Domain User priveleges for ICM
Hi ,
I have an UCCE8.5 setup with Progerr A and B and AW /hds seperate. Can any one tell me what shoul be the prviledge to be set for the User in AD as every time when i restart my logger and AW services there pops up an error. Unable to start due to logon failure.
I want to know the previledge that to be set in the AD for the User .
Thanks,
Rahul
Hi Rahul,
There is a tool named Service Accounts Manager that willl be available in the Administration Tools Folder of your Distributor AW. Try running the tool and recreate the service accounts for Logger & Distributor. The tool should be able to create the Service Accounts with necessary previleges.
Hope this helps !
Thanks & Regards,
Anand
Similar Messages
-
Hi,
I have installed ICM under corporate Domain. We have created a separate user ID in domain for ICM installaton . When I open ICM DBA it says "cannot find the server list". When I to try to manually map the server (ICM DB sysnchronization) it says "you dont have the permission to map the network resource.Please let us know the rights to be given to the domain ID.
Regards
KrishnaThe initial setup for ICM should be done with an ID which has admin rights over the domain. Once it's setup you can have normal accounts with local admin rights.
david -
I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
1st Error (from administrative events):
The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception. More information is included below.
Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
Tried so far:-
- changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
2nd Error (from application server):
DistributedCOM error
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{000C101C-0000-0000-C000-000000000046}
and APPID
{000C101C-0000-0000-C000-000000000046}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
Other Fixes I tried
- Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
loading up using w3wp.exe from processes.
Concern
- by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?Hi Kpdn,
Thanks for your post.
All your participation and support are very important to build such harmonious/ pleasant / learning environment for MSDN community.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
Cross Domain User Access for Sharepoint 2013 site collection
Hi All,
We have three Domains , one is for client machines and AD user access purpose and second one is production environment (only some of developers has access to this domain) and third one is SharePoint environment (Because External users needs to
access my SharePoint sites) .
now we need to access SharePoint site collections from my another two domain user accounts with out creating user account from SharePoint domain , how to enable this access?
please advise.
Thanks in Advance,
Mani LHi Mani,
You're asking this question in the wrong forum, this forum is meant for suggestions and feedback on the forums themselves, not product support.
I recommend reposting your question in the SharePoint forums here (or you can request that a moderator move this thread for you):
http://social.technet.microsoft.com/Forums/en-us/home?category=sharepoint&filter=alltypes&sort=lastpostdesc
Good luck.
Don't retire TechNet! -
(Don't give up yet - 12,950+ strong and growing) -
Domain users creation for BizTalk server 2013 installation
Hi all,
I am setting up biztalk 2013 environment clustered BizTalk server and single sql server. I would like to know the list of domain users and domain groups to be created and which groups these users to be a member of. I am also installing and would be using
Sharepoint to develop BizTalk interfaces.
Thanks
Please Help
VikramHi Vikram ,
You need to create below Windows group on your AD before you start your BizTalk Configuration .
1)SSO Administrators:Administrator of the Enterprise Single Sign-On (SSO) service.
2)SSO Affiliate Administrators :Administrators of certain SSO affiliate applications.Can create/delete SSO affiliate applications, administer user mappings, and set credentials for affiliate application users.
3)BizTalk Server Administrators:Has the least privileges necessary to perform administrative tasks Can deploy solutions, manage applications, and resolve message processing issues.
To perform administrative tasks for adapters, receive and send handlers, and receive locations, the BizTalk Server Administrators must be added to the Single Sign-On Affiliate Administrators.
4)BizTalk Server Operators:Has a low privilege role with access only to monitoring and troubleshooting actions
5) BizTalk Application Users:The default name of the first In-Process BizTalk Host Group created by Configuration Manager.Use one BizTalk Host Group for each In-Process host in your environment.Includes accounts with access to In-Process
BizTalk Hosts (hosts processes in BizTalk Server, BTSNTSvc.exe).
6)BizTalk Isolated Host Users :The default name of the first Isolated BizTalk Host Group created by Configuration Manager. Isolated BizTalk hosts not running on BizTalk Server, such as HTTP and SOAP.Use one BizTalk Isolated Host Group for
each Isolated Host in your environment.
7)BAM Portal Users :Has access to BAM Portal Web site.
8)BizTalk SharePoint Adapter Enabled Hosts :Has access to Windows SharePoint Services Adapter Web Service
9)BizTalk B2B Operators Group : A new BizTalk role that reduces the onus on the Administrators to perform all Party management operation. This role allows windows users associated with the role to perform all party management operations.
Now coming to domain User , you can have single -multiple setting were you can run SSO ,InProcess and Isolated on different domain user . You can also run all the configuration settings on single user as well .
Thanks
Abhishek -
Domain user authentication for 3650 Wireless Access point
Dear All,
I have got new proposal inorder to configure the wireless access points by managing with the 3650 wireless controller.
We wanted to block the Wifi Access to mobile users.
Only domain users need to be authenticate to the corporate wireless access.
We have 3650 switch as a wireless controller and ISE in place. Kindly guide me the achieve the same. Attached the setup diagram.
If possible share the sample configuration and it would be helpful.Please refer
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115734-ise-policies-ssid-00.html -
"Unable to check revocation" error while checking CDP from non-domain user account
Hi!
I use 3-tier PKI infrastructure:
Stand-alone offline Root CA: RootCA;
Stand-alone offline Intermediate subordinate CA: SubCA;
Enterprise CA: EntSubCA.
In certificate we have three CDP point for CRL check:
ldap:///, http:// and file://
I have Windows 2008 R2 server joined to domain.
I use command certutil –verify –urlfetch <filename.cer> >check.txt for revocation checking of certificate.
When I use domain user account for revocation checking, all OK.
I have access to any CDP and all fine.
But when i use local server user account, I haven't access to ldap:/// and process failed although all other links is OK.
My question is "why check fail with non-domain user accout while other CDP point succesfully verifed"?
Here is the logfile from local user:
Issuer:
CN=EntSubCA
DC=DED
DC=ROOT
Subject:
CN=servername.domain_name
Cert Serial Number: 5a896145000300006ee2
dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
ChainContext.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
Issuer: CN=EntSubCA, DC=DED, DC=ROOT
NotBefore: 05.02.2015 20:03
NotAfter: 05.02.2016 20:03
Subject: CN=servername.domain_name
Serial: 5a896145000300006ee2
SubjectAltName: DNS Name=servername.domain_name
Template: Machine
70 e4 6b 16 05 a1 62 e3 6d 24 96 ff 44 74 ee a2 3e ce df 18
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
---------------- Certificate AIA ----------------
Failed "AIA" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?cACertificate?base?objectClass=certificationAuthority
Verified "Certificate (0)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crt
Verified "Certificate (0)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crt
---------------- Certificate CDP ----------------
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?certificateRevocationList?base?objectClass=cRLDistributionPoint
Verified "Base CRL (018d)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[1.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[1.0.2] http://webserver/crl/EntSubCA.crl
Verified "Base CRL (018d)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[2.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[2.0.2] http://webserver/crl/EntSubCA.crl
---------------- Base CRL CDP ----------------
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
OK "Base CRL (018d)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[1.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[1.0.2] http://webserver/crl/EntSubCA.crl
OK "Base CRL (018d)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[2.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[2.0.2] http://webserver/crl/EntSubCA.crl
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 018d:
Issuer: CN=EntSubCA, DC=DED, DC=ROOT
33 af 4d be 0e 35 45 94 bc 8b 3f d9 c1 60 e7 0c c4 83 17 b6
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=SubCA
NotBefore: 13.11.2014 19:12
NotAfter: 13.11.2017 19:22
Subject: CN=EntSubCA, DC=DED, DC=ROOT
Serial: 6109015b000100000008
Template: SubCA
9b 04 17 9f c5 fe 52 ca a5 58 49 6c c6 18 fa db 13 b3 92 9e
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Failed "AIA" Time: 0
Error retrieving URL: The network path was not found. 0x80070035 (WIN32: 53)
file://\\sub_ca\CertEnroll\sub_ca_SubCA(1).crt
Verified "Certificate (0)" Time: 0
[1.0] file://\\ca\crl\SubCA.crt
Verified "Certificate (0)" Time: 4
[2.0] http://webserver/crl/SubCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (32)" Time: 0
[0.0] file://\\ca\crl\SubCA.crl
Verified "Base CRL (32)" Time: 4
[1.0] http://webserver/crl/SubCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 32:
Issuer: CN=SubCA
8d a9 9d 51 65 a3 8e 77 02 22 40 57 62 70 e8 f6 c5 2e 60 1e
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=RootCA
NotBefore: 28.05.2008 12:09
NotAfter: 28.05.2058 12:19
Subject: CN=SubCA
Serial: 616bd19f000100000004
Template: SubCA
06 d2 47 e7 dc 8f a7 97 a2 b8 c3 92 03 19 24 0c 47 45 22 14
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 0
[0.0] file://\\ca\crl\RootCA.crt
Verified "Certificate (0)" Time: 4
[1.0] http://webserver/crl/RootCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (1c)" Time: 4
[0.0] http://webserver/crl/RootCA.crl
Verified "Base CRL (1c)" Time: 0
[1.0] file://\\ca\crl\RootCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 1c:
Issuer: CN=RootCA
dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=RootCA
NotBefore: 27.05.2008 16:10
NotAfter: 27.05.2110 16:20
Subject: CN=RootCA
Serial: 258de6fbd3bbab92460530e9e9f10536
5d e4 56 38 13 0a 52 aa 66 51 25 61 19 33 c9 d7 a2 c7 dd 38
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 0
[0.0] file://\\ca\crl\RootCA.crt
Verified "Certificate (0)" Time: 4
[1.0] http://webserver/crl/RootCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (1c)" Time: 0
[0.0] file://\\ca\crl\RootCA.crl
Verified "Base CRL (1c)" Time: 4
[1.0] http://webserver/crl/RootCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 1c:
Issuer: CN=RootCA
dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
Issuance[0] = 1.2.700.113556.1.4.7000.233.28688.7.167403.1102261.1593578.2302197.1
Exclude leaf cert:
5b 8d 96 39 f8 a3 6f af f3 89 bc 8d 78 e2 da 53 21 b8 ff aa
Full chain:
ca 99 30 47 9b ad ab ce 97 cc 70 80 a5 4e 11 b3 1a 83 98 78
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
1.3.6.1.5.5.7.3.1 Server Authentication
ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
CertUtil: -verify command completed successfully.What you have discovered is the reason to *not* use LDAP URLs for CDP and AIA extensions in your PKI. To access those URLs, the account must access to the URLs. In your output, it is quite clear that the local account does not have necessary permissions
(you also use FILE URLs for publication, which again is not recommended).
The best practice is to use a single URL for the CDP extension. It should be an HTTP URL that is hosted on a highly available (internally and externally accessible) Web cluster.
For the AIA extension, it should contain two URLs: one for the CA certificate - again to an internally and externally accessible, highly available Web cluster and one for the OCSP service - also
an internally and externally accessible, highly available Web cluster.
the other issue is that the root CA is *not* trusted when run by a non-domain account. How are you adding the trusted root CA. It is recommended to do this by running
certutil -dspublish -f RootCA.crt.
This will ensure that the computer account trusts the root CA. In your output, the root CA certificate is not trusted.
Brian -
"Domain Users" group in Active Directory does not belong to any Group Membership in LC
Active Directory user belonging to "Domain Users" group does not belong to any Group Membership in LC, why does it not belong to "Domain Users" group?
Any way to correct this issue, without changing group membership on AD side?
If Active Directory user is member of "Domain Admins" or "Users" then these show same group membership in LC.
Thanks.If you want to use the Domain Users group for the purpose of representing all the users then you can use the "All principals in domain xxx" group which is created by UM.
Coming back to Domain Users group. For determining group membership in AD UM uses "member" attribute of the group object. "Domain Users" group is treated differently by AD. It is the default primary group for all the users and normally members of the primary group are not specified using the member attribute.So when we sync the data from AD "Domain Users" membership does not get completed. -
An user as part of the domain users tries to open an office file from a document library but he got an authentication prompt asking him to authenticate. Domain users has only access to this library and not to the whole site. This uses to work in SharePoint
2007 without any problem but not in SharePoint 2013, we didn't have a workflow on SP2007.
Domain users has read access to only this document library in the site, but he shouldn't get an authentication prompt since he is part of the domain users and he is not trying to modify the document, he can open the document but gets two prompts, he can't
also see the list using explorer view since nothings appears using the explorer view.
Now, when opening the file, we can see..Updating Workflow Status, but we don't have any workflow working on this site or library, event any feature related to workflow.
If we go to the event viewer in the server, we find this information,
I also checked this thread but I couldn't find this scenario.
https://social.technet.microsoft.com/Forums/sharepoint/en-US/91bc770b-bb70-4885-a4ad-a243edb88753/event-id-8026-workflow-soap-getworkflowdataforitem-failed-doc-library-no-workflow?forum=sharepointgeneralprevious
I also created another list with the same permissions and using other office files but got the same behavior.
Now, we have migrated this site from SP2007 to SP2013.
Any ideas?OK, I am going to throw out a lot of ideas here so hopefully they get you closer to a diagnosis. Hang on :)
Does it happen to work for some users but not others? If so, try logging in on the "good" computer with the "bad" username. This will tell you if the problem is related to the end-user's system. Also, once the user downloads a document
successfully can they open and work on it in Word? Also, does the document library have any custom content types associated with it or does it just use 'Document'?
I notice that there are other folks on the web that have run into this same problem and the similarity seems to be that they are either on SharePoint 2007 or have upgraded from 2007. Did this doc library start out as a 2007 library?
What you might want to do is this: Make a site collection from scratch in 2013 (or find one that you know was created in 2013). Choose team site (or whatever you want) for the root web and set up the security the same way you have it on the malfunctioning
library. Now, use windows explorer to copy and paste some of the documents to the new location. Be sure you recreate any needed content types. Now test it from the troubled user's computer.
I'm thinking there may be something that is different about the library since it was migrated through various versions and updates since 2007. I've sometimes found that there can be problems (especially with user profiles but that's a different story) with
things that go through this evolution. -
I have recently purchase a new PC which has Windows 8.1, and Outlook 2013, connected to an exchange 2010 SP3 RU4 server.
In the People pane, the for External clients, then this box populates correctly, but for internal domain users, it shows "There are no items to show in this view"
On my OLD PC using XP, and Outlook 2010, connected to the SAME account, then people pane shows correctly for all users.
Any help appreciated
regards
ChrisHi Chris,
I have checked in my Windows 8 and Outlook 2013 with Exchange 2010 SP3 RU4 environment. There are three folders listed under My Contact in my People pane:
Contacts: The contacts which we added and saved
manually before.
Lync Contacts: The contacts we added in Lync.
Suggested contacts folder: Automatically
keeps track of everyone you send a message to, but isn’t in your Outlook contacts. Please note that it is different from Auto-Complete List.
Therefore, I suppose that the meaning of “but for internal domain users, it shows ‘There are no items to show in this view’ ” is that there is no contacts in the
Contacts folder. Is it right? If I misunderstand, please point it out. And we need to add and save users manually in this folder.
Thanks,
Winnie Liang
TechNet Community Support -
Hi,
I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines.
First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
Here are my exact steps of what I did to reproduce our problem:
Complete format of HDD in preperation for a clean install
Clean install performed
Set up the machine initially with a local account
Test metro apps - all working fine
Open control panel from the desktop, click on System, change the system to join the domain, click reboot
Log into the system using my domain account
Test metro apps - all working fine
Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
I click add and then add my domain account - also giving it administrator access
Sign off or reboot to ensure the new security is applied
Sign back in to the domain account
Test metro - ALL BROKEN
Sign out
Sign in as local account
Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
could fathom was a full re install and not giving the domain user admin access to the local machine.
Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
ThanksHi Juke,
Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
in event viewer.
Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
Under "Applications And Services Logs" --> "Microsoft" --> "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
Windows.Launch contract failed with error: The app didn't start."
If you require any further information just let me know and I will provide as much as I can.
Thanks -
I've seen multiple blogs and forums with similar problems and SQL 2012 or 2008. But no solutions that work for me.
I have installed SQL Server in mixed mode (SQL and Windows authentication). I can create new Login accounts in either mode. However, I cannot get an AD security group Login account to work. I am trying to add group 'DOMAIN\Domain Admins' or 'SERVER\Administrators'
as a Login so that any of the domain's administrator accounts can open SQL Server Management Studio and act as an 'sa' account on this server.
I have deleted the SQL account 'DOMAIN\Domain Admins'.
I have restarted SQL.
I have restarted the Win2K8r2 server.
I have launched SSMS as Administrator from the desktop of SERVER.
I have launched SSMS as another user (and used 'DOMAIN\user' to lauch it) from the desktop of SERVER.
I can create a login account named 'DOMAIN\user' (who happens to be a member of the 'DOMAIN\Domain Admins' group) and give this account 'sa' security, and when I do that, this account works as expected...
How do I add a security group as a Login account and give all members of that group the ability to be an 'sa' account?Hi geoperkins,
Are you getting the following error message?
Error: 18456, Severity: 14, State: 11
Login failed for user <Domain\user>. Reason: Token-based server access validation failed with an infrastructure error.
If that is the case, the issue could be due to that the Windows login has no profile or that permissions could not be checked due to UAC. Please disable UAC firstly and check if it is successful to log in SQL Server.
Another reason could be that the domain controller could not be reached. You may need to resort to re-creating the login. Create a new group in AD, add users to the new group, then add the group to the local admin group and create login for the group in SQL
Server.
There is a connect item describing similar issue for your reference.
https://connect.microsoft.com/SQLServer/feedback/details/680705/cant-login-to-sql-using-windows-authentication-when-user-is-in-a-domain-security-group
For more details about above error, please review the following blog.
http://sqlblogcasts.com/blogs/simons/archive/2011/02/01/solution-login-failed-for-user-x-reason-token-based-server-access-validation-failed-and-error-18456.aspx
Thanks,
Lydia Zhang
Lydia Zhang
TechNet Community Support -
SQLServer Reporting Services 2005 Prompts for Credentials for a trusted domain user
Currently the report is running in the domain AAA. Users in the domain AAA are using the report.
Another new domain BBB and an user XXX is now created and BBB\XXX has been given Browser access. Domain AAA and BBB are trusted domains.
After this when the user BBB\XXX logs in and access the report, before loading the report, credentials dialog is prompted, once credentials of BBB\XXX is entered, the report is loaded.
Why the report prompts for this additional credential dialog for the trusted domain user?Hello,
Did you have get two textboxes in the report parameter panel (in the left side of the "View Report" button)? The issue is occurred when the credential of the datasource is configured with “Prompt for credentials”. Please check if you configured the credential
with "Stored Credential" of the datasource.
Please refer to the following thread to configure the credential.
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/1564cd7a-6b7a-40f1-9f98-5c766ebfc63e/datasource-userid-and-password-being-asked-eachtime-when-report-is-generated?forum=sqlreportingservices
Regards,
Alisa Tang
Alisa Tang
TechNet Community Support -
Reporting Services - Content Manager shows all reports for all domain users even without permissions
I have installed
reporting services 2008 in: Site
Settings option / Security only 3 users
have added:
BUILTIN \ Administrators
System Manager
MYDOMAIN \ user1
System Manager, System User
MYDOMAIN \ user2
System Manager, System User
I have the same settings in the "start
up" folder and inside the folder
where are my reports, however if I authenticate
any user with different domain
to user1 and user2 can see all content
of the report manager can even
manage it.
Help me, greetings
Jennyhowever if I
authenticate any user with
different domain to user1 and user2 can see
all content of the report manager can
even manage it.
Hello,
Did you means that other domain user account (Other-Domain\user3) can access reports on the Report Manager without grant any permission? As per my understanding, it is not possible. SQL Server Reporting Services uses Windows Authentication
defaultly to determine who can perform operations and access items on a report server.
Based on your description, you grant the local Administrators group and two domain users with system-level role: System Administrator. System-level role assignments grant access to global tasks and permissions that apply to a report
server site, That's may cause the user can access and manage all contents on the Report Manager.
If you want to set permissions for accessing conntents on Report Manager, you can just specify itme-level role assignments.For example, if you grant user with Browser role on a report, the user can view report and report properties, but cannot edit
report properties.
Reference:
Lesson 1: Setting System-Level Permissions on a Report Server
Lesson 2: Setting Item-Level Permissions on a Report Server
Regards,
Fanny Liu
Fanny Liu
TechNet Community Support -
Slow start first time for domain user
When a domain user (Active Directory, Win2003) starts StarOffice 8 first time, it takes very often about 10 minutes until the program is started with a 10MB-network. Next time it takes only about 15-45 seconds on the same computer. I have noticed that is very high network traffic when the user starts the program first time from the server where the user folder "Application data" is saved. But the StarOffice8 folder in "Application data" has only the size of 2.8 MB (38 folders and 87 files).
Can I speed up the first start of StarOffice 8 for new users?
Is "copy files from another users Application data/StarOffice8" a solution?Spotlight indexing may take a while and slowdown the Mac.
You can return a new Mac within 14 days of purchase.
A new Mac comes with 90 days of free tech support from AppleCare.
AppleCare: 1-800-275-2273
Call AppleCare.
Best.
Maybe you are looking for
-
SQL Developer 2.1 removes the stored password in SVN Application Data
Hello everybody SQL Developer is a great Tool and I use it together with the SVN Versioning System. I also use TortoiseSVN on my Windows XP Operating System, that's why I found out that either the SQL Developer or its SVN Extension has a bug. I have
-
Labeling points on XY graph with numbers. Trying to use cursor names.
I have found some example vis in the NI Developers Zone that label the points using Cursor Name attribute. I have some success, but results are not consistent. I need up to 100 labels...is there a limit to the number of cursors? Is there a way to ini
-
Dear All, I have been given a project named Prepaid Expenses. In this I have been told to look for the Debit Line Items fom the table BSIS with some validations & restrictions. Then to divide that Debit amount by the number of months it has been paid
-
Understanding Java superclass hierarchy through System objects and methods
I wanted to see if I can manipulate datastreams manually rather than relying on classes. I knew that System.in was an InputStream object so it must use the said methods such as System.in.read() I made a program for it. It gave me an IOException. When
-
hi , i have a scenario sales order header has a billing block , sales orders has been completely delivered, shippingcost document has been created but not invoiced. customer has a sales area block in the customer master. Question: if i want to bil