Chaning the OD Domain name (kerberos realm)

Similar Messages

• C170 Ironport error "The query domain.name.accept failed

  Dear Community,
  I have two Cisco C170 Ironport devices.  Each is throwing the following error:
  "The query <domain.name.accept> failed with result inquiry timed out."
  I have been unable to decipher it and was hoping anyone might possibly have a clue to look for the resolution.
  I would be very grateful Community.
  Thanks.
  Rocky

  Hey Rocky,
  This seems to be an error on an LDAP accept query that is configured on the appliance.
  If you have indeed created an LDAP accept query, please check connectivity from the appliance to your AD servers currently set.
  Please go to GUI > System Admin > LDAP
  Here you can check connectivity to the AD servers and also run a test accept query.
  Please attempt these tests and let us know the results.
  Judging from the error, I am assuming that the LDAP accept query test will fail resulting in a time out, if it does this usually indicates either the AD server was not properly setup on the appliance, if so, you will need to ensure that your firewalls if any are in place is allowing the query traffic from the appliance to the AD server
  Please let us know.
  Regards,
  Matthew

• Convert database IP link with the sub-domain name

  Can someone help me to covert the database ip with the SUB-domain name ?
  Kind regards,
  Shar Kurtishi
  Freelance Consultant
  10000 Prishtina, KOSOVO
  +377.44.210.456

  Hi Shar,
  You can use unix "nslookup" to get the domain from up or viceversa.
  The aim to get the info frm the dns server.
  Regards,
  Chandan

• Find the full domain names?

  Hi,
  Where can i found the full domain names in application server?
  for example,
  suppose, i am installed in portal, discoverer, etc.,
  http://...:7778/pls/portal
  http://...7781/discoverer/plus
  Thanks!

  Hi,
  You can find your full computer name at My Computer > Properties > Computer name.
  If your machine is not under any domain, as in case of Home PC, then you will have workgroup name instead of domain name.
  You can install portal,discoverer, etc in both cases.
  Cheers!
  Yogini

• How to change the root domain name in window 2012 server

  Got a window 2012 server build up. My root domain name looks something like corp.marketing   Well I seems to have missed to add the last .com or .local.  How do I add the .com to my existing root domain name please. The server is new, will
  go online in few days time. Thanks for all the help.

  I have a similar question and not sure if this is the right place. I had set a server with corp.brighterworld.com but the install wizard anywhere access had me believe that microsoft's strongly preferred domain name prefix was remote.brighterworld.com so
  I contacted GoDaddy and had it reissued as remote. but when I went to reconfigure for the new name. I had already set the server for being a CA, and in that process it issued like 4 or 5 certificates. So I had tried to rebuild the machine from scratch, but
  the it didn't wipe everything, but rather saved previous state which left the old certificate stuff to be dealt with. Any hints or help out here for us having to learn this stuff the hard way?
  Thanks,
  Mark Saxton

• Changing the default domain name of the server.

  I know this is not the correct title for the topic. but its the best word i could found on my voculabary.
  here's my problem.
  Im using Sun App Server 9. the server is installed in the local machine. for testing purposes client access from the local server is sufficient. I deployed a web service using net beans 5.5. My problem is that the WSDL file is generated (by server) uses a fully qualified domain name rather than localhost. for example it uses http://mlb.stdmlb.sliit.lk:8080. When i try to create a client using netbeans it tries to access the server using this address (the one in the WSDL) but the firewall denies access to port 8080. Therefore i want to use the server to use localhost rather than the long domai name. (at least http://mlb) Can anyone tell me how to configure this?
  Lahiru

  These are the steps for changing domain name & IP address without reinstall
  a) Stop the Gateway and Server .
  b) Export the profile server database to a flat ldif file:
  # /opt/netscape/directory4/slapd-host_name/db2ldif /temp/profile.ldif
  c) Use awk, perl, or vi, to change every instance of the system domainname in the ldif file to that of the new system.
  d) Import the edited ldif file into the profile server on the new machine:
  # /opt/netscape/directory4/slapd-/ldif2db -i /temp/profile.ldif
  e) edit etc/opt/SUNWips/platform.conf and change all the domain name & Ip address
  f) edit /etc/opt/SUNWips/properties.file change the domain name
  g) Start the platform server and gateway on the new machine.

• How to determine the Current Domain name from inside an Mbean / Java Prog

  We have registered an Application Defined MBean. The mbean has several APIs. Now we want to determine the currrent domain using some java api inside this Mbean. Similarly we have deployed a Webapp/Service in the Weblogic domain. And inside this app we need to know the current Domain. Is there any java api that will give this runtime information.
  Note: We are the MBean providers not clients who can connect to the WLS (using user/passwd) and get the domain MBean and determine the domain.
  Fusion Applcore

  Not sure if this will address exactly what you are looking to do, but I use this technique all the time to access runtime JMX information from within a Weblogic deployed application without having to pass authentication credentials. You are limited, however, to what you can access via the RuntimeServiceMBean. The example class below shows how to retrieve the domain name and managed server name from within a Weblogic deployed application (System.out calls only included for simplicity in this example):
  package com.yourcompany.jmx;
  import javax.management.MBeanServer;
  import javax.management.ObjectName;
  import javax.naming.InitialContext;
  public class JMXWrapper {
      private static JMXWrapper instance = new JMXWrapper();
      private String domainName;
      private String managedServerName;
      private JMXWrapper() {
      public static JMXWrapper getInstance() {
          return instance;
      public String getDomainName() {
          if (domainName == null) {
              try {
                  MBeanServer server = getMBeanServer();
                  ObjectName domainMBean = (ObjectName) server.getAttribute(getRuntimeService(), "DomainConfiguration");
                  domainName = (String) server.getAttribute(domainMBean, "Name");
              } catch (Exception ex) {
                  System.out.println("Caught Exception: " + ex);
                  ex.printStackTrace();
          return domainName;
      public String getManagedServerName() {
          if (managedServerName == null) {
              try {
                  managedServerName = (String) getMBeanServer().getAttribute(getRuntimeService(), "ServerName");
              } catch (Exception ex) {
                  System.out.println("Caught Exception: " + ex);
                  ex.printStackTrace();
          return managedServerName;
      private MBeanServer getMBeanServer() {
          MBeanServer retval = null;
          InitialContext ctx = null;
          try {
              //fetch the RuntimeServerMBean using the
              //MBeanServer interface
              ctx = new InitialContext();
              retval = (MBeanServer) ctx.lookup("java:comp/env/jmx/runtime");
          } catch (Exception ex) {
              System.out.println("Caught Exception: " + ex);
              ex.printStackTrace();
          } finally {
              if (ctx != null) {
                  try {
                      ctx.close();
                  } catch (Exception dontCare) {
          return retval;
      private ObjectName getRuntimeService() {
          ObjectName retval = null;
          try {
              retval = new ObjectName("com.bea:Name=RuntimeService,Type=weblogic.management.mbeanservers.runtime.RuntimeServiceMBean");
          } catch (Exception ex) {
              System.out.println("Caught Exception: " + ex);
              ex.printStackTrace();
          return retval;
  }I then created a simply test JSP to call the JMXWrapper singleton and display retrieved values:
  <%@page contentType="text/html" pageEncoding="UTF-8"%>
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
     "http://www.w3.org/TR/html4/loose.dtd">
  <%@ page import="com.yourcompany.jmx.JMXWrapper"%>
  <%
     JMXWrapper jmx = JMXWrapper.getInstance();
     String domainName = jmx.getDomainName();
     String managedServerName = jmx.getManagedServerName();
  %>
  <html>
      <head>
          <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
          <title>JMX Wrapper Test</title>
      </head>
      <body>
          <h2>Domain Name: <%= domainName %></h2>
          <h2>Managed Server Name: <%= managedServerName %></h2>
      </body>
  </html>

• Choosing the correct domain name

  Hi
  I just need a bit of advice about domain names. I have a commercial mail order company and couldn't get the .co.uk version of my company name so chose the .info equivalent - http://www.thelittlethings.info - I am constantly anxious about it, believing that my domain address will always be inferior to the .co.uk version. Asking around, some people don't think it makes much difference but I just wanted to find out if anyone has strong views on the subject - I think I will get a better idea from those who actually build websites. I have bought The-Little-Things.co.uk but I think this is a bit of a hassle to enter and to say even. I have noticed now that .eu and .me.uk are now available since I bought .info and I was wondering what people's opinions of these are. Alternatively I have thought of playing with the company name in the domain name slightly so I could get the .co.uk - please help!

  The length of the name doesn't rellay matter in this day and age. Something memorable that rolls off the tongue I think works best.
  Although I can't think of any at the moment it seems to be 'the rage' with webdesigners/advertisers to get domain names for companies that are all about their taglines and or current gimmick. I am forever seeing adverts on TV for things where the URL seems to have nothing to do with the company at all.

• ISE redirect to the wrong domain name

  Hello guys,
  We changed a domain name of the ISE appliance and it started giving us grief. It was configured to redirect wireless users to the web registration and authentication portal. We properly added all required A records in DNS server and looked everywhere but didn't find anything that could give any clue.
  Perhaps the old FQDN get stuck somewhere in the database.
  Any idea? Please help !!!

  Case Solution:
  Connecting to the Active Directory Domain
  To reconnect with Active Directory domain, complete the following steps:
  Step 1                                                   Choose Administration > Identity Management > External Identity Sources.
  Step 2    From the External Identity Sources navigation pane on the left, click Active Directory.
  Step 3    Enter the domain name in the Domain Name text box.
  Step 4    Enter a friendly name in the Identity Store Name text box for your Active Directory identity source (by default, this value will be AD1).
  Step 5    Clicks Save Configuration.
  Step 6    To verify if your Cisco ISE node can be connected to the Active Directory domain, click Test Connection. A dialog box appears and prompts you to enter the Active Directory username and password.
  Step 7    Enter the Active Directory username and password and click OK.
  A dialog box appears with the status of the test connection operation.
  Step 8    Click OK.
  Step 9    Click Join to join the Cisco ISE node to the Active Directory domain.
  The Join Domain dialog box appears.
  Step 10    Enter your Active Directory username and password, and click OK.
  Step 11    Check the Enable Password Change check box to allow the user to change their password.
  Step 12    Check the Enable Machine Authentication check box to allow machine authentication.
  Step 13    Check the Enable Machine Access Restrictions (MARs) check box to ensure that the machine authentication results are tied to the user authentication and authorization results. If you check this check box, you must enter the Aging Time in hours.
  Step 14    Enter the Aging Time in hours if you have enabled MARs.
  This value specifies the expiration time for machine authentication. If the time expires, the user authentication fails. For example, if you have enabled MARs and enter a value of 2 hours, the user authentication fails if the user tries to authenticate after 2 hours.
  Step 15    Click Save Configuration.
  Step 16. Create Certificate Authentication Profile
  Step 17: Import CA Certificates into ISE Certificate Trust Store
  Step 18: Configure CA Certificates for Revocation Status Check
  Step 19: Enable Client Certificate-Based Authentication
  Please check below link for certificates configurations
  http://www.cisco.com/en/US/docs/security/ise/1.1/user_guide/ise_admin.html#wp1122804

• Preparing new Certificate for Exchange - how to cover the .local domain names

  I need to plan out our new certificate for our CAS servers. Exchange 2010 SP3. Our current SAN certificate has several names including our Exchange FQDN's which are exserver.domain.local. I know our CA will not let me generate SAN's with a .local anymore
  so how do I cover the Exchange internal FQDN's in the certificate? 
  I did a get-exchangecertificate and the only certificates I have are the public CA with all the SAN's and Services are IP.WS. The other two Exchange certificates are self signed but only for SMTP "S".
  You can only have one certificate for web services "W" so how do you get around the Exchange FQDN? Our internal autodiscover, availability and OOF etc....that Outlook uses all use the Exchange internal FQDN of servername.domain.local.
  Even if I generate another Exchange certificate for the server FQDN and submit it to our internal CA, I cannot enable web services on this certificate because my public certificate is already enabled for web services.
  Need some help here. I am really stumped on this one.

  Hi Shadowtuck,
  It is suggested to post in the Exchange forum:
  https://social.technet.microsoft.com/Forums/en-US/home?category=exchangeserver
  In addition, hope the link below could be helpful for you:
  Global changes in legislation regarding SAN SSL Certificates
  http://www.networking4all.com/en/ssl+certificates/faq/change+san+issue/
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• How can I find the currently logined domain name on Windows??

  Dear,
  I've a program that query some user account information from A.D.
  But I don't want to hard code anything.
  I've read some previous post about using LDAP, and using DNS queries to found all LDAP server of A.D.
  But how can I get the A.D. domain name in Java?
  for example
  ldcp://_ldap._tcp.xxxx.yyyy
  I want to get "xxxx.yyyy" from the logined user account. It is possible in Java.

  You coud use the NTSystem class to derive the NetBIOS domain name, however without doing some gymnastics it isn't easy to derive the fully qualified domain name. import java.io.*;
  import com.sun.security.auth.module.NTSystem;
  class NTDomain {
       public static void main(String[] args) {
            NTSystem system = new NTSystem();
            String domain = system.getDomain();
            System.out.println("Domain: " + domain);
  }The only other alternatives could be to check the domain suffix of the user principal that was authenticated via Kerberos ....
  lc = new LoginContext(searchkrb5.class.getName(),new SampleCallbackHandler());
       lc.login();
       catch (LoginException le) {
            System.out.println("Logon failed: " + le);
            System.exit(-1);
       System.out.println("Authenticated via GSS-API");
          System.out.println("User: " + lc.getSubject().getPrincipals().toString); however I think that you still have to specifify the Kerberos realm in the apps configuration file.
  Another alternative could be to make assumptions about the machines hostname, however one day an assumption will always be proven wrong, (eg. The machine's DNS domain name does not need to match the Active Directory domain).
  Unless there is a Java API to read the Windows registry or extract Kerberos ticket information from the WIndows Kerberos ticket cache, you may be kind of stuck.

• How do I configure snow leopard server to allow local client to access the server using its public domain name

  I have SLS 10.6 running on my local network with DNS configured.
  I can access the server from a client on the lan using server.local or server.domain  where domain name is my publically registered domain,
  From the internet I can access my server using the registered domain name i.e. www.domain.com. 
  Is it possible to set my server up so that www.domain.com  also reaches the server when used by a client locally?   At present I get a page not found error.

  The configuration you're aiming for is called split-horizon or split-brain DNS, and it's quite possible.  It can get slightly hairy when you have different stuff using the same host name for different purposes, for instance, and you'll need to track all external DNS entries in your internal DNS server when you're running "split". 
  Here is how to set up DNS services.   Split-horizon is one of the options listed there.
  My preference is to use a different domain or subdomain within the network, and to avoid using split-horizon where I can reasonably manage it.  One domain name is configured for and reachable outside and is effectively public, and the other domain (or a subdomain) is inside and private and only reachable directly or via VPN, for instance.

• Not able to start the listener in oracle 10g  after the domain name changed

  Hi
  I had installed the oracle 10g on zLinux. It was working fine( was able to mount the database and start the listener). Now my server's domain name got changed. So i have added the new domain name in the tnsnames.ora and listeners.ora file . now i could able to mount the databases but am not able to start the listener . whille starting the listener , am getting the following error
  oracle@ptcr4d00:~> lsnrctl start
  LSNRCTL for Linux: Version 10.2.0.2.0 - Production on 05-AUG-2009 10:31:05
  Copyright (c) 1991, 2005, Oracle. All rights reserved.
  Starting /opt/oracle/10g/bin/tnslsnr: please wait...
  TNSLSNR for Linux: Version 10.2.0.2.0 - Production
  System parameter file is /opt/oracle/10g/network/admin/listener.ora
  Log messages written to /opt/oracle/10g/network/log/listener.log
  Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1)))
  Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=PTCR4D00)(PORT=1521)))
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
  TNS-12547: TNS:lost contact
  TNS-12560: TNS:protocol adapter error
  TNS-00517: Lost contact
  Linux Error: 104: Connection reset by peer
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=PTCR4D00)(PORT=1521)))
  TNS-12541: TNS:no listener
  TNS-12560: TNS:protocol adapter error
  TNS-00511: No listener
  Linux Error: 111: Connection refused
  I have posted the contents of the tnsnames.ora and listeners.ora
  TNSNAMES.ORA
  TC =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = PTCR4D00)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = TC)
  EXTPROC_CONNECTION_DATA =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (CONNECT_DATA =
  (SID = PLSExtProc)
  (PRESENTATION = RO)
  LISTENERS.ORA
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (SID_NAME = PLSExtProc)
  (ORACLE_HOME = /opt/oracle/10g)
  (PROGRAM = extproc)
  LISTENER =
  (DESCRIPTION_LIST =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1))
  (ADDRESS = (PROTOCOL = TCP)(HOST = PTCR4D00)(PORT = 1521))
  Could you please help me to resolve this issue ?
  Regards
  Mani

  Hi
  Please find the content of the /etc/hosts below
  # IP-Address Full-Qualified-Hostname Short-Hostname
  #127.0.0.1 localhost
  9.124.114.49 PTCR4D00
  # special IPv6 addresses
  ::1 localhost ipv6-localhost ipv6-loopback
  fe00::0 ipv6-localnet
  ff00::0 ipv6-mcastprefix
  ff02::1 ipv6-allnodes
  ff02::2 ipv6-allrouters
  ff02::3 ipv6-allhosts
  9.124.114.49 PTCR4D00 PTCR4D00
  Regards
  Mani

• Need to the domain name and computer name in offline mode

  Hi,
  I can not able to login to the windows system, the password i am using is correct. But im getting error "the login method using is incorrect, please contact network admin". I forgot the domain name i set to login to the system. Now Currently i
  dont have the recovery/windows7 disks.  I have Unix in my machine as well. so i have mounted the windows7 parition in linux, and trying to find out the computer\domain name.  so please suggest which file i need to search to get the details.
  Thanks,
  Ravi

  Hi Ravi,
  If you want to know more information about domain name, please take a look at the following article.
  http://technet.microsoft.com/en-us/library/cc731265(v=ws.10).aspx
  Based on my research, the computer name and domain name are stored in the registry key.
  We could find computer name in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName.
  And we can find domain name in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Domain.
  Have you ever  joined a domain?
  If yes, please contact the network admin as mentioned.
  And we can type Domain name\Username and then password to login.
  If you haven’t, we could try to type Computer name\username(.\username) and then the password to login the computer.
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Business Catalyst Help | Learn how to change the domain name

  This question was posted in response to the following article: http://helpx.adobe.com/business-catalyst/using/change-site-domain1.html

  A Muse site seems to be automatically hosted on a web basic site. So when you want to give your site the proper domain name, (which is already purchased and added to the BC servers), and have it hosted on your web + plan (or  another premium web plan with mail), where is the option for that? As far as I can see, this option is not offered. Do you upgrade it from your premium plan? And if so, how?