Clients authenticating to wrong Domain Controllers
In our domain we have 28 sites and each site have its own Domain Controllers and we have one data center where we have 3 DCs.
Domain Controllers run DNS role as well and DNS replication is active directory integrated.
For all clients local DC is configured as primary DNS and DataCenter DCs configured as secondary DNS.
Problem is, most of the times, client machines are not gettings authentication from local domain controller, most of the times authentication happnes from other location domain controller or data center DCs.
I have done the below troubleshooting steps;
DNS - verified in the DHCP and ensured that local domain controller (DNS) server configured as promary DNS server and data center DCs as secondary
SRV Records- verified and looks fine
Subnets - Verifed and found its configured according to the sites in AD
I can confirm the information in SRV records and AD subnet information is accurate.
Please help me resolving the issue
Mahesh
Problem is, most of the times, client machines are not gettings authentication from local domain controller, most of the times authentication happnes from other location domain controller or data center DCs.
This is usually caused due to one of the following:
AD Sites and subnets are not configured properly: DCs not moved to the correct sites, missing subnets, subnets linked to wrong sites .... Here, netlogon.log on each DC will help you to have more information about this: http://support.microsoft.com/kb/109626
Security filtering: If traffic to local DCs is filtered, client computers will not able to query them and will try to query other DCs. You can use PortQryUI to make sure that all needed ports for authentication are opened: http://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx
Wrong DNS records which may cause wrong DNS resolution - Here clients may be redirected to DCs you don't like them to be contacted
For AD sites and subnets, make sure that:
You created an AD site per physical location you have DCs in them
You created all usued subnets (Be careful about subnetting and supernetting) and link to their correct sites - Each subnet will be linked to AD sites containing DCs you would like them to be contacted
For Filtering, use PortQryUI for checks and you can use event logs for more information.
For the DNS system, you can proceed like that to be sure that all DCs were registered correctly and that DNS resolution will be fine:
Make sure that all DCs has one IP address in use and only one NIC card enabled (Other NICs should be disabled)
Make sure that public DNS servers are set as forwarders and not in IP settings
Choose a healthy DC / DNS server and make all DCs point to it as primary DNS server. You can make other DNS servers point to their private IP address as secondary one
Make sure that needed ports for AD replication are opened in both direction: http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
Once done, run ipconfig /registerdns and restart netlogon on each DC you have. Like that, all DCs will update their records on the chosen DNS server and the changes will be replicated to other DC / DNS servers using AD replication. Of couse,
it will be better to remove manually all obsolete / unused DNS records.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active
Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network
Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications
Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
Similar Messages
-
Domain Controllers that are DNS servers DNS Client settings
[Copying verbatim from a mail by Joe ]
So I have been pinged by a few folks recently on configuration of client DNS settings on Domain Controllers that are also functioning as DNS Servers. Lots of debate. I understand there has been long time debate within MSFT as well.
From http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx there
is the quote
"3.When referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address."
From http://www.microsoft.com/en-us/download/confirmation.aspx?id=9166 (Windows
Server 2008 R2 Core Network Guide)
"9. In Preferred DNS server, type the IP address of your DNS server. If you plan to use the local computer as the preferred DNS server, type the IP address of the
local computer.
10. In Alternate DNS Server, type the IP address of your alternate DNS server, if any. If you plan to use the local computer as an alternate DNS server, type the IP address of
the local computer."
From http://technet.microsoft.com/en-us/library/dd378900(v=ws.10).aspx (DNS:
DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers)
"The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to
itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should
be configured only as a secondary or tertiary DNS server on a domain controller...
Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
ESPECIALLY "For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary
DNS server on a domain controller." and "Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
Why shouldn't loopback not be first, the justification is why you shouldn't only use loopback, not why it shouldn't be first.
From http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx (DNS:
DNS servers on <adapter name> should include the loopback address, but not as the first entry)
"If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners.
The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself,
or points to itself first for name resolution, this can cause a delay during startup. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only
as a secondary or tertiary DNS server on a domain controller."
This also seems like justification against only using loopback versus using it first.
Are there any actual real documented issues for using loopback first and a remote DNS server second and perhaps third? If the local DNS server service isn't working yet (or at all), I would expect the DNS Client process
to try to connect to it, fail, and then failover to the secondary just like I would expect it to failover if the remote DNS server was secondary and it was unavailable and it failed back to the loopback. Am I making a bad assumption?
And by documented I don't mean random responses to questions on the internet or other such items. I mean a KB article or technet article or properly researched and tested other web article from a reliable resource.
thanks,
joeAs I understand it, the scenario whereby a DC could become an 'island' if it points only to itself, or to itself first, was repaired in the Windows Server 2003 product cycle. See
http://support.microsoft.com/kb/275278 for information about this scenario.
However, there is still a known problem of slow boot times that can occur. See
http://support.microsoft.com/kb/2001093 for information about this. The scenario that is discussed assumes there is a power failure and servers shut down due to overheating while on backup power. When
multiple servers come online simultaneously after power is restored, there can be a significant delay.
The recommended configuration is one that avoids a single point of failure, but also tries to optimize the speed of resource record registration, so that Active Directory can properly synchronize.
-Greg -
We have a program called Audit Wizard that we used with Windows 2003 that monitored all clients and alerted my department when a program was installed/uininstalled. since upgrading to windows server 2008R2, the program no longer works correctly.
So we are wondering if it is possible for Windows 2008R2 Domain Controllers, running at a 2008R2 forest and domain level) to be able to audit when a programs are installed/uninstalled on clients and send alerts to our Admins?
If so, How?
Thanks in advance for your help!
Pete MaciasHi Pete,
>>So we are wondering if it is possible for Windows 2008R2 Domain Controllers, running at a 2008R2 forest and domain level) to be able to audit when a programs are installed/uninstalled on clients and send alerts to our Admins?
As far as I know, group policy can't help us do this. If you are interested, we can take a look at System Center Operation Manager and ask for suggestions in the following SCOM forum.
Operations Guide for System Center 2012 - Operations Manager
https://technet.microsoft.com/en-us/library/hh212887.aspx
System Center Operation Manager
https://social.technet.microsoft.com/Forums/systemcenter/en-US/home?category=systemcenteroperationsmanager
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Fetch client IP addresses from the Netlogon.log file of all domain controllers in the domain
Hi,
The event ID 5807 is logged in the system logs of domain controllers as a result of which the IP addresses for the missing subnets are logged in Netlogon.log under %systemroot%/debug. The end goal is to fetch the IP addresses along with rest of the respective
attributes from the Netlogon.log for all the domain controllers in the domain. I have the following script however, it gives me a 0KB file despite the fact that the Netlogon.log on the DC contains ample entries from last two months.
function GetDomainControllers {
$DCs=[system.directoryservices.activedirectory.domain]::GetCurrentDomain() | ForEach-Object {$_.DomainControllers} | ForEach-Object {$_.Name}
return $DCs
function GetNetLogonFile ($server) {
$path= '\\' + $server + '\c$\windows\debug\netlogon.log'
try {$netlogon=get-content -Path $path -ErrorAction stop}
catch { "Can't open $path"}
#reverse the array's order to the end of the file
[array]::Reverse($netlogon)
$IPs=@()
foreach ($line in $netlogon) {
#split the line into pieces using a space as the delimiter
$splitline=$line.split(' ')
#Get the date stamp which is in the mm/dd format
$logdate=$splitline[0]
#split the date
$logdatesplit=($logdate.split('/'))
[int]$logmonth=$logdatesplit[0]
#last month and this month
if (($logmonth -eq $thismonth) -or ($logmonth -eq $lastmonth)) {
#only push it into an array if it matches an IP address format
if ($splitline[5] -match '\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b'){
$objuser = new-object system.object
$objuser | add-member -type NoteProperty -name IPaddress -value $splitline[5]
$objuser | add-member -type NoteProperty -name Computername -value $splitline[4]
$objuser | add-member -type NoteProperty -name Server -value $server
$objuser | add-member -type NoteProperty -name Date -value $splitline[0]
$objuser | add-member -type NoteProperty -name Time -value $splitline[1]
$IPs+=$objuser
} else {
#break out of loop if the date is not this month or last month
break
return $IPs
#Get last month's date
$thismonth=(get-date).month
$lastmonth=((get-date).addmonths(-1)).month
#get all the domain controllers
$DomainControllers=GetDomainControllers
#Get the Netlogon.log from each DC
Foreach ($DomainController in $DomainControllers) {
$IPsFromDC=GetNetLogonFile($DomainController)
$allIPs+=$IPsFromDC
$allIPs | Sort-Object -Property IPaddress -Unique | Export-Csv "E:\bin\NetlogonIPs.csv"
PLEASE HELP!!Hi jrv,
Thanks a lot for your help.
I understand you cannot keep on iterating the code for me. However, I am stuck at this error :-
ERROR : Exception calling "Parse" with "1" argument(s): "String was not recognized as a valid DateTime."
After the following code finishes executing, I get the following output :-
$csv=cat c:\windows\debug\netlogon.log |
%{'{0}|{1}' -f $_.SubString(0,14),$_.SubString(15,$_.Length-15)}|
ConvertFrom-Csv -Delimiter '|' -header time,message
time message
04/14 01:18:45
NO_CLIENT_SITE: ServerX 10.x.x.x
04/14 01:17:45
NO_CLIENT_SITE: ServerY 10.x.x.x
04/14 01:17:44
NO_CLIENT_SITE: ServerY 10.x.x.x
04/14 01:17:43
NO_CLIENT_SITE: ServerX 10.x.x.x
However, I get the above mentioned error at the following line :-
$csv|%{$_.time=[datetime]::Parse(($_.time -replace ' ','/2015 '))}
I would later want to run the query just for logs from past day.
Entire code is as follows :-
function GetDomainControllers {
$DCs=[system.directoryservices.activedirectory.domain]::GetCurrentDomain() | ForEach-Object {$_.DomainControllers} | ForEach-Object {$_.Name}
return $DCs
function GetNetLogonFile ($server) {
$path= 'C:\Test\netlogon.log'
try {$netlogon=get-content -Path $path -ErrorAction stop}
catch { "Can't open $path"}
#reverse the array's order to the end of the file
[array]::Reverse($netlogon)
foreach ($line in $netlogon) {
$csv= $netlogon | %{'{0}|{1}' -f $_.SubString(0,14),$_.SubString(15,$_.Length-15)}| ConvertFrom-Csv -Delimiter '|' -header time,message | Out-Gridview
$csv|%{$_.time=[datetime]::Parse(($_.time -replace ' ','/2015 '))}
#get all the domain controllers
$DomainControllers=GetDomainControllers
#Get the Netlogon.log from each DC
Foreach ($DomainController in $DomainControllers) {
GetNetLogonFile($DomainController)
Please help!! Any help will be highly appreciated. -
Upgrade to Server 2012 R2 domain controllers from 2003
I am at a loss as to what I did wrong here. Everything seems to be working fine except for one subnet (which is behind a hardware firewall).
We had two Server 2003 domain controllers and one of them was failing. I raised the forest functional level of our old primary domain controllers to 2003. I built the first replacement Server 2012 R2 domain controller. Added the AD DS roles
and promoted it as a domain controller. I let it sit for a couple days. The FSMO roles were currently being handled by our other 2003 domain controller. Once this had been sitting for a while (don't recall how long) I ran dcpromo on the failing
server and demoted it. Once demoted I shut it down and pulled it out of the rack. I then built our second 2012 R2 server and gave it the same IP as the failing one. Installed the AD DS roles and integrated DNS as prompted by the wizard.
I then made it the operations master for Schema master, Domain naming master, PDC, RID pool manager, and Infrastructure master. Then I ran dcpromo on the second 2003 domain controller to demote it and removed it from the network. I then demoted
the first new controller (DC03) changed the hostname and IP to the name and IP of the second 2003 controller and promoted it again. I'm not sure at what point things broke, but everything works from the same subnet that the domain controllers are in,
just not a second subnet that is through a hardware firewall. I don't see anything getting blocked while watching firewall logs so I don't think the firewall is the issue.
Here is the dcdiag and ipconfig from the first controller (which has all 5 FSMO roles).
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\username>dcdiag /v /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WGDDC01, is a Directory Server.
Home Server = WGDDC01
* Connecting to directory service on server WGDDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
AP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=wgd,DC=inet
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
AP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WGDDC01,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=WGDDC02,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WGDDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WGDDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WGDDC01
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... WGDDC01 failed test DNS
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : wgd
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : wgd.inet
Starting test: DNS
Test results for domain controllers:
DC: WGDDC01.wgd.inet
Domain: wgd.inet
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2012 R2 Standard (Service Pack level:
0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] Broadcom NetXtreme Gigabit Ethernet:
MAC address is B0:83:FE:C1:98:07
IP Address is static
IP address: 10.240.1.23
DNS servers:
10.240.1.23 (WGDDC01) [Valid]
10.240.1.24 (WGDDC02) [Valid]
127.0.0.1 (WGDDC01) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)
[Error details: 5 (Type: Win32 - Description: Access is denied
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.240.1.23 (WGDDC01)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
DNS server: 10.240.1.24 (WGDDC02)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: wgd.inet
WGDDC01 PASS WARN n/a n/a n/a
n/a n/a
......................... wgd.inet passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WGDDC01
Primary Dns Suffix . . . . . . . : wgd.inet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter WGD_INET:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.240.1.1
DNS Servers . . . . . . . . . . . : 10.240.1.23
10.240.1.24
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
When I try to bind a machine to the domain I get an error message that says "
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "wgd.inet":
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.wgd.inet
The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
10.240.1.24
10.240.1.23
Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
Please let me know if I'm missing something or if there are other things I can check.
Thanks!
I forgot to mention that after the 2003 domain controllers were out of the environment, I raised the domain and forest functional level to 2012 R2. All clients in the environment are Windows XP Pro or above. The XP Pro boxes will be going away as
soon as our vendor supports their software to run on Windows 7.We now have 2 2012 R2 DCs. The 2003 DCs are gone. Metadata from the old DCs is all cleaned up. DNS seems to be working fine in 3 out of 4 subnets. The 4th is behind a hardware firewall and I can see the IP address of the machine I am trying to bind to the
domain connecting to the two new domain controllers but the client machine that is trying to bind gives an error. An Active Directory Domain Controller for the domain wgd.inet could not be contacted. It seems that this is just a DNS issue for one
particular subnet (10.240.2.0/24). This subnet is setup in AD Sites and Services\Sites\Subnets\10.240.2.0/24 (Site: Default-First-Site-Name).
When trying to do anything with nslookup from the 10.240.2.0/24 subnet it times out. The route is there and I can watch it connect through our hardware firewall over port 53.
DC01
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\dsmythe>netdom query fsmo
Schema master WGDDC01.wgd.inet
Domain naming master WGDDC01.wgd.inet
PDC WGDDC01.wgd.inet
RID pool manager WGDDC01.wgd.inet
Infrastructure master WGDDC01.wgd.inet
The command completed successfully.
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WGDDC01
Primary Dns Suffix . . . . . . . : wgd.inet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter WGD_INET:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.240.1.1
DNS Servers . . . . . . . . . . . : 10.240.1.23
10.240.1.24
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\dsmythe>
DC02
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\dsmythe>netdom query fsmo
Schema master WGDDC01.wgd.inet
Domain naming master WGDDC01.wgd.inet
PDC WGDDC01.wgd.inet
RID pool manager WGDDC01.wgd.inet
Infrastructure master WGDDC01.wgd.inet
The command completed successfully.
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WGDDC02
Primary Dns Suffix . . . . . . . : wgd.inet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter NIC1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : B0-83-FE-C1-9F-74
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.240.1.24(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.240.1.1
DNS Servers . . . . . . . . . . . : 10.240.1.24
10.240.1.23
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{4F45E51E-FC2F-49ED-85CF-0750A9EEECF5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\dsmythe> -
Client Authentication - Received fatal alert: bad_certificate
I am making a "secure" chat server that has some simple functionality.
For the server cert, I sent off the CSR to Thawte and set up the trust chain. That keystore seems to be fine:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: verisigntestroot
Creation date: Nov 10, 2006
Entry type: trustedCertEntry
Owner: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Serial number: 0
Valid from: Wed Jul 31 20:00:00 EDT 1996 until: Thu Dec 31 16:59:59 EST 2020
Certificate fingerprints:
MD5: 5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4
SHA1: 39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA
Alias name: server
Creation date: Nov 10, 2006
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=TestServer, OU=Thawte SSL123 certificate, OU=Go to https://www.thawte.com/repository/index.html, OU=Domain Validated, O=TestServer
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Serial number: 76369fba895ca9f8f5b44dd1f28307ad
Valid from: Fri Nov 10 15:29:22 EST 2006 until: Fri Dec 01 15:29:22 EST 2006
Certificate fingerprints:
MD5: 5B:7D:EE:B3:0A:CC:7B:B8:A2:73:D3:96:FB:D3:43:ED
SHA1: E2:FD:31:00:D7:9D:F5:93:4E:99:D9:8B:C3:70:87:D9:CF:83:EC:36
Certificate[2]:
Owner: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
Serial number: 0
Valid from: Wed Jul 31 20:00:00 EDT 1996 until: Thu Dec 31 16:59:59 EST 2020
Certificate fingerprints:
MD5: 5E:E0:0E:1D:17:B7:CA:A5:7D:36:D6:02:DF:4D:26:A4
SHA1: 39:C6:9D:27:AF:DC:EB:47:D6:33:36:6A:B2:05:F1:47:A9:B4:DA:EA
So next I want to set up my client. The professor said that it's fine to just give the clients all self-signed certs, so I ran:
keytool -genkey -alias client1 -keyalg RSA -keystore c1keystore -storepass client1 -keypass client1 -dname "o=jhu, cn=Client 1"
I assumed that I need to add the Thawte Root CA Cert to this keystore as well since I'm doing client authentication:
keytool -import -v -file ../server/thawtecert.txt -trustcacerts -keystore c1keystore -storepass client1
I start up the server, and then I attempt to connect with the client with these options:
-Djavax.net.ssl.trustStore=server/serverstore
-Djavax.net.ssl.keyStore=client/c1keystore
-Djavax.net.ssl.keyStorePassword=client1
Now when I attempt to connect to the server and write to the buffer, I get this error on the client side:
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
And this error on the server side:
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: null cert chain
If I connect to the server with these options, I connect fine:
-Djavax.net.ssl.trustStore=server/serverstore
-Djavax.net.ssl.keyStore=server/serverstore
-Djavax.net.ssl.keyStorePassword=server
I assume this means that I have done something very wrong creating the client's keystore. Does anyone know how I'm supposed to create it?Hi ,
Even i get the same error . Although ,I imported the contents of my self-signed certificate into the truststore of tomcat i.e.cacerts file of jre/lib/security (in tomcat) , I get the following error:-
Tomcat does not seem to accept the client's certitficate.
Also , Incase if i use a standalone Java application to connect to a tomcat application , I get the same error? Any idea as to how does tomcat server authenticate the client from a standalone Java application .
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1584)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:866)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:827)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:1975)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:993)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:397)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:324) -
SCCM 2012 Distribution Points on Domain Controllers
I want to install Distribution points on all of my remote servers. They are all domain controllers though. I know one of the prerequisites to host the DP role is to have the SCCM computer object apart of that servers local administrators group. Since they
are domain controllers they dont have a local security policy and it is controlled by AD. I'm sure you can add the SCCM computer object to the domain admins group to solve this but my question is if this is considered a supported configuration?If you are using the DC as a Distribution point to install clients via Client Push, the "NT Authority\Authenticated Users" group must be added to the local group "Users" to the DC/DP.
Clients are still able to get installed manually, but Client Push fails.
Failed to correctly receive a WEBDAV HTTP request.. (StatusCode at WinHttpQueryHeaders: 401)
Run elevated command prompt (net localgroup users "Authenticated Users" /add)
Test Client Push - Should be successful.
Reason: By default the local groups NT Authority\Interactive Users and
NT Authority\Authenticated Users are removed from the Domain Controller. Clients that are using the DP for content cannot authenticate using the computer account. -
Block Based replication of Domain Controllers to DR site
I have to bring up a business critical application at a DR site using the same hostname and IP address as in production site. For this purpose, I plan to use a block replication software to replicate data from production servers to a SAN at the DR site.
For DR invocation or testing, I am planning to take a snapshot from the SAN, create virtual disks and attach them to newly created VM's at the DR site.
This application depends on Active Directory and hence I need to have a domain controller at the DR site. If I create a new domain controller for the DR site, as it will be in a separate IP subnet, it will have to be in a separate AD site and the application
servers will not be able to use this domain controllers, as they will look for domain controllers in their AD site (which is from the production site). If I put the domain controller in the same IP subnet as the application servers, the same IP subnet has
user workstations and hence user authentication requests from production site will start coming to the DR site across the WAN.
In this scenario, I am proposing to replicate the domain controllers also from the production site to the DR site, like the application servers. But I am not sure if block replication of production DC's to DR site and then when required for testing/invocation,
can we create a new VM and attaching virtual hard disks with the replicated data, will bring these VM's up as domain controllers in the DR site or will they have any negative effects ? Would this be a supported solution ? Any response will be highly appreciated.
Thanks in advance.You don't want to run any type of duplicated software to clone the DC, that is a bad idea. You could end up with lingering objects and/or Directory Service corruption.
If you want the DC's to exist in the same subnet then you are in a quandry. You can start to modify srv records so the DC won't authenticate clients (BUt you will have to manually change that at DR time).
I have a Blog that talks about lag site replication that blocks clients from ever attempting to authenticate to the DC, you should be able to use this same logic.
http://blogs.dirteam.com/blogs/paulbergson/archive/2013/05/14/how-to-build-an-ad-replication-delay-lag-site.aspx
You will want to create yourself a group policy that prevents the DC in the DR site from registering records that will advertise itself as an authenticating DC. If you need to use the DR site, you will need to remove the gpo and either reboot the DC
or run a gpupdate and restart NetLogon on the DC so it will register the records so the clients can then use this DC.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
DNS setup on server bound to AD and using domain controllers for DNS
My server is bound to our AD network and in the network pref I have entered the two IPs for the domain controllers on our network that serve DNS.
My question is, am I right not to enable/configure and start the DNS service on the Mac server since it is getting DNS already?
If yes, how do I confirm that my Mac server is correctly listed in our domain controllers DNS? Should I be concerned that I get the following?
knws3135:~ mactech$ sudo changeip -checkhostname
Password:
Primary address = 10.31.3.135
Current HostName = knws3135.ad.ewsad.net
The DNS hostname is not available, please repair DNS and re-run this tool.Hi
It looks all OK to me? As for the hostname having capitals could pose a problem but only if the Mac Server was its own KDC. Which it is not. If the hostname is defined as you have it now in the AD's DNS Service then leave it alone.
Sometimes even when DNS checks out OK you can still have fundamental errors that only demotion to Standalone will cure. I think this is the point that you are at now. To be honest I would do this. Judging from what you've said there would be very little to lose when you do this apart from managed preferences. These can easily be re-applyed on successful promotion.
needs to be changed so it is configured in Open Directory as connected to a Directory Server
Not sure what you mean by this?
If you have or are about to update your Server to 10.5.4 - which I recommend you do. Then you could follow this procedure:
Demote to Standalone
Stop all Services
Restart the Server
Update to 10.5.4. Restart the Server (this happens anyway)
Make sure your Server resolves on the forward and reverse pointers (again)
If you want run changeip again (you may be surprised)
Use the Active Directory plug in in Directory Utility to bind the Server to the AD. Make sure you use an AD admin account that has authority to do this. De-select 'force home directory creation on startup disk' I have a feeling this will be de-selected anyway.
After successful binding quit out of Directory Utility and launch Server Admin
Select the Open Directory Service
Change the role from Standalone to Open Directory Master
Create the Directory Administrator account's username and password. Don't be tempted to change the UID or use the system admin account's user name. You can use the same password if you wish. What I've done before in the past is to create the diradmin account on the AD first with full authority for the domain.
On successful promotion you should now see in the Overview Pane everything running apart from Kerberos which should be Stopped. This is how it should be. Apple's 10.5.4 Update has took a lot of the donkey work out of this whole process. No need for the command line. Simply click.
If you launch Directory Utility you should now see the server's loopback address has been added in the LDAPv3 Plugin. Also the Server should be topmost in the Search Order under the Authentication and Contacts field. Bind your clients first to the AD and then the OD (make sure use for authentication and contacts are unchecked).
Browse the two nodes, add your groups and apply MCX in the usual way.
Does this help?
Tony -
Communication issues between domain controllers
Hi everyone,
I am experiencing some problems in communication between domain controllers in our organization
We have three domain controllers, one of them is a Windows 2003 server service pack 2 which is physical (controller A), another which is Windows 2008 Service Pack 2 (controller B), also physical, and a third one (controller C) which is a Windows 2008
service pack 1 and is virtual.
I have problems with this last DC, it won't respond to pings, or DNS query. I can't Access it by remote desktop client even when it is enabled. I cannot update it, it prompts error messages if I try to do so.
This problems are solved if I reboot it, it will work fine some hours or days, but not much longer. I have checked event viewer and I didn't found any message about this.
I read some time ago it would be great to have a DC in a virtual machine, so I did it, but is it right?
Do you know what might be going on with it? would depromoting it and seting it up again the best solución?
Thank you very much.
Best regards.
David.This sounds like a NIC issue, which is odd since it is a virtual machine. Have you checked the host for any logs about the client?
I think the first thing I would do is destroy the current virtual NIC card and add a new one. Since this has nothing to do with Active Directory I would also suggest you post this in a forum of for the Host (VMWare or Hyper-V).
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Autodiscover, domain controllers, and certificate errors
I have just deployed and Exchange 2013 server in one of my sites. I'm having tons of issues with it, but one issue I'm having trouble thinking through goes like this:
All users have email addresses that are [email protected] Domain.com is our internal domain name and also a public domain. Now, in a Windows environment, if you were to nslookup domain.com within our network it
will resolve to any one of the domain controllers. On our infrastructure master DC there is an IIS website, with SSL, that handles certificate services for our internal CA.
Here's my problem: When a user opens Outlook and autodiscover attempts to find their Exchange connection info it first tries to reach the site
https://domain.com/autodiscover/autodiscover.xml. If that PC happens to resolve domain.com to the DC that has our certificate services website on it then the Outlook client sends a certificate error.
If the client is prior to Outlook 2013, the mailbox configuration just halts and throws an error.
What do I do to prevent this?Hi,
Yes, we can have the following “switchers”
PreferLocalXML
ExcludeHttpRedirect
ExcludeHttpsAutoDiscoverDomain
ExcludeHttpsRootDomain
ExcludeScpLookup
ExcludeSrvRecord
ExcludeLastKnownGoodUR
Thanks,
Simon Wu
TechNet Community Support -
Clients can't rejoin domain after server clean install
Hello, I've got an issue with having client computers rejoin the domain after reinstalling the server software. Another post I read suggested saving the plist files to get the settings the same, but I need to reconfigure manually to eliminate some other problems we've been having.
We've got an Xserve running 10.4.8 with a mix of XP and Tiger clients all authenticating with the server. Our XP clients have remote profiles converted to local and our Tiger clients use mobile accounts. Generally things were running OK, but we kept having some authentication issues and have SMB crashes. In reviewing our log files it was suggested that our Open Directory was messed up (probably during our upgrade from 10.3 to 10.4) and that a clean install was the best course of action. The server has been running 24x7 for over 3 years without any signifigant maintenance, so this seemed like a good idea.
Everything was going great. I did the clean install and had DNS and DHCP configured and working, then started setting up Open Directory as the PDC and Windows Services as the Primary WINS. I had intended to recreate the user accounts because I didn't want to reintroduce problems by restoring the settings, however when I added one account and tested logging in on a XP machine it couldn't authenticate even though the domain name and user name was the same as before (short names too). On a whim, I moved the computer from the domain to WORKGROUP and then rejoined the (new) domain. Upon login it created a new roaming profile named user.domain instead of using the other account already there. On the XP client in accounts, the old profile showed up as unknown. I then went to a Mac and tried to log in and had similiar issues not finding the authenticating server.
After pulling my hair out this evening and realizing that there was no way I was going to have the office operation in the morning, I did a full restore from backup and pretended like I hadn't just wasted my weekend. After I got the server running, I was able to get my client machines to see the domain again and all is as it was.
Soooo, now the question is how do I create a clean installation with newly created user accounts and get the client computers to recognize the domain server as the same old one? Is there a hidden domain ID or something that is telling the client computers that it isn't the same domain or LDAP server? Any suggestions would be greatly appreciated.
Thanks.
xserve G4 & XRaid Mac OS X (10.4.8)Sorry, to clarify I did not want to use the archive & restore because I didn't want to reintroduce the errors I was trying to eliminate. I setup the Open Directory as a PDC from scratch and then ran into the client authtenication issue. In a desperate attempt to salvage the situation I did restore the previous settings which (A) didn't work and (B) may have made things worse because I already had created some groups and a few users and ended up with groups with duplicate IDs. That was when I scrapped everything and restored the disk from backup.
Your idea of using export/import is a slightly different avenue. However, now that I'm thinking about it, I didn't even get far enough for the user profiles to be an issue because the client computers weren't even communicating with the server to get the list of users (the Macs log-in by selecting a user name from a list).
Does export/import of a computer list work? I think I tried to import the computer list last night and the one I had only contained the Macs and these didn't preserve the MAC address info for some reason. I didn't have an export of the XP machines, but tried to manually add them to the list with no success.
Thanks again for your help. -
Virtual Domain Controllers in 2012 Failover Cluster. Time Skew
Hi All,
Not sure if this is the correct space for this topic, however i'll give it a go anyway.
We have a 2 Hosts (HP DL385) Windows Server 2012 Failover Cluster.
Storage is provided by a 12 Bay NAS with iSCSI connections (This is catering for CSV's and Quorum)
We are running 2 Virtual domain controllers (2008R2)
The issue we experience is that if the cluster goes down, and when it comes back online the time on the domain controllers (one or the other or both) skews by any where up to 3 days which causes havoc for our office until we can resync clocks with the PDCe.
Time Synchronisation Integration Service is disabled on both Domain Contollers
A few days back we need to reboot the storage on the cluster, and the tasks performed were as follows:
-Power off all virtual machines (Graceful Shutdown)
-Put all CSV's into maintenance mode
-Offline Disk Witness to Quorum
-Rebooted Storage (Waited until it came back online)
-Online Quorum Storage (Successful)
-Bring CSV's out of maintenance mode (Successful & Browsable)
-Power on all Virtual Machines (Successful)
This is where the time Skewed and caused headaches. The time for some reason went to 2 days 11hrs in the past on 1 domain controller.
With this DNS lookups failed to work, Cluster services failed, Cluster Aware Updating Failed, RDP to VM's (and Virtual Hosts) by DNS Name failed (Date time error)
There doesn't seem to be anything in the EventLog except for date/time stamp on events being 2 days in the past.
Now this is why i'm not sure if the issue is cause by fail over clustering, or is an issue with the domain controllers.
Any advice regarding this or if anyone has seen this behaviour before any info would be great
Thanks
RobHi Rob,
Does both this two DCs on your cluster VM and there have not others DCs? Microsoft recommends that files for virtualized domain controllers be placed on non-CSV
disks, Non-CSV disks can be brought online without authentication. Because non-CSV disks can be brought online more easily.
For virtual machines that are configured as domain controllers, it is recommended that you disable time synchronization between the host system and guest operating
system acting as a domain controller. This enables your guest domain controller to synchronize time from the domain hierarchy, please confirm your PDC time is always correct.
The related KB:
Running Domain Controllers in Hyper-V
https://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#deployment_considerations_for_virtualized_domain_controllers
Things to consider when you host Active Directory domain controllers in virtual hosting environments
http://support.microsoft.com/kb/888794?wa=wsignin1.0
I’m glad to be of help to you!
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
when i connect to wcf service , i am getting the client authentication error.
It happens only when i connect to wcf service from a client machine (virtual machine) that is logged in with local user account.
Wcf service is hosted as windows service in my case.
Client application is a windows application that connects using below security mode.
BasicHttpBinding httpbind = new BasicHttpBinding();
httpbind.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
httpbind.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
httpFactory.Credentials.Windows.AllowedImpersonationLevel
= System.Security.Principal.TokenImpersonationLevel.Impersonation;
Please help me with a solution.
As i read more through below link , i doubt if the client is not in the same domain, it might not work ? is it rite.
http://blogs.msdn.com/b/chiranth/archive/2013/09/21/ntlm-want-to-know-how-it-works.aspx
Regards Battechhttps://msdn.microsoft.com/en-us/library/windows/desktop/aa378749%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396
Well, you need to figure out what the authentication is supposed to be bettwen the WCF client and WCF service, because Windows Authentication is being rejected. -
Client Authentication certificate not working in ADFS3.0
Hi,
I am currently working on integrating ADFS 3.o for Single Sign On to some 3rd party services along with PKI solution. The basic requirement is that I should be able to choose client authentication certificate as an authentication method in ADFS and then
federate user credentials to 3rd party trust for single-sign-on.
I had done this successfully with ADFS 2.0 and that setup is working fine. I have the setup as ADFS 3.0 client authentication method enabled. When I open browser to logon, the ADFS 3.0 page displays a message as "Select a certificate that you want to
use for authentication. If you cancel the operation, please close your browser and try again." but the certificates are not displayed for selection.
The certificates are valid and have valid chaining to CA. Could someone help me resolve this issue?
Thanks!
-Chinmaya KarveI am also having this problem where the certificate dialog (Windows Security is usually the title) is never prompted to the user. I tried it on several computers which are all part of the domain. The same computers can also login on another ADFS, so I have
working certificates.
I just get a page where a text says I should select a certificate but I never get the dialog to do so.
Any updates on this issue?
Maybe you are looking for
-
How can I organize home videos and photos in ipad
I don't have a mac or pc, just the new ipad. I'm planning to buy a camera card reader adapter so I can load my photos and videos directly from my camera card to my ipad. But then how do I organize my home videos and photos in my ipad into albums?
-
I have a new 2d Gen shuffle. I'm trying to connect with iTunes 7.02 on XP Pro Machine. I have two other iPods that work fine. I've tried the 5 R's. no help. When I plug it in, the orange light blinks, indicating that iTunes recognizes it as a device.
-
What are the table names for CRM and APO?
hi friends, what are the table names for CRM and APO? Regards suneel.
-
I have Migrated from a WindowsXP Pro to a Lenovo X1 with 12GB RAM and 64Bit i7. I own CS4 Extended Suite. This relates only to Photoshop CS4 and when I install on Windows8.1, it simply shows up in right corner and with the left side of the photosho
-
Filter column based on another column - OBIEE 11g
Hi, I have kind of a strange requirement. I'm trying to build a dashboard that lets a user see data for the current day, last week, last month, or last year. I'm going to create a presentation variable called "date_range" where the user can choose on