Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
Hi,
I am trying to install certificate services on a windows 2008 server (R2 ENT SP1) with a PCIe nCipher HSM module installed on it. The version of nCipher SW is = 11.30. It is a RootCA, and I am trying to use a key that is already stored in the HSM (I
have done this before with a PCI HSM (older HW version)). I select “Use existing private key” and “Select an existing private key on this computer” on the wizard, then i change the CSP to nCipher and click on "search" the key I am looking for
appears and I select that one. I repeat, I have done this before and it works with a PCI HSM module.
The installation is finished before being prompted to insert the operator cards, and it ends with two errors:
<Error>: Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
And:
<Error>: Active Directory Certificate Services setup failed with the following error: The group or resource is not in the correct state to perform the requested operation.
0x8007139f (WIN32: 5023)
The servermanager.log says:
1856: 2014-07-23 18:27:48.195 [CAManager] Sync: Validity period units: Years
1856: 2014-07-23 18:27:48.928 [Provider] Error (Id=0) System.Runtime.InteropServices.COMException (0x800703E5): CCertSrvSetup::Install: Overlapped I/O operation is in progress. 0x800703e5 (WIN32: 997)
at Microsoft.CertificateServices.Setup.Interop.CCertSrvSetupClass.Install()
at Microsoft.Windows.ServerManager.CertificateServer.CertificateServerRoleProvider.Configure(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
1856: 2014-07-23 18:27:48.928 [Provider] CAErrorID: 0, CAErrorString: 'Active Directory Certificate Services setup failed with the following error: Overlapped I/O operation is in progress.
0x800703e5 (WIN32: 997)'
1856: 2014-07-23 18:27:48.928 [Provider] Adding error message.
1856: 2014-07-23 18:27:48.928 [Provider] [STAT] For 'Certification Authority':
And:
1856: 2014-07-23 18:27:49.053 [CAWebProxyManager] Sync: Initializing defaults
1856: 2014-07-23 18:27:49.162 [Provider] Error (Id=0) System.Runtime.InteropServices.COMException (0x8007139F): CCertSrvSetup::Install: The group or resource is not in the correct state to perform the requested operation. 0x8007139f (WIN32: 5023)
at Microsoft.CertificateServices.Setup.Interop.CCertSrvSetupClass.Install()
at Microsoft.Windows.ServerManager.CertificateServer.CertificateServerRoleProvider.Configure(InstallableFeatureInformation featureInfo, DiscoveryResult discoveryResult, ChangeTracker changeTracker)
1856: 2014-07-23 18:27:49.162 [Provider] CAErrorID: 0, CAErrorString: 'Active Directory Certificate Services setup failed with the following error: The group or resource is not in the correct
state to perform the requested operation. 0x8007139f (WIN32: 5023)'
1856: 2014-07-23 18:27:49.162 [Provider] Adding error message.
Has anyone experienced this before? Am I missing something here?
Any help will be very appreciated
Thanks in advance
Best regards
Alejandro Lozano Villanueva
Hi, thanks for your support.
I have been playing around a bit with some ncipher commands and found this:
C:\Program Files (x86)\nCipher\nfast\bin>cspcheck.exe
cspcheck: fatal error: File key_mscapi_container-1c44b9424a23f6cddc91e8a065241a0
9aa719e4f (key #1): 0 modules contain the counter (NVRAM file ID 021c44b9424a23f
6cddc91)
cspcheck: information: 2 containers and 2 keys found.
cspcheck: fatal error occurred.
If I perform the same command on the original server (the server with the original kmdata folder and with the running RootCA services):
E:\nfast\bin>cspcheck.exe
cspcheck: information: 2 containers and 2 keys found.
cspcheck: everything seems to be in order.
Strange?
Moreover, when I do a csptest.exe command (also on both servers, i find this)
On the new server:
C:\Program Files (x86)\nCipher\nfast\bin>csptest.exe
nCipher CSP test software
=========================
Found the nCipher domestic CSP named 'nCipher Enhanced Cryptographic Provider'
Provider name: nCipher Enhanced Cryptographic Provider
Version number: 1.48
User key containers:
Container 'csptest.exe' has no stored keys.
Container 'Administrator' has no stored keys.
Machine key containers:
Container '352dd28a-17cb-4c6f-b6e4-bf39bcf75db5' has a 2048-bit signature key.
Container 'ROOTCA' has no stored keys.
Container 'csptest.exe' has no stored keys.
While in the old server:
E:\nfast\bin>csptest.exe
nCipher CSP test software
=========================
Found the nCipher domestic CSP named 'nCipher Enhanced Cryptographic Provider'
Provider name: nCipher Enhanced Cryptographic Provider
Version number: 1.40
User key containers:
Container 'csptest.exe' has no stored keys.
Machine key containers:
Container '352dd28a-17cb-4c6f-b6e4-bf39bcf75db5' has a 2048-bit signature key.
Container 'ROOTCA' has a 2048-bit signature key.
Container 'csptest.exe' has no stored keys.
As you can see, the container called ROOTCA, which is the one that I use during the installation, says it has no stored keys. While on the old server, it says it contains a key. Why is this happening? I dont know, I am copying the complete
key management folder from one server to another and initialize the security world with that folder as I always do, and i dont have any errors during this procedure.
Do you know what could be the cause of this? or how can I fix this? Thanks a lot, best regards.
Alejandro Lozano Villanueva
Similar Messages
-
Activation failed with the following error: 0xC004B011
I just purchased the Office 365 bundle from Costco and I am using the various office products to do some work. I keep getting a request to activate the software, but when I try I receive the following error message: "activation failed with
the following error: 0xC004B011"
How do I activate the software and fix the issue? It also hows "The activation server determined that your computer clock time is not correct. You must correct your clock before you can activate." What time zone do I need to be set
to activate the software?I had this issue and fixed it:
Just click the clock, and choose Change Date & time settings > Date and Time > Internet Time > click Change Settings > and finally click UPDATE TIME. I changed the server to time.windows.com and that's
it. It took me two attempts at clicking update time and it then said time updated successfully. Activation works fine afterwards. -
Hi
DECLARE @XMLA nvarchar(3000)
, @DateSerial nvarchar(35);
-- Change date to format YYYYMMDDHHMMSS
SET @DateSerial = CAST(GETDATE() AS DATE);
--SELECT @DateSerial
Set @XMLA =
N' <Batch xmlns="http://schemas.microsoft.com/analysis services/2003/engine">
<ErrorConfiguration xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/engine/2"
xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/engine/2/2" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/engine/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/engine/200"
xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/engine/200/200">
<KeyErrorLimit>-1</KeyErrorLimit>
<KeyNotFound>IgnoreError</KeyNotFound>
<NullKeyNotAllowed>IgnoreError</NullKeyNotAllowed>
</ErrorConfiguration>
<Parallel>
<Process xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/engine/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/engine/2/2"
xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/engine/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/engine/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/engine/200/200"
xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/engine/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/engine/300/300">
<Object>
<DatabaseID>MultidimensionalProject5</DatabaseID>
<CubeID>giri</CubeID>
<MeasureGroupID>Fact Internet Sales</MeasureGroupID>
</Object>
<Type>ProcessFull</Type>
<WriteBackTableCreation>UseExisting</WriteBackTableCreation>
</Process>
</Parallel>
</Batch>';
EXEC (@XMLA) At SHALL-PCAdventureWorksDw ;
iam executive the query when iam getting below error.
[Execute SQL Task] Error: Executing the query "DECLARE
@XMLA nvarchar(3000)
, @DateSerial nvarch..." failed with the following error: "Incorrect syntax near '-'.". Possible failure reasons: Problems with the query, "ResultSet" property not set correctly, parameters not set
correctly, or connection not established correctly.
how to solve this error;
please help meWhat are you trying to do? What sort of data source is SHALL-PCAdventureWorksDw?
When you use EXEC() AT, I would execpt to see an SQL string to be passed to EXEC(), but you are passing an XML string????
If you explain why you think this would work in the first place, maybe we can help you.
Erland Sommarskog, SQL Server MVP, [email protected] -
Hi!
We have 5 Exchange 2013 servers and when I’m trying to run a script that includes the cmd-let Get-MessageTrackinglog with StartDate = the first of the month and with EndDate = the end of the month I get the following error message after
a couple of hours. The script is run on the server SERVER01 and goes through the Message Tracking logs of all Exchange servers. I have tried the script on other servers and get the same result.
Processing data for a remote command failed with the following error message: Error occurred during the Kerberos reponse.
[Server=SERVER01, TimeStamp = 918/2014 19:32:34]
For more information, see the about_Remote_Troubleshooting Help topic.
+ CategoryInfo
: OperationStopped: (server01.domain.com:String) [], PSRemotingTransportException
+ FullyQualifiedErrorId : JobFailure
+ PSComputerName
: server01.domain.com
I have gone through “about_Remote_Troubleshooting Help topic”, but can’t find anything related to my issue. There is nothing in the Application or the Windows PowerShell log either.
/HenrikHi Henado
Check the time on your Exchange server(s) relative to the DCs and ensure they are in correct sync
Use another account which is assigned the Organization Management permission and log to to the server run the command in shell and see the results
Run
Add-PSSnapin -Name Microsoft.Exchange.Management.PowerShell.E2010
Set-Adserversettings -ViewEntireForest $True and then run message tracking command and see the results
If none of the above helps you may need to remove and re-install the WinRM and see the results
Good Luck :)
Remember to mark as helpful if you find my contribution useful or as an answer if it does answer your question.That will encourage me - and others - to take time out to help you Check out my latest blog posts on http://exchangequery.com -
Job is failing with the following error- Error calling a method of the tree
dear SDNers,
my question is where do i need to look for error.
Will this be an ABAP issue?
Please guide
DETAILS
In SM37 when we see the job XYZ, we get the following details.
Job Ln Job CreatedB Status Start date Start time Duration(sec.) Delay (sec.)
XYZ Canceled 16.11.2009 10:11:30 9 27
When the job log is checked this , we get the below details.
The job XYZ is failing with the following error.
Date Time Class No. Message
+----
+----
2009/11/16 05:03:01 | 00 516 | Job started
2009/11/16 05:03:01 | 00 550 | Step 001 started (program RBDMON00, variant
SBCI287, user ID ABCDEF)
2009/11/16 05:03:03 | TREE_C 000 | Error calling a method of the tree control
2009/11/16 05:03:03 | 00 518 | Job cancelled
Equest your assistance in knowing where to find the error for this.
I have no clue as to where and how i need to debug or where i should i be looking for error.
In BD87, the selection screen paramters that are given are changed on date (from and to) and IDOC status 51,66,69 and 64 and the message type is "Öutbound interface of picked shipments"
Please guide.
Regards,
SuryaD.
Edited by: SuryaD on Nov 23, 2009 5:36 PM
Edited by: SuryaD on Nov 23, 2009 11:14 PM> 1. There is a job name ABCDEF
> 2. When this job is run then the status shows cancelled and the job error log shows tHe details that "error calling a method of the tree control"
> 3.ThIs error also points fingers to /link to BD87 as seen in the job log " (program RBDMON00, variant \SBCI287, user ID KRISF)"
>
BD87 is an IDOC processing.
> My question to you Sampath.
>
> in order to answer your question on whether it is ALv or SALV.. please tell me as to how will i know which progrm is associated with the job ABCDEF?
>
Go to sm37 - double click on the job that was failed - Click on Step (on application tool bar) to get the program name - double click on the program name - new popup will be opened - then copy the program and variant
Go to se38 - enter the program - execute (F8) - choose the variant that is there in the background job - run in forground first
if the run is good - then check the program - SE38 - Display the program then see
I just saw the above message BD87... .if that is true, you dont have to do all these
I dont think it is possible to schedule a job with BD87. Is this the first time or is any job completed without errors for this? -
I installed Exchange Server 2010 inside my VMWare Windows Server 2008 Ent R2. And After successful installation when I try to open my Exchange Server Console, I am getting the following error message. I am very new to Exchange server please help me
to solve this problem.
Initialization Failed
The following error occurred while searching for the on-premises Exchange server:
[win-.local] Connecting to remote server failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic. It was running the command 'Discover-ExchangeServer -UseWIA $true -SuppressError
$true -CurrentVersion 'Version 14.1 (Build 218.15)''.
Thanks Vivek
SharePoint Foundation 2010 Book
http://www.redpipit.comHi,
Please have a look at the article below:
Troubleshooting Exchange 2010 Management Tools startup issues
http://blogs.technet.com/b/exchange/archive/2010/02/04/3409289.aspx
Resolving WinRM errors and Exchange 2010 Management tools startup failures
http://blogs.technet.com/b/exchange/archive/2010/12/07/3411644.aspx
Besides, please run the cmdlet below:
set-user alias -remotepowershellenabled$true
Xiu Zhang
TechNet Community Support -
SBS2011: Starting Exchange Management shell failed with the following Error 7BF3678A-829B-4F11-884C-4D 49060D84E6
This is not a REMOTE Exchange 2010 server, I'm launching it from the SBS2011 Console with the Domain Admin.
It looks like a permissions error, because when I use "RUN AS ADMINISTRATOR" on the exchange management tool, it launches with no errors and no issues...
I searched and I couldn't find anything that fits this exact error.
Thanks
RussHi,
Any update?
Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
Best Regards,
Andy Qi
TechNet
Subscriber Support
If you are TechNet
Subscription user and have any feedback on our support quality, please send your feedbackhere.
Andy Qi
TechNet Community Support -
Creation of Space failes with the following error
SR- 3-6660108191
Ver-11.1.1.6
In customer production environment when they attempting to creat a space from WebCenter, they receive the following:
Creation of space SteveSpace4_11January2013 failed with errors : WCS#2013.01.11.08.47.28: Errors were encountered in creating space. The main error is - Unable to grant permission SteveSpace4_11January2013. You may want to delete the current space if it is visible in your lists. Contact the administrator if the problem persists.
In Spaces logs-
<Jan 11, 2013 9:44:37 AM CST> <Warning> <oracle.webcenter.spaces> <BEA-000000> <Ignorable Exception in Create GS
oracle.webcenter.spaces.operations.GroupSpaceOpsIgnorableException: Granting of Role Moderator partially succeeded for identity MCCORMICK.STEPHEN.J.1251888201-0001. Granting permissions for Discussions failed.
at oracle.webcenter.spaces.internal.model.operations.GroupSpaceOpsSecurityRoleMappingHandlerPlugin.duringCreateGroupSpace(GroupSpaceOpsSecurityRoleMappingHandlerPlugin.java:631)
at oracle.webcenter.spaces.internal.model.SpacesManagerImpl$2.run(SpacesManagerImpl.java:1414)
at oracle.webcenter.concurrent.RunnableTask.call(RunnableTask.java:44)
at oracle.webcenter.concurrent.Submission$2.run(Submission.java:484)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.webcenter.concurrent.Submission.runAsPrivileged(Submission.java:498)
at oracle.webcenter.concurrent.Submission.run(Submission.java:424)
at oracle.webcenter.concurrent.Submission$SubmissionFutureTask.run(Submission.java:888)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.runTask(ModifiedThreadPoolExecutor.java:657)
at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.run(ModifiedThreadPoolExecutor.java:682)
at java.lang.Thread.run(Thread.java:662)
Caused By: oracle.webcenter.webcenterapp.security.WCSecurityRoleMappingException: Granting of Role Moderator partially succeeded for identity MCCORMICK.STEPHEN.J.1251888201-0001. Granting permissions for Discussions failed.
at oracle.webcenter.security.rolemapping.RoleManager.processServiceUsers(RoleManager.java:757)
at oracle.webcenter.security.rolemapping.RoleManager.processUsers(RoleManager.java:378)
Jan 11, 2013 9:44:37 AM CST> <Warning> <oracle.webcenter.spaces> <BEA-000000> <Exiting createGroupSpaceInternal>
<Jan 11, 2013 9:44:37 AM CST> <Error> <oracle.webcenter.spaces> <BEA-000000> <Creation of space SteveSpace7_11January2013 completed with warnings : WCS#2013.01.11.09.44.37: Space created with the following warning(s) : Issues were faced
while provisioning the service(s) - Announcements. Check the space services settings page if these services have been provisioned.>
<Jan 11, 2013 9:44:37 AM CST> <Error> <oracle.webcenter.spaces> <BEA-000000> <The exception occured during space creation for spaceName = SteveSpace7_11January2013due to =>
<Jan 11, 2013 9:44:37 AM CST> <Error> <oracle.webcenter.spaces> <BEA-000000> <
oracle.webcenter.spaces.SpacesException: Space created with the following warning(s) : Issues were faced while provisioning the service(s) - Announcements. Check the space services settings page if these services have been provisioned.
at oracle.webcenter.spaces.internal.model.SpacesManagerImpl.createGroupSpaceInternal(SpacesManagerImpl.java:1865)
at oracle.webcenter.spaces.internal.model.SpacesManagerImpl.access$200(SpacesManagerImpl.java:225)
at oracle.webcenter.spaces.internal.model.SpacesManagerImpl$1.run(SpacesManagerImpl.java:553)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:259)
at oracle.security.jps.internal.jaas.AccActionExecutor.execute(AccActionExecutor.java:65)
at oracle.security.jps.internal.jaas.CascadeActionExecutor$SubjectPrivilegedAction.run(Cascade
In Diagnostic logs:
[2013-01-11T09:44:06.053-06:00] [WC_Spaces2] [WARNING] [] [oracle.webcenter.webcenterapp] [tid: pool-1-daemon-thread-4] [userId: MCCORMICK.STEPHEN.J.1251888201-0001] [ecid: 0000mii9Zr1Bt1G5uz4EyX00051O0005OU,0:1:3:290:26] [APP: webcenter#11.1.1.4.0] [URI: /webcenter/faces/oracle/webcenter/webcenterapp/view/pages/admin/WebCenterAdmin-Communities.jspx] grantRoleForRoleMappedServices : warning : serviceId :oracle.webcenter.collab.forum
[2013-01-11T09:44:06.058-06:00] [WC_Spaces2] [WARNING] [] [oracle.webcenter.webcenterapp] [tid: pool-1-daemon-thread-4] [userId: MCCORMICK.STEPHEN.J.1251888201-0001] [ecid: 0000mii9Zr1Bt1G5uz4EyX00051O0005OU,0:1:3:290:26] [APP: webcenter#11.1.1.4.0] [URI: /webcenter/faces/oracle/webcenter/webcenterapp/view/pages/admin/WebCenterAdmin-Communities.jspx] [[
oracle.webcenter.security.rolemapping.RoleMappingException: The Role Mapping provider encountered an exception while performing security role mapping for service oracle.webcenter.collab.forum.
at oracle.webcenter.security.rolemapping.RoleManager.processServiceUsers(RoleManager.java:757)
at oracle.webcenter.security.rolemapping.RoleManager.processUsers(RoleManager.java:378)
at oracle.webcenter.security.rolemapping.RoleManager.addUsers(RoleManager.java:243)
at oracle.webcenter.webcenterapp.internal.model.security.WCSecurityManagerImpl$5.run(WCSecurityManagerImpl.java:1313)
at oracle.webcenter.concurrent.RunnableTask.call(RunnableTask.java:44)
at oracle.webcenter.concurrent.Submission$2.run(Submission.java:484)
at java.security.AccessController.doPrivileged(Native Method)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:315)
at oracle.webcenter.concurrent.Submission.runAsPrivileged(Submission.java:498)
at oracle.webcenter.concurrent.Submission.run(Submission.java:424)
at oracle.webcenter.concurrent.Submission$SubmissionFutureTask.run(Submission.java:888)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.runTask(ModifiedThreadPoolExecutor.java:657)
at oracle.webcenter.concurrent.ModifiedThreadPoolExecutor$Worker.run(ModifiedThreadPoolExecutor.java:682)
at java.lang.Thread.run(Thread.java:662)
Caused by: oracle.webcenter.security.rolemapping.spi.RoleMappingSPIException: javax.xml.soap.SOAPException: javax.xml.soap.SOAPException: Bad response: 400 Bad Request
at oracle.webcenter.collab.share.security.DefaultRoleMapper.addUsers(DefaultRoleMapper.java:78)
This looks like the user dont have permissions to create the space, but even Admin user weblogic also geting the same error.
Please may I know how to debug this and where to see for the permissions.
Thanks!!Hi,
Please follow steps, may be your issue will be resolved.
Steps:
1.Create the Discussions administrator user using the DefaultAuthenticator provider as indicated here:
Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter
11g Release 1 (11.1.1)
23 Managing Security
23.3.4.1 Migrating the WebCenter Discussions Server to use an External LDAP
The Discussions Administrator user must exist in the external LDAP and also you need to create the user using the DefaultAuthenticator provider in the embedded LDAP.The username in the embedded LDAP must match the username in the External LDAP.
Review all steps from the above section of the documentation to be sure you performed all the steps.
2.Grant WebCenter Spaces Administrator Role to the Discussions Administrator user as indicated here:
Oracle Fusion Middleware Administrator's Guide for Oracle WebCenter
23.3 Configuring the Identity Store
23.3.5 Granting the WebCenter Spaces Administrator Role to a WebCenter Spaces User
23.3.5.1 Granting the WebCenter Spaces Administrator Role Using Fusion Middleware Control
3.Restart the WLS_Spaces and WLS_Services Managed Servers.
If this helps please mark.
Regards,
Kishore -
Hello everybody,
I get an issue when i try to deploy the latest version of Blackberry Desktop Software using a Group Policy Objetc.
The package tries to install a the computer's startup but i can't find the product installed.
On the event viewer and after a rsop.msc i get the following error: User cancelled installation
I worked threw this link http://supportforums.blackberry.com/t5/Desktop-Software-for-PC/Unable-to-install-Blackberry-Desktop-... and i installed vcredist_x86 and msxml6 on the client computer but the problem is still the same.
Could anyone help me for this issue.
Over simple way to solve my problem would be to let me know where i can download an older version of Blackberry Desktop Software because there is a link on the website but it doesn't work.Well folks. I've had enough.
The 9780 is a great phone, it's easy to use, practical and dependable. However, the Desktop Manager software has been giving me too many sleepless nights. On two occassions I must add: once at the end of last year when I bought it and only managed to solve it by myself after 4 weeks of trawling through online forums, blogs and other BB help sites and the recent one was last week when I tried to install it on my new Windows 7 notebook.
I know this is not entirely the fault of RIM, Microsoft also has a part to play. But considering the state of technology these days, it shouldn't have to be so difficult. I want a phone and software that makes my life easier and not have to be a slave to it by trying days and nights to solve its problems.
Hence, I have officially decom my phone and gotten an iPhone 4 instead. The switch ain't that difficult for me as I have always been platform neutral. As long it fits my needs, does it job well and doesn't give me too much headache, I'm cool with it.
Ciao folks! -
Verify - Prompting failed with the following error message: ". (and more)
This would be much easier to read with paragraphs... oh well.
First up, I have found a relevant KB article on this issue and have seen that this was possibly fixed with SP2. The article actually references a file date that does not exist in the list of downloadable support files (sigh), but the SP2 date is a few weeks after the referenced date and the first file after that date, so I'll assume it's in there.
Unfortunately I think my client might be using an OEM version of crystal. They have business objects XI, but there is no phone number listed in the tech support box of the help->about dialog. OEM Product Warning suggests the number should be (604) 669 8379... (this, by the way, seems like an extremely odd and unreliable way of determining the version of a software product) but I don't know how up to date that page is, a lot of links etc seem to be out of date.
In any case, what I really want to know is why would this happen in the first place? The report was working fine until today, and no changes were made to the report other than some formatting (the group pie chart type apparently likes to make the pies so big when there are only 2 groups that they overlap... awesome!).
I even tried removing my data source entirely and adding a completely new data source (which of course made all my charts disappear, but hey, what the hell at this point), and I still got the error.
I must say, today has been an extremely frustrating day working with crystal. As well as this error I was getting an "export failed" error... but only on one report out of 5... when attempting to export to to a disk file. Turns out a picture object got corrupted and lost it's height component, the graphic went missing even though the object was still on the report, and attempting to set the height in the dialog didn't help. Copying the graphic in again seems to have fixed it for now... but who knows for how long.
And yet again I have a report that runs a stored procedure which takes only seconds to run on the database, but never returns when run with the same parameters through crystal (AND somehow locks up SQL Server... THIS I don't get AT ALL, it's a stored proc, crystal isn't accessing tables directly, the proc should simply execute and return, so how are locks/transactions being held?? Of course they wont give me sa access so I cant see what's happening on the server) Changing from ODBC to OLEDB makes no difference. AND I discovered that copying drawing objects from one report to another often causes the crystal IDE to crash, losing all unsaved work. YEAH!
(End venting).
Edited by: allmhuran on Oct 22, 2009 7:33 PMHello, If you are indeed using an OEM build you need to log your issues with them. They are responsible for first line of support and if there are issues theyc an log the case with our support to a solution of provide you with a work around.
Thank you
Don -
Exit Code: 6
Please see specific errors below for troubleshooting. For example, ERROR:
-------------------------------------- Summary --------------------------------------
- 0 fatal error(s), 2 error(s)
----------- Payload: Microsoft Visual C++ 2012 Redistributable Package (x64) 11.0.61030.0 {3E272A93-C06B-4206-AD02-0EBE02535E20} -----------
ERROR: Third party payload installer vcredist_x64.exe failed with exit code: 2147942750
ERROR: Failed to repair Microsoft Visual C++ 2012 Redistributable Package (x64). Please try repairing it by double clicking on the executable atWhitmack please reinstall Microsoft Visual C++ 2012 Redistributable Package (x64) from Latest Supported Visual C++ Downloads.
-
Event ID 91 Could not connect to the Active Directory. Active Directory Certificate Services
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event ID: 91
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: DC1.chickbuns.com
Description:
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
<EventID Qualifiers="49754">91</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-01-07T19:34:00.000000000Z" />
<EventRecordID>819</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>DC1.chickbuns.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_DS_RETRY">
</EventData>
</Event>
:\Users\Administrator>dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: FrsEvent
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
......................... DC1 passed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
......................... DC1 passed test Services
Starting test: SystemLog
......................... DC1 passed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : chickbuns
Starting test: CheckSDRefDom
......................... chickbuns passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... chickbuns passed test CrossRefValidation
Running enterprise tests on : chickbuns.com
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... chickbuns.com failed test LocatorCheck
Starting test: Intersite
......................... chickbuns.com passed test Intersite.My test lab one sinle domain controller server 2008 R2 Sp1 and member exchange server is using,the event error 91 is generated as per the technet article http://technet.microsoft.com/en-us/library/cc774525(v=ws.10).aspx the domain
computer and domain users in public key services container is not listed ..
C:\Users\Administrator>netdom /query fsmo
Schema master DC1.chickbuns.com
Domain naming master DC1.chickbuns.com
PDC DC1.chickbuns.com
RID pool manager DC1.chickbuns.com
Infrastructure master DC1.chickbuns.com
The command completed successfully.
Command Line: "dcdiag.exe
/V /D /C /E"
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DC1, is a Directory Server.
Home Server = DC1
* Connecting to directory service on server DC1.
DC1.currentTime = 20140110072353.0Z
DC1.highestCommittedUSN = 131148
DC1.isSynchronized = 1
DC1.isGlobalCatalogReady = 1
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=chickbuns,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=chickbuns,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
DC1.currentTime = 20140110072353.0Z
DC1.highestCommittedUSN = 131148
DC1.isSynchronized = 1
DC1.isGlobalCatalogReady = 1
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
===============================================Printing out pDsInfo
GLOBAL:
ulNumServers=1
pszRootDomain=chickbuns.com
pszNC=
pszRootDomainFQDN=DC=chickbuns,DC=com
pszConfigNc=CN=Configuration,DC=chickbuns,DC=com
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
fAdam=0
iSiteOptions=0
dwTombstoneLifeTimeDays=180
dwForestBehaviorVersion=3
HomeServer=0, DC1
SERVER: pServer[0].pszName=DC1
pServer[0].pszGuidDNSName (binding str)=771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
pServer[0].pszDNSName=DC1.chickbuns.com
pServer[0].pszLdapPort=(null)
pServer[0].pszSslPort=(null)
pServer[0].pszDn=CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pServer[0].pszComputerAccountDn=CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com
pServer[0].uuidObjectGuid=771aab3d-96cd-4fb1-90cd-0899fa6b6207
pServer[0].uuidInvocationId=771aab3d-96cd-4fb1-90cd-0899fa6b6207
pServer[0].iSite=0 (Default-First-Site-Name)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=ea9513a0 01cf0dd4
pServer[0].ftRemoteConnectTime=ea2bca80 01cf0dd4
pServer[0].ppszMaster/FullReplicaNCs:
ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[4]=DC=chickbuns,DC=com
SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pSites[0].pszISTG=CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pSites[0].iSiteOption=0
pSites[0].cServers=1
NC: pNCs[0].pszName=ForestDnsZones
pNCs[0].pszDn=DC=ForestDnsZones,DC=chickbuns,DC=com
pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=5fc582f9-b435-49a1-aa54-41769fc24206,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.chickbuns.com
pNCs[0].aCrInfo[0].iSourceServer=0
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].cReplicas=-1
pNCs[0].aCrInfo[0].aszReplicas=
NC: pNCs[1].pszName=DomainDnsZones
pNCs[1].pszDn=DC=DomainDnsZones,DC=chickbuns,DC=com
pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=9e1c2cb8-b90b-4e9f-90dd-9903f935e4af,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.chickbuns.com
pNCs[1].aCrInfo[0].iSourceServer=0
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].cReplicas=-1
pNCs[1].aCrInfo[0].aszReplicas=
NC: pNCs[2].pszName=Schema
pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=chickbuns,DC=com
pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[2].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[2].aCrInfo[0].iSourceServer=0
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].cReplicas=-1
pNCs[2].aCrInfo[0].aszReplicas=
NC: pNCs[3].pszName=Configuration
pNCs[3].pszDn=CN=Configuration,DC=chickbuns,DC=com
pNCs[3].aCrInfo[0].dwFlags=0x00000201
pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[3].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[3].aCrInfo[0].iSourceServer=0
pNCs[3].aCrInfo[0].pszSourceServer=(null)
pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[3].aCrInfo[0].bEnabled=TRUE
pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[3].aCrInfo[0].pszNetBiosName=(null)
pNCs[3].aCrInfo[0].cReplicas=-1
pNCs[3].aCrInfo[0].aszReplicas=
NC: pNCs[4].pszName=chickbuns
pNCs[4].pszDn=DC=chickbuns,DC=com
pNCs[4].aCrInfo[0].dwFlags=0x00000201
pNCs[4].aCrInfo[0].pszDn=CN=CHICKBUNS,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[4].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[4].aCrInfo[0].iSourceServer=0
pNCs[4].aCrInfo[0].pszSourceServer=(null)
pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[4].aCrInfo[0].bEnabled=TRUE
pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[4].aCrInfo[0].pszNetBiosName=(null)
pNCs[4].aCrInfo[0].cReplicas=-1
pNCs[4].aCrInfo[0].aszReplicas=
5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, chickbuns,
1 TARGETS: DC1,
=============================================Done Printing pDsInfo
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Failure Analysis: DC1 ... OK.
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC DC1 for domain chickbuns.com in site Default-First-Site-Name
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.chickbuns.com/chickbuns.com
* SPN found :LDAP/DC1.chickbuns.com
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.chickbuns.com/CHICKBUNS
* SPN found :LDAP/771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/771aab3d-96cd-4fb1-90cd-0899fa6b6207/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com
* SPN found :HOST/DC1
* SPN found :HOST/DC1.chickbuns.com/CHICKBUNS
* SPN found :GC/DC1.chickbuns.com/chickbuns.com
[DC1] No security related replication errors were found on this DC!
To target the connection to a specific source DC use /ReplSource:<DC>.
......................... DC1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.chickbuns.com/chickbuns.com
* SPN found :LDAP/DC1.chickbuns.com
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.chickbuns.com/CHICKBUNS
* SPN found :LDAP/771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/771aab3d-96cd-4fb1-90cd-0899fa6b6207/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com
* SPN found :HOST/DC1
* SPN found :HOST/DC1.chickbuns.com/CHICKBUNS
* SPN found :GC/DC1.chickbuns.com/chickbuns.com
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC1.
* Security Permissions Check for
DC=ForestDnsZones,DC=chickbuns,DC=com
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=chickbuns,DC=com
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=chickbuns,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=chickbuns,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=chickbuns,DC=com
(Domain,Version 3)
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC1\netlogon
Verified share \\DC1\sysvol
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
DC1 is in domain DC=chickbuns,DC=com
Checking for CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com in domain DC=chickbuns,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com in domain CN=Configuration,DC=chickbuns,DC=com on 1 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... DC1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=chickbuns,DC=com has 1 cursors.
DC=DomainDnsZones,DC=chickbuns,DC=com has 1 cursors.
CN=Schema,CN=Configuration,DC=chickbuns,DC=com has 1 cursors.
CN=Configuration,DC=chickbuns,DC=com has 1 cursors.
DC=chickbuns,DC=com has 1 cursors.
* Replication Latency Check
......................... DC1 passed test Replications
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=chickbuns,DC=com
* Available RID Pool for the Domain is 1600 to 1073741823
fSMORoleOwner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
* DC1.chickbuns.com is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1103
......................... DC1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... DC1 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... DC1 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com and backlink on
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=chickbuns,DC=com
and backlink on
CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=chickbuns,DC=com
and backlink on CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com are
correct.
......................... DC1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... DC1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC1 passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : chickbuns
Starting test: CheckSDRefDom
......................... chickbuns passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... chickbuns passed test CrossRefValidation
Running enterprise tests on : chickbuns.com
Starting test: DNS
Test results for domain controllers:
DC: DC1.chickbuns.com
Domain: chickbuns.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Enterprise (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:DE:7F:EB
IP Address is static
IP address: 192.168.1.30
DNS servers:
192.168.1.30 (dc1.chickbuns.com.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.1.1 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: chickbuns.com.
Delegated domain name: _msdcs.chickbuns.com.
DNS server: dc1.chickbuns.com. IP:192.168.1.30 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone chickbuns.com
Test record dcdiag-test-record deleted successfully in zone chickbuns.com
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.1.30:
771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
Matching A record found at DNS server 192.168.1.30:
DC1.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.48c41195-2630-4461-aaef-ec2a63cd8bf3.domains._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._udp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kpasswd._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.gc._msdcs.chickbuns.com
Matching A record found at DNS server 192.168.1.30:
gc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_gc._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.pdc._msdcs.chickbuns.com
Total query time:0 min. 3 sec.. Total RPC connection
time:0 min. 0 sec.
Total WMI connection time:0 min. 6 sec. Total Netuse connection
time:0 min. 0 sec.
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.1 (<name unavailable>)
All tests passed on this DNS server
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 5 sec.
DNS server: 192.168.1.30 (dc1.chickbuns.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.chickbuns.com. is operational on IP 192.168.1.30
Total query time:0 min. 3 sec., Total WMI connection
time:0 min. 0 sec.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: chickbuns.com
DC1 PASS PASS PASS PASS PASS PASS n/a
Total Time taken to test all the DCs:0 min. 9 sec.
......................... chickbuns.com passed test DNS
Starting test: LocatorCheck
GC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
PDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
KDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
......................... chickbuns.com passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
PDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
KDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
......................... chickbuns.com passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... chickbuns.com passed test Intersite -
Hi,
We have some problems with our Root CA. I can se a lot of failed requests. with the event id 22: in the logs. The description is: Active Directory Certificate Services could not process request 3686 due to an error: The revocation function was unable to
check revocation because the revocation server was offline. 0x80092013 (-2146885613). The request was for CN=xxxxx.ourdomain.com. Additional information: Error Verifying Request Signature or Signing Certificate
A couple of months ago we decomissioned one of our old 2003 DCs and it looks like this server might have had something to do with the CA structure but I am not sure whether this was in use or not since I could find the role but I wasn't able to see any existing
configuration.
Let's say that this server was previously responsible for the certificates and was the server that should have revoked the old certs, what can I do know to try and correct the problem?
Thank you for your help
//Crishello,
let me recap first:
you see these errors on a ROOT CA. so it seems like the ROOT CA is also operating as an ISSUING CA. Some clients try to issue a new certificate from the ROOT CA and this fails with your error mentioned.
do you say that you had a PREVIOUS CA which you decomissioned, and you now have a brand NEW CA, that was built as a clean install? When you decommissioned the PREVIOUS CA, that was your design decision to don't bother with the current certificates that it
issued and which are still valid, right?
The error says, that the REQUEST signature cannot be validated. REQUESTs are signed either by itself (self-signed) or if they are renewal requests, they would be signed with the previous certificate which the client tries to renew. The self-signed REQUESTs
do not contain CRL paths at all.
So this implies to me as these requests that are failing are renewal requests. Renewal requests would contain CRL paths of the previous certificates that are nearing their expiration.
As there are many such REQUEST and failures, it probably means that the clients use AUTOENROLLMENT, which tries to renew their current, but shortly expiring, certificates during (by default) their last 6 weeks of lifetime.
As you decommissioned your PREVIOUS CA, it does not issue CRL anymore and the current certificates cannot be checked for validity.
Thus, if the renewal tries to renew them by using the NEW CA, your NEW CA cannot validate CRL of the PREVIOUS CA and will not issue new certificates.
But it would not issue new certificates anyway even if it was able to verify the PREVIOUS CA's CRL, as it seems your NEW CA is completely brand new, without being restored from the PREVIOUS CA's database. Right?
So simply don't bother :-) As long as it was your design to decommission the PREVIOUS CA without bothering with its already issued certificates.
The current certificates which autoenrollment tries to renew cannot be checked for validity. They will also slowly expire over the next 6 weeks or so. After that, autoenrollment will ask your NEW CA to issue a brand new certificate without trying to renew.
Just a clean self-signed REQUEST.
That will succeed.
You can also verify this by trying to issue a certificate on an affected machine manually from Certificates MMC.
ondrej. -
Hi,
When I check pkiview.msc on my 2012 Subordinate CA I get the error shown in the first picture below. I'm also getting errors similar to below in the event log:
"Active Directory Certificate Services could not create an encryption certificate. Requested by contoso\admin1. The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)."
I'm assisting in setting up a 2 tier PKI infrastructure using Windows 2012. The root CA looks good, but we're getting errors on the subordinate. The server was working, but we discovered that the server would only issue certificates with a maximum of a 1
year expiry date - obviously no good, so we decided to run through the following commands on the root CA (as recommended byhttp://www.techieshelp.com/subordinate-ca-increase-certificate-validity/)
certutil -setreg ca\ValidityPeriodunits "Years"
certutil -setreg ca\ValidityPeriod "5"
restarted AD certificate services on the root and subordinate CA.Then did the following on the subordinate CA:
1.On the Subordinate CA create a new CA request by right clicking the server in ADCS and select New Request.
2.Supplied the original request file from the subordinate CA (I couldn't find a way of generating a new request file)
3.Issued the certificate using the Root CA.
4.On the Subordinate CA ADCS installed new CA cert.
However, I keep on getting CDP or AIA errors on my subordinate CA.Also I'm missing a CDP field value when I look at the certificate listed in the personal and trusted certification authority store on my subordinate CA.
In addition, when I look at my CDP locations in Certificate Authority, I see a lot of CDPs, but I'm not sure if I need them all - I suspect I could just get away with LDAP, the C:\windows path and a single http:// path.
I've tried renewing the existing certificate and CRL on my subordinate CA, but that didn't work either.
Please advise.
ThanksOk, the process to renew the subordinate CA is incorrect. Once the registry setting to change the validity period was made on the root CA, the root CA ADCS service needs to be restarted. That is the only time those keys are read. Then:
1) On the subordinate CA, open the CA tool, right click the CA and select Renew CA Certificate. You can use the same key, no need to create a new one. It will create a NEW certificate request file
2) Copy that to the Root CA and submit like you would have done during the initial install
3) Approve the request and export the issued certificate
4) On the subordinate CA, in the CA tool, right click the CA and choose Install CA Certificate.
You can not reuse request files.
Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. -
Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
General:
Could not connect to the Active Directory.
Active Directory Certificate Services will retry when processing requires Active Directory access.
We have a Windows 2008 Server Enterprise with AD . I would like to enable the service "Certificate Services" that
allow me to enable radius to authenticate users wireless with the active directory.Hi,
Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
Everything for us is exactly the same as szucsati and Racom
NMNM,
Please give us an answer on this as the link provided is absolutely useless.
Thank you.
Maybe you are looking for
-
FF15 hangs whenever plugin-container.exe is loaded in memory
I need help. Since at least in v14 and now v15, FF hangs becoming unresponsive whenever plugin-container.exe is loaded in memory, as monitored with Process Explorer of SysInternals. This happens in FF with all plugins manually disabled and with no ex
-
strange one i guess, but having just watched half of a 2 hr move in the ipod, i have switched it off, and then upon switching back on and selecting the video i was watching, it plays back from the start, but with no 'quick' way of getting to where i
-
Adapter Engine Not Showing up in SXI_CACHE
Hi, The adapter Engine is not showing up in the Transaction SXI_CACHE and also when i create a RFC comm channel it is not showing up in the Adapter Engine Dropdown.Can anyone let me know whether these both are linked and is there any way to rectify t
-
How do I get rid of the 1 by settings icon after updating to ios 8
How do I get rid of the 1 next to my settings icon. it is there after I downloaded IOS 8
-
Edit: I have updated the below to reflect that it took four hours for the database to unblock. This looks like a bug to me. SQL Server seemed to believe there were 30 running sessions with open requests nearly four hours after the client side connect