Configure as network time server?
Is it possible to configure Mac OS X Server on our Xserve to act as a 'network time server' so our Mac OS X computers can sync their clocks to it?
We can't use any of the common Internet time servers because our corporate firewall blocks access to them.
So are you saying I don't need to do any configuration on the Xserve to make it act as a network time server? Maybe I'm missing something, but that doesn't seem to work.
I checked the 'Set the date and time automatically' box in the client's date/time prefs pane, and entered the IP address of the Xserve.
But the client's clock doesn't update, and I get a lot of log entries reading, for example, "ntpdate\[14959\]: no server suitable for synchronization found", which seems to suggest it's not working.
Other thoughts? Thanks...
Message was edited by: Jim Williams4
Similar Messages
-
How to configure Lion Server as network time server?
I have Lion Server at the top of a small network of Windows 2K, Windows XP and Windows 7 machines.
I need each of those computers to synch their time to that of the Mac Server because this network operates without internet access.
I have tried various protocols from those machines to synch on the server's IP but they all fail.
It has led me to belive I need to enable a service to allow time synch to the managed computers.
But I can't find information on this. I keep getting directed to how to synch the mac to a time server or time machine configuration tips.
Thanks in advanceIn Server Admin, select your server, click on Settings, then go to the General tab. You will see an option to enable the Network Time Server.
-
Network Time Server Specification
How do I specify a client computer to use a certain network time server if I have the service enabled on OS X Server?
Just enable System Preferences -> Date & Time -> Date & Time -> Set date and time automatically, and type the address/hostname of your name server in the adjacent box.
-
How can I set my date and time to ebay network time server?
In the system preferences I would like to set the date and time to ebay UK time?
I thought a quick google would be bring up the server and I can't find it.
At the bottom of every ebay page there is a link to official ebay time
But its not a live feed of time to get it to the second.
I want it to be accurate so that I can use applescript to snipe bargins.
Many Thanks
MattJust trying to go along the free route. I found Garage Buy This doesn't work to well but lets you create an applescript and enters the auction into ical. Then you can set ical to run the script once it gets closer to the time.
Ical only lets you set a time of a minute before the date. So you have to edit the script to add a Delay 59 to have it run 1 second before. From a few refreshes of the time page it looks like ebay time is a second behind, that could be easily be due to time to load the page. anyway i'll opt for a delay of 57secs and give that a try. -
Remote Access Management Console - configuration issue with Network Location Server
2012 Std R2
The remote Access management console operation status shows all green except for network location server .
Error: There is no response from the network location server URL. DirectAccess connectivity might not work as expected, and DirectAccess clients located inside the corporate network might not be able to reach internal resources.
Resolution listed as:
1. Configure the network location server on a server that is highly available to clients on the internal network.
2. If the network location server is running on the Remote Access server, ensure that IIS is running, and that the URL is available.
The remote access server is located on this server. IIS is running. What URL: show I be looking at?
Any other thoughts so I can get remote access working.
l also am getting a remote access error for IPV6, could this be a cause:
RoutingDomainID- {00000000-0000-0000-0000-000000000000}: Unable to add the interface {D37062B2-A3E0-4496-A459-9E0BBCE5423C} with the Router Manager for the IPV6 protocol. The following error occurred: Cannot complete this function.
John LenzHi John,
please follow the steps to reinstall TCP/IP stack.
1.Restart your PC into Safe Mode with Networking.
2.
Edit your registry. Delete the following keys:
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Winsock2
3.
Open the nettcpip.inf file in your %winroot%/inf folder
(%winroot% is usually c:/windows).
Find the [MS_TCPIP.PrimaryInstall] section. Change the Characteristics value from 0xA0 to 0x80.
Open the properties of the network connection you want to fix. In the General tab, click on the Install button. Click on the Have Disk button, and point the location to %winroot%/inf. After that select TCP/IP (not version 6).
4.
Now you would notice that you can uninstall TCP/IP!
Do that, then restart the PC.
Go back to your network connection, and install TCP/IP again as per the above. After another reboot, you should be up and running.
I also noted that the XP network repair tool may yank out the ISA 2004 firewall client stuff. Just run the firewall clinet repair or install it again to fix that problem after you did your reboot. Before you do this kind of crazy stuff.
5.
This along with a TCP/IP reset using the netsh command:
netsh int ip reset resetlog.txt
wish you have a nice thanksgiving too
Regards,
Mike
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Transferring PDC Emulator and Time Server Roles to New 2008 R2 DC
We are upgrading our Windows 2000 domain to Windows 2008 R2, and I introduced the first 2008 R2 domain controller into the environment. Currently the PDC emulator role is running on a Windows 2003 DC, which is configured to sync its time with external time
servers.
My question is very similar to what was asked in the following post:
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/a58660fe-72c7-4e44-b6cb-ba885b676286
However, what I would like to know is if I should first transfer the PDC emulator role before performing the instructions shown in the thread? Or do I transfer the PDC emulator role after running the commands shown in the thread that are to be run
on the old PDC emulator? Hopefully that makes sense.
Thank you.Hi,
You may perform the following steps:
1.
On the old PDC Emulator, run the following commands:
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time
2.
Transfer the PDC Emulator to the new Domain Controller.
3.
On the new PDC Emulator, run the following command:
w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update
Please set for
PEERS the time source as listed above, either with it’s IP address or DNS name. If more than one is needed separate them with a space in between and don't forget the quotes: "time.domain.com time1.domain.com".
For more information, please refer to the following Microsoft KB article:
How to configure an authoritative time server in Windows Server
http://support.microsoft.com/kb/816042
Regards,
Arthur Li
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
[email protected] .
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
HOW CAN I SET TIHE NETWORK TIME BECAUSE IT DOESNT ALLOW ME TO SING IN
HOW CAN I SET TIHE NETWORK TIME in the apple tv BECAUSE IT DOESNT ALLOW ME TO SING IN
Welcome to the Apple Community.
Time and date should be set automatically by the network time server. There has been a number of posts reporting this problem. Solutions have involved:
Restarting the Apple TV by removing ALL the cables for a few moments.
Restoring the Apple TV.
Opening port 123 on the router.
Ensuring the DNS address on both the router and the Apple TV are those provided by your ISP. -
Hi all,
in old MAX versions there was a field, where one can type a time server computer's IP number to synchronize a Fieldpoint controller. How I can perform that in new environment? I can't find it neither in MAX, nor in system configuration.
Thank you,
ArmenHi Armen,
I have suggested the following to one of my customers who had brought this up.
The Time Server option will not be available in MAX 5.5, but may be readded in the future versions. But, there is a work around for this, where you can set the IP address of the Time Server to the cFP.
1. Open Windows Explorer>>Type ftp:\\10.X.X.X (IP address of the cFP) in the address field >>Enter. This will open a window that displays the files on the cFP.
2. Now, you will find ni-rt.ini file here, copy and paste it on your PC desktop.
3. Open this ini file on the desktop using notepad and you will find Time_Server=10.0.0.1. So, change this to the IP address of the Time Server that you will be assigning. Save and close the ini file and copy and replace it in the cFP files, where you originally copied it from.
4. Restart the cFP by right click the cFP in MAX>>Restart.
5. Now, the cFP has been assigned the Time Server.
6. Start the NI Time Service on your PC by following the information in the Help Tab in MAX>>Remote Systems>>select cFP detected.
I have confirmed that the Time Server has been assigned to the cFP.
Firstly, I did the above procedure and set the Time Server using my PC, which has MAX 5.5.
Then, I have a Test PC with old MAX 4.6 and related cFP drivers. Here, when I opened the detected cFP I can see the Time Server under the Network Settings Tab, which was configured with the IP address I have set in the ini file. So, this proves that this works.
So, kindly try the above and see if this helps to resolve the issue you are observing.
MK -
Time machine and network file server
Hi,
Is it possible to set up the time machine to a network file server which my macbook is able to see and use? Right now, time machine is limited to be used with a delicated external HD or another Mac...
It would be convenient to share files between my 1st mac and other windows PCs.armyedwrd wrote:
I believe I can do a work around by simply sharing my External HD so that that can happen. It's just very awkward to navigate to that shared drive each time we access it. If I had separate backup HDs for each MAC, I think I could use the TC as a media server (at least that's what I get from the marketing material here ).
You might want to try one of the workarounds in #Q3 of Using Time Machine with a Time Capsule.
Have you ever used Time Machine Editor? Is it worth downloading and using?
It's not recommended; Time Machine usually works best the way it was designed. See Time Machine - Frequently Asked Question #13. -
Reset network Time Machine Server Settings
Does anyone know how to reset the settings for the Mac Server Time Machine service? Somehow it is jacked up. I can backup to a network Time Machine and restore files through Finder but when I boot into recovery mode and try to do a restore, I can see the backup drive, I authenticate but then get an error saying it can't connect to server name.local. Doesn't appear to be issues with DNS. I have tried setting up a new external drive that hasn't been previously used before and it does the same thing. So I wanted to reset the settings without having to reset all the other services. Does anyone know where these settings for just the Time Machine Service are?
Thanks,Richard,
I am running a headless mac mini with Lion Server. Same setup as yours, except externals are connected via USB. I have no problems backing up our macbook pros over newtork via Time Machine. My current backup drive is an old 500GB WD Book-whatever. I have also successfully used a 2TB drive in a generic Rosewill JBOD external enclosure. Both were freshly formated HFS+ (journaled) with GUID map prior to TM use. Make sure you format journaled using GUID.
I also get the "This disk drive may not support Time Machine backup over the network." popup but after ignoring it am able to add the disk (don't bother following the information link in the popup...hello 2005!).
Not much help, but a note to say that it can be done and don't give up.
Of note...if you are successful and one day you suddenly can't mount the backup volume on your server, fire up the Terminal and disable then reenable journalling on the volume using diskutil. The Disk Utility app will check the drive/volume and say it they are fine, but the volume won't mount until you play with the journaling. -
Firewall blocks Apple's Network Time Protocol
Hi,
I admit to not fully understanding everything about the Firewall on OS X server 10.4.11 and I'm hoping someone can help with a little(?) problem.
On the WAN side, my "gateway" server is connected directly to my SpeedTouch 780 modem with a fixed IP address. On the LAN side are a couple of switches and then an Airport Extreme base station (192.168.2.249). This broadcasts wirelessly to a more distant Airport Express (192.168.2.247). Both WiFi devices are configured to obtain the time from Apple's European servers.
After completing a Carbon Copy Cloner of my OS partition and rebooting on my usual volume I noticed the following denials in my Firewall log:
Dec 28 12:50:16 nl1 ipfw: 65534 Deny UDP 17.72.255.12:123 192.168.2.249:3987 in via en0
Dec 28 12:40:25 nl1 ipfw: 65534 Deny UDP 17.72.255.12:123 192.168.2.247:3814 in via en0
In SA --> Firewall --> Settings --> Services --> Edit Services for: 192.168.1-net (en0/modem connection)
I have the "Allow only traffic for: 192.168.1-net on these ports" checked and
NTP - Network Time Protocol UDP/TCP is also checked.
Under, Edit Services for: any
I have the "Allow only traffic for: any" checked and
NTP - Network Time Protocol UDP/TCP is also checked.
Under, Edit Services for: 192.168.2-net (en1/LAN)
I have the "Allow all traffic for: 192.168.2-net" checked.
1) Why is this traffic being blocked?
2) Why does the port number seem to get changed in transit? (I've got NAT running and Open Directory).
3) Does the configuration under, "Allow only traffic for: any" overrule all other Firewall settings? So if for example a port under, "Allow only traffic for: 192.168.1-net on these ports" wasn't checked but was under, "Allow only traffic for: any", would the traffic be allowed through?
Thanks and happy new year!
Michael FranksDo you have NTP activated? Does it work? If it doesn't and you have the firewall activated, then open the required port. If it is working then don't worry about it.
-
NPS: Event 6274 - Network Policy Server discarded the request for a user
Intermittently I will get desktop (wired) and laptop (wireless) computers experiencing issues with NPS (they drop off the network).
Some computers are affected more than others, although they are identical hardware and based on a standard image.
In the event log of the NPS servers I can see the following messages:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/05/2014 8:47:58 a.m.
Event ID: 6274
Task Category: Network Policy Server
Level: Information
Keywords: Audit Failure
User: N/A
Computer: NT147.domain.local
Description:
Network Policy Server discarded the request for a user.Contact the Network Policy Server administrator for more information.User:
Security ID: NULL SID
Account Name: host/DPC0387.domain.local
Account Domain: DOMAIN
Fully Qualified Account Name: DOMAIN\DPC0387$Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 3c-xx-xx-xx-xx-xx
Calling Station Identifier: 00-xx-xx-xx-xx-xxNAS:
NAS IPv4 Address: 10.nnn.nnn.nnn
NAS IPv6 Address: -
NAS Identifier: ND246
NAS Port-Type: Ethernet
NAS Port: 71RADIUS Client:
Client Friendly Name: Network Device Management Subnet
Client IP Address: 10.nnn.nnn.nnnAuthentication Details:
Connection Request Policy Name: NAP 802.1X (Wired)
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: NT147.domain.local
Authentication Type: -
EAP Type: -
Account Session Identifier: 384F322E317838316564303034313030306230666632
Reason Code: 1
Reason: An internal error occurred. Check the system event log for additional information.
How do I debug when an internal error occurs but there is nothing in the system event log? Where else can I look?
Here's the packet trace that matches the event log entry above:
No. Time Source Destination Protocol Length Time from request Info
1 0.000000 JuniperN_xx:xx:xx Universa_xx:xx:xx EAP 60 Request, Identity
2 2.470423 Universa_xx:xx:xx Nearest EAPOL 60 Start
3 2.472870 JuniperN_xx:xx:xx Universa_xx:xx:xx EAP 60 Request, Identity
4 2.539416 Universa_xx:xx:xx Nearest EAP 60 Response, Identity
5 2.544206 Universa_xx:xx:xx Nearest EAPOL 60 Start
6 2.548804 JuniperN_xx:xx:xx Universa_xx:xx:xx EAP 60 Request, Identity
7 2.550050 Universa_xx:xx:xx Nearest EAP 60 Response, Identity
8 2.552597 10.switch 10.NPS_Server RADIUS 254 Access-Request(1) (id=249, l=208)
9 2.556043 10.NPS_Server 10.switch RADIUS 136 0.003446000 Access-Challenge(11) (id=249, l=90)
10 2.565876 JuniperN_xx:xx:xx Universa_xx:xx:xx EAP 60 Request, Protected EAP (EAP-PEAP)
11 2.569472 10.switch 10.NPS_Server RADIUS 254 Access-Request(1) (id=250, l=208)
12 2.572566 10.NPS_Server 10.switch RADIUS 136 0.003094000 Access-Challenge(11) (id=250, l=90)
13 2.580254 Universa_xx:xx:xx Nearest TLSv1 123 Client Hello
14 2.586544 10.switch 10.NPS_Server RADIUS 361 Access-Request(1) (id=251, l=315)
15 4.564841 Universa_xx:xx:xx Nearest EAPOL 60 Start
16 4.568530 JuniperN_xx:xx:xx Universa_xx:xx:xx EAP 60 Request, Identity
17 4.569876 Universa_xx:xx:xx Nearest EAP 60 Response, Identity
18 4.582263 10.switch 10.NPS_Server RADIUS 254 Access-Request(1) (id=252, l=208)
19 4.586006 10.NPS_Server 10.switch RADIUS 136 0.003743000 Access-Challenge(11) (id=252, l=90)
20 4.591896 JuniperN_xx:xx:xx Universa_xx:xx:xx EAP 60 Request, Protected EAP (EAP-PEAP)
21 4.592692 Universa_xx:xx:xx Nearest TLSv1 123 Client Hello
22 4.599634 10.switch 10.NPS_Server RADIUS 361 Access-Request(1) (id=253, l=315)
23 4.600887 10.NPS_Server 10.switch IPv4 1518 Fragmented IP protocol (proto=UDP 17, off=0, ID=07db)
24 4.609920 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 1514 Server Hello, Certificate, Certificate Request, Server Hello Done
25 4.610516 Universa_xx:xx:xx Nearest EAP 60 Response, Protected EAP (EAP-PEAP)
26 4.617407 10.switch 10.NPS_Server RADIUS 262 Access-Request(1) (id=254, l=216)
27 4.618352 10.NPS_Server 10.switch RADIUS 288 0.000945000 Access-Challenge(11) (id=254, l=242)
28 4.623650 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 176 Server Hello, Certificate, Certificate Request, Server Hello Done
29 4.643316 Universa_xx:xx:xx Nearest TLSv1 361 Certificate, Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
30 4.649607 10.switch 10.NPS_Server RADIUS 601 Access-Request(1) (id=255, l=555)
31 4.656950 10.NPS_Server 10.switch RADIUS 199 0.007343000 Access-Challenge(11) (id=255, l=153)
32 4.662734 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 87 Change Cipher Spec, Encrypted Handshake Message
33 4.681106 Universa_xx:xx:xx Nearest EAP 60 Response, Protected EAP (EAP-PEAP)
34 4.788536 10.switch 10.NPS_Server RADIUS 262 Access-Request(1) (id=2, l=216)
35 4.789735 10.NPS_Server 10.switch RADIUS 173 0.001199000 Access-Challenge(11) (id=2, l=127)
36 4.795723 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 61 Application Data
37 4.796372 Universa_xx:xx:xx Nearest TLSv1 93 Application Data
38 4.802368 10.switch 10.NPS_Server RADIUS 331 Access-Request(1) (id=3, l=285)
39 4.803363 10.NPS_Server 10.switch RADIUS 189 0.000995000 Access-Challenge(11) (id=3, l=143)
40 4.808905 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 77 Application Data
41 4.809501 Universa_xx:xx:xx Nearest TLSv1 77 Application Data
42 4.817342 10.switch 10.NPS_Server RADIUS 315 Access-Request(1) (id=4, l=269)
43 4.822986 10.NPS_Server 10.switch RADIUS 189 0.005644000 Access-Challenge(11) (id=4, l=143)
44 4.828973 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 77 Application Data
45 4.833318 Universa_xx:xx:xx Nearest TLSv1 829 Application Data
46 4.840610 10.switch 10.NPS_Server RADIUS 1073 Access-Request(1) (id=5, l=1027)
47 4.845946 10.NPS_Server 10.switch RADIUS 189 0.005336000 Access-Challenge(11) (id=5, l=143)
48 4.850938 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 77 Application Data
49 4.907924 Universa_xx:xx:xx Nearest TLSv1 141 Application Data
50 4.913390 10.switch 10.NPS_Server RADIUS 379 Access-Request(1) (id=6, l=333)
51 4.917535 10.NPS_Server 10.switch RADIUS 221 0.004145000 Access-Challenge(11) (id=6, l=175)
52 4.922877 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 109 Application Data
53 4.923472 Universa_xx:xx:xx Nearest TLSv1 61 Application Data
54 4.930319 10.switch 10.NPS_Server RADIUS 299 Access-Request(1) (id=7, l=253)
55 4.937348 10.NPS_Server 10.switch RADIUS 381 0.007029000 Access-Challenge(11) (id=7, l=335)
56 4.942543 JuniperN_xx:xx:xx Universa_xx:xx:xx TLSv1 269 Application Data
57 4.944791 Universa_xx:xx:xx Nearest TLSv1 125 Application Data
58 4.951408 10.switch 10.NPS_Server RADIUS 363 Access-Request(1) (id=8, l=317)
59 4.954022 10.NPS_Server 10.switch RADIUS 355 0.002614000 Access-Accept(2) (id=8, l=309)
60 4.981482 JuniperN_xx:xx:xx Universa_xx:xx:xx EAP 60 Success
61 32.590347 10.switch 10.NPS_Server RADIUS 361 Access-Request(1) (id=251, l=315)
62 62.592420 10.switch 10.NPS_Server RADIUS 361 Access-Request(1) (id=251, l=315)
63 92.595043 10.switch 10.NPS_Backup_Server RADIUS 361 Access-Request(1) (id=9, l=315)
64 122.597856 10.switch 10.NPS_Backup_Server RADIUS 361 Access-Request(1) (id=9, l=315)
65 152.600618 10.switch 10.NPS_Backup_Server RADIUS 361 Access-Request(1) (id=9, l=315)A belated thanks for your reply.
Our environment doesn't have NPS accounting configured so that was easy to rule out.
The mid-day drop outs have stopped after I added "set protocols dot1x authenticator no-mac-table-binding" to our Juniper switches (which prevents mac address aging from clearing the active dot1x client session).
I believe the above error message occurs because the RADIUS session ID is rejected / ignored because of some quirks in the RADIUS standard. At the start of a dot1x authentication request a RADIUS session ID is created. For whatever reason the
RADIUS/NAP server stops responding and the Juniper switch fails over to the backup RADIUS/NAP server configured. The session ID is kept (per RADIUS standard) but the backup RADIUS/NAP server doesn't know about the session, so this event: "Network
Policy Server discarded the request for a user." occurs.
It would be nice to see a clearer error message "Invalid RADIUS session" or similar.
There is a Microsoft guide on how to set up RADIUS/NAP servers in a highly available configuration - something to do with RADIUS proxy servers.
It would be even nicer to see some kind of RADIUS session synchronisation between NAP servers... if it doesn't already exist?
I am having the same exact issue you posted on here except I have Extreme Network switches. Some of my computers, various hardware, will randomly not authenticate during re-authentication. The switch says that it failed to contact the NPS server so then it
switches to my backup server. The client has a random time on how long it waits to authenticate so sometimes I end up having the disable/re-enable the port they are connected to so that the session is started again. I see that you basically removed the option
to force clients to re-authenticate Any downfall disabling that?. Any idea why the NPS server is no longer responding? Are you using Windows Server 2012? -
Kerberos Configuration Manager for SQL Server: Access of system information failed!
I'm trying to use the new Kerberos Configuration Manager for SQL Server tool that was released recently to verify SPN on several SQL Servers, but any time I attempt to connect to a server I get the following error in the log:
6/24/2013 3:48:22 PM Info: Connect to WMI, \\<HOSTNAME>\root\cimv2
6/24/2013 3:48:25 PM Error: Access of system information failed System.DirectoryServices.AccountManagement.PrincipalOperationException: An error (1332) occurred while enumerating the group membership. The member's SID could not be resolved.
at System.DirectoryServices.AccountManagement.SAMMembersSet.IsLocalMember(Byte[] sid)
at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNextLocal()
at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNext()
at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext()
at System.Linq.Enumerable.Contains[TSource](IEnumerable`1 source, TSource value, IEqualityComparer`1 comparer)
at KerberosCM.WMIHelper.isUserLocalAdmin(SystemInfo si, UserPrincipal user)
at KerberosCM.WMIHelper.getUserInfo(SystemInfo mi)
6/24/2013 3:48:25 PM Error: Error System.Exception: Access of system information failed!
at KerberosCM.WMIHelper.getUserInfo(SystemInfo mi)
at KerberosCM.SystemInfo.GetInfo()
at KerberosConfigMgr.Utility.Login(String serverName, String login, String password, Boolean isCmdLine, Form uiForm)
Things I have tried to resolve this:
1. Verified that my account is a Domain Admin.
2. Attempt to connect locally without inputting any information for server/user/pw
3. Attempt to connect remotely using server/user/pw
I always receive the same error message and log: Access of system information failed!
Has anyone else run into this issue?Update to this:
There were some invalid user accounts added to the Local Administrators group only showing up as a GUID. This caused the enumeration of the group to fail and generate the error in my original post. Removing those user accounts from the Administrators group
got past the enumeration error.
However, now when attempting to connect to the servers (locally or remotely) I get this error:
6/27/2013 10:24:24 AM Info: Connect to WMI, \root\cimv2
6/27/2013 10:24:38 AM Error: Access of system information failed System.Runtime.InteropServices.COMException (0x80070035): The network path was not found.
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
at System.DirectoryServices.DirectoryEntry.Bind()
at System.DirectoryServices.DirectoryEntry.get_AdsObject()
at System.DirectoryServices.PropertyValueCollection.PopulateList()
at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
at System.DirectoryServices.AccountManagement.SAMStoreCtx.ResolveCrossStoreRefToPrincipal(Object o)
at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNextForeign()
at System.DirectoryServices.AccountManagement.SAMMembersSet.MoveNext()
at System.DirectoryServices.AccountManagement.FindResultEnumerator`1.MoveNext()
at System.Linq.Enumerable.Contains[TSource](IEnumerable`1 source, TSource value, IEqualityComparer`1 comparer)
at KerberosCM.WMIHelper.isUserLocalAdmin(SystemInfo si, UserPrincipal user)
at KerberosCM.WMIHelper.getUserInfo(SystemInfo mi)
6/27/2013 10:24:38 AM Error: Error System.Exception: Access of system information failed!
at KerberosCM.WMIHelper.getUserInfo(SystemInfo mi)
at KerberosCM.SystemInfo.GetInfo()
at KerberosConfigMgr.Utility.Login(String serverName, String login, String password, Boolean isCmdLine, Form uiForm) -
Hello everyone:
I know this question have been asked in these forums quite a few times. I apologize if it is a repeat telecast but I was not able to find a suitable solution pertaining to my problem.
I have a AP/SM setup that is configured to get EAP-PEAP authentication from Windows 2012 Server. I have setup everything and have verified that the EAP-PEAP authentication works fine on AP/SM by getting authentication from FreeRADIUS server. Now, when I try
to get authentication from Windows Server, I am getting a reject. The Event log shows this generic message:
Reason Code: 23
Reason:
An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
There is nothing in the EAP logs that is obvious too:
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
07/11/2014 00:05:57 4927",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4927",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1
07/11/2014 00:05:57 4928",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,11,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,5,"PEAP_TEST",0,"311 1 10.120.133.1 07/11/2014 00:05:57 4928",30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,1,"SANDBOX\test","SANDBOX\test",,,,,,"10.120.133.10",5,0,"10.120.133.10","Canopy_AP",,,18,,,,11,"PEAP_TEST",0,"311 1 10.120.133.1
07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
"USIL01PMPTST01","IAS",07/11/2014,11:59:44,3,,"SANDBOX\test",,,,,,,,0,"10.120.133.10","Canopy_AP",,,,,,,11,"PEAP_TEST",23,"311 1 10.120.133.1 07/11/2014 00:05:57 4929",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"PEAP_TEST_CONNECTION",1,,,,
So, basically, the sequence is this:
request , challenge, request , challenge, request, reject
Any idea what might be happening?
Thank you.Hi,
Have you installed certificates on the NPS server properly? Have you selected the proper certificate in the properties of PEAP?
Here is an article about the Certificate requirements of PEAP,
Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS
http://support.microsoft.com/kb/814394
If your certificate matches the requirement, you may try to reinstall the certificate by export and import.
To export a certificate, please follow the steps below,
Open the Certificates snap-in for a user, computer, or service.
In the console tree under the logical store that contains the certificate to export, click
Certificates.
In the details pane, click the certificate that you want to export.
On the Action menu, point to
All Tasks, and then click Export.
In the Certificate Export Wizard, click No, do not export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
Provide the following information in the Certificate Export Wizard:
Click the file format that you want to use to store the exported certificate: a DER-encoded file, a Base64-encoded file, or a PKCS #7 file.
If you are exporting the certificate to a PKCS #7 file, you also have the option to include all certificates in the certification path.
If required, in Password, type a password to encrypt the private key you are exporting. In
Confirm password, type the same password again, and then click
Next.
In File name, type a file name and path for the PKCS #7 file that will store the exported certificate and private key. Click
Next, and then click Finish.
To import a certificate, please follow the steps below,
Open the Certificates snap-in for a user, computer, or service.
In the console tree, click the logical store where you want to import the certificate.
On the Action menu, point to
All Tasks, and then click Import to start the Certificate Import Wizard.
Type the file name containing the certificate to be imported. (You can also click
Browse and navigate to the file.)
If it is a PKCS #12 file, do the following:
Type the password used to encrypt the private key.
(Optional) If you want to be able to use strong private key protection, select the
Enable strong private key protection check box.
(Optional) If you want to back up or transport your keys at a later time, select the
Mark key as exportable check box.
Do one of the following:
If the certificate should be automatically placed in a certificate store based on the type of certificate, click
Automatically select the certificate store based on the type of certificate.
If you want to specify where the certificate is stored, select
Place all certificates in the following store, click
Browse, and choose the certificate store to use.
If issue persists, you may try to re-issue the certificate.
For detailed procedure, you may refer to the similar threads below,
Having issues getting PEAP with EAP-MSCHAP v2 working on Windows 2008 R2
http://social.technet.microsoft.com/Forums/windowsserver/en-US/c66cf0a8-24dd-4ccd-b5bb-16bd28ad8d4c/having-issues-getting-peap-with-eapmschap-v2-working-on-windows-2008-r2?forum=winserverNAP
Hope this helps.
Steven Lee
TechNet Community Support -
Update NTP (Network Time Protocol) wiki article?
I was trying to set up automatic clock synchronization, so I went here https://wiki.archlinux.org/index.php/Ne … e_Protocol to see how I could do that: first thing it says to install ntp, and that's easy, but then the configuration section is very different from the default /etc/ntp.conf coming with the repository package (version 4.2.6.p2-1), so this is the first reason why I think the article should be updated.
After that I started KISS-wondering why I should use a memory/bandwidth/cpu-eating daemon if what I want is just synchronize my clock at boot time, nothing more; in fact, configuring ntp that way is useful only for a ntp server, but I'm pretty confident that the large majority of people visiting that page are just looking for a way to sync their clock, so I think that the NTP part of the page should be split in 2 or even better 3 sub sections: 1) ntp server configuration (with ntpd running); 2) simple ntp clock synchronization (with ntpd running); 3) ntp clock synchronization (at boot time or as a cron event) (without ntpd running).
Subsection 3) should explain how to configure ntp.conf (and maybe /etc/rc.local ? I'm still studying on this) just to be able to have this command
ntpd -qg
automatically executed at boot time: maybe appending it to /etc/rc.local (but I'm afraid it's slightly more complicated than that, I'm still studying on it); it could also be reminded that it's possible to run that command at predefined time intervals by creating a cron event.
Is somebody with more knowledge than me interested in helping?
(Excuse my approximate English...)Ok, I finally managed to find the time to revise the ntp.conf section, this is my first attempt to it:
===/etc/ntp.conf===
The first thing you define in your ntp.conf is the servers your machine will synchronize to.
NTP servers are classified in a hierarchical system with many levels called "strata": the devices which are considered independent time sources are classified as "stratum 0" sources; the servers directly connected to stratum 0 devices are classified as "stratum 1" sources; servers connected to stratum 1 sources are then classified as "stratum 2" sources and so on. It has to be understood that a server's stratum cannot be taken as an indication of its accuracy or reliability.
Tipically, stratum 2 servers are used for general synchronization purposes: if you don't already know the servers you're going to connect to, you should use the pool.ntp.org servers (http://www.pool.ntp.org/ or http://support.ntp.org/bin/view/Servers/NTPPoolServers) and choose the server pool that is closest to your location.
The following lines are just an example:
server 0.it.pool.ntp.org iburst
server 1.it.pool.ntp.org iburst
server 2.it.pool.ntp.org iburst
server 3.it.pool.ntp.org iburst
The iburst option is recommended, and sends a burst of packets if it cannot obtain a connection with the first attempt. The "burst" option should never be used without explicit permission and will likely result in blacklisting.
If you're setting up a ntp server, you need to add localhost as a server, so that, in case it loses internet access, it won't stop serving time to the network; add localhost as a "stratum 10" server (using the "fudge" command) so that it will never be used unless internet access is lost:
server 127.127.1.0
fudge 127.127.1.0 stratum 10
The next thing you have to do is add the drift file (which keeps track of yours clocks time deviation) and optionally the log file location:
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
Now all that's left to do is define the rules that will allow clients to connect to your service (localhost is considered a client too) using the "restrict" command; you should already have a line like this in your file:
restrict default nomodify nopeer
This restricts everyone from modifying anything and prevents everyone from querying your time server.
You can also add other options:
restrict default kod nomodify notrap nopeer noquery
In the past, "notrust" option was used too, but its function has changed to mean that authentication with a key is required.
Following this line, you need to tell ntpd what to allow through into your server; the following line is enough if you're not configuring a ntp server:
restrict 127.0.0.1
Otherwise you can add more clients like in this example:
restrict 1.2.3.4 nomodify
restrict 192.168.0.0 mask 255.255.255.0 nomodify notrap
This tells ntpd that 1.2.3.4 and all IP addresses from the 192.168.0.0 range will be allowed to synchronize on this server, but they will not be allowed to modify anything. All other IP addresses in the world will still obey the default restrictions (the first line in the ntp.conf).
In the end, the complete file will look like this (almost all original comments have been stripped out for clarity):
# Name of the servers ntpd should sync with (these are for Italy as an example)
server 0.it.pool.ntp.org iburst
server 1.it.pool.ntp.org iburst
server 2.it.pool.ntp.org iburst
server 3.it.pool.ntp.org iburst
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
restrict default nomodify nopeer
restrict 127.0.0.1
For a more in-depth explanation of the file, especially if you want to configure your machine as a ntp server, the Gentoo Wiki has a more detailed description.
Lastly, never forget man pages:
$ man ntp.conf
is likely to answer most of your remaining doubts.
Last edited by kynikos (2011-02-06 23:15:03)
Maybe you are looking for
-
[SOLVED] Xinerama crashing xorg 1.9
After installing the latest xorg packages (1.9) I can no longer use xinerama when I have two monitors connected. I've tried this with several WMs, and none of them want to start with xinerama activa and an external monitor on VGA from my laptop. I'm
-
Mail settings for iCloud, etc
I'm using 10.6.8. I see two kbases for setting up Apple Mail to work with iCloud email. But, one says it's specifically for 10.6. The other is for other email apps, using IMAP setup. But, wouldn't the IMAP settings in the second work for 10.6 as well
-
Add configs to the transport request
I did configurations in Dev and saved in a TR, not released yet. I am doing more configurations, can I use the already created TR to include these configurations? And relase and move the this TR normally.
-
Display more than 2 measures in Bullet chart
Hi, Can we compare more than 2 measure values using Bullet chart? Is there any workaround? Thanks
-
I have recently started hearing noise emitting from my iMac whenver I install softwares or copy files. Mine iMac is fairly new (7 months old) and the sound was not coming earlier. Would it be HDD or fan issue?