Domain client PCs are sending NTP to external source

Hi,
I have been monitoring too many NTP traffic going out through Sophos firewall and they are all blocked by default as it is not allowed.
Client PCs are trying to get time information from many locations, how can I make PCs to get their time information from internal NTP server rather external NTP server?
This is the list of IP address that internal PCs are trying to reach to get time information.
207.57.100.235 grapeofwrath.com.au
128.138.141.172 utcnist2.colorado.edu
24.56.178.140 host-24-56-178-140.beyondbb.com 64.113.32.5 nist.netservicesgroup.com
165.193.126.229 nist1-nj2.ustiming.org
But I want domain PCs get their time from our PDC.

Configure NTP settings via group policy:
In a policy applied at the domain level, set clients to use the Windows hierarchy for time sync (domain members sync to domain controllers, domain controllers sync to the PDC emulator).
See this on how to configure a WMI filter to identify the PDC emulator:
http://blogs.technet.com/b/askds/archive/2008/11/13/configuring-an-authoritative-time-server-with-group-policy-using-wmi-filtering.aspx . Using this, configure a group policy ONLY targets the PDC emulator and target the domain controllers OU. Sett the settings
below:
NTP servers: tock.usno.navy.mil,0x9 time.windows.com,0xa  
(will set the .mil server to be primary, and time.windows.com to be the backup NTP source.)
Type: NTP
-Ravi

Similar Messages

  • I was trying to set Adobe Reader 11 as default PDF viewer on my client PCs, Please help me this. My server is windows 2012 R2 and client PCs are Windows 8.1

    I was trying to set Adobe Reader 11 as default PDF viewer on my client PCs, Please help me this. My server is windows 2012 R2 and client PCs are Windows 8.1

    Hi Krisis,
    I have found a forum where similar query was answered. Hope this helps.
    http://www.loginvsi.com/forum/support-v4/857-adobe-reader-xi-not-set-as-default-pdf-viewer -in-server-2012-r2-rds
    Regards,
    Anoop

  • CPPR error  Wrong status: Send to external sourcing - pending

    Hi experts,
    we are on SRM 7.0 ehp 1 u2013 backend ECC 6.0 EHP 5.
    Iu2019ve activated the process to create SRM RFx with reference to Backend purchase requisitions without PI.
    In CPPR I select the backend purchase requisition and start collective processing.
    In the collective processing screen I u201CShift to external Sourcingu201D
    The status of the backend purchase requisition changes to Send to external sourcing: pending.
    The system automatically creates a SC in SRM and a RFx in status u201CSavedu201D.
    The status of the backend purchase requisition is still the same.
    Also when I publish the RFx the status of the backend purchase requisition doesnu2019t change.
    The following services have been customized for peer to peer connection:
    RFQRequestSUITEAllowedBiddersByIdentifyingElementsQueryResponse_In
    PurchaseOrderSRMPricingSimulateQueryResponse_In
    PurchasingContractSRMArchivingCheckQueryResponse_in
    QueryCodeList
    PurchaseOrderERPConfirmation_In
    PurchaseOrderERPContractReleaseNotification_In
    PurchaseRequestERPSourcingRequest_In
    PurchasingContractERPConfirmation_In
    PurchasingContractSRMReplicationConfirmation_In
    RFQRequestSUITERequest_In
    SupplierInvoiceSUITEContractReleaseNotification_In
    PurchaseOrderERPRequest_In_V1
    PurchaseRequestERPSourcingConfirmation_IN
    RFQRequestSUITEConfirmation_IN
    PurchaseOrderERPRequest_IN_V1
    PurchasingContractERPRequest_IN_V1
    In SXI_Monitor is just one XML: PurchaseRequestERPSourcingRequest_In.
    Shouldnu2019t there be an outgoing XML to update the status of the backend purchase requisition?
    What I need to do to get the purchase requisition updated?
    Thanks for all your inputs!
    Kind Regards
    Stefan

    Hello Stefan,
    I hope you have cross checked the CPPR configuration as per the note 1263876.
    For the logic of the Badi ME_REQ_SOURCING_CUST in ERP system. Please find some relevant details of the way i have configured it.
    method IF_EX_ME_REQ_SOURCE_CUST~ACTIVE.
    setting cv_aut_sourcing makes the external sourcing functionality active
    either manually or automatically.
    setting cv_ext_rfx_ind makes RFx creation in SRM available
    setting cv_ext_sc_ind makes SC creation in SRM available
      cv_aut_sourcing = cl_mmpur_constants=>yes.   " ext sourcing active at all
      cv_ext_rfx_ind  = cl_mmpur_constants=>yes.   " RFX creation in SRM, not in ERP
      cv_ext_sc_ind   = cl_mmpur_constants=>yes.   " SC creation in SRM possible
    endmethod.
    method IF_EX_ME_REQ_SOURCE_CUST~CHECK_EXTERNAL_SOURCE.
    example Implementation:
    Purchase requisitions are send automatically to external sourcing based on the criteria
    implemented here. Thus, if you want to send PRs automatically, code your selection
    criteria in this method.
      IF is_req_item-ekgrp = 'SRM'.
        cv_ext_sourcing = cl_mmpur_constants=>yes.
      ENDIF.
    endmethod.
    Also for the issue XML not getting triggered with the interface PurchaseRequestERPSourcingConfirmation_Out , first the XML PurchaseRequestERPSourcingRequest_IN to srm should be successfully processed. Once this done then srm sends the sourcing confirmation out xml to erp.
    Is the in xml to srm processed here successfully ?
    If yes kindly crosscheck the config as per the details above and also aksed your XI consultant to check the configurations for the Integration scenario used here.
    Thanks & Best Regards,
    Rahul

  • Launchpad shows "Server is offline" in client PCs

    Hi,
    I've the problem that the Launchpad indicates the server as offline even if it's not.
    In the Server dashboard I can see that all client PCs are shown as offline too, but everything is up and running. I can ping the clients and vice versa. I've looked ino the logfiles and found the following errors in LANConfigSvc.log:
    [2728] 131118.160555.6740: ServerDiscoveryClient: Calling Ping
    [2728] 131118.160555.6740: ServerDiscoveryClient: OM is connected, just Ping
    [6288] 131118.160555.6740: ServerConnectionClient: Calling Ping
    [6288] 131118.160555.6740: ServerConnectionClient: OM is connected, just Ping
    [7136] 131118.160555.7676: VPNClientUpdater: Failed to retrieve VPN server setting. Exception: System.TimeoutException: Timeout occurred waiting for connection to complete.  Connection attempt is still in progress.
       at Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.TimeoutWait`1.ThreadWaitHolder.WaitForTimeout(TimeSpan duration, ProviderConnector`1 providerConnector)
       at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderConnector`1.WaitForConnection(TimeSpan duration)
       at Microsoft.WindowsServerSolutions.Networking.NetworkingServiceBackend.Connect(TimeSpan timeout)
       at Microsoft.WindowsServerSolutions.Networking.VPNClientUpdater.TryGetVPNServerSetting(VPNSetting& setting)
    [2292] 131118.160556.1108: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [2292] 131118.160556.1108: SmallBusinessServerPresenceDetector: Ping: retry #25 of 1 failed
    [6184] 131118.160601.2905: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [6184] 131118.160601.2905: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Verification failed
    [6184] 131118.160601.2905: ServerDiscoveryProviderBase: Calling Callback.OnServerDiscoveryAttemptFailed()
    [6184] 131118.160601.2905: ServerDiscoveryProviderBase: Callback successfully completed
    [2988] 131118.160601.2905: LanConfigService:RunnerBase: Server discovery Attempt Failed
    [6288] 131118.160606.2986: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Reset DNS server before discovery
    [6288] 131118.160606.4078: ServerDiscovery:ServerLocator: FindServer: looking for server SERVER02, searchDuration:00:00:05
    [6288] 131118.160611.6342: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: OnServerCandidateDiscovered: Found server SERVER02, will verify
    [6288] 131118.160611.6342: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Set DNS server after discovery.
    [6184] 131118.160611.6342: PInvoke: DnsValidateServerStatus(out serverStatus = 'ERROR_SUCCESS (0x00000000)', serverIP = '192.168.104.34', queryName = '') returns 'NO_ERROR (0x00000000)'
    [6288] 131118.160611.7122: ProviderFramework: Information: [0] : (current thread: 0x1890): PfSynchronizationContext not needed.
    [6288] 131118.160611.7122: ProviderFramework: Information: [0] : ProviderConnector: Querying for provider info: Microsoft.WindowsServerSolutions.Networking.INetworkingService, True,
    Can someone help please
    Thanks

    Hello -
       I am having exactly the same problem.  Were you able to find a solution?
        Igor.
    Part of my log file below:
    [10596] 140104.193209.2327: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [10596] 140104.193209.2327: SmallBusinessServerPresenceDetector: Ping: retry #158 of 1 failed
    [9052] 140104.193224.0522: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [9052] 140104.193224.0522: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Verification failed
    [9052] 140104.193224.0522: ServerDiscoveryProviderBase: Calling Callback.OnServerDiscoveryAttemptFailed()
    [9052] 140104.193224.0522: ServerDiscoveryProviderBase: Callback successfully completed
    [7844] 140104.193224.0522: LanConfigService:RunnerBase: Server discovery Attempt Failed
    [7968] 140104.193229.0557: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Reset DNS server before discovery
    [7968] 140104.193229.1867: ServerDiscovery:ServerLocator: FindServer: looking for server LENOVO, searchDuration:00:00:05
    [12260] 140104.193229.3326: ServerDiscoveryClient: Calling Ping
    [12260] 140104.193229.3326: ServerDiscoveryClient: OM is connected, just Ping
    [10528] 140104.193229.3946: ServerConnectionClient: Calling Ping
    [10528] 140104.193229.3946: ServerConnectionClient: OM is connected, just Ping
    [7968] 140104.193234.4011: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: OnServerCandidateDiscovered: Found server LENOVO, will verify
    [7968] 140104.193234.4011: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Set DNS server after discovery.
    [7968] 140104.193234.4081: PInvoke: DnsValidateServerStatus(out serverStatus = 'ERROR_SUCCESS (0x00000000)', serverIP = '192.168.2.15', queryName = '') returns 'NO_ERROR (0x00000000)'
    [7968] 140104.193234.5321: ProviderFramework: Information: [0] : (current thread: 0x1f20): PfSynchronizationContext not needed.
    [7968] 140104.193234.5321: ProviderFramework: Information: [0] : ProviderConnector: Querying for provider info: Microsoft.WindowsServerSolutions.Networking.INetworkingService, True,
    [8384] 140104.193249.2357: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [8384] 140104.193249.2357: SmallBusinessServerPresenceDetector: Ping: retry #159 of 1 failed
    [7968] 140104.193304.5291: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [7968] 140104.193304.5291: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Verification failed
    [7968] 140104.193304.5291: ServerDiscoveryProviderBase: Calling Callback.OnServerDiscoveryAttemptFailed()
    [7968] 140104.193304.5291: ServerDiscoveryProviderBase: Callback successfully completed
    [11672] 140104.193304.5291: LanConfigService:RunnerBase: Server discovery Attempt Failed
    [10528] 140104.193309.5321: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Reset DNS server before discovery
    [10528] 140104.193309.6731: ServerDiscovery:ServerLocator: FindServer: looking for server LENOVO, searchDuration:00:00:05
    [10528] 140104.193314.8871: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: OnServerCandidateDiscovered: Found server LENOVO, will verify
    [10528] 140104.193314.8871: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Set DNS server after discovery.
    [9852] 140104.193314.8951: PInvoke: DnsValidateServerStatus(out serverStatus = 'ERROR_SUCCESS (0x00000000)', serverIP = '192.168.2.15', queryName = '') returns 'NO_ERROR (0x00000000)'
    [10528] 140104.193315.0031: ProviderFramework: Information: [0] : (current thread: 0x2920): PfSynchronizationContext not needed.
    [10528] 140104.193315.0031: ProviderFramework: Information: [0] : ProviderConnector: Querying for provider info: Microsoft.WindowsServerSolutions.Networking.INetworkingService, True,
    [7528] 140104.193328.9211: VPNClientUpdater: Failed to retrieve VPN server setting. Exception: System.TimeoutException: Timeout occurred waiting for connection to complete.  Connection attempt is still in progress.
       at Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.TimeoutWait`1.ThreadWaitHolder.WaitForTimeout(TimeSpan duration, ProviderConnector`1 providerConnector)
       at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderConnector`1.WaitForConnection(TimeSpan duration)
       at Microsoft.WindowsServerSolutions.Networking.NetworkingServiceBackend.Connect(TimeSpan timeout)
       at Microsoft.WindowsServerSolutions.Networking.VPNClientUpdater.TryGetVPNServerSetting(VPNSetting& setting)
    [9516] 140104.193329.2351: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [9516] 140104.193329.2351: SmallBusinessServerPresenceDetector: Ping: retry #160 of 1 failed
    [12260] 140104.193329.3401: ServerDiscoveryClient: Calling Ping
    [12260] 140104.193329.3401: ServerDiscoveryClient: OM is connected, just Ping
    [9052] 140104.193329.4031: ServerConnectionClient: Calling Ping
    [9052] 140104.193329.4031: ServerConnectionClient: OM is connected, just Ping
    [10528] 140104.193345.0031: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [10528] 140104.193345.0031: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Verification failed
    [10528] 140104.193345.0031: ServerDiscoveryProviderBase: Calling Callback.OnServerDiscoveryAttemptFailed()
    [10528] 140104.193345.0031: ServerDiscoveryProviderBase: Callback successfully completed
    [11260] 140104.193345.0031: LanConfigService:RunnerBase: Server discovery Attempt Failed
    [7528] 140104.193350.0101: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Reset DNS server before discovery
    [7528] 140104.193350.1441: ServerDiscovery:ServerLocator: FindServer: looking for server LENOVO, searchDuration:00:00:05
    [7528] 140104.193355.3581: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: OnServerCandidateDiscovered: Found server LENOVO, will verify
    [7528] 140104.193355.3581: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Set DNS server after discovery.
    [9516] 140104.193355.3651: PInvoke: DnsValidateServerStatus(out serverStatus = 'ERROR_SUCCESS (0x00000000)', serverIP = '192.168.2.15', queryName = '') returns 'NO_ERROR (0x00000000)'
    [7528] 140104.193355.4641: ProviderFramework: Information: [0] : (current thread: 0x1d68): PfSynchronizationContext not needed.
    [7528] 140104.193355.4641: ProviderFramework: Information: [0] : ProviderConnector: Querying for provider info: Microsoft.WindowsServerSolutions.Networking.INetworkingService, True,
    [9852] 140104.193409.2441: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [9852] 140104.193409.2441: SmallBusinessServerPresenceDetector: Ping: retry #161 of 1 failed
    [7528] 140104.193425.4631: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [7528] 140104.193425.4631: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Verification failed
    [7528] 140104.193425.4631: ServerDiscoveryProviderBase: Calling Callback.OnServerDiscoveryAttemptFailed()
    [7528] 140104.193425.4631: ServerDiscoveryProviderBase: Callback successfully completed
    [12100] 140104.193425.4631: LanConfigService:RunnerBase: Server discovery Attempt Failed
    [7968] 140104.193429.3511: ServerDiscoveryClient: Calling Ping
    [7968] 140104.193429.3511: ServerDiscoveryClient: OM is connected, just Ping
    [7528] 140104.193429.4141: ServerConnectionClient: Calling Ping
    [7528] 140104.193429.4141: ServerConnectionClient: OM is connected, just Ping
    [10596] 140104.193430.4601: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Reset DNS server before discovery
    [10596] 140104.193430.5791: ServerDiscovery:ServerLocator: FindServer: looking for server LENOVO, searchDuration:00:00:05
    [10596] 140104.193435.7941: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: OnServerCandidateDiscovered: Found server LENOVO, will verify
    [10596] 140104.193435.7941: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Set DNS server after discovery.
    [7528] 140104.193435.8011: PInvoke: DnsValidateServerStatus(out serverStatus = 'ERROR_SUCCESS (0x00000000)', serverIP = '192.168.2.15', queryName = '') returns 'NO_ERROR (0x00000000)'
    [10596] 140104.193435.8861: ProviderFramework: Information: [0] : (current thread: 0x2964): PfSynchronizationContext not needed.
    [10596] 140104.193435.8861: ProviderFramework: Information: [0] : ProviderConnector: Querying for provider info: Microsoft.WindowsServerSolutions.Networking.INetworkingService, True,
    [9516] 140104.193449.2411: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [9516] 140104.193449.2411: SmallBusinessServerPresenceDetector: Ping: retry #162 of 1 failed
    [9052] 140104.193458.9291: VPNClientUpdater: Failed to retrieve VPN server setting. Exception: System.TimeoutException: Timeout occurred waiting for connection to complete.  Connection attempt is still in progress.
       at Microsoft.WindowsServerSolutions.Common.ProviderFramework.internal.ConnectorInternals.TimeoutWait`1.ThreadWaitHolder.WaitForTimeout(TimeSpan duration, ProviderConnector`1 providerConnector)
       at Microsoft.WindowsServerSolutions.Common.ProviderFramework.ProviderConnector`1.WaitForConnection(TimeSpan duration)
       at Microsoft.WindowsServerSolutions.Networking.NetworkingServiceBackend.Connect(TimeSpan timeout)
       at Microsoft.WindowsServerSolutions.Networking.VPNClientUpdater.TryGetVPNServerSetting(VPNSetting& setting)
    [10596] 140104.193505.8851: ServerDiscovery:Pinger: Ping: TimeoutException in Connect
    [10596] 140104.193505.8851: ServerDiscoveryProvider:SmallBusinessServerDiscoverer: Verification failed
    [10596] 140104.193505.8851: ServerDiscoveryProviderBase: Calling Callback.OnServerDiscoveryAttemptFailed()
    [10596] 140104.193505.8851: ServerDiscoveryProviderBase: Callback successfully completed
    [7620] 140104.193505.8851: LanConfigService:RunnerBase: Server discovery Attempt Failed

  • Automatic Updates of client PCs from Server

    Most of our users do not have permissions to install updates on their
    pc's. We need a service that will update the client pc's from the server automatically without the users input and also give the administrator a report after updating a PC
    We are running a Win Server 2012  & the client PCs are running Windows 7

    Most of our users do not have permissions to install updates on their pc's.
    Actually, unless you've explicitly blocked that capability (and I'm challenged to imagine you have done so based on this question here), then *ALL* users always have the capability to scan/install updates on a Windows 7 system.
    We need a service that will update the client pc's from the server automatically without the users input and also give the administrator a report after updating a PC
    This product is called WSUS (Windows Server Update Service). You're posting in the forum for THAT product.
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Internal and External sources for OBIEE

    Hi,
    When we say OBIEE can integrates data feeds from internal and external sources..what exactly does this mean. Can OBIEE even do that? Thanks

    Hi,
    We have a requirement where the data sources are from internal and external sources. I was not sure of it too and so raised the question on forums. I am assuming internal sources would be Oracle etc within the system and external would be out of the application. Not sure exactly what is meant by it.

  • Problem in workflow sending mails to external domains like yahoo,gmail etc.

    hi
    i have one probs in my workflow that when i am sending mail to an external id it is not going to gmail,yahoo or hotmail etc.
    it is being send to a particular domain say XYZ
    but outside it ,no mail is send
    and error is coming that recepient is unknown
    we have firewalls being placed on smtp
    and each and every setting in SCOT has been checked thorughly
    but still mail except to one domain is not going outside
    i have came across the info that since SAP doesn have any user id authentication but SMTP does has ,so when mail is being send outside the mail sending is failed,one option could be to disable the authentication at SMTP but thats doesn come inside the policy of client
    so i think there must be a way out in SAP to deal with this
    please suggest how can i send the mails externally,i ahve checked each and every thing inside my SMTP configuration ,adress is defined as * here  but still mail is being send to internal domain of the client in which i am working ,but not at all to the external domains like gmail,yahoo etc.
    any help will be highly appreciated
    best regards
    ashish

    Hi Ashish,
    I think you will need to check with your exchange guys because probably the exchange server will not relay the messages form the SAP server to external e-mail domains.
    Regards,
    Martin

  • Not send mail for external domains

    Hi,
    I have installed OCS 10g(10.1.2) in linux. All components ok, but i not send mail for external domain.
    Att,
    Mesti

    I remember in version 9.0.2 that i configure in SMTP_OUTBOUND the IP of DNS external to send mail for other domains.
    Mesti

  • Domain Controllers that are DNS servers DNS Client settings

    [Copying verbatim from a mail by Joe ]
    So I have been pinged by a few folks recently on configuration of client DNS settings on Domain Controllers that are also functioning as DNS Servers. Lots of debate. I understand there has been long time debate within MSFT as well.
    From http://blogs.technet.com/b/askds/archive/2010/07/17/friday-mail-sack-saturday-edition.aspx there
    is the quote
    "3.When referencing a DNS server on itself, a DNS client should always use a loopback address and not a real IP address."
    From http://www.microsoft.com/en-us/download/confirmation.aspx?id=9166 (Windows
    Server 2008 R2 Core Network Guide)
    "9.        In Preferred DNS server, type the IP address of your DNS server. If you plan to use the local computer as the preferred DNS server, type the IP address of the
    local computer.
    10.       In Alternate DNS Server, type the IP address of your alternate DNS server, if any. If you plan to use the local computer as an alternate DNS server, type the IP address of
    the local computer."
    From http://technet.microsoft.com/en-us/library/dd378900(v=ws.10).aspx (DNS:
    DNS servers on <adapter name> should include their own IP addresses on their interface lists of DNS servers)
    "The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to
    itself for name resolution, it can become an island and fail to replicate with other domain controllers. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should
    be configured only as a secondary or tertiary DNS server on a domain controller...
    Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
    ESPECIALLY "For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only as a secondary or tertiary
    DNS server on a domain controller." and "Add the loopback IP address to the list of DNS servers on all active interfaces. The loopback IP address should not be the first server in the list."
    Why shouldn't loopback not be first, the justification is why you shouldn't only use loopback, not why it shouldn't be first.
    From http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx (DNS:
    DNS servers on <adapter name> should include the loopback address, but not as the first entry)
    "If the loopback IP address is the first entry in the list of DNS servers, Active Directory might be unable to find its replication partners. 
    The inclusion of its own IP address in the list of DNS servers improves performance and increases availability of DNS servers. However, if the DNS server is also a domain controller and it points only to itself,
    or points to itself first for name resolution, this can cause a delay during startup. For this reason, use caution when configuring the loopback address on an adapter if the server is also a domain controller. The loopback address should be configured only
    as a secondary or tertiary DNS server on a domain controller."
    This also seems like justification against only using loopback versus using it first.
    Are there any actual real documented issues for using loopback first and a remote DNS server second and perhaps third? If the local DNS server service isn't working yet (or at all), I would expect the DNS Client process
    to try to connect to it, fail, and then failover to the secondary just like I would expect it to failover if the remote DNS server was secondary and it was unavailable and it failed back to the loopback. Am I making a bad assumption?
    And by documented I don't mean random responses to questions on the internet or other such items. I mean a KB article or technet article or properly researched and tested other web article from a reliable resource.
    thanks, 
    joe

    As I understand it, the scenario whereby a DC could become an 'island' if it points only to itself, or to itself first, was repaired in the Windows Server 2003 product cycle. See
    http://support.microsoft.com/kb/275278 for information about this scenario.
    However, there is still a known problem of slow boot times that can occur. See
    http://support.microsoft.com/kb/2001093 for information about this. The scenario that is discussed assumes there is a power failure and servers shut down due to overheating while on backup power. When
    multiple servers come online simultaneously after power is restored, there can be a significant delay.
    The recommended configuration is one that avoids a single point of failure, but also tries to optimize the speed of resource record registration, so that Active Directory can properly synchronize.
    -Greg

  • Failed to send mail to external domain via portal

    Hi Gurus,
    By following the configuraion instructions in <b>SAP library - Collaboration - Groupware - Installing and Configuring E-Mail Connectivity</b>, I managed to send mail to recipients who reside in same domain e.g. <b>[email protected]</b> via portal.
    However, I failed to send mail to external domain e.g. <b>[email protected]</b>. I got the following error message:
    The mail could not be sent to the specified recipients com.sap.ip.collaboration.gw.impl.transport.javamail.exception.MailSendException: The mail could not be sent to the specified recipients
         at com.sap.ip.collaboration.gw.impl.transport.javamail.JavaMailTransport.sendMail(JavaMailTransport.java:183)
    --------- exception is chained. Original exception ------------
    javax.mail.SendFailedException: Invalid Addresses;
      nested exception is:
         javax.mail.SendFailedException: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)
         at com.sun.mail.smtp.SMTPTransport.rcptTo(SMTPTransport.java:804)
         at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:320)
    Please help.
    Thanks alot.

    Hi Ajey,
    Thanks for your reply. I had tried your suggestion but same problem occurred with same error output.
    Actually, I encounterred this error message before in my <b>Microsoft Outlook</b>, where System Admin returned me a mail saying that, my mail was undeliverable with the same error message. But this can be solved by applying the <b>Internet Email Account Setting - Outgoing Server - My outgoing server (SMTP) require authentication</b>.
    So I am wondering,
    1) This problem is caused by SMTP server?
    2) Is there any workaround (like the Outlook Setting) I can configure in Portal?
    Do you have any idea?
    Thanks,
    HauChee

  • HT1218 I'm trying to set up a new iPad..it asks for my WiFi network.. I find the network..then it asks for information that I have no idea about: IP address, Subnet Mask, Routet, DNS, Search Domains, Client ID..also the headings are: DHCP,BootP, Static..c

    I am trying to set up my new iPad. it asks for a WiFi connection.. I have one..then the next page asks for these things:DHCP,BootP,Ststic then IP address, Subnet Mask, Router, DNS, Search Domain, Client ID  then HTTP Proxy  I have no idea what any of this means...can someone please help me???

    Thank you sooo much. I was so disappointed...I couldn't wait to get started with the new iPad..then ran into the problem. So simple. You made my day. Thank you for your expertise!!

  • No client certificate available, sending empty certificate message

    Dear Experts,
        I am trying to establish SSL client certificate connection to external partner. What puzzles me is that the certificate is not picked up by SAP PI. The intermediate and root CA for the partner are OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network and OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US, respectively. You will be able to spot them in the Accepted Certificate Authority list, yet PI insists on sending empty certificate.
        Below is trace gathered from J2EE default trace. Please help shed some light
    Date : 11/16/2011
    Time : 8:49:11:423
    Message : additional info ssl_debug(9): Starting handshake (iSaSiLk 4.3)...
    ssl_debug(9): Sending v3 client_hello message to preprod.connect.elemica.com:443, requesting version 3.2...
    ssl_debug(9): Received v3 server_hello handshake message.
    ssl_debug(9): Server selected SSL version 3.1.
    ssl_debug(9): Server created new session 22:E7:C0:9E:C1:D2:78:83...
    ssl_debug(9): CipherSuite selected by server: TLS_RSA_WITH_AES_256_CBC_SHA
    ssl_debug(9): CompressionMethod selected by server: NULL
    ssl_debug(9): Received certificate handshake message with server certificate.
    ssl_debug(9): Server sent a 1024 bit RSA certificate, chain has 2 elements.
    ssl_debug(9): ChainVerifier: No trusted certificate found, OK anyway.
    ssl_debug(9): Received certificate_request handshake message.
    ssl_debug(9): Accepted certificate types: RSA, DSA
    ssl_debug(9): Accepted certificate authorities:
    ssl_debug(9):   CN=QuoVadis Global SSL ICA,OU=www.quovadisglobal.com,O=QuoVadis Limited,C=BM
    ssl_debug(9):   CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
    ssl_debug(9):   CN=CSF - Classe III - Sign et Crypt,OU=Certification Professionnelle,O=Autorite Consulaire
    ssl_debug(9):   CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions, Inc.,O=GTE Corporation,C=US
    ssl_debug(9):   CN=Entrust.net Certification Authority (2048),OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.),O=Entrust.net
    ssl_debug(9):   CN=DPWN SSL CA I2 PS,OU=I2 PS,O=Deutsche Post World Net
    ssl_debug(9):   CN=CSF,O=Autorite Consulaire
    ssl_debug(9):   C=BE,O=GlobalSign nv-sa,OU=RootSign Partners CA,CN=GlobalSign RootSign Partners CA
    ssl_debug(9):   CN=Dell Inc. Enterprise Utility CA1,O=Dell Inc.
    ssl_debug(9):   EMAIL=premium-server(a)thawte.com,CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
    ssl_debug(9):   CN=TC TrustCenter Class 2 L1 CA XI,OU=TC TrustCenter Class 2 L1 CA,O=TC TrustCenter GmbH,C=DE
    ssl_debug(9):   CN=VeriSign Class 3 Extended Validation SSL SGC CA,OU=Terms of use at https://www.verisign.com/rpa (c)06,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   OU=VeriSign Trust Network,OU=(c) 1998 VeriSign, Inc. - For authorized use only,OU=Class 3 Public Primary Certification Authority - G2,O=VeriSign, Inc.,C=US
    ssl_debug(9):   CN=TC TrustCenter SSL CA I,OU=TC TrustCenter SSL CA,O=TC TrustCenter GmbH,C=DE
    ssl_debug(9):   CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust, Inc.,C=US
    ssl_debug(9):   CN=VeriSign Class 3 International Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   CN=Meijer ipprod,OU=IT,OU=Merch,O=Meijer Stores Limited,L=Walker,ST=MI,C=US
    ssl_debug(9):   CN=COMODO Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
    ssl_debug(9):   OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network
    ssl_debug(9):   CN=UTN - DATACorp SGC,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
    ssl_debug(9):   CN=Deutsche Telekom CA 5,OU=Trust Center Deutsche Telekom,O=T-Systems Enterprise Services GmbH,C=DE
    ssl_debug(9):   CN=TC TrustCenter Class 2 CA II,OU=TC TrustCenter Class 2 CA,O=TC TrustCenter GmbH,C=DE
    ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign,OU=VeriSign International Server CA - Class 3,OU=VeriSign, Inc.,O=VeriSign Trust Network
    ssl_debug(9):   CN=Thawte SGC CA,O=Thawte Consulting (Pty) Ltd.,C=ZA
    ssl_debug(9):   CN=Bertschi CA,O=Bertschi AG (Schweiz),L=Duerrenaesch,ST=Switzerland,C=CH
    ssl_debug(9):   CN=Cybertrust SureServer CA,O=GlobalSign Inc
    ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   EMAIL=server-certs(a)thawte.com,CN=Thawte Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA
    ssl_debug(9):   CN=Mark Van Hamme,O=Brain2 BVBA,L=Brussels,ST=Brabant,C=BE
    ssl_debug(9):   CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US
    ssl_debug(9):   EMAIL=bis.at(a)siemens.com,CN=bis.siemens.at,OU=SBS ORS EDO,O=Siemens Business Services,L=Vienna,ST=Vienna,C=AT
    ssl_debug(9):   CN=VeriSign Class 1 Public Primary Certification Authority - G3,OU=(c) 1999 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   CN=mail2.adr-logistics.hu,O=ADR Logistics Kft.,L=Gyu00E1l,ST=Pest,C=HU
    ssl_debug(9):   EMAIL=brent.kemp(a)sscoop.com,CN=bacchusdevp.sscoop.com,OU=IS,O=Southern States Cooperative Inc,L=Richmond,ST=VA,C=US
    ssl_debug(9):   CN=Cybertrust SureServer Standard Validation CA,O=Cybertrust Inc
    ssl_debug(9):   OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group, Inc.,C=US
    ssl_debug(9):   CN=Certipost E-Trust Secondary Normalised CA for Legal Persons,O=Certipost s.a./n.v.,C=BE
    ssl_debug(9):   EMAIL=cert(a)bit-serv.de,CN=BIT-SERV GmbH Root CA,O=BIT-SERV GmbH,C=DE
    ssl_debug(9):   CN=SAP_elemica_tester
    ssl_debug(9):   CN=GeoTrust Global CA,O=GeoTrust Inc.,C=US
    ssl_debug(9):   OU=Class 1 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
    ssl_debug(9):   CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE
    ssl_debug(9):   CN=Montova Root CA,OU=Root CA,O=Montova,C=BE
    ssl_debug(9):   CN=Baltimore CyberTrust Root,OU=CyberTrust,O=Baltimore,C=IE
    ssl_debug(9):   CN=Dell Inc. Enterprise CA,O=Dell Inc.
    ssl_debug(9):   CN=COMODO High-Assurance Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
    ssl_debug(9):   EMAIL=support(a)tamgroup.com,OU=Engineering,O=Tamgroup,ST=California,L=San Anselmo,C=US,CN=Tamgroup
    ssl_debug(9):   CN=GlobalSign Organization Validation CA,O=GlobalSign,OU=Organization Validation CA
    ssl_debug(9):   CN=Certinomis AC 1 u00E9toile,OU=0002 433998903,O=Certinomis,C=FR
    ssl_debug(9):   CN=GlobalSign ServerSign CA,OU=ServerSign CA,O=GlobalSign nv-sa,C=BE
    ssl_debug(9):   CN=QuoVadis Root CA 2,O=QuoVadis Limited,C=BM
    ssl_debug(9):   CN=AddTrust Class 1 CA Root,OU=AddTrust TTP Network,O=AddTrust AB,C=SE
    ssl_debug(9):   CN=Equifax Secure Global eBusiness CA-1,O=Equifax Secure Inc.,C=US
    ssl_debug(9):   CN=GlobalSign Organization Validation CA,O=GlobalSign,OU=Organization Validation CA
    ssl_debug(9):   CN=thawte Primary Root CA,OU=(c) 2006 thawte, Inc. - For authorized use only,OU=Certification Services Division,O=thawte, Inc.,C=US
    ssl_debug(9):   CN=Certipost E-Trust Primary Normalised CA,O=Certipost s.a./n.v.,C=BE
    ssl_debug(9):   CN=Thawte DV SSL CA,OU=Domain Validated SSL,O=Thawte, Inc.,C=US
    ssl_debug(9):   OU=Equifax Secure Certificate Authority,O=Equifax,C=US
    ssl_debug(9):   CN=preprod.connect.elemica.com,OU=CONNECTED SOLUTIONS,O=Elemica,L=Wayne,ST=Pennsylvania,C=US
    ssl_debug(9):   CN=Certinomis - Autoritu00E9 Racine,OU=0002 433998903,O=Certinomis,C=FR
    ssl_debug(9):   CN=DPWN Root CA R2 PS,OU=IT Services,O=Deutsche Post World Net,DC=com
    ssl_debug(9):   CN=Thawte Test CA Root,OU=TEST TEST TEST,O=Thawte Certification,ST=FOR TESTING PURPOSES ONLY,C=ZA
    ssl_debug(9):   OU=Class 3 Public Primary Certification Authority,O=VeriSign, Inc.,C=US
    ssl_debug(9):   EMAIL=santiago.tolosa(a)eu.rhodia.com,CN=Rhodia Development CA,OU=ISF - WARTE,O=Rhodia,L=La Villette,ST=France,C=FR
    ssl_debug(9):   CN=Entrust.net Secure Server Certification Authority,OU=(c) 1999 Entrust.net Limited,OU=www.entrust.net/CPS incorp. by ref. (limits liab.),O=Entrust.net,C=US
    ssl_debug(9):   CN=DigiCert High Assurance CA-3,OU=www.digicert.com,O=DigiCert Inc,C=US
    ssl_debug(9):   CN=Groep H. Essers TEST (99805D6DA33FCC1700010002),O=Montova,C=BE
    ssl_debug(9):   serialNumber=07969287,CN=Go Daddy Secure Certification Authority,OU=http://certificates.godaddy.com/repository,O=GoDaddy.com, Inc.,L=Scottsdale,ST=Arizona,C=US
    ssl_debug(9):   CN=VeriSign Class 3 Secure Server 1024-bit CA - G2,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   serialNumber=10688435,CN=Starfield Secure Certification Authority,OU=http://certificates.starfieldtech.com/repository,O=Starfield Technologies, Inc.,L=Scottsdale,ST=Arizona,C=US
    ssl_debug(9):   CN=Conextrade,OU=Swisscom IT,O=Swisscom AG,L=Zurich,ST=Zurich,C=CH,EMAIL=ccc.eTrade(a)swisscom.com
    ssl_debug(9):   CN=b2bproto.basf-corp.com,OU=Corporate IS,O=BASF Corporation,L=Mount Olive,ST=New Jersey,C=US
    ssl_debug(9):   CN=GlobalSign Domain Validation CA - G2,O=GlobalSign nv-sa,C=BE
    ssl_debug(9):   CN=Swisscom Root CA 1,OU=Digital Certificate Services,O=Swisscom,C=ch
    ssl_debug(9):   CN=GeoTrust DV SSL CA,OU=Domain Validated SSL,O=GeoTrust Inc.,C=US
    ssl_debug(9):   EMAIL=!sysadmin(a)elemica.com,CN=www.elemica.com,OU=Connected Solutions,O=Elemica, Inc,L=Wayne,ST=Pennsylvania,C=US
    ssl_debug(9):   CN=GeoTrust SSL CA,O=GeoTrust, Inc.,C=US
    ssl_debug(9):   CN=RapidSSL CA,O=GeoTrust, Inc.,C=US
    ssl_debug(9):   CN=Entrust Certification Authority - L1E,OU=(c) 2009 Entrust, Inc.,OU=www.entrust.net/rpa is incorporated by reference,O=Entrust, Inc.,C=US
    ssl_debug(9):   CN=EAS,O=COMPUDATA EDI Dienstleister,C=CH,EMAIL=helpdesk.dl(a)compudata.ch
    ssl_debug(9):   CN=GlobalSign Domain Validation CA,O=GlobalSign nv-sa,OU=Domain Validation CA,C=BE
    ssl_debug(9):   CN=GlobalSign Primary Secure Server CA,OU=Primary Secure Server CA,O=GlobalSign nv-sa,C=BE
    ssl_debug(9):   CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
    ssl_debug(9):   CN=Entrust Root Certification Authority,OU=(c) 2006 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,O=Entrust, Inc.,C=US
    ssl_debug(9):   CN=Thawte SSL CA,O=Thawte, Inc.,C=US
    ssl_debug(9):   CN=Entrust Certification Authority - L1C,OU=(c) 2009 Entrust, Inc.,OU=www.entrust.net/rpa is incorporated by reference,O=Entrust, Inc.,C=US
    ssl_debug(9):   CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
    ssl_debug(9):   EMAIL=vladimir.polak(a)esa.ch,CN=Vladimir Polak,O=Einkaufsorganisation des Schweizerischen Auto- und Motorfahrzeuggewerbes,C=CH
    ssl_debug(9):   CN=IT Directions and Strategies,OU=ITDS EDI,ST=WI,C=US,L=Hartland,EMAIL=aklumpp(a)itdsllc.com,O=ITDS EDI
    ssl_debug(9):   CN=Entrust Certification Authority - L1B,OU=(c) 2008 Entrust, Inc.,OU=www.entrust.net/CPS is incorporated by reference,OU=CPS CONTAINS IMPORTANT LIMITATIONS OF WARRANTIES AND LIABILITY,OU=AND ADDITIONAL TERMS GOVERNING USE AND RELIANCE,O=Entrust, Inc.,C=US
    ssl_debug(9):   CN=GlobalSign Organization Validation CA - G2,O=GlobalSign nv-sa,C=BE
    ssl_debug(9):   CN=VeriSign Class 1 Individual Subscriber CA - G3,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)09,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   CN=VeriSign Class 1 Individual Subscriber CA - G2,OU=Persona Not Validated,OU=Terms of use at https://www.verisign.com/rpa (c)05,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   CN=TeleSec ServerPass CA 1,OU=Trust Center Services,O=T-Systems International GmbH,C=DE
    ssl_debug(9):   CN=TC TrustCenter Class 3 L1 CA V,OU=TC TrustCenter Class 3 L1 CA,O=TC TrustCenter GmbH,C=DE
    ssl_debug(9):   C=NL,ST=Zuid-Holland,L=Spijkenisse,O=De Rijke Transport,OU=ICT,CN=smtphost.derijke.com
    ssl_debug(9):   CN=VeriSign Class 3 Secure Server CA - G3,OU=Terms of use at https://www.verisign.com/rpa (c)10,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9):   CN=Comodo Class 3 Security Services CA,OU=(c)2002 Comodo Limited,OU=Terms and Conditions of use: http://www.comodo.net/repository,OU=Comodo Trust Network,O=Comodo Limited,C=GB
    ssl_debug(9):   CN=UTN-USERFirst-Hardware,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US
    ssl_debug(9):   OU=Starfield Class 2 Certification Authority,O=Starfield Technologies, Inc.,C=US
    ssl_debug(9):   EMAIL=ftp(a)csx.com,C=US,O=CSX Corporation Inc,CN=CSX_CORPORATION_AS2_02062009
    ssl_debug(9):   CN=EssentialSSL CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB
    ssl_debug(9):   CN=Network Solutions Certificate Authority,O=Network Solutions L.L.C.,C=US
    ssl_debug(9):   CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=(c) 2006 VeriSign, Inc. - For authorized use only,OU=VeriSign Trust Network,O=VeriSign, Inc.,C=US
    ssl_debug(9): Received server_hello_done handshake message.
    ssl_debug(9): No client certificate available, sending empty certificate message...
    ssl_debug(9): Sending client_key_exchange handshake...
    ssl_debug(9): Sending change_cipher_spec message...
    ssl_debug(9): Sending finished message...
    ssl_debug(9): Received alert message: Alert Fatal: bad certificate
    ssl_debug(9): SSLException while handshaking: Peer sent alert: Alert Fatal: bad certificate
    ssl_debug(9): Shutting down SSL layer...
    Severity : Error
    Category : /Applications/ExchangeInfrastructure/AdapterFramework/SAPLibraries/SAPXDK
    Location : com.sap.aii.messaging.net.HTTPClientConnection.call(Object)
    Application : sap.com/com.sap.xi.rwb
    Thread : SAPEngine_Application_Thread[impl:3]_0
    Datasource : 7662250:E:\usr\sap\T37\DVEBMGS00\j2ee\cluster\server0\log\defaultTrace.trc
    Message ID : 00505688007A006A0000005100001B8C0004B1CF78E9602A
    Source Name : com.sap.aii.messaging.net.HTTPClientConnection
    Argument Objs :
    Arguments :
    Dsr Component :
    Dsr Transaction : cc6d1cee0fec11e1c90200000074eaaa
    Dsr User :
    Indent : 0
    Level : 0
    Message Code :
    Message Type : 0
    Relatives : /Applications/ExchangeInfrastructure/AdapterFramework/SAPLibraries/SAPXDK
    Resource Bundlename :
    Session : 365
    Source : com.sap.aii.messaging.net.HTTPClientConnection
    ThreadObject : SAPEngine_Application_Thread[impl:3]_0
    Transaction :
    User : CPWONG
    Dsr Root Context ID :
    Dsr Connection :
    Dsr Counter : -1

    Hi ,
    Is the above problem solved , can you share the solution.
    Thanks

  • Create a certificate for non domain-joined PCs

    We have a standard AD domain wit a CA and SharePoint/Exchange servers, hosted internally and externally with TMG 2010 as our firewall. For the external hosting, we have an external certificate from one of the main certificate providers. Internally, our domain-joined
    PCs look to the CA to get their trusted certificate from.
    This is the issue I am encountering:
    Our external users (the ones whose PC is not joined to our domain) are fine when they access our SharePoint and Exchange services externally.
    However, when they are connected via VPN, they receive a certificate error and when I look in Certificate > Certification path, I can see that it says:
    "DOMAIN NAME" Issuing CA1 > "NAME OF SHAREPOINT WEBSITE".
    When such a PC connects to the same website when NOT connected via VPN to the domain, they receive:
    "DOMAIN NAME" Root CA > "DOMAIN NAME" Issuing CA1 > "NAME OF SHAREPOINT WEBSITE".
    How can I create a certificate for these non-domain joined PCs so that I can import the certificate in the Trusted Root Certification Authorities store? Thank you!

    It sounds like the question you are really asking is :
    How do I designate the internal root CA as a trusted root CA
    Run certutil -addstore root RootCert.crt (this must be run from an administrative command prompt)
    This designates the root CA as a trusted root on the client. You also may want to install the intermediate cert to the store (you are not clear on what VPN product you are using, so it may or may not do proper chain building).
    Run Certutil -addstore CA IssuingCA.crt 
    Brian

  • Windows Server 2012 Group Policy Block USB Storage devices @ User Level Not getting applied on a Domain Client machine with Windows Server 2008 R2. Why?

    Hello,
    I have a Windows Server 2012 R2.
    I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
    on it (this machine is also a domain client in the same domain).
    I will really be thankful if anyone can suggest some solution to this issue.
    Please feel free to write back in-case I have missed anything obvious to be shared.
    Thanks!
    -Vinay Pugalia
    If a post answers your question, please click "Mark As Answer" on that post or
    "Vote as Helpful".
    Web : Inkey Solutions
    Blog : My Blog
    Email : Vinay Pugalia

    Hi,
    Any update?
    Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
    Best Regards,
    Andy Qi
    TechNet
    Subscriber Support
    If you are TechNet
    Subscription user and have any feedback on our support quality, please send your feedbackhere.
    Andy Qi
    TechNet Community Support

  • WSUS throwing 13002, "Client computers are installing updates with a higher than 25 percent failure rate. This is not normal."

    Hello,
    Within the past two months our WSUS Server started throwing error 13002, "Client computers are installing updates with a higher than 25 percent failure rate.  This is not normal."  We currently have 252 computers with errors in WSUS,
    and 33 updates with errors.  We have never had issues up until two months ago.  If you keep rebooting the machine, and keep running updates, they eventually all install.  I believe I will see the machines with errors go away as the weekly scheduled
    WSUS install runs over and over, and the machines reboot.
    - We run IE8 in our environment and sometimes IE9.
    - We have 300 clients, all running Windows 7 SP1 x64.
    - Our WSUS server is running on Server 2008 R2.  The WSUS build number is 3.2.7600.262.
    - We created an alternate WSUS 4.0 server on Server 2012, and redownloaded all updates.  We put one client on it and it is showing errors on 3 updates, KB890830, KB931125, and KB2917500.
    - Clients are throwing errors 800F0902, 80242016, and 80070005.
    - I've noticed something with the C:\Windows\SoftwareDistribution\Download folder on the clients.  When an update runs and fails, there is a "Install" folder created inside this folder.  If you try to open it after the failure you get
    "Access Denied"  If you reboot the machine, the install folder goes away.  (I assume this is a temp folder created to run updates).  I've checked the permissions on this folder on various machines and all seems normal.  I think
    this is the root of the problem, and why we need to keep rebooting to get all of the updates to run.  
    - I tried deleting the Software Distribution folder on a client after stopping the update service, then restarting the update service.  The folder redownloads but the client still throws errors.
    - I've gone through our Group Policies looking for anything that can cause this and found nothing.  We've created a test OU blocking inheritance, and only applying a WSUS policy in it to make it get the updates internally.  I then rebuilt multiple
    machines using Dell KACE, and still had failures.
    - We run SEP 11 and 12 on our clients.  I've tried removing the AV, making sure the firewall was off, etc.  It still throws errors.
    - I've spoken with our network team, and installed wireshark on a few clients looking for network errors and found nothing.
    - I've tried various Dell KACE scripted installs on test machines (erasing and rebuilding the machines from scratch), after which I run Windows Updates from WSUS.  They have thrown errors.
    - I've rebuilt a machine using Dell KACE, undomained it, then ran updates externally from WSUS going to Microsoft's site, and I'm still getting errors.
    - I've tried removing all software from the Dell KACE build to where it is just installing the OS and I'm still getting errors.
    - I tried taking a plain Windows 7 x64 DVD and installing that on a test machine, then without domaining it and without installing any other software, running updates from Microsofts update site.  This seems to work, althrough it does throw some errors
    but I believe those are related to having to reboot your machine in order to complete the updates (I can't remember that error code at the moment).
    Has anyone else been experiencing this?  Any suggestions as to how I can fix this?

    Hi,
    Error 800f0902
    Please try the method in this thread:
    Error
    Code: 800f0902
    Error 80242016
    If you receive Windows Update error 80242016 while checking for updates, it might be caused by a connection interruption between your computer and the Windows Update servers.
    80070005
    Usually means access denied
    Since it worked perfectly for a while, did you make any change on the server? Any applications new installed on clients?

Maybe you are looking for