2012 Domain Prep fails in root domain
Hi
We are tryiing to introduce 2012 DCs into our root domain.
The schema has updated fine but the domain prep fails, both on the 2012 server we are trying to promote and whilst running it direct from the infrastructure server itself.
Replication is good and AD itself seems happy enough. The account has the necessary rights.
Any help gratefully received.
Thanks
The error log contains:
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is cn=d262aae8-41f7-48ed-9f35-56bbb677573d,cn=Operations,cn=DomainUpdates,cn=System,DC=xxxx,DC=xx,DC=xx.
[2014/12/08:08:32:53.055]
LDAP API ldap_search_s() finished, return code is 0x20
[2014/12/08:08:32:53.055]
Adprep verified the state of operation cn=d262aae8-41f7-48ed9f35-56bbb677573d,cn=Operations,cn=DomainUpdates,cn=System,DC=xxxx,DC=xx,DC=xx.
[Status/Consequence]
The operation has not run or is not currently running. It will be run next.
[2014/12/08:08:32:53.055]
Adprep was about to call the following LDAP API. ldap_modify_s(). The entry to modify is DC=xxxx,DC=xx,DC=xx.
[2014/12/08:08:32:53.055]
LDAP API ldap_modify_s() finished, return code is 0x13
[2014/12/08:08:32:53.070]
Adprep was unable to modify some attributes on object DC=xxxx,DC=xx,DC=xx.
[2014/12/08:08:32:53.070]
Adprep encountered an LDAP error.
Error code: 0x13. Server extended error code: 0x20b5, Server error message: 000020B5: AtrErr: DSID-03152A9F, #1:
0: 000020B5: DSID-03152A9F, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9054f (otherWellKnownObjects)
DSID Info:
DSID: 0x181112dd
ldap error = 0x13
NT BUILD: 9600
NT BUILD: 16384
[2014/12/08:08:32:53.086]
Adprep was unable to update domain information.
[Status/Consequence]
Adprep requires access to existing domain-wide information from the infrastructure master in order to complete this operation.
Hi,
If possible,could you please post more detail information about adprep.log?
I noticed that the error indicates the otherWellKnownObjects attribute, it may be related the
Managed Service Accounts container was missing.
In order to troubleshot, please first verify that the Managed Service Accounts container was not exists in the domain.
For more detail information, you could refer to the similar thread:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/1a7f9de4-d201-4ac6-a3e7-e396743c31fa/windows-2008r2-adprep-domainprep-fails?forum=winserverMigration
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Similar Messages
-
Whenever I try to prep for a 2013 exchange install I always get:
"earlier versions of the server roles that are installed were detected"
whenever I try to run Setup /prepareschema OR setup /PrepareAD OR Setup /PrepareDomain
I am working on a Server 2012 standard machine with Exchange 2010 currently installed. This server is a DC (bad I know), DNS, DHCP.
I am trying to prep the domain so that I can install Exchange 2013 on a VM and eventually remove Exchange 2010 from the organization altogether.
There are no other domain controlelrs in the domain. The domain started life as a SBS 2003 machine which was demoted and removed once the server 2012 box was up with exchange 2010 running.
Any help would be greatly appreciated.
Here is some info that may help:
1. PrePare Schema
Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
Ran setup /PrepareSchema
This command should perform the following tasks:
A: Connects to the schema master and imports LDAP Data Interchange Format (LDIF) files to update the schema with
Exchange 2013 specific attributes. The LDIF files are copied to the Temp directory and then deleted after they are imported
into the schema.
B: Sets the schema version (ms-Exch-Schema-Verision-Pt) to a Exchange 2013 value.
This command fails with: Earlier versions of server roles that were installed were detected.
First I confirmed that administrator account for domain is a member of schema admins and enterprise admins.
Next I ran asdiedit.
I navigated to: "CN=ms-Exch-Schema-Version-Pt,CN=Schema,CN=Configuration,DC=BDA,DC=LAN"
and reviewed the current "rangeUpper" attribute.
The ms-Exch-Schema-Verision-Pt is not updated to CU3 range Upper setting.
The current range upper 14734 which means its still at Exchange 2010 SP3 settings.
In short, updaing the schema fails.
2. Prepare Active Directory
Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
setup /PrepareAD [/OrganizationName:<organization name>]
This command fails with: Earlier versions of server roles that were installed were detected.
schema update version 56
I began reviewing the long, long list of the following containers and objects under
CN=<Organization Name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
which are required for Exchange 2013:
missing cn=Auth Configuration
missing CN=ExchangeAssistance
missing CN=Monitoring Settings
missing CN=Monitoring Settings
missing CN=Monitoring Settings
missing CN=Workload Management Settings
Checked Management role groups within the Microsoft Exchange Security Groups OU
missing Compliance Management group --- Manually created this entry
Step 3 Prepare Domain:
Navigated an elevated command prompt to the folder with Exchange 2013 CU3.
Ran setup /PrepareDomain
This command fails with: Earlier versions of server roles that were installed were detected.
confirmed the following:
ObjectVersion property fails as it is still set to Echange 2010 sp3 - 13040
You have a new global group in the Microsoft Exchange System Objects container called Exchange Install Domain Servers-DONE
The Exchange Install Domain Servers group is a member of the Exchange Servers USG in the root domain.-DONE
On each domain controller in a domain in which you will install Exchange 2013, the Exchange Servers USG has permissions
on the Domain Controller Security Policy\Local Policies\User Rights Assignment\Manage Auditing and Security Log policy.-DONE
Thanks.Whenever I try to prep for a 2013 exchange install I always get:
"earlier versions of the server roles that are installed were detected"
Hi,
That tells us that you are trying to run the prep on your combined DC and Exchange 2010 Server - That will not work. Run it on the Server where you plan to install Exchange 2013.
It is not mandatory to run this before the actuall Exchange install - It will run automatically for you, if it hasn't been done already and if you are logged on with an account with the proper permissions.
Martina Miskovic -
Weblogic domain creation fails with "The domain location must have write permission."
Hi
I am trying to install and setup weblogic in Linux RHEL 5.4
so I can test webservices . This is what i have done
WLS Zip Distribution for Oracle WebLogic Server 12.1.1.0 - downloaded & installed.
Followed the steps in README.
- extract contents of tar, setup home, run installation-configuration script, setup wls environment
Step 5:
Create a new WLS domain and start WLS. It is recommended that you create domains outside the MW_HOME.
$ mkdir /home/myhome/mydomain
$ cd /home/myhome/mydomain
$ $JAVA_HOME/bin/java $JAVA_OPTIONS -Xmx1024m -XX:MaxPermSize=128m weblogic.Server
-> returns the below error
$JAVA_HOME/bin/java $JAVA_OPTIONS -Xmx1024m -XX:MaxPermSize=128m weblogic.Server -Dweblogic.security.allowCryptoJDefaultJCEVerification=true
<Jun 25, 2013 3:39:57 PM EDT> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<Jun 25, 2013 3:39:57 PM EDT> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<Jun 25, 2013 3:39:58 PM EDT> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) 64-Bit Server VM Version 23.21-b01 from Oracle Corporation.>
/apps/Informatica/tdwdomain/config not found
No config.xml was found.
Would you like the server to create a default configuration and boot? (y/n): y
<Jun 25, 2013 3:40:03 PM EDT> <Info> <Management> <BEA-140013> </apps/Informatica/tdwdomain/config not found>
<Jun 25, 2013 3:40:03 PM EDT> <Info> <Security> <BEA-090065> <Getting boot identity from user.>
Enter username to boot WebLogic server:admin Enter password to boot WebLogic server:admin123
For confirmation, please re-enter password required to boot WebLogic server:admin123
<Jun 25, 2013 3:40:13 PM EDT> <Info> <Management> <BEA-141254> <Generating new domain directory in /apps/Informatica/tdwdomain.>
<Jun 25, 2013 3:40:17 PM EDT> <Critical> <WebLogicServer> <BEA-000362> <Server failed. Reason:
There are 1 nested errors:
weblogic.management.ManagementException: Failure during domain creation
at weblogic.management.internal.DomainGenerator.generateDefaultDomain(DomainGenerator.java:119)
at weblogic.management.internal.DomainDirectoryService.start(DomainDirectoryService.java:82)
at weblogic.t3.srvr.ServerServicesManager.startService(ServerServicesManager.java:461)
at weblogic.t3.srvr.ServerServicesManager.startInStandbyState(ServerServicesManager.java:166)
at weblogic.t3.srvr.T3Srvr.initializeStandby(T3Srvr.java:883)
at weblogic.t3.srvr.T3Srvr.startup(T3Srvr.java:570)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:469)
at weblogic.Server.main(Server.java:74)
Caused by: com.oracle.cie.domain.script.ScriptException: The domain location must have write permission.
at com.oracle.cie.domain.script.ScriptExecutor.writeDomain(ScriptExecutor.java:757)
at com.oracle.cie.domain.script.ScriptParserClassic$StateMachine.processWrite(ScriptParserClassic.java:573)
at com.oracle.cie.domain.script.ScriptParserClassic$StateMachine.execute(ScriptParserClassic.java:429)
at com.oracle.cie.domain.script.ScriptParserClassic.parseAndRun(ScriptParserClassic.java:148)
at com.oracle.cie.domain.script.ScriptParserClassic.doExecute(ScriptParserClassic.java:110)
at com.oracle.cie.domain.script.ScriptParser.execute(ScriptParser.java:72)
at com.oracle.cie.domain.DomainInfoHelper.executeSilentScript(DomainInfoHelper.java:854)
at com.oracle.cie.domain.DomainInfoHelper.createDefaultDomain(DomainInfoHelper.java:1775)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at weblogic.management.internal.CIEDomainGenerator.generateDefaultDomain(CIEDomainGenerator.java:62)
at weblogic.management.internal.DomainGenerator.generateDefaultDomain(DomainGenerator.java:114)
<Jun 25, 2013 3:40:17 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED.>
<Jun 25, 2013 3:40:17 PM EDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down.>
<Jun 25, 2013 3:40:17 PM EDT> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
- Any help appreciated.
Thankshi,
the binaries available for download are all packaged with 32bit JVM. Please have a look at the link below
WebLogic Server 12c (12.1.1), WebLogic Server 11g (10.3.6) and Previous Releases
It also has binaries for linux available. I am quoting from the site verbatim for your reference:
The following provides links to WebLogic Server 12.1.1 installers with 32-bit JVMs for Windows and
Linux, the generic installer that can be used on any supported platform, and the zip distribution. The
generic installer and the zip distribution do not include a JVM/JDK. For instructions on using the
generic installer, see this document.
In case you want to use your own latest version of JDK which can be a 32/64 bit version, you need to use the generic installer.
The error which you are getting is due to permissions. Make sure you have a dedicated user for installing weblogic and the necessary permissions are granted to the user(linux) to the installation directories. May be the script is trying to install java at a particular location on your machine and failing. Hence the above error is displayed.
Please have a look at the docs, you will find steps for weblogic installation on linux.
Thanks,
Souvik. -
Broken root domain without a valid backup. Any chance to get it back to work properly ?
Hi guys,
i came across the following issue:
Imagine a standard enterprise environment with a forest. The root domain is called contoso.com and there is a subdomain called company.contoso.com. There are also subdomains of company.contoso.com, but they are not important for the problem description.
The functional level of the forest is Windows 2003-interim & the domain level of the root domain is Windows 2003, as is the domain level of all subdomains. All Domain Controllers are Windows 2003 SP2.
There have been people in the environment with too many rights, that used to promote DCs and then also just decommission them without properly demoting them. This left several unreachable domain controllers in both the root domain & the subdomain.
I cleared all those DCs that are no longer available, which made company.contoso.com stable and reliable. All DCs within the subdomain are properly talking to each other and replicating fine.
Then i discovered the main issue here. The replication in the root domain is broken. The is only one domain controller left in the root domain, nevertheless the server is suffering from USN rollback. Digging deeper i found out that the domain controllers
have been virtualized years ago, but no one ever cared about the root domain. So i found out that replication stopped in 2006 when obv. the last healthy domain controller was removed from the root domain.
So i have basically a crippled root domain with a crippled domain controller. I am not able to set the forest level to 2003 native, as the domain controller says that the domain contoso.com is still Windows 2000. This is not correct, i have checked msDS-Behaviour-Version
and nTMixedDomain. They are properly set to 2 & 0.
My idea was to introduce a new installed 2003 server and promote it to a DC. Then get rid of the broken one. Unfortunately the broken DC is not replicating. Due to USN rollback the netlogon service goes constantly to paused state & of course both inbound
& outbound replication are disabled. Even when i reenable the replication it is just a matter of seconds before they get disabled again. I also tried to introduce a new 2012R2 DC, but that fails of course due to the forest level not beeing 2003.
So i am a little stuck here. Any thoughts about how to continue to troubleshoot ?
I have a final idea:
Install a new forest with the same name contoso.com and set up a trust with company.contoso.com.
The question would be, how can i convince company.contoso.com that the new installed forest and domain are its parent ?> Install a new forest with the same name contoso.com and set up a trust
> with company.contoso.com.
> The question would be, how can i convince company.contoso.com that the
> new installed forest and domain are its parent ?
You cannot. Sad, but true. If the forest root domain is dead, the forest
is dead. In addition, you have no Naming Master and no Schema Master
FSMOs. The only reliable solution is creating a new forest and new
subdomains, then migrating all objects...
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Migrate Users from a child domain to a root domain in different forest
Hello,
it supported to migrate users from child source doman to target root domain?
I established a trust, but i don't see child domain at ADMT installed on target domain DC. Source root domain is visibleYou should not be needed to establish a trust as all domains within the same forest already trust each other - are you sure those domains belong to the same forest? You can find out using the following command:
nltest /DOMAIN_TRUSTS
If ADMT dosen't show a partiuclar domain in the dropdown list, you can/have to type the domain name manually.
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
How to change the root domain name in window 2012 server
Got a window 2012 server build up. My root domain name looks something like corp.marketing Well I seems to have missed to add the last .com or .local. How do I add the .com to my existing root domain name please. The server is new, will
go online in few days time. Thanks for all the help.I have a similar question and not sure if this is the right place. I had set a server with corp.brighterworld.com but the install wizard anywhere access had me believe that microsoft's strongly preferred domain name prefix was remote.brighterworld.com so
I contacted GoDaddy and had it reissued as remote. but when I went to reconfigure for the new name. I had already set the server for being a CA, and in that process it issued like 4 or 5 certificates. So I had tried to rebuild the machine from scratch, but
the it didn't wipe everything, but rather saved previous state which left the old certificate stuff to be dealt with. Any hints or help out here for us having to learn this stuff the hard way?
Thanks,
Mark Saxton -
I've seen multiple blogs and forums with similar problems and SQL 2012 or 2008. But no solutions that work for me.
I have installed SQL Server in mixed mode (SQL and Windows authentication). I can create new Login accounts in either mode. However, I cannot get an AD security group Login account to work. I am trying to add group 'DOMAIN\Domain Admins' or 'SERVER\Administrators'
as a Login so that any of the domain's administrator accounts can open SQL Server Management Studio and act as an 'sa' account on this server.
I have deleted the SQL account 'DOMAIN\Domain Admins'.
I have restarted SQL.
I have restarted the Win2K8r2 server.
I have launched SSMS as Administrator from the desktop of SERVER.
I have launched SSMS as another user (and used 'DOMAIN\user' to lauch it) from the desktop of SERVER.
I can create a login account named 'DOMAIN\user' (who happens to be a member of the 'DOMAIN\Domain Admins' group) and give this account 'sa' security, and when I do that, this account works as expected...
How do I add a security group as a Login account and give all members of that group the ability to be an 'sa' account?Hi geoperkins,
Are you getting the following error message?
Error: 18456, Severity: 14, State: 11
Login failed for user <Domain\user>. Reason: Token-based server access validation failed with an infrastructure error.
If that is the case, the issue could be due to that the Windows login has no profile or that permissions could not be checked due to UAC. Please disable UAC firstly and check if it is successful to log in SQL Server.
Another reason could be that the domain controller could not be reached. You may need to resort to re-creating the login. Create a new group in AD, add users to the new group, then add the group to the local admin group and create login for the group in SQL
Server.
There is a connect item describing similar issue for your reference.
https://connect.microsoft.com/SQLServer/feedback/details/680705/cant-login-to-sql-using-windows-authentication-when-user-is-in-a-domain-security-group
For more details about above error, please review the following blog.
http://sqlblogcasts.com/blogs/simons/archive/2011/02/01/solution-login-failed-for-user-x-reason-token-based-server-access-validation-failed-and-error-18456.aspx
Thanks,
Lydia Zhang
Lydia Zhang
TechNet Community Support -
Hi all,
We have been battling a problem for the last couple of days when we try to add the first windows server 2012 DC to an already existing Domain.
The Server installation goes smoothly and we can add the computer to the domain and its all green.
After we promote the server to a domain controller the WinRM service starts acting up (not responding anymore).
The server manager console shows Remote Management as disabled, and when we try to enable it via the console or Powershell it freezes up.
The AD DS part of the console is saying that there are post-promotion tasks that need to be completed but once we click on the task it takes us to the promotion wizard again, that basically complains that: Failed to open the runspace pool. The Server Manager
WinRM plug-in might be corrupted or missing.
In the Remote Management Event log we see the following entry: "The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)" Event ID 138
We are unable to do anything with the server (demote, add roles, remotely manage...). We tryed the following already:
1. Recreate from scratch
2. Checking the GPOs to see if there is anything setup about RM -> came up with nothing
We just ran out of ideas so HELP PLEASE !
BR
Tomaz PraprotnikHi Cicely,
Yes the error from the Windows Remote Management event log contains (I took out the User and FQDN of the Computer):
Log Name: Microsoft-Windows-WinRM/Operational
Source: Microsoft-Windows-WinRM
Date: 3/29/2013 1:38:53 PM
Event ID: 138
Task Category: Response handling
Level: Error
Keywords: Client
User:
Computer:
Description:
The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
<EventID>138</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>10</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000002</Keywords>
<TimeCreated SystemTime="2013-03-29T12:38:53.786357100Z" />
<EventRecordID>6876</EventRecordID>
<Correlation ActivityID="{18FCFBD2-2B38-0003-D261-FD18382BCE01}" />
<Execution ProcessID="1084" ThreadID="2924" />
<Channel>Microsoft-Windows-WinRM/Operational</Channel>
<Computer></Computer>
<Security UserID="" />
</System>
<EventData>
</EventData>
</Event>
There is also another entry that sometimes comes up:
Log Name: Microsoft-Windows-WinRM/Operational
Source: Microsoft-Windows-WinRM
Date: 3/29/2013 1:36:34 PM
Event ID: 142
Task Category: Response handling
Level: Error
Keywords: Client
User:
Computer:
Description:
WSMan operation Invoke failed, error code 2150859046
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
<EventID>142</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>10</Task>
<Opcode>2</Opcode>
<Keywords>0x4000000000000002</Keywords>
<TimeCreated SystemTime="2013-03-29T12:36:34.076973400Z" />
<EventRecordID>6869</EventRecordID>
<Correlation ActivityID="{18FCFBD2-2B38-0001-F328-FD18382BCE01}" />
<Execution ProcessID="4888" ThreadID="4392" />
<Channel>Microsoft-Windows-WinRM/Operational</Channel>
<Computer></Computer>
<Security UserID="" />
</System>
<EventData>
<Data Name="operationName">Invoke</Data>
<Data Name="errorCode">2150859046</Data>
</EventData>
</Event>
Best regards
Tomaz Praprotnik -
SCCM 2012 in child domain unable to publish to root domain
I have an sccm 2012 (no sp) in a child domain (am.corp) and have given the sccm server computer object full control of the system management folder in ADSI on the root domain (corp.local) but continue to get the error in the Active Directory Forests portion
of the console that I have insufficient access rights to publish to the root domain (corp.local).
I have sccm management distribution points in the other child domains of the root.
Any suggestions on how to get this to stop erroring.The discovery log tells me it's found 27 sites and 166 subnets. It has problems identifying the forest of some of the other SCCM servers but doesn't give any warning or error (that I see) about publishing.
See below: (truncated so it fits)
SMS_EXECUTIVE started SMS_AD_FOREST_DISCOVERY_MANAGER
as thread ID 3996 (0xF9C). $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.311+240><thread=2924 (0xB6C)>
===========================================================
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.321+240><thread=3996 (0xF9C)>
Beginning Active Directory Forest Discovery Manager $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.321+240><thread=3996 (0xF9C)>
Entering function ThreadMain() $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.321+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::Initialize()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.321+240><thread=3996 (0xF9C)>
Component SMS_AD_FOREST_DISCOVERY_MANAGER
is marked active.~ $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.333+240><thread=3996 (0xF9C)>
Log verbosity level = 0~ $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.346+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::Process()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.346+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::ShouldRun()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.346+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::CheckIfRunCountValueChanged()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.346+240><thread=3996 (0xF9C)>
Admin requested to run discovery now. $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:34.346+240><thread=3996 (0xF9C)>
Entering function ReportForestDiscoverySuccessStatusMessage()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.018+240><thread=3996 (0xF9C)>
Raising discovery success status message for forest corp.acme.com,
in which we discovered 27 site(s) and 166 subnet(s).~ $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.018+240><thread=3996 (0xF9C)>
Calling ReportStatus, keys= SMS_AD_FOREST_DISCOVERY_MANAGER,
1073750724, 0~ $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.018+240><thread=3996 (0xF9C)>
STATMSG: ID=8900 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_AD_FOREST_DISCOVERY_MANAGER"
SYS=SCCMADMPRGL01.am.corp.acme.comSITE=GDC
PID=2524 TID=3996 GMTDATE=Wed Mar 20 15:43:39.018 2013 ISTR0="corp.acme.com"
ISTR1="" ISTR2="" ISTR3="" ISTR4="166" ISTR5="27" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.018+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::UpdateForestNamesForAllSiteSystems()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.496+240><thread=3996 (0xF9C)>
Trying to update forest fqdn for all site systems associated with site GDC $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.500+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::UpdateForestNamesForSiteSystems()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.500+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::GetForestName()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.543+240><thread=3996 (0xF9C)>
~Trying to discover forest name for server MSPRNPRTW01.au.corp.acme.com.
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:39.543+240><thread=3996 (0xF9C)>
Server MSPRNPRTW01.au.corp.acme.com belongs
to forest corp.acme.com.~ $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:41.037+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::GetForestName()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:42.756+240><thread=3996 (0xF9C)>
~Trying to discover forest name for server SCCMADMPRGL01.am.corp.acme.com.
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:42.757+240><thread=3996 (0xF9C)>
Server SCCMADMPRGL01.am.corp.acme.com belongs
to forest corp.acme.com.~ $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:42.757+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::GetForestName()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:42.815+240><thread=3996 (0xF9C)>
~Trying to discover forest name for server SCCMDPPRAP01.au.corp.acme.com.
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:42.815+240><thread=3996 (0xF9C)>
Server SCCMDPPRAP01.au.corp.acme.com belongs
to forest corp.acme.com.~ $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:43.689+240><thread=3996 (0xF9C)>
Entering function CActiveDirectoryForestDiscovery::GetForestName()
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:43.756+240><thread=3996 (0xF9C)>
~Trying to discover forest name for server SCCMDPPRAU01.au.corp.acme.com.
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:43.757+240><thread=3996 (0xF9C)>
Server SCCMDPPRAU01.au.corp.acme.com belongs
to forest corp.acme.com.~ $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:45.040+240><thread=3996
(0xF9C)>
Finishing Active Directory Forest Discovery Manager thread. $$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:57.044+240><thread=3996 (0xF9C)>
===========================================================
$$<SMS_AD_FOREST_DISCOVERY_MANAGER><03-20-2013
11:43:57.044+240><thread=3996 (0xF9C)> -
SCCM 2012 root domain client management from child domain
Hi All,
We have SCCM 2012 environment in Child domain and we would like to manage the root domain clients as well. we are using https mode. What all configuration do we need to make for root domain clients to monitor successfully from child domain.
Is it mandatory to create System Management container for the Root domain? if yes what all permission i need to give for that System Management container.
Do we need to enable Active directory forest discovery?
Regards,
Bhaskar KNo, you do not need to create the System Management container or publish info into it and no you do not need to enable forest discovery.
ConfigMgr ultimately does not care about AD. AD can be used by clients to help them locate services and configure themselves, but this can also be accomplished in other ways in ConfigMgr.
Jason | http://blog.configmgrftw.com | @jasonsandys -
Server 2012 std not able to see Domain, DC and DNS on Win SBS 2008 std Domain
Hi There
I have a HP ML 110 G5 SBS 2008 std server as my DC on my network. I recently added a HP Microserver running Server 2012 std (with no roles or features installed) to act solely as a file server for a 3rd party program as the program was not running efficiently
on the main server.
The problem I am having now is that the 2012 server keeps falling off the domain and cannot contact DNS server. I have also had to re-enable remote desktop several times. It also shows the 2012 Server as being on a private firewall profile and not on the
domain firewall profile but I suspect that this is part of the same problem.
the resulting problem that this is causing is that the local machines that need to contact an SQL database on the 2012 fileserver intermittently either time out or are very slow to connect.
So far I have tried:
Switching from Static IP to DHCP.
Re-adding the server to the domain.
Stopping and restarting DNS services on the DC.
Checking physical Network connections and routing.
Putting the 2012 server into the same Organizational Unit as the 2008 DC.
Has anyone else encountered this problem when adding a 2012 server to a 2008 domain? I have a feeling that the solution is probably something simple that I've overlooked, but I can't think what. Any help would be greatly appreciated.
Regards
Russ
Also, as some additional info -
Event viewer gives the following errors:
Group Policy Error:
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2015-04-27 01:17:51 PM
Event ID: 1129
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: [SERVERNAME].[DOMAIN].local
Description:
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has
successfully processed. If you do not see a success message for several hours, then contact your administrator.
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1129</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2015-04-27T11:17:51.111942100Z" />
<EventRecordID>19056</EventRecordID>
<Correlation ActivityID="{C0CBAF2B-1E93-49C0-B910-069AE43F74B2}" />
<Execution ProcessID="732" ThreadID="1336" />
<Channel>System</Channel>
<Computer>[SERVERNAME].[DOMAIN].local</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1548</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">0</Data>
<Data Name="ErrorCode">1222</Data>
<Data Name="ErrorDescription">The network is not present or not started. </Data>
</EventData>
</Event>
DNS Error:
Log Name: System
Source: Microsoft-Windows-DNS-Client
Date: 2015-04-27 04:54:58 PM
Event ID: 8015
Task Category: (1028)
Level: Warning
Keywords:
User: NETWORK SERVICE
Computer: [SERVERNAME].[DOMAIN].local
Description:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings:
Adapter Name : {3DDD0E46-D879-48C0-9DF6-5FAC0F1A56C4}
Host Name : [SERVERNAME]
Primary Domain Suffix : [DOMAIN].local
DNS server list :
192.168.2.10
Sent update to server : <?>
IP Address(es) :
192.168.2.15
The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running
at this time. You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
<EventID>8015</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>1028</Task>
<Opcode>0</Opcode>
<Keywords>0x4000000000000000</Keywords>
<TimeCreated SystemTime="2015-04-27T14:54:58.599130300Z" />
<EventRecordID>19105</EventRecordID>
<Correlation />
<Execution ProcessID="856" ThreadID="952" />
<Channel>System</Channel>
<Computer>[SERVERNAME].[DOMAIN].local</Computer>
<Security UserID="S-1-5-20" />
</System>
<EventData>
<Data Name="AdapterName">{3DDD0E46-D879-48C0-9DF6-5FAC0F1A56C4}</Data>
<Data Name="HostName">[SERVERNAME]</Data>
<Data Name="AdapterSuffixName">[DOMAIN].local</Data>
<Data Name="DnsServerList"> 192.168.2.10</Data>
<Data Name="Sent UpdateServer"><?></Data>
<Data Name="Ipaddress">192.168.2.15</Data>
<Data Name="ErrorCode">1460</Data>
</EventData>
</Event>Can you post an ipconfig /all from the server and the DC?
Robert Pearman SBS MVP
itauthority.co.uk |
Title(Required)
Facebook |
Twitter |
Linked in |
Google+ -
DFS Replication failed to contact Domain Controller.....
I have seen this error since the inception of this stand alone AD PDC instance of Windows server 2012 R2 Essentials. I understand that Essentials does not support other Domain Controllers ; Member servers ; or trust between Domains of any kind. I also
understand that DSF Replication is a service that replicates files between other servers and other domain servers that Essentials dose not want to talk to.
So my question is why am I seeing this DFSR error 1202 in my event log, if Essentials does not support communication to other servers and domain servers? Maybe a better question is why does Essentials even try to implement this
service? Do I even need to try to resolve this issue or should I just disable it and move on?
Contents of Error:
Log Name: DFS Replication
Source: DFSR
Date: 2/6/2014 1:57:57 PM
Event ID: 1202
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Hxxx2.xxxxxxxxxxxxx.local
Description:
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused
by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="DFSR" />
<EventID Qualifiers="49152">1202</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-02-06T19:57:57.000000000Z" />
<EventRecordID>194</EventRecordID>
<Channel>DFS Replication</Channel>
<Computer>Hxxx2.Hxxxxxxxxxxxxx.local</Computer>
<Security />
</System>
<EventData>
<Data>
</Data>
<Data>60</Data>
<Data>160</Data>
<Data>One or more arguments are not correct.</Data>
</EventData>
</Event>Hi,
Did you mean that you did not configure a DFS server in the new DC but you get the DFSR error 1202 in your event log? Then the issue is not related to the existing SBS domain.
Please try to turn off the Windows Firewall to check if it causes the issue. You could also refer to the articles below to troubleshoot the issue:
Newly Promoted Win2K8 DC is not advertising as Domain Controller.
http://blogs.technet.com/b/niraj_kumar/archive/2009/04/23/newly-promoted-win2k8-dc-is-not-advertising-as-domain-controller.aspx
Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face
https://blogs.technet.com/b/askds/archive/2011/04/08/restrictions-for-unauthenticated-rpc-clients-the-group-policy-that-punches-your-domain-in-the-face.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
DFSR failed to contact domain controller
Im having an odd problem with DFSR group we created to replicate web content between two of our web servers.
In event viewer we have this event 1202 for DFSR.
"The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can
be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)"
In the DFSR logs I see this.
20140303 12:18:27.874 1404 CFAD 8300 Config::AdConfig::GetLocalComputerNameWithDns Computer's fully-qualified DNS name: DFSRSERVER.domain.tld
20140303 12:18:27.920 1404 CFAD 311 Config::AdConnection::Connect Binding to dcAddr:\\1.1.1.1 dcDnsName:\\MYDC.domain.tld
20140303 12:18:27.936 1404 CFAD 143 Config::AdConnection::BindToAd Trying to connect. hostName:MYDC.domain.tld
20140303 12:18:28.467 1404 CFAD 162 Config::AdConnection::BindToAd Bound. hostName:MYDC.domain.tld
20140303 12:18:28.467 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\MYDC.domain.tld domainName:<null>
20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\MYDC.domain.tld domainName:<null> Error:5
20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\MYDC.domain.tld domainName:<null> Error:[Error:5(0x5) Config::DsSession::Bind ad.cpp:3380 1404 W Access is denied.]
20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\1.1.1.1 domainName:<null>
20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\1.1.1.1 domainName:<null> Error:87
20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\1.1.1.1 domainName:<null> Error:[Error:87(0x57) Config::DsSession::Bind ad.cpp:3380 1404 W The parameter is incorrect.]
20140303 12:18:28.514 1404 SCFS 150 [WARN] ServiceConfig::DsPollIsDue Failed to enable lightweight polling. Error:
+ [Error:160(0xa0) Config::AdConfig::ConnectToLocalDc ad.cpp:8365 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConfig::Connect ad.cpp:8113 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConnection::Connect adconnection.cpp:377 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConnection::BindToDc adconnection.cpp:226 1404 W One or more arguments are not correct.]
20140303 12:18:28.514 1404 CREG 1419 Config::RegReader::IsSysVolCommitFlagSet key: System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Demoting SysVols valueName:'SysVol Information is Committed' result:0
20140303 12:18:28.514 1404 W2CH 266 ConfigurationHelper::PollAdConfigNow Trying to connect to AD
20140303 12:18:28.514 1404 CFAD 311 Config::AdConnection::Connect Binding to dcAddr:\\1.1.1.1 dcDnsName:\\MYDC.domain.tld
20140303 12:18:28.514 1404 CFAD 143 Config::AdConnection::BindToAd Trying to connect. hostName:MYDC.domain.tld
20140303 12:18:28.514 1404 CFAD 162 Config::AdConnection::BindToAd Bound. hostName:MYDC.domain.tld
20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\MYDC.domain.tld domainName:<null>
20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\MYDC.domain.tld domainName:<null> Error:5
20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\MYDC.domain.tld domainName:<null> Error:[Error:5(0x5) Config::DsSession::Bind ad.cpp:3380 1404 W Access is denied.]
20140303 12:18:28.514 1404 CFAD 199 Config::AdConnection::BindToDc Try to bind. hostName:\\1.1.1.1 domainName:<null>
20140303 12:18:28.514 1404 CFAD 3373 [ERROR] Config::DsSession::Bind Failed to DsBind(). dc:\\1.1.1.1 domainName:<null> Error:87
20140303 12:18:28.514 1404 CFAD 215 Config::AdConnection::BindToDc (Ignored) Failed to bind. hostName:\\1.1.1.1 domainName:<null> Error:[Error:87(0x57) Config::DsSession::Bind ad.cpp:3380 1404 W The parameter is incorrect.]
20140303 12:18:28.514 1404 EVNT 1194 EventLog::Report Logging eventId:1202 parameterCount:4
20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter1:
20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter2:60
20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter3:160
20140303 12:18:28.514 1404 EVNT 1214 EventLog::Report eventId:1202 parameter4:One or more arguments are not correct.
20140303 12:18:28.530 1404 W2CH 318 [ERROR] ConfigurationHelper::PollAdConfigNow (Ignored) Failed to connect to AD. Error:
+ [Error:160(0xa0) Config::AdConfig::ConnectToLocalDc ad.cpp:8365 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConfig::Connect ad.cpp:8113 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConnection::Connect adconnection.cpp:377 1404 W One or more arguments are not correct.]
+ [Error:160(0xa0) Config::AdConnection::BindToDc adconnection.cpp:226 1404 W One or more arguments are not correct.]
When I run "dfsrdiag pollad":
[ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
[ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
However I can run "dfsrdiag dumpadcfg" and it outputs everything fine.
We don't have any other problems with AD. It seems like this started after we installed KB2467173 & KB2538242. We are going to uninstall those and see if it works.I can successfully run "dfsrdiag.exe dumpadcfg" and it outputs the entire config. Why does "dfsrdiag pollad" fail then if the config can be read.
Why did it work before I rebooted the server? In both cases it broke after rebooting.
PS C:\Windows\system32> dfsrdiag dumpadcfg
LDAP Bind : mydc.domain.tld
SitesDn : cn=sites,cn=configuration,dc=domain,dc=tld
ServicesDn : cn=services,cn=configuration,dc=domain,dc=tld
SystemDn : cn=system,dc=domain,dc=tld
DefaultNcDn : dc=domain,dc=tld
ComputersDn : cn=computers,dc=domain,dc=tld
DomainCtlDn : ou=domain controllers,dc=domain,dc=tld
SchemaDn : CN=Schema,CN=Configuration,dc=domain,dc=tld
COMPUTER: web1
DN : cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 152E849C-4D7B-4AE8-B034-83747DBC1E89
DNS : web1.domain.tld
Server Ref : (null)
USN Changed : 10862129
When Created : Friday, January 31, 2014 8:41:06 PM
When Changed : Tuesday, March 4, 2014 2:54:36 PM
LOCAL SETTINGS: DFSR-LOCALSETTINGS
DN : cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 3FD696E7-6598-4CDB-B2AB-98F148C0D2F7
Version : 1.0.0.0
USN Changed : 10932017
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:15:25 PM
SUBSCRIBER: FF88A312-A0EB-44CC-A614-7A3D06DCC0AB
DN : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 1119B663-F02A-4F1F-A904-23A87CFC93C3
Member Ref : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
USN Changed : 10931931
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
SUBSCRIPTION: 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
DN : cn=6783dde1-c795-4e8b-b07d-4ea8d7d0317f,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 3737B1F2-7E38-47E2-90E7-E57D82B145F1
ContentSetGuid: 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
Root Path : c:\inetpub\internetsites
Root Size : 10240 (MB)
Staging Path : c:\inetpub\internetsites\dfsrprivate\staging
Staging Size : 4096 (MB)
Conflict Path : c:\inetpub\internetsites\dfsrprivate\conflictanddeleted
Conflict Size : 4096 (MB)
USN Changed : 10931919
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
SUBSCRIPTION: F2F1F3A2-B36F-4170-B371-8E8043DF73F4
DN : cn=f2f1f3a2-b36f-4170-b371-8e8043df73f4,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : 57E7F8D7-1121-4334-BC81-74226ADF8969
ContentSetGuid: F2F1F3A2-B36F-4170-B371-8E8043DF73F4
Root Path : c:\internet_data
Root Size : 10240 (MB)
Staging Path : c:\internet_data\dfsrprivate\staging
Staging Size : 4096 (MB)
Conflict Path : c:\internet_data\dfsrprivate\conflictanddeleted
Conflict Size : 4096 (MB)
USN Changed : 10931921
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
SUBSCRIPTION: D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
DN : cn=d0438b52-b706-4e40-b4c3-fe7a1aca5fcf,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=dfsr-localsettings,cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
GUID : F8217091-F71A-4D4A-A676-097583171A63
ContentSetGuid: D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
Root Path : c:\php\phpsites
Root Size : 10240 (MB)
Staging Path : c:\php\phpsites\dfsrprivate\staging
Staging Size : 4096 (MB)
Conflict Path : c:\php\phpsites\dfsrprivate\conflictanddeleted
Conflict Size : 4096 (MB)
USN Changed : 10931923
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
GLOBAL SETTINGS: DFSR-GLOBALSETTINGS
DN : cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 2E98CE5E-5CC7-4322-B5EA-2B6B340C689F
USN Changed : 12525
When Created : Saturday, October 22, 2011 1:56:38 AM
When Changed : Saturday, October 22, 2011 1:56:38 AM
REPLICATION GROUP: WEB CONTENT
DN : cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 9C94A417-6F6C-4F6C-BBFA-B8F52854C4DF
Type : 0 (UNKNOWN REPLICATION GROUP TYPE)
Options : 0x1 [Local Time Schedule]
USN Changed : 10931906
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CONTENT: CONTENT
DN : cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 6714C533-E631-4E71-930D-E4934FB7BD7E
USN Changed : 10931908
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CONTENT SET: INTERNET_DATA
DN : cn=internet_data,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : F2F1F3A2-B36F-4170-B371-8E8043DF73F4
File Filter : ~*, *.bak, *.tmp
Compression Excl : (null)
Dir Filter : (null)
USN Changed : 10931916
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CONTENT SET: INTERNETSITES
DN : cn=internetsites,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 6783DDE1-C795-4E8B-B07D-4EA8D7D0317F
File Filter : ~*, *.bak, *.tmp
Compression Excl : (null)
Dir Filter : (null)
USN Changed : 10931915
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CONTENT SET: PHPSITES
DN : cn=phpsites,cn=content,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : D0438B52-B706-4E40-B4C3-FE7A1ACA5FCF
File Filter : ~*, *.bak, *.tmp
Compression Excl : (null)
Dir Filter : (null)
USN Changed : 10931917
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
TOPOLOGY: TOPOLOGY
DN : cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 16053002-7B99-4DA7-BFE5-2A6418040640
USN Changed : 10931907
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
MEMBER: FF88A312-A0EB-44CC-A614-7A3D06DCC0AB
DN : cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 75A99277-C401-409F-A32D-6D8EE18E5D0C
Server Ref : (null)
Computer Ref : cn=web1,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
Keywords : (null)
Computer DNS : web1.domain.tld
USN Changed : 10931933
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CXTION: 9ECE3EB7-FE97-4A1B-8DE3-47A77B2C625B
DN : cn=9ece3eb7-fe97-4a1b-8de3-47a77b2c625b,cn=ff88a312-a0eb-44cc-a614-7a3d06dcc0ab,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 1D26B348-3875-4BD1-9473-E72506AFA222
Inbound : true
Partner DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
Enabled : TRUE
Options : 0x1 [Local Time Schedule]
USN Changed : 10931924
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
CXTION: 2BFA8BE2-0444-4AAF-8293-A5486CF8D7A3
DN : cn=2bfa8be2-0444-4aaf-8293-a5486cf8d7a3,cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : A7203451-D95F-44D5-AC04-13056DCE5A89
Inbound : false
Partner DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
Enabled : TRUE
Options : 0x1 [Local Time Schedule]
USN Changed : 10931925
When Created : Thursday, March 6, 2014 2:11:13 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
MEMBER: 46F913DB-8509-4581-A66D-D37E4EA3EF29
DN : cn=46f913db-8509-4581-a66d-d37e4ea3ef29,cn=topology,cn=web content,cn=dfsr-globalsettings,cn=system,dc=domain,dc=tld
GUID : 1BA26D07-45F5-44A0-8450-9274AFD99B1C
Server Ref : (null)
Computer Ref : cn=fccu01web,ou=web,ou=virtual servers,ou=servers,dc=domain,dc=tld
Keywords : (null)
Computer DNS : fccu01web.domain.tld
USN Changed : 10931927
When Created : Thursday, March 6, 2014 2:11:12 PM
When Changed : Thursday, March 6, 2014 2:11:27 PM
Operation Succeeded -
Hi there , i already have some others DC running w2k12 R2 on the env, but when i was promoting another new DC running w2k12 R2 on the middle of the AD sync , the server encounter an error and rebooted it self ; after the server came back online , it keep
saying that a configuration is required for AD Domain Services , like the step when you are about to promote the server , but when you try to promote it , the error "Error determining whether the target server is already a domain controller: Failed
to open the runspace pool. The server manager winrm plug-in might be corrupted or missing."Hi,
Thanks for your post.
Please waitting for the replication is finished and rerun the domain prep command to check the result.
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
The IReportServerCredentials approach with the ReportViewer control is working fine within a domain, but I get a 401 not authorized error for a Web IIS server trying to call a SSRS server in another domain. I've see plenty of helpful postings on the use
of IReportServerCredentials but nothing that provides suggestions for this cross domain issue. Hope someone has some ideas on this one. Thanking you in advance for your response.
Using VS 2008 VB.NET web app with ReportViewer control Version=8.0.0.0.
Outside domainA Web Server IIS 8. OS = Windows NT 6.2;
Inside domainA Windows 7 desktop; Inside domainA Windows Server 2003
SSRS using windows authentication and on SQL Server 2012. OS = Windows NT 6.2
The processing described below successfully produces a report when the web server app runs on a machine in the same domain as the SSRS server. For the "same domain" web app, both Win 7 desktop VS 2008 development server and Windows 2003 IIS 6 have
been tested successfully.
The report fails with error "The request failed with HTTP status 401: not authorized " when the web app is run from a windows IIS 8 machine (outward or Internet facing web server) that is not in the domain of the SSRS server. The ReportViewer control
credentials (provided by IReportServerCredentials and taken from the web.config file) match a domain account in the same domain as the SSRS
server and one that has browser permission on the report folder. The same credentials are used successfully for reports requested from within the SSRS domain.
One interesting thing is that on the Internet facing web server, I can access the report via a browser request. So it is possible to have a user request coming from the Internet facing machine get through the SSRS windows authentication. Just does not
work for the ReportViewer.
Using IReportServerCredentials interface per example provided by Microsoft msdn site. Code listed below.
IReportServerCredentials would appear to be a viable approach because it can pass credentials of a windows account known to the SSRS server, but not known to the client machine. By the way, database calls to SQL Server in domainA using a SQL Server
native login account work fine. So the network support communication to a domain that the web server does not belong to.
<Serializable()> _
Public NotInheritable Class MyReportServerCredentials
Implements IReportServerCredentials
Public ReadOnly Property ImpersonationUser() As System.Security.Principal.WindowsIdentity _
Implements IReportServerCredentials.ImpersonationUser
Get
'Use the default windows user. Credentials will be
'provided by the NetworkCredentials property.
Return Nothing
End Get
End Property
Public ReadOnly Property NetworkCredentials() As ICredentials _
Implements IReportServerCredentials.NetworkCredentials
Get
'Read the user information from the web.config file.
'By reading the information on demand instead of storing
'it, the credentials will not be stored in session,
'reducing the vulnerable surface area to the web.config
'file, which can be secured with an ACL.
'User name
Dim userName As String = _
ConfigurationManager.AppSettings("MyReportViewerUser")
If (String.IsNullOrEmpty(userName)) Then
Throw New Exception("Missing user name from web.config file")
End If
'Password
Dim password As String = _
ConfigurationManager.AppSettings("MyReportViewerPassword")
If (String.IsNullOrEmpty(password)) Then
Throw New Exception("Missing password from web.config file")
End If
'Domain
Dim domain As String = _
ConfigurationManager.AppSettings("MyReportViewerDomain")
If (String.IsNullOrEmpty(domain)) Then
Throw New Exception("Missing domain from web.config file")
End If
Return New NetworkCredential(userName, password, domain)
End Get
End Property
Public Function GetFormsCredentials(ByRef authCookie As Cookie, _
ByRef userName As String, _
ByRef password As String, _
ByRef authority As String) As Boolean _
Implements IReportServerCredentials.GetFormsCredentials
authCookie = Nothing
userName = Nothing
password = Nothing
authority = Nothing
'Not using form credentials
Return False
End Function
End Class
'Set the ReportViewer values and retrieve the report from the SSRS server into a pdf file on the client machine.
ProposalRptViewer.ProcessingMode = Microsoft.Reporting.WebForms.ProcessingMode.Remote
' Set the ReportViewer ReportServerCredentials from the MyReportServerCredentials Class.
' Note the credentials are for a domain account defined in the same domain that the SSRS server belongs to and one that has browser permission on the report folder.
ProposalRptViewer.ServerReport.ReportServerCredentials = _
New MyReportServerCredentials()
ProposalRptViewer.ServerReport.ReportServerUrl = New Uri(System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportServerURL))
ProposalRptViewer.ServerReport.ReportPath = System.Configuration.ConfigurationManager.AppSettings(Web.[Global].CfgKeyReportPathProposal)
ProposalRptViewer.ShowCredentialPrompts = False ' disable prompting for data source credentials
Dim paramList As New Generic.List(Of ReportParameter)
Dim pInfo As ReportParameterInfoCollection
pInfo = ProposalRptViewer.ServerReport.GetParameters()
paramList.Add(New ReportParameter("ProposalID", ProposalID, True))paramList.Add(New ReportParameter("Entity", Entity, True))
paramList.Add(New ReportParameter("intRatesPage", intRatesPage1, True))
ProposalRptViewer.ServerReport.SetParameters(paramList)
' Process and render the report
ProposalRptViewer.ServerReport.Refresh()
Dim mimeType As String = Nothing
Dim encoding As String = Nothing
Dim streams As String() = Nothing
Dim extension As String = Nothing
Dim warnings As Microsoft.Reporting.WebForms.Warning() = Nothing
Dim returnValue As Byte()
' Render the proposal Rate Page 1 report to a Byte Array output in pdf file format.
returnValue = ProposalRptViewer.ServerReport.Render("PDF", Nothing, mimeType, encoding, extension, streams, warnings)
An error only occurs for web server not in the domain of SSRS Server:
The request failed with HTTP status 401: Unauthorized.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Net.WebException: The request failed with HTTP status 401: Unauthorized.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack
trace below.
Stack Trace:
[WebException: The request failed with HTTP status 401: Unauthorized.]
Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.GetSecureMethods() +236
Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.IsSecureMethod(String methodname) +58
Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.SetConnectionSSLForMethod(String methodname) +16
Microsoft.SqlServer.ReportingServices2005.Execution.RSExecutionConnection.LoadReport(String Report, String HistoryID) +226
Microsoft.Reporting.WebForms.ServerReport.GetExecutionInfo() +192
Microsoft.Reporting.WebForms.ServerReport.SetParameters(IEnumerable`1 parameters) +136
DeltaRater.Web.ViewRates.btnCreateProposal_Click(Object sender, EventArgs e) in C:\alex\~~_____Rapid_Rater\SourceDir_VS2008_Jan17_2014\DRR\ViewRates.aspx.vb:911
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +115
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +29
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2981
Version Information: Microsoft .NET Framework Version:2.0.50727.8009; ASP.NET Version:2.0.50727.8010I got the answer to my question by following suggestions by Irb on another technical forum.
From web server (not on same domain), I was passing credentials of a domain account on the SSRS server. Irb suggested I create a local account on the SSRS server and pass those credentials. I tried this but got the same results.
This approach worked for web server in SSRS domain, but failed with 401 Unauthorized for web server outside the SSRS domain. Per suggestion for local account on SSRS server, I tried passing empty string "" as the domain via IReportServerCredentials.
Again this works for web server in the same domain as SSRS. But I get the 401 Unauthorized error when the web server is outside the domain. In testing and checking similar posts, I discovered an additional piece was required for the report request to work
across domains. The default user did not have authority to send the request and/or receive the report. Adding the following in <system.web> section of web.config file was needed.
<identity impersonate="true" userName="localwindowsuser" password="#########"/> where "localwindowsuser" is a windows user defined on the web server.
I never needed this extra piece when the web server ran in the same domain as the SSRS server. I thank Irb for making me go through the details of additional tests because that is how I stumbled across an identity comment and ultimately got things working.
Maybe you are looking for
-
USBvsFWvsSATA Ext. Drives - The Comprehensive(?) Guide!
Maybe not the most comprehensive, but I see this topic come up over and over again. Hopefully this will answer pretty much everyone's questions. AFAIK everything here is pretty accurate, but I'm not perfect, so do your own research! OK, before we beg
-
How can I disable save sleep in Snow Leopard
I've installed 10.6.2 on a 16 GB SDHC card as an emergency boot drive for my MacBook Pro as an alternative to carrying an external HD when travelling. I would also want to use this card for download of large numbers of digital photos in the event of
-
Help! deleted file on dropbox can i recover it on time machine?
Help I deleted my senior project! So i was responsible and synced my project with drobox and "regularly' backed up my computer. Well, after I turned it in I needed some space in my drobox and deleted my synced folder which deleted it off my computer.
-
What are the limitations of layout builder
Hello BPS Experts, what are the limitations of the layout builder. Suggestions appreciated. Thanks, BWer
-
How to cancel incoming paymnet entry of single invoice
while making incoming paymnet entry we can choose n no. of invoices. if aby mistake we selected wrong invoice & cancelling that paymnet entry, all other invoices also get opns. what we can do so taht we can open only that invoice where we made mistak