error saying: Windows can't calculate the effective permissions for admin user What do I need to do to get Administrative rights on Machine1? I am using Server 2008 R2 for both the AD controller and machine1.

    Read the article

  • Kerberos authentication not working for one single domain

    - by Buddy Casino
    We have a strange problem regarding Kerberos authentication with Apache mod_auth_kerb. We use a very simple krb5.conf, where only a single (main) AD server is configured. There are many domains in the forest, and it seems that SSO is working for most of them, except one. I don't know what is special about that domain, the error message that I see in the Apache logs is "Server not found in Kerberos database": [Wed Aug 31 14:56:02 2011] [debug] src/mod_auth_kerb.c(1025): [client xx.xxx.xxx.xxx] Using HTTP/[email protected] as server principal for password verification [Wed Aug 31 14:56:02 2011] [debug] src/mod_auth_kerb.c(714): [client xx.xxx.xxx.xxx] Trying to get TGT for user [email protected] [Wed Aug 31 14:56:02 2011] [debug] src/mod_auth_kerb.c(625): [client xx.xxx.xxx.xxx] Trying to verify authenticity of KDC using principal HTTP/[email protected] [Wed Aug 31 14:56:02 2011] [debug] src/mod_auth_kerb.c(640): [client xx.xxx.xxx.xxx] krb5_get_credentials() failed when verifying KDC [Wed Aug 31 14:56:02 2011] [error] [client xx.xxx.xxx.xxx] failed to verify krb5 credentials: Server not found in Kerberos database [Wed Aug 31 14:56:02 2011] [debug] src/mod_auth_kerb.c(1110): [client xx.xxx.xxx.xxx] kerb_authenticate_user_krb5pwd ret=401 user=(NULL) authtype=(NULL) When I try to kinit that user on the machine on which Apache is running, it works. I also checked that DNS lookups work, including reverse lookup. Who can tell me whats going?

    Read the article

  • windows 2003 domain and windows xp

    - by ryju
    I had to move a computer account from one OU to another OU for the settings to be same as with other computers in the OU. After the computer account was moved to other domain, i reset the computer account. Now there is no domain access to this computer even using domain admin acccount. The error message is that windows cannot connect to domain because your computer account was not found.I reset the computer account again and that didnt make any difference. Local admin access was possilbe and i tried to change the computer to workgroup to join back to domain, but workgroup changing option is greyed out. Is there any way I can solve this issue. Thanks in advance.

    Read the article

  • Distributing Files using a Group Policy on Windows Server 2003

    - by tonedeath
    A piece of software that we use at our office has recently moved to a new licensing system. This means that from now on a new set of license key files will need to be distributed to each of our 25 client installations every year. All of the clients run XP and are part of an AD domain controlled by a Windows 2003 DC. I'm already using group policies to deploy software updates. I gather that this is possible with Group Policy Preferences in Server 2008. I'm just looking for a good method using Server 2003. The same set of files need copying to each client. I also have them hosted on a network share accessible by each client. I'm more of a *nix person, so I'm not particularly up on scripting in a Windows environment.

    Read the article

  • Group Policy GPO not 'seen' at client

    - by fukawi2
    I have a new OU (natorg.local\NATO\Users) that I am trying to apply GP to. I have created a new user in this OU, and linked the 3 GPO's to this OU: DESKTOP - Folder Redirection (AppData) DESKTOP - Folder Redirection (Desktop) DESKTOP - Folder Redirection (Documents) Hopefully the names are sufficient to suggest what they do exactly. The settings are under User Settings so there is no Loopback processing required (if my understanding is correct). GP Modelling for the user and specific computer says that the GPOs will/should be applied, however on the client, gpresult doesn't even appear to see the GPOs under either "Applied" or "Not Applied": USER SETTINGS -------------- CN=Amir,OU=Users,OU=NATO,DC=natorg,DC=local Last time Group Policy was applied: 25/06/2012 at 11:07:13 AM Group Policy was applied from: svr-addc-01.natorg.local Group Policy slow link threshold: 500 kbps Applied Group Policy Objects ----------------------------- LAPTOPS - Power Settings WSUS - Set Server Address OUTLOOK - Auto Archive SECURITY - Lock Screen After Idle Default Domain Policy DESKTOP - Regional Settings NETWORK - Proxy Configuration NETWORK - IE General Config OFFICE - Trusted Locations OFFICE - Increase Privacy OUTLOOK - Disable Junk Filter DESKTOP - Disable Windows Error Reporting DESKTOP - Hide Language Bar NETWORK - Disable Skype DESKTOP - Disable Thumbs.db Creation WSUS - Set Server Address The following GPOs were not applied because they were filtered out ------------------------------------------------------------------- Local Group Policy Filtering: Not Applied (Empty) NETWORK - Google Chrome Configuration Filtering: Not Applied (Empty) SYSTEM - Event Log Configuration Filtering: Not Applied (Empty) SECURITY - Local Administrator Password Filtering: Not Applied (Empty) NETWORK - Disable Windows Messenger Filtering: Not Applied (Empty) SECURITY - Audit Policy Filtering: Not Applied (Empty) WSUS - Automatic Install Filtering: Not Applied (Empty) NETWORK - Firewall Configuration Filtering: Not Applied (Empty) DESKTOP - Enable Offline Files Filtering: Not Applied (Empty) I haven't altered permissions on the GPO's at all, no WMI filtering... As I said, GP Modelling says that they should be applied. GPResult on the client correctly identifies itself as being the correct OU (CN=Amir,OU=Users,OU=NATO,DC=natorg,DC=local) There are 2 x 2008R2 and a 2003 DC, domain is 2003 level, client is Windows XP SP3. Can anyone suggest why these GP Objects would be "invisible" to the client?

    Read the article

  • built in "Offer Remote Assistance" not working because of permissions

    - by Caleb_S
    I'm trying to enable permissions for a user on a Windows7 machine to use the built in feature called "Offer Remote Assistance" or "Windows Remote Assistance". This feature works fine if the user is added to the "domain admins" security group, but for security reasons, I cannot leave him in that group. This is within a SBS2003 Domain. I have added the user and also a group that he is apart of to the Small Business Server Remote Assistance Policy, after following some documentation I was able to find, but this has not worked. Can you tell me how to enable this feature for this user and or a user group? http://content.screencast.com/users/CASEIT/folders/Forum%20Pictures/media/2a518bc9-4184-4520-8b76-cdf46555f568/2011-08-18_1330.png

    Read the article

  • "Fast link detected" warning in GP management console

    - by ???????? ??????
    There is a message that is shown in every report i make in Group Policy Results section of Group Policy Management Console, saying that "A fast link is detected". I followed the link in the waring, but after I read the page several times, I concluded, that I can ignore the warning. However, I noticed that the group policies are not applied when security filtering is used untl "gpupdate /sync" is executed... Is this related to the fast sync? In general, can somebody explain me the consequences of fast links briefly?

    Read the article

  • Why is GPO Tool reporting a GPO version mismatch when the GPO version #'s do match?

    - by SturdyErde
    Any ideas why the group policy diagnostic utility GPOTool would report a GPO version mismatch between two domain controllers if the version numbers are a match? Policy {GUID} Error: Version mismatch on dc1.domain.org, DS=65580, sysvol=65576 Friendly name: Default Domain Controllers Policy Error: Version mismatch on dc2.domain.org, DS=65580, sysvol=65576 Details: ------------------------------------------------------------ DC: dc1.domain.org Friendly name: Default Domain Controllers Policy Created: 7/7/2005 6:39:33 PM Changed: 6/18/2012 12:33:04 PM DS version: 1(user) 44(machine) Sysvol version: 1(user) 40(machine) Flags: 0 (user side enabled; machine side enabled) User extensions: not found Machine extensions: [{GUID}] Functionality version: 2 ------------------------------------------------------------ DC: dc2.domain.org Friendly name: Default Domain Controllers Policy Created: 7/7/2005 6:39:33 PM Changed: 6/18/2012 12:33:05 PM DS version: 1(user) 44(machine) Sysvol version: 1(user) 40(machine) Flags: 0 (user side enabled; machine side enabled) User extensions: not found Machine extensions: [{GUID}] Functionality version: 2

    Read the article

  • Windows 2008 R2 CA and auto-enrollment: how to get rid of >100,000 issued certificates?

    - by HopelessN00b
    The basic problem I'm having is that I have 100,000 useless machine certificates cluttering up my CA, and I'd like to delete them, without deleting all certs, or time jumping the server ahead, and invalidating some of the useful certs on there. This came about as a result of accepting a couple defaults with our Enterprise Root CA (2008 R2) and using a GPO to auto-enroll client machines for certificates to allow 802.1x authentication to our corporate wireless network. Turns out that the default Computer (Machine) Certificate Template will happily allow machines to re-enroll instead of directing them to use the certificate they already have. This is creating a number of problems for the guy (me) who was hoping to use the Certificate Authority as more than a log of every time a workstation's been rebooted. (The scroll bar on the side is lying, if you drag it to the bottom, the screen pauses and loads the next few dozen certs.) Does anyone know how to DELETE 100,000 or so time-valid, existing certificates from a Windows Server 2008R2 CA? When I go to delete a certificate now, now, I get an error that it cannot be delete because it's still valid. So, ideally, some way to temporarily bypass that error, as Mark Henderson's provided a way to delete the certificates with a script once that hurdle is cleared. (Revoking them is not an option, as that just moves them to Revoked Certificates, which we need to be able to view, and they can't be deleted from the revoked "folder" either.) Update: I tried the site @MarkHenderson linked, which is promising, and offers much better certificate manageability, buts still doesn't quite get there. The rub in my case seems to be that the certificates are still "time-valid," (not yet expired) so the CA doesn't want to let them be deleted from existence, and this applies to revoked certs as well, so revoking them all and then deleting them won't work either. I've also found this technet blog with my Google-Fu, but unfortunately, they seemed to only have to delete a very large number of certificate requests, not actual certificates. Finally, for now, time jumping the CA forward so the certificates I want to get rid of expire, and therefore can be deleted with the tools at the site Mark linked is not a great option, as would expire a number of valid certificates we use that have to be manually issued. So it's a better option than rebuilding the CA, but not a great one.

    Read the article

  • Blocking password policy (expiry) for a particular OU in AD

    - by Kip
    Hey SF Folks, Situation is this: I need to have a particular container in my AD environment which blocks password expiry policy, but accepts all other policies. Is this something that would work by simply adding in a GPO at the sub-ou level (the ou in question is a child of ou's where GPO's including password stuff is set). These accounts (and this ou) already exist and will have the default domain policy as well as other policies applied and they should continue to receive policy settings as per those GPO's, with the exception of the Password Expiry. We have tried the password do not expire tickbox and that seems not to have worked. Thanks in advance. Kip

    Read the article

  • Netdom to restore machine secret

    - by icelava
    I have a number of virtual machines that have not been switched on for over a month, and some others which have been rolled back to an older state. They are members of a domain, and have expired their machine secrets; thus unable to authenticate with the domain any longer. Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 14/05/2009 Time: 10:24:54 AM User: N/A Computer: TFS2008WDATA Description: The Security System detected an authentication error for the server ldap/iceland.icelava.home. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)". For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: c000006d Event Type: Warning Event Source: LSASRV Event Category: SPNEGO (Negotiator) Event ID: 40960 Date: 14/05/2009 Time: 10:24:54 AM User: N/A Computer: TFS2008WDATA Description: The Security System detected an authentication error for the server cifs/iceland.icelava.home. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information. (0xc000006d)". For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: c000006d Event Type: Error Event Source: NETLOGON Event Category: None Event ID: 3210 Date: 14/05/2009 Time: 10:24:54 AM User: N/A Computer: TFS2008WDATA Description: This computer could not authenticate with \\iceland.icelava.home, a Windows domain controller for domain ICELAVA, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: c0000022 So I try to use netdom to re-register the machine back to the domain C:\Documents and Settings\Administrator>netdom reset tfs2008wdata /domain:icelava /UserO:enterpriseadmin /PasswordO:mypassword Logon Failure: The target account name is incorrect. The command failed to complete successfully. But have not been successful. I wonder what else needs to be done?

    Read the article

  • SQL Server Windows Auth Login sees Domain as untrusted...

    - by Mr Shoubs
    I've had someone set up a domain controller on windows 2008 on one server, and sql server 2008 on another. The domain seems to be working fine, I'm logged on as a domain user on both servers, nothing seems to be a problem there. However, when I try to add a domain user/group to SQL Server Security (e.g. clicking ok from the create login screen) it says it can't find it (even though I've used the search to find the correct account in the first place), when I try to logon (even though I haven't added it yet) it says something about the account being part of an untrusted domain instead of saying I don't have permission to log on. Anyone have any ideas on what is set up incorrectly?

    Read the article

  • Slow logins with roaming profiles

    - by tliff
    We are running an ActiveDirectory environment with Windows 2008 as DC and Samba 3.3 as fileserver, using roaming profiles. Some of our offices are connected to HQ via slowish links (1/2 Mbit). Naturally this is not very fast but that was expected. What I do not understand is, that if a user logs out (taking a long time to sync, as expected) and then logs in again the next day it also takes a long time to login. And that is what I don't understand. Shouldn't the sync recognize that nothing has changed rather quickly? Also: Is there any decent docu on how the synchronization is implemented?

    Read the article

  • AD server within another network - DNS issues

    - by Harry Muscle
    Here's a quick summary of the environment I support: we have a domain (domain A) that has about 20 client computers. The domain server for this domain and all the clients sit within the network infrastructure of a larger domain (domain B). All the computers get their network settings via DHCP from domain B's servers. I have no control and am unable to make changes to anything to do with domain B. The problem I have is that currently in order for my domain's (domain A) clients to be able to resolve the domain server and the shares on it they have their DNS server IP address set to domain A's domain server (via the default GPO). Unfortunately when a laptop (windows and mac) gets taken home, they are still looking for the domain server as their DNS server and obviously can't access the internet correctly outside of our environment. Ideally I need a solution where the machines use domain A's domain server as their DNS when inside the office and use what ever DNS server DHCP gives them when they are outside the office. However, since I have no control over the office DHCP server, I'm not sure how this can be accomplished. Any help and advice that anyone can offer is highly appreciated. Thanks, Harry P.S. The solution I'm trying to find needs to require no involvement from the user.

    Read the article

  • Read Only Domain Controllers and DNS zone updates

    - by Mike M
    I have a Windows 2003 domain and just added a new DC that runs 2008 R2. I updated the schema accordingly for both forest and domain levels. I also made sure to run /rodcprep at the time I did this. I have a branch office with a 2008 R2 file/print server that is a read-only domain controller (DC). The one problem I have been having is with AD-integrated DNS records updates. In the data center, we had to make an IP address change on a particular server. All our other sites' DCs (2003) updated the record fine. The 2008 R2 DC in the data center also updates its record fine. However, the RODC in the branch office does not. So if I nslookup the target server on a 2003 DC, the IP address is correct. Same with the 2008 R2 DC in the data center. But an nslookup on the branch office RODC still pulls in the old IP address. Moreover, any new records we've created (e.g., just added a new terminal server) do not get updated on the branch RODC either. Is there something simple I'm missing? How do I get the RODC to sync its AD-integrated DNS records with the rest of my world? Thank you in advance for your responses. Mike

    Read the article

  • How to change the default domain controller when querying AD in a different site?

    - by Linefeed
    We have 2 different locations, and at both site we have multiple domain controllers (Win2008). In our application we use Serverless Binding to execute our LDAP queries http://msdn.microsoft.com/en-us/library/ms677945(v=vs.85).aspx. If we look at de DnsHostName of the LDAP://RootDse on site B we always get the default domain controller of site A. Therefor all LDAP queries go much slower. Is there a way to change the default domain controller per site ?

    Read the article

  • gpupdate failing when using Samba 4 AD DC

    - by darthfoolish
    I have a Samba 4 AD domain running with 2 DCs on Centos 6.5, with a named DNS backend. I have multiple Windows 7 machines joined to this domain, which is fine. However, I can't get GPOs to apply. When running gpupdate, I get the following output The processing of Group Policy failed. Windows attempted to read the file \\sysvol\\Policies{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini Obviously, you don't normally see what it's trying to connect to when it's successful, but I would have thought the first place shows up, I should be seeing So, what governs what data gets put in between those angle brackets? If it is just supposed to be the domain, then what else could be going wrong? Thanks in advance for any help.

    Read the article

  • Send mail from a distrobution groups email address

    - by Campo
    A user has send permission on a distro group on a WINDOWS SERVER 2003 domain. I am the admin. When either of us send email using the distrobution groups email adress we get a non delivery report Your message did not reach some or all of the intended recipients. Subject: TEST Sent: 4/19/2010 4:46 PM The following recipient(s) cannot be reached: [email protected] on 4/19/2010 4:46 PM You do not have permission to send to this recipient. For assistance, contact your system administrator. MSEXCH:MSExchangeIS:/DC=local/DC=DOMAIN:SERVERNAME Thanks, JC

    Read the article

< Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56  | Next Page >