Bootcamp iMac + Active Directory = Not working!

I have a 2009 iMac with bootcamp and XP pro SP3 running great.
Now have to bind to Active directory box and having issues.
Will bind perfectly but upon restart the login windows stalls on selecting the new domain. the machine then needs to be restarted and same again etc etc.
I have a thinkpad with same install and it works a treat so definitely the iMac thats causing the issue.
Could it be the EFI?
Anyone had similar problems?
Any help would be grand
thanks

Similar Messages

Active Directory not working Windows Server 2003 R2

Hi,
Like the subject said my root problem is either my Active Directory or DSN server. In order to properly explain the situation I will have to make the full Story. I was contacted by a family member to help
out a Non profit organisation with there server problem. Their current config is Windows Server 2003 R2 Running DC,AD,DNS,DCHP,File Services( i know is not efficient).
Here is how I come in to play, prior of me helping the had another server running same spec started having hardware failure and the invested in a new server. The person that set it up did replicate the server
on the new one as far as AC and Domain controller but nothing else. We ll now the DC01 failed and no user cannot login into a new computer
or if a new employee will try to added the changes don't take effect. Seeing the situation I went for the basic and seize fsmo roles to the new server. Perform Metadata clean up. Configure the DC02 as Master Domain Controller. Now everything
is set up and running but still No new user can be added or any exiting can log in
a different computer. At this point am out of answer I try everything I found in the forum. Am almost to the verge of deleting all and start
from scratch me knowing all config. Sorry for the long story am not good on resuming stuff. Please let me know If I need to add any other detail
I repeat DC01 is DEAD...
Also when a new user try to login or an existing user try to loging they get the system cannot log you on now because the domain is not available

Not Sure if this is the info requested but I ran the commands
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\administrator.LUTHERAN>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc02
Primary Dns Suffix . . . . . . . : Lutheran.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Lutheran.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client) #45
Physical Address. . . . . . . . . : 00-1C-23-BF-E6-69
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.100.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.6
Primary WINS Server . . . . . . . : 192.168.100.6
C:\Documents and Settings\administrator.LUTHERAN>
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : WINS Client(TCP/IP) Protocol
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Internet Protocol (TCP/IP)
Bind Name: Tcpip
Binding Paths:
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : Internet Protocol (TCP/IP)
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Client for Microsoft Networks
Bind Name: LanmanWorkstation
Binding Paths:
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: Client for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : Client for Microsoft Networks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: Client for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : WebClient
Bind Name: WebClient
Binding Paths:
Component Name : DHCP Server
Bind Name: DHCPServer
Binding Paths:
Component Name : Wireless Configuration
Bind Name: wzcsvc
Binding Paths:
Component Name : Network Load Balancing
Bind Name: Wlbs
Binding Paths:
Owner of the binding path : Network Load Balancing
Binding Enabled: No
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Network Load Balancing
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : Network Load Balancing
Binding Enabled: No
Interfaces of the binding path:
-Interface Name: ndis5
Upper Component: Network Load Balancing
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Component Name : Steelhead
Bind Name: RemoteAccess
Binding Paths:
Component Name : Dial-Up Server
Bind Name: msrassrv
Binding Paths:
Component Name : Remote Access Connection Manager
Bind Name: RasMan
Binding Paths:
Component Name : Dial-Up Client
Bind Name: msrascli
Binding Paths:
Component Name : File and Printer Sharing for Microsoft Networks
Bind Name: LanmanServer
Binding Paths:
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios_smb
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: Message-oriented TCP/IP Protocol (SMB session)
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : File and Printer Sharing for Microsoft Netwo
rks
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: File and Printer Sharing for Microsoft Networks
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : Generic Packet Classifier
Bind Name: Gpc
Binding Paths:
Component Name : Application Layer Gateway
Bind Name: ALG
Binding Paths:
Component Name : NetBIOS Interface
Bind Name: NetBIOS
Binding Paths:
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #45
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndis5
Upper Component: Internet Protocol (TCP/IP)
Lower Component: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Clien
t) #48
Owner of the binding path : NetBIOS Interface
Binding Enabled: Yes
Interfaces of the binding path:
-Interface Name: netbios
Upper Component: NetBIOS Interface
Lower Component: WINS Client(TCP/IP) Protocol
-Interface Name: tdi
Upper Component: WINS Client(TCP/IP) Protocol
Lower Component: Internet Protocol (TCP/IP)
-Interface Name: ndiswanip
Upper Component: Internet Protocol (TCP/IP)
Lower Component: WAN Miniport (IP)
Component Name : WAN Miniport (IP)
Bind Name: NdisWanIp
Binding Paths:
Component Name : Direct Parallel
Bind Name: {A4DC6983-452B-41F9-B696-5112E5E6F1C6}
Binding Paths:
Component Name : WAN Miniport (PPPOE)
Bind Name: {5B69EEC5-2676-460B-9E03-F38B02BA4474}
Binding Paths:
Component Name : WAN Miniport (PPTP)
Bind Name: {DEE98315-C28A-4CC8-9233-E6C3506C16D3}
Binding Paths:
Component Name : WAN Miniport (L2TP)
Bind Name: {9BFC4E35-93B2-4811-8A56-69149ED0837E}
Binding Paths:
Component Name : RAS Async Adapter
Bind Name: {50239872-7742-4BB5-A28E-0B814085C2A6}
Binding Paths:
Component Name : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #48
Bind Name: {19218099-5DDC-4936-A111-75E4D7250A24}
Binding Paths:
Component Name : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #45
Bind Name: {52BE526E-7FAE-4458-9691-E333DA333601}
Binding Paths:
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Documents and Settings\administrator.LUTHERAN>

New Server 2012 install - Active Directory not working properly

We recently converted from 2003 to 2012. Our 2012 R2 server seems to be running fine. We did a DCPROMO on the OLD 2003 DC just fine but now there are all sorts of odd errors (Sharepoint can't authenticate users, Can't run Exchange 2013 on another 2012 server
because it can't find AD, etc.)
on the DC we have a Group Policy error 1096. "Group Policy Object LDAP://CN=User,cn={2B476B3E-2749-4B1B-8EC1-F5672A66F94F},cn=policies,cn=system,DC=mydom,DC=local\\mydom.local\SysVol\mydom.local\Policies\{2B476B3E-2749-4B1B-8EC1-F5672A66F94F}\User\registry.pol"
So far I haven't found anything on how to fix this (and the AD itself.) There are some errors in the DCDIAG log, too:
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\ISD-DC1\netlogon)
         [ISD-DC1] An net use or LsaPolicy operation failed with error 67,
         The network name cannot be found..
Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared. Failing SYSVOL replication problems may cause
         Group Policy problems.
Any suggestions how we can fix these errors are greatly appreciated!

Hi,
Did you migrate the Active Directory from Windows server 2003 to Windows server 2012?
Please refer to this article:
https://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
Regards.
Vivian Wang

Active Directory not binding in AD Plugin

I cannot bind to the Active Directory at work using the ActiveDirectory Plugin for the Directory Access utility.
I keep getting the error message "Invalid Domain"
If I try to ping server.domain.local it does not work. If I try to ping the IP of the server, it works.
The DNS server is Windows Server 2003 based, and has the entire subnet under Reverse Lookup.
I can connect to Samba Shares based on server names, so it knows how to find servers on the network when looking for shares, just not when looking to ping, bind to domain, or browse websites on local servers.
I am able to bind to the LDAP server and browse all the users and computers using LDapper just fine.

In case someone else tries this, this DOES NOT WORK IN LEOPARD!
Leopard added an official Active Directory module that effectively drops any Active Directory support. I have not heard of anyone getting it to work consistently. I was able to check out a kerberos ticket then enable AD authentication, and it worked great, until I turned off the computer and came back the next day and it broke. As soon as the kerberos ticket expires, so does any hope of authenticating against the AD Domain Controller.
Incredibly frustrating.

I have an iMac that is not working. It won't turn on or respond to any keyboard strokes. I have a cd stuck in the computer. How do I get it out?

I have an iMac that is not working. The screen stays black when I turn it on and it won't respond to any keyboard strokes. I have a cd stuck in the computer. How do I get it out?

Hello
Try this
plug a WIERED mouse , start up your imac , hold on mouse buttons for 30-40 second at least by chance cd could be ejected
HTH
Pierre

Pick activity is not working properly while creating two or more file adapt

Hi,
pick activity is not working properly while creating two or more file adapter for bpel process.
bpel process compiled and deployed succesfully but while observing the wsdl file of deployed process you can find only one file adapter. so it polls only from that location.
can anybody help on over this? or it's limitation of jdev to use only one file adapter at time while using Pick.
Thanks
sagar

Does anybody tried this?
Thanks
sagar

Hierarchical Tree: When-Tree-Node-Activated is not working

I'm working Forms 10G rel.2.1 and also using application server 10G 2.
my problem is in Hierarchical Tree [When-Tree-Node-Activated] is not working in Enter this is working in Enter+Tab
I want to this trigger is working in only Enter.
I'm waiting quick response

node_value is only item which have transfer the form or report name
Trigger Name : WHEN-TREE-NODE-ACTIVATED
Declare
     htree                Item ;
Begin
     --clear_values;
--           htree := Find_Item('tree.htree');
-- Find the value of the node clicked on.
:node_value := ftree.Get_Tree_Node_Property(htree, :SYSTEM.trigger_NODE, Ftree.NODE_VALUE);
----Above node value transfer the procedure and call the form with node_value(Form Name)
     Execute_CMD_PROC;
Exception
     When Others Then Null;
End ;
when i enter then no value but when i enter+tab then show the form

Mysites Activity feed not working

Hi,
I have restored Mysite Content database.After restoring it, Profile pictures coming correctly but activity feed and trending tags not working(coming blank).
After restore db i did following:
IIS reset
Server reboot
Mysite setup settings(activity feed enabled)
Alernate access mapping.
Still activity feed not working.Please suggest.

Hello
Have you checked the timer job ?
http://technet.microsoft.com/en-us/library/hh344225(v=office.15).aspx
Best regards, Christopher.
Blog |
Mail
Please remember to click "Mark As Answer" if a post solves your problem or
"Vote As Helpful" if it was useful.
Why mark as answer?

Can't sync ical on my iphone and imac. email and note work but not ical. can anyone help.

can't sync ical on my iphone and imac. email and note work but not ical. can anyone help.
thanks
bmoreimac

So how can i make it work that way, i asked one of my friends, and she says it works like that...when she delete the email on her iphone it is deleted on the mac too, what do i do to change this?....my mail it's hotmail, i don't know if its relevant

HT2188 iPad 1 requested activation after being low on power. Activation does not work.

Hi
My iPad 1 requested activation after being low on power. Activation does not work so I have tried to restore it from iTunes. this progresses but after rebooting, it gets to the activation process for a few minutes and re-boots again - in a loop now. on ios6, not 7. help please?
I also looked at trying to do a manual install of firmware via iTunes but I do not know the version of firmware or how to find it out - so really stuck!
Thanks

I pulled my unit out of the dock - powered up and the display goes blank (if you look carefully you can see the bios boot screen, then black, then you can see the backlight turn off.
I plugged in the USB monitor and boom - I could log in.
Once Logged in I could see that windows still thinks it has some of the monitors from the dock, and the internal display is set to disable.
So the issue is the detection / setup of monitors in/out of the dock.
I've done about all I can do for dubugging, I hope lenovo can pick up from here. if not I'll have to call lenovo support.

Active Sync not working

I am having an issue with active sync not working. I am looking for updates from my resource every 5 minutes for changes. My enviornment is such:
IdM Version 5
App server: Weblogic 8.1.6
IdM is looking at AD (2003) for changes.
My log files look like such:
2007-02-06T13:20:07.794-0500: Started, paused until Tue Feb 06 13:25:00 EST 2007
2007-02-06T13:25:00.049-0500: Pause completed
2007-02-06T13:25:00.095-0500: Polling
2007-02-06T13:25:00.111-0500: Looking for updates with filter: (objectCategory=person)(uSNChanged>=71766297)
2007-02-06T13:25:01.064-0500: Looking for deletes with filter: (uSNChanged>=33117487)
2007-02-06T13:25:07.767-0500: Poll complete.
2007-02-06T13:25:07.767-0500: SARunner: loop 263
2007-02-06T13:25:07.814-0500: Started, paused until Tue Feb 06 13:30:00 EST 2007
2007-02-06T13:30:00.053-0500: Pause completed
2007-02-06T13:30:00.068-0500: Polling
2007-02-06T13:30:00.084-0500: Looking for updates with filter: (objectCategory=person)(uSNChanged>=71766297)
2007-02-06T13:30:01.240-0500: Looking for deletes with filter: (uSNChanged>=33117487)
2007-02-06T13:30:08.021-0500: Poll complete.
2007-02-06T13:30:08.021-0500: SARunner: loop 264
2007-02-06T13:30:08.084-0500: Started, paused until Tue Feb 06 13:35:00 EST 2007
2007-02-06T13:35:00.057-0500: Pause completed
2007-02-06T13:35:00.088-0500: Polling
2007-02-06T13:35:00.104-0500: Looking for updates with filter: (objectCategory=person)(uSNChanged>=71766297)
2007-02-06T13:35:01.229-0500: Looking for deletes with filter: (uSNChanged>=33117487)
2007-02-06T13:35:08.166-0500: Poll complete.
2007-02-06T13:35:08.166-0500: SARunner: loop 265
2007-02-06T13:35:08.197-0500: Started, paused until Tue Feb 06 13:40:00 EST 2007
2007-02-06T13:40:00.030-0500: Pause completed
2007-02-06T13:40:00.030-0500: Polling
2007-02-06T13:40:00.045-0500: Looking for updates with filter: (objectCategory=person)(uSNChanged>=71766297)
2007-02-06T13:40:01.014-0500: Looking for deletes with filter: (uSNChanged>=33117487)
2007-02-06T13:40:07.795-0500: Poll complete.
When I run these search filters I get results from my AD. When IdM runs the search they are coming back blank. Any ideas?
Thanks,
Chris

If you have changed environments... or for some other reason, your USN number on the AD resource could be lower than the number passed in the query.
Manually edit a user in AD, and then check the USN number of the object. See if it is lower then the query is passing. If so, you can manually edit the IAPI_ResourceName configuration object and alter the USN number passed in the query.

Active Directory and Open Directory not working

I am experiencing an issue, or several issues that I can't figure out how to resolve.
I have an Active Directory domain set up (running 2003 server R2) and it is humming along quite nicely.
A few weeks ago I got a new XServe running 10.5.4. Booted it up, bound it to AD, and then set up and OD Master on it so that I could manage some new Macs that we have.
The Macs are bound to both directories.
The issue I have comes in when using Workgroup Manager, and trying to add AD user to OD groups. The groups drawer is open, but the little directory menu at the top of the drawer does not include the entry for Active Directory. I see Local, Search Policy, and /LDAPv3/127.0.0.1...
If I try to pull down the directory menu above the user list, I see the following: Loca, Search Policy, Other..., /Active Directory/All Domains, and /LDAPv3/127.0.0.1.
If I select /Active Directory/All Domains from that list I get the following error.
+Unable to open the requested node.+
+The node /Active Directory/All Domains couldn’t be opened because an unexpected error of type -14002 occurred.+
I think these issues are related, but I can find no help on the first item (AD not showing up in the groups menu)
and a search for the second item only reveals the following page form Apple, which means absolutely nothing to me.
http://developer.apple.com/documentation/Networking/Reference/OpenDirectoryRef/Reference/reference.html
The killer is that this all worked at one point. I had an Apple Tech out here and he helped me set up this 'Golden Triangle" method of authenticating against both directories. And it works... sort of... I can create groups in OD and add OD machine accounts to the group to enforce some settings. But I can't bring in AD users, cause I can't see the AD user list.
I hear that this is supposed to work... I can't figure it out.
Any help would be appreciated.
Thanks for your time.
Bill

Hi
Can you access Active Directory from the command line using dscl?
In what order are the LDAP directories listed in Directory Utility on the Server?
Is Kerberos running on the OD Master?
If you issue klist from the command line on the server itself - what is the result?
Or don't bother with any of the above and start again. You've nothing to lose anyway apart from some managed preferences which you can redo in little time. Scrub the configuration in the AD plug-in and demote to Standalone. Restart and go for an AD rebind. Make sure the edu.mit.Kerberos file is created in /Library/Preferences. Launch WGM and you should see AD Users and Groups this time, If you do go for promotion again. What you want to see in the OD Overview pane is everything running apart from Kerberos and the search base reflecting the FQDN of the OD Master. Make sure there is the loopback entry (127.0.0.1) in the LDAPv3 plug in. Finally make sure the OD Master lists itself first in the Directory Search Order.
I'm assuming the Server is configured as Advanced and is updated to 10.5.4.
Tony

Active Directory synchronization working, authentication not on CUBM BE5000 8.6(1a)

I successfully set up Active Directory synchronization between my CUCM BE5000 appliance running 8.6(1a) and our Windows 2008 Server Active Directory. Users are replicating successfully, but authentication is not working even though I am using the same LDAP manager distinguished name and password for both. I have a suspicion to the cause of this problem but for the record, the following is my relevant configuration:
System/LDAP/LDAP System:
LDAP Server Type Microsoft Active Directory iPlanet or Sun ONE LDAP Server OpenLDAP Microsoft Active Directory Application Mode
LDAP Attribute for User ID userPrincipalName sAMAccountName mail employeeNumber telephoneNumber
LDAP Server Type: Microsoft Active Directory
LDAP Attribute for User ID: userPrincipalName
System/LDAP/LDAP Directory:
LDAP Configuration Name: bgctnv.local
LDAP Manager Distinguished Name: CN=cm.sync,OU=BGCTNV Users,DC=bgctnv,DC=local
LDAP User Search Base: DC=bgctnv,DC=local
LDAP Server Information: bgctnv.local, port 389 (to query any domain controller in DNS; I have also tried specific IP addresses)
System/LDAP/LDAP Authentication:
LDAP Manager Distinguished Name: CN=cm.sync,OU=BGCTNV Users,DC=bgctnv,DC=local
LDAP User Search Base: LDAP user search base is formed using the User ID information (pre-populated, I cannot change this)
LDAP Server Information: bgctnv.local, port 3268
All of my Active Directory users are now populated and active under End Users. However, I am not able to log into /ccmuser among other things using my valid domain credentials. I am a super user as well as a standard end user.
Curiously, invalid usernames (userPrincipalName in my case) return the error "Log on failed - Invalid User ID or Password" while a valid username, with or without the correct password, returns only "Log on failed." That seems to imply that some part of the authentication or LDAP bind is taking place.
Here's the catch. The base domain here is bgctnv.local while we use bgctnv.org as a valid and acceptable alternative UPN suffix in Active Directory. Every Microsoft and every third-party program I have used will accept [email protected], but I'm beginning to think that CM will not, or is having some sort of translation issue. I read that alternative suffixes can cause problems in Active Directory forests with multiple trees, but this is a vanilla, single domain environment.
I don't even know where to look to debug this issue. Has anyone seen this before or can anyone tell me where to look for logs?
Thanks,
John

I found the following:
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/srnd/8x/directry.html
As mentioned in the section on LDAP Synchronization, in order to support synchronization with an AD forest that has multiple trees, the UserPrincipalName (UPN) attribute must be used as the user ID within Unified CM. When the user ID is the UPN, the LDAP authentication configuration page within Unified CM Administration does not allow you to enter the LDAP Search Base field, but instead it displays the note, "LDAP user search base is formed using userid information."
This may help in some situations where there are multiple trees in an AD forest, but it is definitely not the solution. Even with multiple trees, it is common to use alternative UPN suffixes. Nothing in AD requires or even recommends that you exclusively use your AD domain root as the UPN suffix.
For example, company.local may use company.com as an alternative but primary UPN suffix to provide simplicity for users. Users can then achieve more broad SSO capabilities by using their familiar email credentials when authenticating for company.local services.
When using UserPrincipalName as the LDAP synchronization attribute for the CM User ID, the configuration requires that the search base for authentication be derived from the UPN suffix, regardless of whether it is a single domain or multiple trees within a forest. This makes it impossible to authenticate by UPN unless your UPN is explicitly your root domain name. From the example above, CM would try to bind [email protected] against DC=company,DC=com instead of the correct DC=company,DC=local.
The logical solution would be to allow the administrator the option. Why not have a choice of whether to generate the user search base from the userid (UPN) information, or be able to specify the search base as well like it allows with any other synchronization attribute?
Would this be a feature request, bug report, or neither? I'd really appreciate it if Cisco considered this but I don't know the proper channel.

Activity Monitor not working correctly / not listing processes

When I open Activity Monitor, it does not display a list of processes. The CPU usage works in the bottom of the window as does the disk usage. None of the other graphs display any graphing/data.
I have rebooted, relaunched AM and I selected "all processes" but it still doesn't show processes.
I used the terminal command "top" and can see processes in the terminal window.
thanks for any assistance,
Harold
imac 2.8 dual core/24"/2gb/os10.5.5

Thanks for the quick reply. I couldn't find the activity monitor preferences file you specified, in the Preferences directory. Here's what I've done: I rebooted from an older backup image on my external drive that I made using superduper. The activity monitor app worked from this disk image. I copied the AM app into my current drive, where it showed as a copy.
I rebooted, and attempted to use this copy. It wouldn't let me due to file permissions problems of some sort. I opened the current version of AM and now it works.
I'm not sure what fixed the problem, but Activity Monitory now seems to be working OK.
thanks,
Harold

Trying to login to Windows active directory at work

I take my iMac back and forth between home and work. We have multiple types of servers which I can log into. But I'm unable to login to the Windows Active Directory. Note that I can login with the windows desktop. Just not my iMac which I strongly prefer to use.
I went into \applications\utilities\directory access and put in the directory domain (as shown in the windows computer) and typed in what I want it to see as my computer name and then clicked on Bind.
A new window opens (Network Administration Required) screen asking for my Username, password, and Computer OU: and I put them in as they show on my windows computer and hit enter.
A new window comes up showing "Invalid domain" An invalid Domain and Forest combination was specified. You should enter a fully qualified DNS name for the domain and forest (e.g., ads.company.com).
Tech support says they don't support anything other than Windows XP and don't look at all sorry about it. Any idea how I can find out the information I need from my Windows computer and typing things in at the command prompt?
Thanks in advance.

Note that are computers come preconfigured and already connecting to our Windows server. So users don't enter any information other than user-name and password to get in.
So they have to create a computer name (like creating a user) on the server and then tell me what it is and I put the same info in my computer to login. Hmmm. Now the question is whether they will do that for me or not.
Thank you.

Bootcamp iMac + Active Directory = Not working!

Similar Messages

Maybe you are looking for