AD SSO not happening for Remote Users

Similar Messages

• The connection was denied because the user account is not authorized for remote login

  Using Terminal Server 2008 not able to get non administrator users to login to the remote desktop. Have tried from Windows server 2008 and from Windows servers 2003. Get error login in "The connection was denied because the user account is not authorized for remote login" from Windows Server 2008. Error "The requested session access is denied" from Windows Server 2000.

  Is that seriously the only way to do this? Doesn't this render the "Allow log on through Terminal Services" GP Setting useless?
  I would like to know this answer, as well.  I have created a new AD group for my assistant admins called "Domain Admins (limited)".  I have added this group to the GP setting "Allow log on through Terminal Services", but the
  assistant admins cannot log in through RDP.  It 'feels like' this is all I would need to do.
  Craig
  Found some good info
  here. There are really two things required for a user to connect to a server via RDP. You can configure one of them via Group Policy but not the other.
  1) Allow log on through Terminal Services can be configured through Group Policy, no problem.
  2) Permissions on the RDP-listener must also be granted.  If your user is a member of the local Administrators group or the local Remote Desktop Users group then this is handled.  If you are trying to utilize a new, custom group (as I am),
  then there isn't a way to do this via group policy (that I have found).
  EDIT: Found the answer.  I am creating a blog post to outline the steps.  They aren't hard, but they're not self-explanatory.  It deals with the Restricted Groups mentioned above, but it's still automate-able using Group Policy so that you
  don't have to touch each computer.  I think the above poster (Andrey Ganev) got it right, but
  I had trouble deciphering his instructions.
  Here is my blog post that walks through this entire process, step-by-step.

• Mac iTunes 10.6.1 Will Now Not Launch For Any User Under MacOS 10.7.4.

  My MacBookPro4,1 (Spring 2008) went in for repairs to have a mother board replaced.
  During the repair, I pulled the hard drive with system 10.7.4 installed and booted from it using the newest MacBookPro.
  After the repair, I re-installed the hard drive in the MacBookPro4,1.  Now iTunes 10.6.1 will not launch.
  This happens for *all* users on my system.
  I looked in /Library for anything "iTunes" in the file name and removed it, but still, it crashes.
  Any ideas on where else to look and/or what could be going on here?
  Thanks!
  iTunes is crashing on the main thread...
  Process:         iTunes [782]
  Path:            /Applications/iTunes.app/Contents/MacOS/iTunes
  Identifier:      com.apple.iTunes
  Version:         10.6.1 (10.6.1)
  Build Info:      iTunes-10610701~1
  Code Type:       X86-64 (Native)
  Parent Process:  launchd [353]
  Date/Time:       2012-05-19 13:42:57.849 -0700
  OS Version:      Mac OS X 10.7.4 (11E53)
  Report Version:  9
  Crashed Thread:  0  Dispatch queue: com.apple.main-thread
  Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
  Exception Codes: 0x000000000000000d, 0x0000000000000000
  VM Regions Near 0:
  -->
      __TEXT                 000000010d5c2000-000000010e762000 [ 17.6M] r-x/rwx SM=COW  /Applications/iTunes.app/Contents/MacOS/iTunes
  Application Specific Information:
  objc_msgSend() selector name: respondsToSelector:
  objc[782]: garbage collection is OFF
  Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
  0   libobjc.A.dylib                         0x00007fff8302e150 objc_msgSend_vtable5 + 16
  1   com.apple.Foundation                    0x00007fff8d529382 _NSDescriptionWithLocaleFunc + 50
  2   com.apple.CoreFoundation                0x00007fff8dca0e75 __CFStringAppendFormatCore + 11365
  3   com.apple.CoreFoundation                0x00007fff8dcf368b _CFStringCreateWithFormatAndArgumentsAux + 107
  4   com.apple.CoreFoundation                0x00007fff8dd6be52 _CFLogvEx + 114
  5   com.apple.Foundation                    0x00007fff8d5a3a9f NSLogv + 89
  6   com.apple.Foundation                    0x00007fff8d5a3a3d NSLog + 130
  7   com.apple.AppKit                        0x00007fff8cb7d3a3 -[NSApplication reportException:] + 56
  8   com.apple.iTunes                        0x000000010d5ca5c9 0x10d5c2000 + 34249
  9   com.apple.Foundation                    0x00007fff8d535d0e __-[NSNotificationCenter addObserver:selector:name:object:]_block_invoke_1 + 47
  10  com.apple.CoreFoundation                0x00007fff8dce67ba _CFXNotificationPost + 2634
  11  com.apple.Foundation                    0x00007fff8d521fc3 -[NSNotificationCenter postNotificationName:object:userInfo:] + 65
  12  com.apple.AppKit                        0x00007fff8c8c9366 -[NSApplication finishLaunching] + 333
  13  com.apple.AppKit                        0x00007fff8c8c8f18 -[NSApplication run] + 125
  14  com.apple.iTunes                        0x000000010d5c5c38 0x10d5c2000 + 15416
  15  com.apple.iTunes                        0x000000010d5c5a78 0x10d5c2000 + 14968

  Appreciate the comments and I have done a bit more reasearch.  I have eight computers on the network.  Six Macs and two PCs.  All but one have iTunes on them.  Of the six that have iTunes, the two Macs running OS 10.7.4 and iTunes 10.6.3 (25) do not see the Apple TV when I attempt to connect to a computer from the Apple TV.  The other four Macs see the connect request in the devices on iTunes.  The Windows PC running Windows 7 on an AMD processor and iTunes 10.6.3 can also see the connect request.
  Of the two systems running MacOS 10.7.4, one is an Intel Core i5 and the other is an Intel Core 2 Duo.  Baring some other evidence,  my conclusion is that there is a problem with the MacOS 10.7.4 and iTunes 10.6.3 combination.
  Fall back position is  move my iTunes and iPhoto libraries back to my older Mac mini and sync the AppleTV to that computer.

• Keychain not updated for Remote Login

  Since installing Lion on both machines: When I connect to my G5 Powermac from my MBAir, I use the Keychain to remember my password. This feature worked in previous OS Versions by selecting  the 'Remember' Option in the dialogue (meaning you would only see the following dialogue when your password changed on the destionation machine).
  With Lion, the Password onthe Keychain is not updated when the flag is set. As a result, when I select the destination machine from the Finder, I always have to wait for 'Not Connected' message (while the process tries to log in with my old password). Then, I have to 'Connect As. ..." and enter my current password (every rassafrassin' time).
  Can someone please patch this thing.
  Thanks,
  g

  I'm having some trouble with an RD server Win 2008 on a domain. I have a group called domain\authorizedpeople that I would like to enable remote access for. I added this group to the gpo: Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow log on through Terminal Services. I also added this group to server manager > configure remote desktop on the server itself, and I added this group to the remote desktop users' group on the server for good measure.
  When I try to log on using an account in that group, I get "The connection was denied because the user account is not authorized for remote login". However when I go to server manager > configure remote desktop and add that specific user, it works fine.
  Is there a reasonable explanation for this? I really don't want to have to add...
  This topic first appeared in the Spiceworks Community

• Thunderbird Mission Control Desktop/AutoConfig not working for some users

  I have the file: "C:\Program Files (x86)\Mozilla Thunderbird\defaults\pref\custom.js"
  It contains:
  pref("general.config.obscure_value", 0);
  pref("general.config.filename", "TMcustom.cfg");
  I have the file: "C:\Program Files (x86)\Mozilla Thunderbird\TMcustom.cfg"
  It contains:
  var promptService = Components.classes["@mozilla.org/embedcomp/prompt-service;1"]
  .getService(Components.interfaces.nsIPromptService);
  promptService.alert(null, "title", "testing");
  For most of my users the alert pops up fine when I start Thunderbird, but for a few it doesn't. All of the machines where setup with the same install script. If I log into one of the machines where it's not working as a different user, then it works fine, so I know the files are in the right spot. So why would it not work for specific users? Is there something in the user's Windows profile that could cause it to not work? Or are there any other suggestions?

  As it turns out this was a known bug that was corrected in the recent release of Java 7_65 and Java 8_11. Here is a link to the bug description in the database.
  Bug ID: JDK-8019274 RMI thread can no longer call out to AWT thread for webstart app

• After Upgradation BPF is not working for some users

  Hi All,
  We have recently upgraded from BPC 5.1 to 7MS SP7.  we are having multi server setup with one application / reporting server (windows 2003 and one sql server 2008 (windows 2003 64 bit).
  Intially before upgradation we don't have any issues with BPF and it worked fine for all users. But post upgradation tasks within the BPF  does not work for other users except for the first two people who first  used it. Other users have the same rights as the ones who can access the tasks.
  when they  click on the link it gets them to eExcel and the right application but doesnt open the package or report assigned to the task. It doesn't give us any errors, on the status bar we get a message finalising but does  not getting any thing.
  Any inputs ??

  Hi,
  Are you sure that those users have installed BPC 7 SP7 clients on their machine? Meaning that you uninstalled 5.1 clients and installed the new client from http://servername/Osoft?
  If yes, you should maybe run a client diagnostic on the machines and also check the Management Console for any error messages.
  Hope this will drive you to a potential solution.
  Best Regards,
  Patrick

• Line items are not appearing for some users

  Hi
  In one module pool program some line items are not appering for specific users. For Ex: Out of 5 line items user1 is able to see only 3 and user2 able to see all the line items. what might be the reason.
  Regards
  John.

  Hi,
  What do you mean by line items? Are you talking about screen fields in your module pool program or output of the program?
  Please clarify your issue.
  Regards,
  RS

• MAM application is not working for some users

  Hi All,
  Tha MAM application is not working for some users.Different users have different workcenters other than that I dont see any other change. When I run MAM30_090_GETLIST in the backend I can see the no of customized users.But I cant see same no of users in the MEREP_207 table for the Syncbo MAM30_090 and strcture id TOP in the middleware. There is a data when I checked under worklist monitor for that user. But neither the MAM application nor MAM data is downloading to that device.
  If I use different user on the same device I can see the MAM application and MAM data.
  What could be the wrong in this case. Any help would be highly appreciated.
  Mobile Client:MI 70 SP 15 Patch 0 Build 200802280918
  Middleware:SAP NetWeaver 2004s with Patch leve 15
  Backend:SAP ECC 6.0
  Application:MAM 3.0
  Thanks and Regards,
  Ameer.

  Hi,
  from your description the source of your issue is quite obvious: some of the MAM users configured in spro are not configured properly.
  For T01 SyncBos the number of TOP records in merep_207 MUST be the same as number of headers returned by an appropriate getList FM in the backend.
  You need to solve this before you can go any further.
  Reason why a record is not recorded in MEREP_207 - getdetail failed for whatever reason. So execute MAM30_ML_getdetail for each of the users that is not replicated in the middleware and check if there are errors in RETURN table. If there is no error - one of the common reason for replication fail is when there are records in item tables that have duplicate primary keys.
  Regards,
  Larissa Limarova

• Fingerprint utility is not working for normal users - Tecra M11

  Hi All,
  I installed windows 7 pro in Tecra M11 laptop and the Toshiba finger print utility is not working for normal users.
  It is working only for domain administrators. The TFPU is not working for, normal domain users, local users, local administrators. If we run the utility it will ask to enter the windows password and once we applied the password then the message saying "entered password is not valid" will prompt even if we are trying to use the utility first time.
  If we try with a domain admin account it will work without any problem. Can somebody help me to trouble shoot this issue?
  Thanks.

  People nowadays experienced that no matter How many times we glide our finger it have no response.In this instance, you might be very afraid of Windows password lost by reason that there is a plenty of important data on your PC.
  Then what should you do? One choose is fix the Fingerprint scanners, but this method will cost a lot of money. The other is use the Windows password function to solve the problem. Certainly, this is a very safer, faster and easier to use method for you.
  According my personal experience, you can try these three ways to re-access to your PC:
  Method 1: Login with the default administrator account
  * Step 1: Start Windows PC
  * Step 2: When you can see the Windows login screen, press ctrl+alt+del keys Twice and it'll show Classic Login box
  * Step 3: Type Administrator as Username and leave the password field blank
  * Step 4: Press the Enter Key and then you can be able to login the default windows administrator account which is it created by default when install windows.
  *Note:* This trick is only work for Windows XP. And when you input the key combination Please don't put the cursor on any account. And if you change the name or password before, you cannot login by this way.
  Method 2: Use the previous password reset disk
  This method describes how to create and use a password reset disk for a computer that is a member of a domain. You can use a Windows password reset disk to gain access to your Microsoft Windows Professional-based computer if you forget your Windows password. Please click here to learn more.
  Method 3: Using Windows Password Unlocker
  Using Windows password remove software is could be the fastest and easiest way for you to reset your Windows password while you didn't create a password reset disk before.
  There are 2 options for you: recover Windows password with a bootable CD/DVD or recover Windows password with a USB flash drive.
  Before starting, a bootable CD/DVD or USB flash drive and a computer with CD drive are required. (Internal CD drive and external CD drive are both OK.
  Option 1: Recover Windows password by burning a bootable CD/DVD
  Option 2: Recover Windows password by burning a USB flash drive
  The whole Windows password recovery process can be divided to 3 big steps:
  * >> Step 1: Burn a USB flash drive to remove lost Windows password
  * >> Step 2: Set your target computer to boot from USB
  * >> Step 3: Recover forgotten Windows password with the burned USB flash drive
  In fact, all you need is a *Windows Password Unlocker www.passwordunlocker.com/windows-password-recovery.html which can help you directly reset your windows xp password, and then you can login your XP without a password required. Of course, there are also some other ways to do it, but this way may be most convenient one.

• Synaptics touchpad on HP Mini 110 Windows 7 32 Bit - not working for one user - working for another

  Hi,
  I recently have an issue with Synaptics touchpad on HP Mini 110 Windows 7 32 Bit - NOT working for one user - working for another.
  Windows 7 updates recently installed ???
  By checking the device properties on the user that works - "Synaptics PS/2 Port Touchpad 13/10/2011 Version 15.3.29.0"
  When the other user logs on, the touchpad works for a few seconds, then a displays a black square with a red diagonal line through it, then the touchpad won't respond. Trying to use the keypad to navigate to system diagnosics or anything to find further info is useless....

  Hey eagle_no11,
  Thank you for joining the HP Support Community!
  I will do my best in assisting to hopefully get the TouchPad to work on the second user profile.
  What I would like to start off with, is to restore the original Synaptics drivers onto the profile that is not working correctly. I have included the document Using Recovery Manager to Restore Software and Drivers (Windows 7).
  Once you have installed the original drivers, you will need to complete all updates from both HP, as well as Windows. For these updates, if you open the HP Support Assistant, and select Maintain, you should see an option for updating.
  Please let me know how these steps do work out for you.
  Have a great day!
  I worked on behalf of HP

• ACL is not enabled for this user  OSX 10.5

  I am running OS X 10.5 on a Mini Mac.
  It was a clean install, everything went smoothly except for configuring the mail server.
  I created my users as I normally do using Workgroup manager.
  However 2 out of 3 of users I created can not log into the IMAP server.
  You get the error message ACL is not enabled for this user.
  What is the ACL and how do I enable it ?
  Thanks
  Nov 9 18:38:12 ns1-2 imap[22604]: badlogin from: [192.168.15.101]. plaintext user: friverr. service ACL is not enabled for this user
  Nov 9 18:38:12 ns1-2 imap[22607]: badlogin from: [192.168.15.101]. plaintext user: herbs. service ACL is not enabled for this user
  Nov 9 18:38:12 ns1-2 imap[22607]: badlogin from: [192.168.15.101]. plaintext user: friverr. service ACL is not enabled for this user
  Nov 9 18:38:12 ns1-2 imap[22604]: badlogin from: [192.168.15.101]. plaintext user: herbs. service ACL is not enabled for this user

  Hi there
  I had the same problem and I found this post which fixed it:
  http://discussions.apple.com/thread.jspa?threadID=1244694&tstart=0
  Hope it works for you too!
  Chris

• Search suggestion not working for anonymous user in sharepoint 2013

  Hi ,
  Please help on this search suggestion not working for anonymous user in sharepoint 2013
  shaik

  You can create a search center site, and set the search center site to
  allow anonymous access.
  Also see this link - http://blog.mastykarz.nl/search-query-suggestions-anonymous-users-sharepoint-2013-mavention-query-suggestions/ 
   (As this is regarding a 3rd party tool, I suggest that you direct it to the  provider support.)
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• The FM "DD_DOMA_GET" not released for 'remote' calls.

  Hi,
  When I try to import RFCs from my CRM system in XI, I am getting the following exception:
  com.sap.aii.ibrep.sbeans.upload.RemoteUploadException: The function module "DD_DOMA_GET" not released for 'remote' calls.
  Solution please!!
  Regards,
  Mahesh.

  Hi,
    Making remote enabled will solve this,
  see my reply(Anirban) and jacob's reply in this thread(although this was with idoc)
  Unable to import SAP objects
  For, <i>We tried to make it Remote Enabled but it asks for "Access Key". How to go further?
  </i>
  You need a devloper access key for FM, in SE37
  you can get one in market place, follow this thread,
  Whats Development Key
  Regards,
  Anirban.

• EXP-00105: parameter CONSISTENT is not supported for this user

  Hi,
  I have use Oracle 10g on unix platform
  i have export is taken from following command
  exp \'/ as sysdba\' file=t.dmp full=y buffer=10485760 log=0101.log CONSISTENT=y statistics=none
  export is sucessfull but one warning
  EXP-00105: parameter CONSISTENT is not supported for this user
  if i have use without CONSISTENT parameter then export is successfull ,
  why EXP-00105 error occured ?

  As per Oracle Error Notes:
  EXP-00105: parameter string is not supported for this user
  Cause: The user attempted to specify either CONSISTENT or OBJECT_CONSISTENT when connected as sysdba.
  Action: If a consistent export is needed, then connect as another user.
  Looks likE the SYS user cannot do a transaction level consistent read (read-only transaction). You could have performed this by SYSTEM user or any DBA priviliged user to to take the complete export of your DB.
  Anyway, for more information the error "EXP-00105", please take a look into the same question on another Oracle related forums.
  http://www.freelists.org/archives/oracle-l/05-2006/msg00236.html
  Regards,
  Sabdar Syed.

• Thousands of "mail is not enabled for this user"

  Someone is sending my domain email to thousands of non existent mail accounts. It's like they are combining every possible prefix to my domain they know of. It's been going on for weeks. The Mail service, however, is not being brought down by this at all. So I don't know what kind of attack this is or how to stop it.
  Can someone help me? Below is a minute section of my System log:
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  Dec 31 15:08:55 nameserver lmtpunix[19165]: warning: unable to post message for user: [email protected], mail is not enabled for this user
  ------------------

  Two possibilities - both fall under the heading 'reconaissance by e-mail'. A spammer or hacker will try 1000's of common names, then look at which ones didn't bounce to determine which ones have accounts on your system.
  They then have a comprehensive list of account names on your server, and can proceed to attempt likely passwords for each, or send endless spam to your users. Either one is a Bad Thing, doubly so if you've got any accounts that you created just to test things, and have weak passwords, but you've always counted on nobody knowing they exist.
  At one point, I actually had a 'testuser' account that had 'testuser' as the password - I just hadn't remembered to delete it after I was done testing. It's very common for a system to have a couple of these hanging around. I didn't have trouble with it, but looking for and getting rid of these is critical.
  Either way, the immdiate solution is to go Server Admin->Mail->Settings->Relay, and add the IP address(es) of the senders to the 'Refuse all messages from these hosts or networks' section. Mail attempts will still show up in your SMTP log, but they'll look like this one I got this morning (one of dozens):
  Jan 3 11:07:33 miniserver postfix/smtpd[1440]: NOQUEUE: reject: RCPT from unknown[66.180.115.17]: 554 <unknown[66.180.115.17]>: Client host rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<xptwfs.gov>
  Next is to take a look at your password policies - if you've got strong password policies (must include characters and numbers, must be 7 characters or longer, etc., you're probably OK, but if anyone has weak passwords, or god forbid, uses their userid as their password, you're pretty vulnerable.
  It's also worth noting that someone with a full list of your users has a fair number of tools for improved odds of phishing, or spear-phishing, where they create finely targeted mails that say things like 'Bob Smith told me to contact you for your password', and look very real. A warning mail to your users to remind them that they need to keep passwords secret, and be cautious about mail, even if it appears to know something about them, would be good. I wouldn't specify that you've been recon'd, just a general 'New Year Security Reminder' or some such.
  Hope this helps!