Domains and Trust

So I got in this morning to start working with AD (prep for the move to Office365) tried to launch domains and trust and I receive the following error: "The configuration information describing this enterprise is not available. The target principal name is incorrect. I believe the secure connection is broken. At present, I cannot log on to the PDC emulator. I have 3 DC in total and its the PDC that's giving me problems. I believe this is stemming from a Kerberos error event id 5. Authentication against the PDC is still good however I cannot do anything with domains and trust.
I have read several posts about stopping KDC and resetting the password but I cannot gain access to the PDC. 
This topic first appeared in the Spiceworks Community

Also what's the operation system of the affected servers in those two domains?
And what's the error message?
Whatever, it seems like a cross domain sharing issue and admin share is involved.
Please first see if this is the cause:
Error message when you try to access an administrative share on a Windows Vista-based computer from another Windows Vista-based computer that is a member of a workgroup: "Logon unsuccessful: Windows is unable to log you on"
http://support.microsoft.com/kb/947232
Please check if local account is actually using when accessing the admin share. Try with different domain account to see the result. Make sure the account does have permission to access.
If you have any feedback on our support, please send to [email protected]

Similar Messages

  • Pros and cons in setting AD domain trust into my AD domain for more than 10+ AD domain and some with same FQDN or label ?

    Hi,
    Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different AD sites into my existing single domain forest let say ParentCompany.com ?
    At the moment I only have one single forest AD domain with the Domain and Forest functionality Windows Server 2003. The main domain controller FSMO role holder is in the Data Center spread across three different VMs running on Windows Server 2008 R2.
    The main/parent company has acquired smaller business chain of 15+ offices in which they have their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain).
    Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure previously.
    I'm now considering what are the benefits of creating the AD domain and trust versus importing those AD objects into my domain and then decommission them.
    No need to worry about Exchange Server since all of the user in those sites connecting to the RDS to my ParentCompany.com terminal servers.
    My requirements or goal are as follows:
    1. Simplify the AD domain structure & maintenance
    2. Try to avoid the disruptions of the user in terms of downtime and selecting multiple different domain everytime they login to their PC or SharePoint sites.
    any kind of help and suggestion would be greatly appreciated.
    Thanks.
    /* Server Support Specialist */

    Can someone please share what is the pros and Cons of trusting AD domain for more than 10 different
    AD sites into my existing single domain forest let say ParentCompany.com ?
    I think you mean 10 AD domains.
    Managing multiple domains can be difficult for administration. I usually recommend using a single domain in a single forest with OUs to separate resources whenever it is possible.
    However, if you can't do that then you can simply create trust relationships between your domains. The advantage is that you can enable access to resources to different domains. I do not see cons here.
    The main/parent company has acquired smaller business chain of 15+ offices in which they have
    their own Domain Controller and also their own domain, sometimes they also got the same AD domain between them (no trust or whatsoever in those 15+ AD domain). Sounds crazy but yes, there is no standardization in them or whoever manage their IT infrastructure
    previously.
    I'm now considering what are the benefits of creating the AD domain and trust versus importing those
    AD objects into my domain and then decommission them.
    I would recommend consolidating your domains into a single one. ADMT is a migration tool that you can use. The advantage would be the ease of administration. Also, by having multiple DCs for the same domain across sites, you will take benefit of High Availability
    of your and DRP.
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Getting Error The trust relationship between the primary domain and the trusted domain failed in SharePoint 2010

    Hi,
    SharePoint 2010 Backup has been taken from production and restored through Semantic Tool in one of the server.The wepapplication of which the backup was taken is working fine.
    But the problem is that the SharePoint is not working correctly.We cannot create any new webapplication ,cannot navigate to the ServiceApplications.aspx page it shows error.Even the Search and UserProfile Services of the existing Web Application is not working.Checking
    the SharePoint Logs I found out the below exception
    11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Database                     
     8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
    11/30/2011 12:14:53.78  WebAnalyticsService.exe (0x06D4)         0x2D24 SharePoint Foundation          Topology                     
     2myf Medium   Enabling the configuration filesystem and memory caches. 
    11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Database                     
     8u1d High     Flushing connection pool 'Data Source=urasvr139;Initial Catalog=SharePoint_Config;Integrated Security=True;Enlist=False;Connect Timeout=15' 
    11/30/2011 12:14:53.79  WebAnalyticsService.exe (0x06D4)         0x12AC SharePoint Foundation          Topology                     
     2myf Medium   Enabling the configuration filesystem and memory caches. 
    11/30/2011 12:14:55.54  mssearch.exe (0x0864)                    0x2B24 SharePoint Server Search       Propagation Manager          
     fo2s Medium   [3b3-c-0 An] aborting all propagation tasks and propagation-owned transactions after waiting 300 seconds (0 indexes)  [indexpropagator.cxx:1607]  d:\office\source\search\native\ytrip\tripoli\propagation\indexpropagator.cxx 
    11/30/2011 12:14:55.99  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
     75dz High     The SPPersistedObject with
    Name User Profile Service Application, Id 9577a6aa-33ec-498e-b198-56651b53bf27, Parent 13e1ef7d-40c2-4bcb-906c-a080866ca9bd failed to initialize with the following error: System.SystemException: The trust relationship between the primary domain and the trusted
    domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection
    sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()    
    at Microsoft.SharePoint.Administration.SPAcl`1.Add(String princip... 
    11/30/2011 12:14:55.99* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
     75dz High     ...alName, String displayName, Byte[] securityIdentifier, T grantRightsMask, T denyRightsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
    at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider
    persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state) 
    11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Topology                     
     8xqx High     Exception in RefreshCache. Exception message :The trust relationship between the primary domain and the trusted domain failed.   
    11/30/2011 12:14:56.00  OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
     2n2p Monitorable The following error occured while trying to initialize the timer: System.SystemException: The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection
    sourceSids, Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
    targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, Byte[] securityIdentifier, T grantRightsMask,
    T denyRightsMask)     at Microsoft.SharePoint.Administrati... 
    11/30/2011 12:14:56.00* OWSTIMER.EXE (0x1DF4)                    0x1994 SharePoint Foundation          Timer                        
     2n2p Monitorable ...on.SPAcl`1..ctor(String persistedAcl)     at Microsoft.SharePoint.Administration.SPServiceApplication.OnDeserialization()     at Microsoft.SharePoint.Administration.SPIisWebServiceApplication.OnDeserialization()    
    at Microsoft.SharePoint.Administration.SPPersistedObject.Initialize(ISPPersistedStoreProvider persistedStoreProvider, Guid id, Guid parentId, String name, SPObjectStatus status, Int64 version, XmlDocument state)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(Guid
    id, Guid parentId, Guid type, String name, SPObjectStatus status, Byte[] versionBuffer, String xml)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.GetObject(SqlDataReader dr)     at Microsoft.SharePoint.Administration.SPConfigurationDatabase.RefreshCache(Int64
    currentVe...
    Please guide me on the above issue ,this will be of great help
    Thanks.

    I have same error. Verified for trust , ports , cleaned up cache.. nothing has helped. 
    The problem is caused by User profile Synch Service:
    UserProfileProperty_WCFLogging :: ProfilePropertyService.GetProfileProperties Exception: System.SystemException:
    The trust relationship between the primary domain and the trusted domain failed.       at System.Security.Principal.SecurityIdentifier.TranslateToNTAccounts(IdentityReferenceCollection sourceSids,
    Boolean& someFailed)     at System.Security.Principal.SecurityIdentifier.Translate(IdentityReferenceCollection sourceSids, Type targetType, Boolean forceSuccess)     at System.Security.Principal.SecurityIdentifier.Translate(Type
    targetType)     at Microsoft.SharePoint.Administration.SPAce`1.get_PrincipalName()     at Microsoft.SharePoint.Administration.SPAcl`1.Add(String principalName, String displayName, SPIdentifierType identifierType, Byte[]
    identifier, T grantRightsMask, T denyRigh...        
    08/23/2014 13:00:20.96*        w3wp.exe (0x2204)                      
            0x293C        SharePoint Portal Server              User Profiles                
            eh0u        Unexpected        ...tsMask)     at Microsoft.SharePoint.Administration.SPAcl`1..ctor(String persistedAcl)    
    at Microsoft.Office.Server.Administration.UserProfileApplication.get_SerializedAdministratorAcl()     at Microsoft.Office.Server.Administration.UserProfileApplication.GetProperties()     at Microsoft.Office.Server.UserProfiles.ProfilePropertyService.GetProfileProperties()
    Please let me know if you any solution found for this?
    Regards,
    Kunal  

  • Moving SP2013 and SQL2008R2 to new domain - no trusts between domain

    Hello,
    I'm looking to move a customized installation of SharePoint 2013 (Microsoft server 2012 std VM) and it's db (SQL 2008 r2 VM) from one domain to another domain. There will be no trust between the domains and assume that no users or service accounts will be
    migrated. Has anyone performed a similar operation? If so, can you provide guidance as to the best way to tackle this situation. Currently we plan on exporting the SP2013 VM from the old domain, importing (re-creating) that VM in the new domain and importing
    the DB to an existing SQL server in the new domain. My concern is being able to log in to Central Admin afterwards because the domain accounts are no longer valid. Should we change all accounts to local admins first, detach the db and change those accounts
    as well? Or would a totally different approach make more sense? Any help would be appreciated..
    Thanks in advance, 
    Alex

    You need to build a new SharePoint farm, changing SharePoint server's domain membership isn't supported.
    What you'll do is build a new farm, create the Web Application(s), etc. and then restore SQL database backups from the old farm into the new farm.
    Trevor Seward
    Follow or contact me at...
    &nbsp&nbsp
    This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • WebLogic 8.1 JMS/MDB and Trusted Domain

              I have a JMS Topic living in one WebLogic 8.1 domain and a MDB that listens to
              this JMS Topic living in another domain. Do I need to configure trusted domain
              relationship for both domains?
              

              Not sure whether it is just me or not - the new security stuff in WebLogic 8.1
              just makes life so much tougher.
              Thanks for the suggestion anyways.
              Eric
              Tom Barnes <[email protected].bea.com>
              wrote:
              >Even though its meant for foreign providers, perhaps credential
              >mapping would work? See:
              >
              >http://edocs.bea.com/wls/docs81/ejb/message_beans.html#1151409
              >
              >Also, you might want to try posting to the
              >security and/or ejb newsgroups.
              >
              >Tom
              >
              >P.S. This question has come up before, so it seems likely
              >that the security section of the MDB documentation
              >may need more detail. If you post any feedback here,
              >I'll make sure it gets sent directly to the
              >documentation folks...
              >
              >Eric Ma wrote:
              >
              >> I have a JMS Topic living in one WebLogic 8.1 domain and a MDB that
              >listens to
              >> this JMS Topic living in another domain. Do I need to configure trusted
              >domain
              >> relationship for both domains?
              >
              

  • ISE using 2 domains with trust established

    Hi,
    I need to authenticate wireless network users from two different domains
    abc.company.com
    cde.company.com
    There is trust between domains and ISE joined abc.company.com and it can authenticate and authorize users without issues.
    Users from cde.company.com cannot be authenticated (I don't even get to authorization part).
    My identity source list has only External ID listed and when I see what is the reason of failure, message states that Authentication has failed (not authorization) because user cannot be found in any identity listed.
    Now, users from abc and cde companies are logging with their usernames only. Should they try to login with cde.company\username or something?
    Has anyone done this before?
    Thanks.

    I have trust. I can get the user information with cde\user and  [email protected], but authentication is still not working. So, I see  the user, but it is still not being authenticated by the policy.
    Here is log:
    11001  Received RADIUS Access-Request
    11017  RADIUS created a new session
    Evaluating Service Selection Policy
    15048  Queried PIP
    15048  Queried PIP
    15004  Matched rule
    11507  Extracted EAP-Response/Identity
    12300  Prepared EAP-Request proposing PEAP with challenge
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12302  Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
    12318  Successfully negotiated PEAP version 0
    12800  Extracted first TLS record; TLS handshake started
    12805  Extracted TLS ClientHello message
    12806  Prepared TLS ServerHello message
    12807  Prepared TLS Certificate message
    12810  Prepared TLS ServerDone message
    12305  Prepared EAP-Request with another PEAP challenge
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12304  Extracted EAP-Response containing PEAP challenge-response
    12318  Successfully negotiated PEAP version 0
    12812  Extracted TLS ClientKeyExchange message
    12804  Extracted TLS Finished message
    12801  Prepared TLS ChangeCipherSpec message
    12802  Prepared TLS Finished message
    12816  TLS handshake succeeded
    12509  EAP-TLS full handshake finished successfully
    12305  Prepared EAP-Request with another PEAP challenge
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12304  Extracted EAP-Response containing PEAP challenge-response
    12313  PEAP inner method started
    11521  Prepared EAP-Request/Identity for inner EAP method
    12305  Prepared EAP-Request with another PEAP challenge
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12304  Extracted EAP-Response containing PEAP challenge-response
    11522  Extracted EAP-Response/Identity for inner EAP method
    11806  Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
    12305  Prepared EAP-Request with another PEAP challenge
    11006  Returned RADIUS Access-Challenge
    11001  Received RADIUS Access-Request
    11018  RADIUS is re-using an existing session
    12304  Extracted EAP-Response containing PEAP challenge-response
    11808  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
    Evaluating Identity Policy
    15006  Matched Default Rule
    15013  Selected Identity Store - AD-Suffolk
    24430  Authenticating user against Active Directory
    24412  User not found in Active Directory
    22056  Subject not found in the applicable identity store(s)
    22058  The advanced option that is configured for an unknown user is used
    22062  The 'Drop' advanced option is configured in case of a failed authentication request
    12315  PEAP inner method finished with failure
    22028  Authentication failed and the advanced options are ignored

  • Replication with Domain and Sub domain in Active directory sites and services

    I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically because
    it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?

    I seen many AD enviroments and know that when you have mutiple DCs you use Active Directory Sites and services to replicate using the NTDS Settings. If you have a Domain and sub domain do you need to do this as well or does it sync up automatically
    because it's a sub domain? A see a couple of domains where the NTDS settings isn't being used to snyc with the child domain. Just wondering if that is normal or will it cause authentication errors?
    Two way transitive trusts are configured automatically when you create a child domain or tree root domain. You don't have to worry about site/subnet or replication part at least from trust perspective. But make sure site's names are unique in each domain.
    How Domain and Forest Trusts Work
    http://technet.microsoft.com/en-us/library/cc773178%28v=ws.10%29.aspx
    http://technet.microsoft.com/en-us/library/cc730868.aspx
    http://blogs.technet.com/b/askds/archive/2008/09/24/domain-locator-across-a-forest-trust.aspx
    Awinish Vishwakarma - MVP
    My Blog: awinish.wordpress.com
    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

  • RDS - .local domain and external users. Best way to get rid of SSL warnings

    I am evaluating MS RDS as a possible solution for a VDI implementation at the college I work for.  When we setup our AD years ago we set it up as a .local domain.  I am running into issues with the .local machine name on the connection broker for
    external users.  I know for internal domain systems we can setup the self signed .local cert as a trusted root cert to bypass the self signed untrusted warning  but for the bulk of our users which will be using systems external to our domain they
    will get the SSL warning about the self signed certificate when they try to connect to a remote app or a desktop.
    Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert.  After further reading I believe that this would only work for systems internal to our domain and we would still have the issue with external devices.
    The other option would be to tell our users to click the box to never display the warning message again and to go on or to add the self signed cert to their trusted list.  Of course when ever you ask the user to do something there will be issues.  We
    have also found that in our testing that we can not seem to connect via the web portal with a macbook.  We get an error that there is a problem with the trust relationship with the server after we login and click on an app or a desktop to connect.  We
    have been able to connect with iOS devices.  
    We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.  I think I might have some up with a solution and wanted to
    bounce the idea off of those on this forum.
    If we setup a second domain on campus that is not a .local.  Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between the two domains such that users and
    systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?

    Hi AKlein,
    Initially I thought if I setup a local AD CA that we could setup a trust relationship with the SSL cert.  After further reading I believe that this would only work for systems internal to our domain and we would
    still have the issue with external devices.
    Just add the root CA certificate of the internal CA into Trusted Root Certification Authorities store on external clients manually (or through group policy if there is an external domain), then SSL certificate warning would be gone.
    We could of course rename the .local domain to a .edu domain which would permit us to use our wildcard certificate but that is a major undertaking that we don't want to cross at the moment.
    Yes, renaming domain is not recommended due to its complexity.
    If we setup a second domain on campus that is not a .local.  Join the non internet facing RDS systems to this new domain that would have a SSL cert that was trusted and then setup a full trust relationship between
    the two domains such that users and systems in one domain could communicate with the systems in the other domain would that remove the certificate warnings for external users?
    If you are setting up a new domain with two way trust, then root CA certificate of the internal CA still needs to be distributed manually (or through group policy). If you are setting up a child domain, then enterprise CA would be trusted within the same
    forest.
    As long as there are enough external users and devices to manage, an external private network exists and extra domain management tasks are acceptable, then setting up a new domain is a good choice since domain provides secure boundary.
    Or, you could just create a new site from the other network location, which saves you from creating a new domain, new users and trust.
    Best Regards,
    Amy
    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected]

  • Migrate to new domain and new SCCM

    The migration scenario is this:
    All Clients are in Domain1 and are managed through SCCM 2012 with System Center Endpoint Protection 2012.
    Some of the clients need to join a new domain and be managed through a new SCCM 2012 R2 server with System Center Endpoint Protection 2012 R2.
    There are no trusts between the forests. Do we need to uninstall the SCCM 2012 Agent and SCEP 2012 and then install the new SCCM 2012 R2 Agent and SCEP 2012 R2?
    Or can we just uninstall SCCM 2012 Agent only and keep SCEP 2012 and later install.

    There are multiple ways to go about it.
    Assuming that the AD forest is properly extended and the new site's info is properly published, then you can simply run a script:
    http://msdn.microsoft.com/en-us/library/cc146558.aspx
    http://gallery.technet.microsoft.com/scriptcenter/Change-sccm-configmgr-cf6e0327/view/Discussions
    If the two assumptions above aren't correct, then the client has no way of getting the trusted root key gracefully for the new site and running ccmsetup  is the best way.
    The ccmsetup bootstrapper will download files as needed from the closest DP but (from memory) won't redownload files if they are already present in the ccmsetup folder.
    A client push is probably the easiest method to initiate ccmsetup because it can be managed from a central location -- just make sure you select the checkbox for always reinstall. Of course, as mentioned above, if someone has previously used the "group
    policy" to assign the site to your clients, you'll need to clean up that mess first otherwise the clients will always try to assign to the old site.
    Jason | http://blog.configmgrftw.com

  • Users, domain and services logon problem

    Hi all. I'm having several issues related to users in my farm (mostly service accounts, as it isn't in production yet). The farm is based on W2003 servers (except SQL which uses Windows 2008) 
    Domain is named sp.test.com , but when I create a web application that doesn't share the same domain name, the users are prompted to type for username and password, first try is a error because it search the user on the other domain, and
    in the second one I'm able to type the correct domain.
    I'll try to summarize
    Domain name: sp.test.com
    Web Application name: shop.mall.net (I leave the host header in blank so I can access directly with that address)
    First try it only prompts for user/pass and returns an error no matter which combination of domain user and password I type. Second try by default I see the username by default is shop.mall.net\sharepointadmin , and not
    sp.test.com\sharepointadmin which is where the user is stored in AD. I think this is also related with the SSP as it says it cannot find the username for provisioning account despite it exists in AD, but SSP is on a Web Application that
    doesn't share domain name with the domain.
    Thank you all in advance.
    PS.- First time I posted on technet, sorry for not being clear or any mistake I could have made.

    The trouble is the browser thinks the URL is an internet site and as a security measure doesn't attempt to automatically log in.
    Add the URL to your user's local intranet or trusted sites zones in IE. 
    Jason Warren
    @jaspnwarren
    jasonwarren.ca
    habaneroconsulting.com/Insights

  • Domain/Forest trust - is it being used?

    Is there an easy way to tell whether a trust is actively being used? We have some old trusts that we'd like to remove but we want to see if anything is actively authenticating across the trust.
    How can I do this?
    TIA!

    > Is there an easy way to tell whether a trust is actively being used?
    You could monitor TGS creation on your Domain Controllers. If your DC
    issues TGS tickets for users from other domains, the trust is used.
    Greetings/Grüße,
    Martin
    Mal ein
    gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me -
    coke bottle design refreshment (-:

  • Data Modeler 3.0 EA1: Importing domains and 2.0 model doesn't work

    If I import (or open) a relational model from Modeler 2.0 which refers to domains, Modeler 3.0EA will not recognize the domains. I end up with a model full of "UNKNOWN" column types. I tried importing the domains first then importing the model, opening (or importing) the model and then the domains, and even importing the domains into the default domains set before opening the model. Nothing works; the column types will always be marked as UNKNOWN.
    Is it me or a "known bug"?
    Bert Laverman

    Hi Bert,
    Version 3.0 doesn't know anything about your domains - just copy defaultdomains.xml file from 2.0 installation (it's in datamodeler\domains directory) into 3.0 directory datamodeler\datamodeler\types.
    Philip

  • Cant join PC to domain and not able to send emails

    Hi
    I'm having a few issues with a SBS 2011 Standard server. To give you a setup overview
    Server x1 (SBS 2011)
    Workstations x6 (4 running Windows 7 Pro and 2 running Windows 8.1 Pro)
    The server is used as domain controller and exchange. It doesn't host the web domain - emails are directed via a pop3 connector to exchange accounts
    Main use for server is file sharing, domain control and exchange
    The server and workstations connect into 8 way Ethernet switch
    This switch is then connected in BT 2wire business hub
    The LAN ran from 192.168.0.69 (server) to .70, .71 etc while BT hub was 192.168.0.253
    OK now the problem.
    Everything was setup and working fine until BT decided to block the IP from web.  BT said to factory restart the hub which we did. This fixed the internet to hub but screwed up the LAN. The new hub IP was 192.168.1.254 so the LAN was moved from 192.168.0.x
    to 192.168.1.x
    The first issue I am having is that I cant join a new pc that was rebuilt to the network. I have tried joining via right clicking my computer and changing domain, but when I enter in the domain and admin password it says it cant find the domain?
    I then tried the http://connect but that just loaded a blank page. I'm struggling as to how to connect this pc now. I tried to change the DNS on pc to the server LAN address but that didnt work either. I'm not sure if the domain controller is working or
    if its another issue?ow.
    Also on the pcs that are still connected, every time they login the mapped drives to the server dont open. the user has to try to open the drive and then enter in their username and password to open the drive. The drives are all shared correctly and this
    is only happening now.
    The 2nd issue I have is unclear as if its still a BT issue or not, but when a user tries to send an email the get an instant bounce back saying
    COL004-MC1F51.hotmail.com gave this error: OU-002 (COL004-MC1F51) Unfortunately, messages from 86.XXX.92.XX weren't sent. Please contact your Internet service provider since
    part of their network is on our block list.
    This happens on a number of emails not just hotmail
    When I checked that IP on the spam networks it had no record of it being blocked.the server has internet access ok and can receive emails fine, just not send them.
    I dont know it both issues or connected or not.
    would anyone have any ideas on what to try? first issue is getting this pc on the network. have been told that it needs all sorting for Monday morn, so any quick advice would be great.
    thanks for any input

    Hi,
    Could you please share the IP Address of the server ?
    Make sure the server is set to Static IP Address. With one NIC card enabled. DNS IP should be pointing to the server IP itself.
    On Client machine assign an IP address and make sure the DNS is set to Servers IP Address.
    Once that is done , Try to ping the server.
    Also ping connect from the client machine , Connect should show servers ip address.
    Keep me posted.
    Binu Kumar - MCP, MCITP, MCTS , MBA - IT , Director Aarbin Technology Pvt Ltd

  • SBS 2011 Existing domain and the 21 day timer

    I will be putting an SBS 2011 server into a Server 2088 R2 domain. There is no Exchange server in this domain.
    Will I need to worry about the 21 day timer? From previous experience I believe the 21 day timer is tied to an Exchange server being in the domain. I am asking, because I would like to move the server into the domain and test some things before I start moving
    the users into the SBS OUs, and migrating their email from the POP server onto the domain.
    Thank you for any info!

    No, there is no 21 day issue migrating to SBS 2011 from standard server.  Be sure you have restorable backups and are comfortable with moving the FSMO roles and go for it.  Here is one guide to the process, and there are others:
    http://www.techieshelp.com/step-by-step-guide-to-migrating-to-sbs-2011/
    Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit.

  • Deleted my domain and cant add a new domain

    Hi all
    I deleted my partner domain name inside the admin panel and when i try to add a new domain i get this error msg....
    Error
      Domain already exists. Please delete all records associated with this domain before re-adding it.
    Can someone also tell me what the Advanced DNS Record is for cause i deleted that to and have no idee how i set this up :-/
    Please, need help!

    Hi,
    The issue here was that the domain was being locked for rebranding thus causing this error and preventing you to re-add the domain.  I've since escalated this so we can unlocked the rebranded domain and then wipe clear so you can re-add the domain back into the site with all your DNS records applied as normal. 
    We'll respond back to your case ticket once resolved. 
    Thanks for your patience.
    -Sidney

Maybe you are looking for

  • Outlook 2010 Won't Allow a User to Open Microsoft Office Attachments

    Whenever the user attempts to open a Microsoft Office attachment (Word, Excel, PowerPoint, etc.) from Outlook they are greeted with this warning: Microsoft Excel   ! The file is corrupt and cannot be opened.                               OK Was this

  • SQL Developer hangs when expanding table node

    Hello All, One of my schemas has 3035 tables. When I expand the "Other Users" node, then the schema owner, then expand "Tables", SQL Developer hangs. I have allowed it to run (as it indicates it is working) for 45 minutes, but it never returns. I hav

  • Loadjava on linux

    Hi, I've Oracle 8.1.6 on Debian 2.2 rel.2. I'm trying to load java classes to my database. I can do it with PL/SQL package: "DBMS_JAVA". When I try to use command line utility: "loadjava" I get the message: loadjavasu: /ora/app/oracle/product/8.1.6/b

  • Cursor freezing 10.8.2

    After I updated the sistem to 10.8.2 (three days ago) in my MacBookPro, the cursor is freezing everytime I leave the Mac alon for a couple of seconds.   No problem if I use the keyboard or if I move the cursor, otherwise it freezes.   To unfreeze I h

  • Cant online icloud on my pc

    HI, I cant open the icloud suddenly on my pc