After rebooting ML server, unable to open active directory.  Error msg is Unable to open requested node error -14006.

Similar Messages

• SCVMM Service (2012) does not start after reboot VMM-Server

  VMM-Server: WIN 2008 R2 Standard x64
  SQL-Server: 2008 R2 x64
  Hi,
  after reboot VMM-Server we get the following error messages from the EventViewer when starting the VMM-service:
  Event ID: 19999
  Virtual Machine Manager (vmmservice:130936) has encountered an error and needed to exit the process. Windows generated an error report with the following parameters: 
  Event:VMM20
  P1(appName):vmmservice
  P2(appVersion):3.0.6005.0
  P3(assemblyName):Remoting
  P4(assemblyVer):3.0.6019.0
  P5(methodName):M.V.R.IndigoSerializableObject.BuildKnownAssemblyTypes
  P6(exceptionType):S.Reflection.ReflectionTypeLoadException
  P7(callstackHash):17ca
  and
  Event ID: 1
  System.Reflection.ReflectionTypeLoadException: Unable to load one or more of the requested types. Retrieve the LoaderExceptions property for more information.
     at System.Reflection.Module._GetTypesInternal(StackCrawlMark& stackMark)
     at System.Reflection.Assembly.GetTypes()
     at Microsoft.VirtualManager.Remoting.IndigoSerializableObject.BuildKnownAssemblyTypes(Assembly assembly)
     at Microsoft.VirtualManager.Remoting.IndigoSerializableObject.InitializeKnownTypesCache(List`1 assembliesToExamine)
     at Microsoft.VirtualManager.Engine.Remoting.IndigoServiceHost.InitializeKnownTypesCache()
     at Microsoft.VirtualManager.Engine.VirtualManagerService.OnStart(String[] args)-2146232830
  Thanks in advance!

  You would have to post the same in the XI forums for more relevant answers.
  Please close this thread and open a new on in the XI forums or send a mail to
  [email protected]
  tp have it moved.

• Raw device owners change after reboot the server

  The raw device owner change after reboot the server. i have to adjust it manually like
  chown oracle:oinstall /dev/raw/raw*
  any idea to make it permanent after bouncing the Server?
  MY OS is RHEL4 & Rdbms 10.2.0.1

  I got my answer .
  New to Linex. Need suggestions...
  How i can create new file ? like i want to create file oracle.permission
  should i use this command
  touch <filename> or any other command?
  second i want to put these entries raw device 3, 6,7,10,11 etc
  shoud it work ? like in the oracle.permission directory?
  # ASM
  raw/raw[3671011]:oracle:dba:0660

• An Active Directory error 0x51 occurred when trying to check the suitability of server

  We have several exchange administrators and two exchange 2010 servers and one exchange 2007 server. I am getting the following error message
  when opening up Exchange Management Console on one of the exchange 2010 server. 
  "An Active Directory error 0x51 occurred when trying to check the suitability of server 'dc101.domain.local'. Error: 'Active directory
  response: The LDAP server is unavailable.' 
  dc101 does not exist anymore. I tried changing the Configuration Domain Controller by manually specify a domain controller but get the exact
  same error message and also gets an empty list when selecting the domain. Other administrators who logs into to the same server do not get this error message. 
  If I open the exchange management console on another exchange server, it works without problem. Is there a setting somewhere I need to change
  to point it to the correct domain controller using power shell?

  I fixed it for myself.
  Organization Configuration->Modify Configuration Domain Controller->select Use a default domain controller
   

• Active Directory error "-2147016672"

  Hi,
  I am creating a script in ASP.NET C# to invoke cmdlets from Lync Server.
  I want just list a user : Get-CsUSer and when i run the script i received the follow error code:
  Active Directory error "-2147016672" occurred while searching for domain controllers in domain .
  I run my script from my local machine developer (it is remote) to the server. The script is :
  Runspace remoteRunspace = null;
  openRunspace("servidor:5985/wsman", "http://schemas.microsoft.com/powershell/Microsoft.PowerShell",
  @"\user", "senha", ref remoteRunspace);
  using (PowerShell powershell = PowerShell.Create())
  powershell.Runspace = remoteRunspace;
  powershell.AddScript("Import-Module Lync"); //funciona
  powershell.Invoke();
  Pipeline pipeline = remoteRunspace.CreatePipeline();
  string remoteScript = "Get-CsUser -Identity mmiranda";
  pipeline.Commands.AddScript(remoteScript);
  Collection<PSObject> results = pipeline.Invoke();
  remoteRunspace.Close();
  return results;
  public static void openRunspace(string uri, string schema, string username, string livePass, ref Runspace remoteRunspace)
  System.Security.SecureString password = new System.Security.SecureString();
  foreach (char c in livePass.ToCharArray())
  password.AppendChar(c);
  PSCredential psc = new PSCredential(username, password);
  WSManConnectionInfo rri = new WSManConnectionInfo(new Uri(uri), schema, psc);
  //rri.AuthenticationMechanism = AuthenticationMechanism.Default;
  //rri.AuthenticationMechanism = AuthenticationMechanism.Kerberos;
  //rri.AuthenticationMechanism = AuthenticationMechanism.Basic;
  //rri.NoEncryption = true;
  rri.ProxyAuthentication = AuthenticationMechanism.Negotiate;
  remoteRunspace = RunspaceFactory.CreateRunspace(rri);
  remoteRunspace.Open();
  i don't know what to do anymore.
  Help me.
  My e-mail [email protected]
  thx

  Hi,gersonczjr
  Would you please verify that the user account you used has all the required permission?
  Would you please use DCDiag tool to check the DC connectivity?
  Although I am not very familar with scripts,I remeber I have seen a similar case with running Get-CsUser using C# is fixed by called
  Enable-PsRemoting on ther server,you can try it to see if it also works for you.
  Regards,
  Sharon
  Sharon Shen
  TechNet Community Support
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

• Active Directory error using Upgrade Mgmt Tool - BI 4.1 sp 3

  I am in the process of creating a new BI 4.1 SP 3 environment within out company.  The software has been installed and I wanted to perform a Complete Upgrade from our existing XI 3.1 sp5 environment into our new 4.1 environment.  Also, we are using Windows Active Directory authentication and AD groups for security.
  The Upgrade Mgmt Tool fails with an Active Directory Error message similar to the one below:
  Active Directory Authentication failed to get the Active Directory groups for account with ID <insert really long alpha numeric string here>; CN=<insert name of employee no longer working for the company>.  Please make sure this account is valid and belongs to an accessible domain.
  Well, the account is not valid because this executive no longer works here.  Most likely within Active Directory all groups owned by this person were transferred over to his replacement.  Is there an way to have the upgrade mgmt tool bypass this validation check?  Or does anyone have any other suggestions how to get around this error?  Once this error occurs I can't upgrade.  I guess the alternative is to do an incremental upgrade, group by group, until I find the offending group but I was wondering if there was an easier way as that will be very time consuming.

  @JRKPrasad  Thank your for your thoughtful and accurate response.  It took less than 2 minutes to update AD in BI 3.1.x and the UMT tool is off and running migrating content from BI 3.1 to our new BI 4.1 environment. 
  Again, thank you very much for reading my post and responding.  It was a huge timesaver.

• Problems to open a application after reboot the server

  Hhi there
  after some problems and rebooring the server, i cant open the appliaction anymore. i got the message "unable to connect to server"
  I restarted the services allready and tried to figure out where is the problem in the log files etc. but without success.
  the DB is working without problems. is it possible that the problem is in the firewall or ports? but then I'm wondering why it worked a few minutes before!
  thanks for help!

  I don't recommend increasing this setting unless you know for sure that you are experiencing performance or significant latency issues between the HFM application server and the database server. This setting simply allows for a 2 minute timeout rather than a 60 second timeout when HFM is reading or writing to the database. You would be better off correcting the underlying database or connectivty issue. If this were your issue, you would see some messages in the HsvEventLog.log file regarding HFM's repeated but failed attempts to connect to the database server during a SQL statement.
  Also, this setting can be controlled through the EPM Configurator or Web and Server Cofiguration utility as well as altered directly in the registry as you've shown.
  --Chris                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

• After Updating to Server 4.1 Open directory and LPAD gone

  Hello,
  two days ago I discovered that Open directory was not working on our Server (Mac Mini 2012). I suspect it stopped working after updating to 10.10.3 and OS-X Server 4.1. When I try to start Open directory in the Server App the Server App prompts: Unable to load Replica List. When I try to recreate my Open directory Server I Get: OD Server already exists.
  I get the following log entries:
  LDAP Log
  Apr 11 22:03:02 server.seju.eu slapd[925]: @(#) $OpenLDAP: slapd 2.4.28 (Feb 24 2015 21:45:59) $
    [email protected]:/BinaryCache/OpenLDAP/OpenLDAP-499.32.4~1/Objects/servers/slapd
  Apr 11 22:03:02 server.seju.eu slapd[925]: daemon: SLAP_SOCK_INIT: dtblsize=8192
  Apr 11 22:03:02 server.seju.eu slapd[925]: TLS: OPENDIRECTORY_SSL_IDENTITY identity preference overrode configured olcTLSIdentity "APPLE:server.seju.eu"
  Apr 11 22:03:02 server.seju.eu slapd[925]: slap_add_listener: opened additional listener 'ldaps:///'
  Apr 11 22:03:02 server.seju.eu slapd[925]: bdb(dc=server,dc=seju,dc=eu): unable to allocate memory for mutex; resize mutex region
  Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_open: database "dc=server,dc=seju,dc=eu" cannot be opened, err 12. Restore from backup!
  Apr 11 22:03:02 server.seju.eu slapd[925]: bdb(dc=server,dc=seju,dc=eu): txn_checkpoint interface requires an environment configured for the transaction subsystem
  Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_close: database "dc=server,dc=seju,dc=eu": txn_checkpoint failed: Invalid argument (22).
  Apr 11 22:03:02 server.seju.eu slapd[925]: backend_startup_one (type=bdb, suffix="dc=server,dc=seju,dc=eu"): bi_db_open failed! (12)
  Apr 11 22:03:02 server.seju.eu slapd[925]: bdb_db_close: database "dc=server,dc=seju,dc=eu": alock_close failed
  Apr 11 22:03:02 server.seju.eu slapd[925]: slapd stopped.
  Open Directory Log
  2015-04-11 21:57:10.624284 CEST - AID: 0x0000000000000000 - opendirectoryd (build 382.20.2) launched...
  2015-04-11 21:57:10.752590 CEST - AID: 0x0000000000000000 - Logging level limit changed to 'error'
  2015-04-11 21:57:10.916732 CEST - AID: 0x0000000000000000 - Initialize trigger support
  2015-04-11 21:57:10.951833 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/SystemCache.bundle'
  2015-04-11 21:57:10.958469 CEST - AID: 0x0000000000000000 - Module: SystemCache - failed to load persistent state - Input/output error
  2015-04-11 21:57:10.962533 CEST - AID: 0x0000000000000000 - Registered node with name '/Active Directory' as hidden
  2015-04-11 21:57:10.962833 CEST - AID: 0x0000000000000000 - Registered node with name '/Configure' as hidden
  2015-04-11 21:57:10.963182 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/Contacts' at path '/Library/Preferences/OpenDirectory/Configurations//Contacts.plist'
  2015-04-11 21:57:10.963194 CEST - AID: 0x0000000000000000 - Registered node with name '/Contacts'
  2015-04-11 21:57:10.963438 CEST - AID: 0x0000000000000000 - Registered node with name '/LDAPv3' as hidden
  2015-04-11 21:57:10.966901 CEST - AID: 0x0000000000000000 - Registered node with name '/Local' as hidden
  2015-04-11 21:57:10.968600 CEST - AID: 0x0000000000000000 - Registered node with name '/NIS' as hidden
  2015-04-11 21:57:11.031990 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/Search' at path '/Library/Preferences/OpenDirectory/Configurations//Search.plist'
  2015-04-11 21:57:11.032007 CEST - AID: 0x0000000000000000 - Registered node with name '/Search'
  2015-04-11 21:57:12.343838 CEST - AID: 0x0000000000000000 - Discovered configuration for node name '/LDAPv3/127.0.0.1' at path '/Library/Preferences/OpenDirectory/Configurations/LDAPv3/127.0.0.1.plist'
  2015-04-11 21:57:12.343888 CEST - AID: 0x0000000000000000 - Registered subnode with name '/LDAPv3/127.0.0.1'
  2015-04-11 21:57:13.549377 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/legacy.bundle'
  2015-04-11 21:57:13.551131 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/search.bundle'
  2015-04-11 21:57:13.554053 CEST - AID: 0x0000000000000000 - '/Search' has registered, loading additional services
  2015-04-11 21:57:13.554064 CEST - AID: 0x0000000000000000 - Initialize augmentation support
  2015-04-11 21:57:13.557920 CEST - AID: 0x0000000000000000 - Successfully registered for Kernel identity service requests
  2015-04-11 21:57:13.557940 CEST - AID: 0x0000000000000000 - Adjusting kernel ID cache (100 -> 250) and membership cache (100 -> 500)
  2015-04-11 21:57:13.575235 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/PlistFile.bundle'
  2015-04-11 21:57:13.578418 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/FDESupport.bundle'
  2015-04-11 21:57:13.583810 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleID.bundle'
  2015-04-11 21:57:13.615788 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ConfigurationProfiles.bundle'
  2015-04-11 21:57:13.619666 CEST - AID: 0x0000000000000000 - Registered subnode with name '/Local/Default'
  2015-04-11 21:57:13.632498 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/ldap.bundle'
  2015-04-11 21:57:13.845588 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientLDAP.bundle'
  2015-04-11 21:57:13.849664 CEST - AID: 0x0000000000000000 - Loaded bundle at path '/System/Library/OpenDirectory/Modules/AppleODClientPWS.bundle'

  I had a similar problem. A couple days after upgrading, I encountered OD's "Unable to load replica" problem and had my server's certificate deleted from my system keychain!
  Server.app + OD + LDAP are all extremely fragile and I just don't trust them during transitions, so I always keep an independent bootable backup with Carbon Copy Cloner and this preflight script. I'll post my notes for recovering OD below, but in my case, nothing worked this time, and I couldn't start OD robustly across reboots. Fortunately for me, my 12 hour old bootable backup was working, so I just used CCC to copy my bootable backup back. Not sure what I would have done had that not worked short of rebuilding everything from scratch.
  Pre-steps:
  0. Bootable backups, Time Machine backups, and dirserv backups of everything.
  1. Disk Utility: Fix disk permissions, Fix disk
  2. PRAM reset, Command-Option-P-R at boot
  3. DiskWarrior to rebuild the disk directory
  Possible steps to fix OD:
  # Fix Open Directory "Unable to load replica"
  # Try this first:
  # https://support.apple.com/en-us/HT200018
  # Quit Server.app
  sudo mkdir /var/db/openldap/migration/
  sudo touch /var/db/openldap/migration/.rekerberize
  sudo killall PasswordService
  # Open Server.app
  # Try this second:
  # http://apple.stackexchange.com/questions/79141/how-to-fix-failing-open-directory -database-cn-authdata-cannot-be-opened-err
  sudo serveradmin stop dirserv
  sudo launchctl unload -w /System/Library/LaunchDaemons/org.openldap.slapd.plist
  sudo db_recover -h /var/db/openldap/authdata/
  sudo /usr/libexec/slapd -Tt
  sudo launchctl load -w /System/Library/LaunchDaemons/org.openldap.slapd.plist
  sudo serveradmin start dirserv
  # Try this third:
  # https://discussions.apple.com/thread/6018956
  sudo serveradmin stop dirserv
  sudo slapconfig -restoredb /private/var/backups/ServerBackup_OpenDirectoryMaster.sparseimage
  sudo serveradmin start dirserv
  # Try this fourth (assuming ccc_preflight od backup):
  # https://discussions.apple.com/thread/6018956
  sudo serveradmin stop dirserv
  sudo slapconfig -restoredb /private/var/backups/odbackup/od_2015-04-11.sparseimage
  sudo serveradmin start dirserv
  # Try this last:
  sudo rsync -va /your-backup-drive-possibly-TM/private/var/db/openldap/authdata/ /private/var/db/openldap/authdata/
  If your server cert gets deleted from the System keychain, you'll need to boot into the bootable backup and export the certificate+key that looks like hostname.domainname.tld, signed by IntermediateCA_HOSTNAME.DOMAINNAME.TLD_1, copy this to the server drive, import back into the System keychain. The cert should then appear within Server.app again. See here for how to do this if all you have is the System keychain file.
  If anyone has reliable advice how to fix a corrupt OD that would be a huge help.

• Unable to access server files shares with Active Directory Users

  Quick breakdown of my issue.
  I have setup a Yosemite file server running the latest version of Yosemite and Server.
  File sharing in Server.app is enabled and shares have been created
  The server is bound to my company's Active Directory and you can directly login to the computer via AD credentials.
  The big issue is this, unless the user has directly walked up to my server and logged into it at least once, they cannot authenticate to the file shares via their AD credentials.
  For example: Administrator (me) I can login and access all file shares without issue.
  Jane Smith (SMITH) who has actually walked up to my server and logged in via her AD credentials, can also access all file shares. (That she has access to)
  John Doe (JDOE) who has not logged into the server in anyway, cannot authenticate to the server file shares  at all (even though I have granted him permission) He just gets an "Access Denied" message.
  I have gone into Directory Utility and changed the search order to give AD priority and this still doesn't resolve the problem.
  We have unbound the server from AD and added in back again and still not able to resolve.
  If you open Server.app and go to add someone from AD to a file share, it finds the AD user quickly and everything looks right. but still unable to authenticate to the server if they haven't directly logged into it before?
  All of the documentation and google articles I have found say my server is setup correctly, any help would be greatly appreciate it!
  Thanks in advance!

  I figured this out. In Mountain Lion Server, it doesn't matter if you give the user rights to a shared file or folder, if the user doesn't have access the File Sharing service, they can't get it. I had to find the specific users in the Server app under the AD in the Users tab, and give them rights to the File Sharing service. I think you can do this for a whole AD group as well, but I haven't tried.

• The annoying login screen after rebooting App server

  Is there a way to disable to login prompt after reboot the App server? IE offers
  to remember it, but it doesn't. Thanks for any info!
  Dinesh

  Hi,
  I have answered a similar question in How to logout an user when the browser is closed?
  Thanks,
  Sharmila

• DNS and Active Directory error 4000 server 2008

  Hello all,
  My network skills aren't very good and I'm facing a dilemma. First off we have two Windows servers on the network. The newest is 2008 Standard (named Vader) and the other is 2000 (dells3). Obviously I'd like to get rid of the 2000, but the people in charge
  of my budget haven't given me the option to do so and it's the only back up we have.
  Earlier in the week we had lots of problems. One of our nas boxes locked everyone out who was mapped to it and it would only let me log in through the web portal. Two of our Macs our marketing department uses suddenly locked up and wouldn't let them back
  in (both were part of the Active Directory). A second nas box won't let certain people map to it and for awhile I had issues logging into Vader itself.
  I believe all of these problems are connected to some issues on Vader and possibly in conduction with dells3. In Server Manager under DNS I get error 4000 "The DNS server was unable to open Active Directory. 
  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code."
  Then under Active Directory Domain Services I get error 2042 "It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded
  the tombstone lifetime. Replication has been stopped with this source."
  Followed by more text I can post if needed.
  Under File Services error 1202 "The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the
  next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues."
  And finally if I try to open Active Directory Domains and Trusts "The configuration information describing this enterprise is not available. The server is not operational."
  I'm not sure where to start or what to post that might help. Any and all help is appreciated.
  Edit: Also I can only add dells3 as the DNS on Vader in the DNS Manager if I try to add Vader to itself I get an error.

  It's the other way around.  Overall, I'm advising ripping the 2008 server out of AD and adding it back . Let's look at this as a series of steps:
  1.) You do a force demote of the 2008 server because it's tombstoned.  This means the 2008 server is no longer a DC. You are doing a force because it doesn't have the ability to replicate.  If it could replicate, we'd just do a graceful demotion
  and be done with it.
  2.) Once the 2008 server is demoted, we go to the 2000 server which holds the only good copy of AD.  From that server we run a metadata cleanup using the ntdsutil utility.  We use that utility to clean out references to the 2008 server which is
  no longer a DC.
  3.) Once you have a clean AD, you can then promote the 2008 server back into Active Directory.  Make sure Vader is pointing to Dells3 as its primary DNS server before promoting or you'll run into issues.
  Hopefully that clarifies things. 

• Integrating Final Cut Server 1.5 with Active Directory

  Following the directions in the Final Cut Server Setup Guide and I am running into errors. Fun with Final Cut Server. Fun with Kerberos.
  Final Cut Server v.1.5 is running on an Intel Xserve running 10.5.6 Server, joined to AD. Active Directory is running on a Windows Server 2008 setup.
  I dropped the ini files on the domain controllers, as directed by Apple KB (http://support.apple.com/kb/HT3688) and I ran the commands directed in the setup guide.
  The adprincadd command should be run literally, of course, but there's a mistake straight-away when it should read "./adprincadd.pl", the ".pl" is missing. Also it says "fcsvr/fqdn of fcsvr", so naturally I replaced the fqdn, but the "fcsvr" prefixed threw me off. It gave me errors until I opened Kerberos.app and notcied that the kerb ticket was in ldap/, then the command worked for me. At least no errors, until I checked the ticket and it said I had no permissions and that the keytab entry was invalid. Wheeee.
  1. First I tried:
  (some info redacted)
  node09:sbin root# ./adprincadd.pl -dc dc01.example.com. fcs.example.com.
  Getting kerberos principal for computer account
  Kerberos principal is ---
  Getting computer id...---
  Getting AD Domain...---
  Base DN is dc=example,dc=com
  getting kerb ticket using [email protected] got ticket
  SASL-bind to dc01.example.com. successful
  Computer record is at CN=---,CN=Computers,DC=example,DC=com
  Checking to see if ---.--.---. exists...000020B5: AtrErr: DSID-031529F7, #1:
  0: 000020B5: DSID-031529F7, problem 1005 (CONSTRAINTATTTYPE), data 0, Att 90303 (servicePrincipalName)
  at ./adprincadd.pl line 165
  2. Then I noticed the /ldap in Kerberos.app and changed the adprinadd command:
  Everything ran well, with no errors...
  Finding kvno...2
  Reading /etc/krb5.keytab...done.
  Creating new keytab file...done.
  Writing out temporary keytab...done.
  Making backup of old keytab and moving new keytab into place...done.
  Operation Completed. You can verify with "kinit <ad user>; kvno -k /etc/krb5.keytab ldap/---.example.com"
  3. Verifying with kinit gave me the keytab errors:
  kinit matx; kvno -k /etc/krb5.keytab ldap/fcs.example.com
  Please enter the password for [email protected]:
  ldap/[email protected]: kvno = 2, keytab entry invalid
  kvno: Permission denied while decrypting ticket for 'ldap/[email protected]'
  Thoughts?

  Hello, I'm having issues with the client login after AD integration. I followed the steps from http://support.apple.com/kb/HT3818 and the Terminal output reported a success.
  I'm able to add AD groups in Final Cut Server Group Permissions. However, when I try logging in on the FCServer client using credentials associated with AD group I've added, I'm getting an error message from the client stating:
  "Please re-enter the username and password or contact the server administrator. Please note that the username and password are case-sensitive."
  The FQDN is correct in the Server field of the client.
  I'm able to log into the client using locally created user accounts that I've created on the server so I know the client is communicating correctly.
  The only thing I can find in the Console for the client machine is this:
  11/25/09 10:50:12 AM /Users/*/Desktop/Final Cut Server.app/Contents/MacOS/Final Cut Server[1773] Warning: accessing obsolete X509Anchors.
  In the server Console, this is a suspect message: /Library/Application Support/Final Cut Server/Final Cut Server.bundle/Contents/MacOS/fcsvr_stored[77891] pps proxy error: dsDoDirNodeAuth = -14091
  Not finding much info out there regarding this. Any guidance is appreciated.

• Choosing Server for SharePoint, Exchange, Active Directory, SQL

  Hello
  We want to migrate from work-group type network and setup an interoffice mail server and ,  ... with SharePoint, Exchange, outlook. There are less than 40 clients. I prefer to minimize the number of servers. Is it possible to use one system for some
  of this servers:
  1. SharePoint
  2. Exchange Server
  3. SQL Server
  4. Active Directory DC
  Thank you

  You could combine #1 and #3, but none of the other services. Or you could look at just getting a Domain Controller and using Office 365.
  I'd recommend you have more than one Domain Controller for redundancy.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Active Directory Error 0x51 occurred when trying to check the suitability of server ' servername '. Error: 'Active directory response: The LDAP server is unavailable'. It was running the command 'Get-OwaVirtualDirectory'.

  This issue is driving us nuts - there are no issues with Domain Controllers or AD in this environment.  The server it is citing in the error has been retired - it was gracefully dcpromo'ed down and removed from the environment.  DNS has no record of it, nor is it located anywhere else.  We are not able to log into Outlook Web App either with authentication failed errors - and I can't help but expect these 2 issues are related?  I tried hard coding the Configuration Domain Controller at the org level, as well as using the -staticdomaincontrollers and -staticglobalcatalogservers with the "Set-ExchangeServer" powershell command - no luck....  System settings of the exchange 2010 servers show they are pointing to the correct DCs - but I still get this error accompanied with long delays in rendering windows in EMC.  Extremely frustrating.....  I have an issue logged with MS now, but they aren't looking at them until Nov 9.  Has anyone seen this issue at all?  More info on the OWA config - using Form based auth, and I'm not able to perform a simple test-owaconnectivity -mailboxcredential (get-credential\username) -allowuntrustedcertificate -allowinsecurelogon - please help

  Create a "global catalog" on the 2nd domain contoller, will fix this problem. 
  To create a new global catalog:
  On the domain controller where you want the new global catalog, start the Active Directory Sites and Services snap-in. To start the snap-in, click Start , point to Programs , point to Administrative Tools , and then click Active Directory Sites and Services .
  In the console tree, double-click Sites , and then double-click <var>sitename</var> .
  Double-click Servers , click your domain controller, right-click NTDS Settings , and then click Properties .
  On the General tab, click to select the Global catalog check box to assign the role of global catalog to this server.
  Restart the domain controller.

• Is dns server required to install active directory

  i have a confusion here.... i have to install active directory on win 2k or 2k3 server.... Can i install it with the help of WINS but not DNS .... is it possible to install AD with WINS installed/configured on server but at same time not any kind
  of DNS (Third party Server/Service) is installed/configured there????..... thanx

  AD rely on DNS name resolution. So DNS name resolution is a requirement for AD installation. 
  DNS requirements for installing Active Directory:
  http://technet.microsoft.com/en-us/library/cc739159(WS.10).aspx
   http://technet.microsoft.com/en-us/library/cc759550(WS.10).aspx
  Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.