Duplicate SPN for user accounts

Similar Messages

• How to force password policy requirements on password resets for user accounts reset by the Administrator?

  OS: Windows Server 2008 R2 Enterprise
  Domain Level: 2008
  Forest Level: 2000
  We have Domain Administrators in our domain that reset passwords for user accounts, and the passwords the Administrators set them to are not being enforced follow our default domain password policy. For example, I log on the domain controller, as an administrator
  and can reset a password for a user account to be blank. 
  Is there a reason Domain Administrator password resets for user accounts are not enforced by our default domain password policy? Is there a way to enforce this on password resets by Domain Admins? 

  Do you have fine grant password policy? If not ; by default all the usrs are effected by domain level password policy even domain admins,
  Regards~Biswajit
  Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.
  MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
  MY BLOG
  Domain Controllers inventory-Quest Powershell
  Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate
  Generate a Report for installed Hotfix for Bulk Servers

• Incorrect password for user account SLDDSUSERSMD (USER_OR_PASSWORD_INCORREC

  Hello
  I am installing Java add In in Solution manager 4.0, Central Instance. The process stops in this step:
  Mar 12, 2007 10:56:58... Info: User management tool (com.sap.security.tools.UserCheck) called for action "checkCreate"
  Mar 12, 2007 10:56:58... Info: Connected to backend system SMD client 200 as user DDIC
  Mar 12, 2007 10:57:02... Info: Called for user SLDDSUSERSMD
  Mar 12, 2007 10:57:05... Info: Formal password check successful
  Mar 12, 2007 10:57:05... Info: Will create user SLDDSUSERSMD
  Mar 12, 2007 10:58:52... Info: Created user SLDDSUSERSMD of type A with reference user <none>
  Mar 12, 2007 10:58:52... Info: Verification of status for user SLDDSUSERSMD
  Mar 12, 2007 10:58:52... Info: User SLDDSUSERSMD exists
  Mar 12, 2007 10:58:53... Error: Verification of status for user SLDDSUSERSMD failed. Task not successfully executed. Details following.
  Mar 12, 2007 10:58:53... Warning: Error during creation of user SLDDSUSERSMD. Will remove user again to ensure clean exit state
  Mar 12, 2007 10:59:44... Error: Exception during execution of the operation
  Mar 12, 2007 10:59:44... Error: Exception during execution of the operation
  [EXCEPTION]
  com.sap.security.tools.UserCheck$UserLogonException: Incorrect password for user account SLDDSUSERSMD (USER_OR_PASSWORD_INCORRECT)
       at com.sap.security.tools.UserCheck.checkUser(UserCheck.java:833)
       at com.sap.security.tools.UserCheck.createUser(UserCheck.java:1904)
       at com.sap.security.tools.UserCheck.main(UserCheck.java:289)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  Mar 12, 2007 10:59:44... Info: Leaving with return code 2
  Reserved 1610612736 (0x60000000) bytes before loading DLLs.
  INFO       2007-03-12 10:59:45 [synxcfile.cpp:177]
             CSyFileImpl::remove()
  Removing file C:\Program Files\sapinst_instdir\SOLMAN\LM\AS-JAVA\ADDIN\ORA\CENTRAL\CI\dev_UserCheck.
  TRACE      [iaxxejsexp.cpp:188]
             EJS_Installer::writeTraceToLogBook()
  NWException thrown: nw.ume.userError:
  Incorrect password for user account SLDDSUSERSMD (USER_OR_PASSWORD_INCORRECT)
  ERROR      2007-03-12 10:59:45
             CJSlibModule::writeError_impl()
  CJS-30196  Incorrect password for user account SLDDSUSERSMD (USER_OR_PASSWORD_INCORRECT)
  TRACE      [iaxxejsbas.hpp:460]
             EJS_Base::dispatchFunctionCall()
  JS Callback has thrown unknown exception. Rethrowing.
  ERROR      2007-03-12 10:59:45
  FCO-00011  The step createSLDDSUser with step key |NW_Addin_CI|ind|ind|ind|ind|0|0|SAP_Software_Features_Configuration|ind|ind|ind|ind|12|0|NW_Usage_Types_Configuration_AS|ind|ind|ind|ind|0|0|NW_CONFIG_SLD|ind|ind|ind|ind|0|0|createSLDDSUser was executed with status ERROR .
  User doesnt exist in SU01 - I cannot find it. When I try to create it manually, I have the same error
  Some help?
  Thanks in advanced

  At the end I have created the user
  Thanks

• SDK service using domain user trying to set SPN for computer account

  I have a SDK service running under a domain user account, but it tries to register the SPN for the computer account of the machine?!
  Therefore I get the following alert: 
  The System Center Data Access service failed to register an SPN. A domain admin needs to add MSOMSdkSvc/WIN-9IAJC0HS9RJ and MSOMSdkSvc/WIN-9IAJC0HS9RJ.domainxx.local to the servicePrincipalName of CN=WIN-9IAJC0HS9RJ,CN=Computers,DC=domainxx,DC=local
  Which makes sense because it has not the permissions to do that.
  When I make the domain user account member of domain admins it has the concerning permissions and it indeed registers that SPN to the computer account. But why?? The SPN should be registered to the domain user account instead (and therefore I had given the
  domain user account the read/write permissions to itself to do that).
  I have the following SPN registered now for the computer and domain user account:
  setspn -l WIN-9IAJC0HS9RJ
  Registered ServicePrincipalNames for CN=WIN-9IAJC0HS9RJ,CN=Computers,DC=domainxx
  DC=local:
          MSOMSdkSvc/WIN-9IAJC0HS9RJ
          MSOMSdkSvc/WIN-9IAJC0HS9RJ.domainxx.local
          MSOMHSvc/WIN-9IAJC0HS9RJ
          MSOMHSvc/WIN-9IAJC0HS9RJ.domainxx.local
          TERMSRV/WIN-9IAJC0HS9RJ
          TERMSRV/WIN-9IAJC0HS9RJ.domainxx.local
          WSMAN/WIN-9IAJC0HS9RJ
          WSMAN/WIN-9IAJC0HS9RJ.domainxx.local
          RestrictedKrbHost/WIN-9IAJC0HS9RJ
          HOST/WIN-9IAJC0HS9RJ
          RestrictedKrbHost/WIN-9IAJC0HS9RJ.domainxx.local
          HOST/WIN-9IAJC0HS9RJ.domainxx.local
  setspn -l domainxx\omdas
  Registered ServicePrincipalNames for CN=OMDAS,CN=Users,DC=domainxx,DC=local:
  none for this account
  I don't get it. Anyone?
  I am using SCOM 2012 R2
  Pls help.
  Thanx in advance.
  Regards
  Chris

  SCOM SDK service really tries to set its SPN to the computer account (although the SDK service is running using a domain user account). The alert is no bug!
  I know this for sure because I gave the SDK service permission to do it - by making the domain user account member of the domain admins security group - and it indeed sets the SPN on the computer account.
  The latter is the actual bug I would say! It should try to set the SPN for the domain user account the sdk service is running with.
  Then again, nog having the SPN been set correctly to this domain user account, does not seem to bother SCOM at all indeed. Perhaps it uses NTLM instead in this scenario.
  Can anyone comfirm?

• ITunes making duplicates in second user account

  I hope I can describe my issue properly. First of all let me start off by telling everybody that I am a new Mac user making the switch from PC so please be patient with this Mac noob.
  That being said, I proceeded to setup my new Mac with all the software that I wanted on it before adding an additional user account for my wife. I went through the process of moving my music library over to my account (64Gb) and importing it into my library. I have an iPhone so I am pretty familiar with the iTunes interface.
  Once I felt I had everything on this Mac that I wanted, I created a user account on the Mac for my wife to login to and setup sharing for her in iTunes so that we could use the same media folder rather than have 2 physical copies of the media across 2 user accounts on the same computer.
  My problem is that when I tell iTunes on her account to find the music, it adds it into her library twice so there is 2 of every song and iTunes shows that there is 128Gb music in her library even though I can only find 1 copy of any of the music on the hard drive.
  How can I clean this up?
  I know that I can manually delete the duplicates from the library but with over 10,000 titles that would take more time than I care to think about.

  Yeah, my mail account only has google, before it had google and icloud but only one of each. I may not have explained it properly though. Mail doesn't seem to be the problem, 10.8 seperated Notes and the Mail app, they no longer appear in Mail, but if I were to go to gmail.com they show up as duplicates (and many of them). When I switched my notes to icloud only, and go to icloud.com, the notes seem fine... with no duplicaes. Yet, in the "On My Mac" section of the Notes app, there is a folder labeled Recovered Items... where nearly every time I access notes, the most recent edited note displays duplicates.
  I appreciate your input though, and I double checked what you suggested, no luck yet. I could switch to evernote but I love the formatting of "Notes"

• Flash player only works for user account installed with

  Hi all
  I've different user accounts on my PC for me and my son.
  Somehow Flash Player 10 only works for the user account I installed Flash player with.
  In case I install it using my account it will not work for my son's account and vice versa.
  How can I solve this?
  Thanks
  Mario

  I've struggled with this for a long time.  Here is what I've come up with.
  Adobe tech support recommended this:
  1. Log in as Admin
  2. Download the following zip file from here:
  www.supportflash.com/reset_all.zip
  3. Unzip this folder onto your desktop.
  4. Drag both files ‘reset_min_all.cmd’ and
  ‘subinacl.exe’ to your
  desktop.
  5. Run the reset_min_all.cmd file.
  6. It will open a DOS like terminal and start
  running through registry
  keys.
  7. When it is finished it will say “press any key
  to continue”.
  8. At this point you can install the latest Flash
  Player:
  for Internet Explorer:
  http://www.adobe.com/support/flashplayer/ts/documents/tn_19166/Install_F
  lash_Player_9_ActiveX.zip
  other browsers:
  http://www.adobe.com/go/getflashplayer
  9. Check that Flash Player is working for the
  Admin.
  10. Check that Flash Player is working as the
  other 2 users.
  I hope this information helps. Feel free to reply
  if you need further
  assistance on the issue discussed here or file
  a new case if you want to
  report a new issue in the Support Portal:
  <(><<)
  >http://www.adobe.com/go/supportportal>
  Thank you.
  Regards,
  Technical Support Engineer
  Adobe Systems, Inc.
  I can't recall whether I had to run this in each account or not.  It somewhat worked for me.  If the accounts were all set up as admin accounts, flash worked in all the accounts after that.  If one account was admin and the rest were limitied (I'm running xp home) it wouldn't work in the limited account.
  I gave up and reverted back to flash player 9 via NOrton go back
  It must be a permissons issue of some sort.  I just don't have the patience to figure it out.
  Good Luck,
  Let us know what you figure out

• Parse Security Logs for User Account logon Computer Name

  Greetings,
  I was recently tasked with creating a list of user accounts and the computer in which they logged onto.  Unfortunately, we do not have time to use the logon script method.   I believe we can achieve this goal using software similar to LANSweeper
  however not all computers will be turned on at a given time and I believe this application gathers it's information from the client PC.  One possible solution I see is parsing the data from our domain controllers Security Logs / Successful Logons however
  this is proving to be a challenge. Any suggestions?  
  Thanks,
  Chris

  Hi Chris,
  I was recently tasked with creating a list of user accounts and the computer in which they logged onto.
  I believe we can achieve this goal using software.
  There is no built-in tool to complete this task.
  However, we can configure event log trigger to send email when specific logon events are generated.
  Here are some related articles below for you:
  Getting event log contents by email on an event log trigger
  http://blogs.technet.com/b/jhoward/archive/2010/06/16/getting-event-log-contents-by-email-on-an-event-log-trigger.aspx
  Send an email when an event is logged
  http://blogs.iis.net/rickbarber/archive/2012/10/26/send-an-email-when-an-event-is-logged.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Massive update for user account's passwords

  Hello experts,
  For our customer we need to create 100 users at QA system (for testing purposes). The idea is to set the same password for all of them. For that purpose, I will set my mail account for all these users and I will receive all the mails with every user account data and the idea is to set the same password for all of them.
  Do you know if there is any way to change all the passwords at once instead of doing one by one (by accessing to the system with every user account and change its password)?
  Thanks and best regards,
  Isaac

  Hello,
  Possibility of mass password update will depend on your actual config:
  - are you On-Premise or On-Demand?
  - what type of directory configuration do you use? LDAP, SSO?
  From within Sourcing this mass update cannot be done, but it might be possible to do with the help of the team that manages the directory itself.
  Regards,
  Bogdan

• Screensaver is not running in JDS environment for USER accounts in SOL10

  hi all i am new to this thread
  i hav a problem with JDS in solaris 10 sparc (ultra10)
  i am not able to run xscreensaver only in user accounts but i am able to do in root(CDE is ok for users)
  the message it is giving while logging in to user accounts is
  There was an error starting up the screensaver:
  Failed to execute child process "xscreensaver" (No such file or directory)
  Screensaver functionality will not work in this session.
  & i am not able to lock the screen
  any suggestions please
  thanx &regards
  chakri

  your welcome
  its about time i actually helped someone
  im always asking for help here
  by the way i found that information on the web after doing days of searching
  let me know if it works ok for you
  just remember to add that line in the .profile file
  not in terminal
  if the icon does nto exsist you can either add one
  or call the file (xscreensaver) directly form the path you added
  or it should apear on next login
  Message was edited by:
  heatherval

• Root/admin access for user account

  I'm not sure the best way to explain this, but, I want my user account to be able to write/read ANY file on my HDD. How do I enable that in Lion? I've already added my user to the admin group, but, to no avail. Essentially I want to do $> sudo chmod -R a+rwx /, but, without having to do that.
  Yes, I understand that your everyday account shouldn't have this type of access and you should only elevate privleges when necessary. W/ that in mind, I'd really appreciate answers (or links) detailing how to do this and not explaining why I shouldn't do this.
  Thanks, and let me know if I should explain what I need in more detail.
  - Matt

  The top level of the hard drive has always been an admin-only area. In 10.6 and earlier, the admin group could write there. Now in 10.7, only root can write there. It was changed for security reasons. Apple realized that not many people are following their security guidelines and are running as admin users all the time, and so they have tightened up security in Lion.
  User files should not be put there. Put them in your home folder or in /Users/Shared if you wish multiple users to access them.

• Delete (-) for user account dimmed.

  I had created a “Guest Account” that I would now like to delete, however I cannot. When I log into my administrator account, go to System Preferences and unlock the lock to allow changes and then select the guest account, the delete [-] for the guest account is dimmed. How do I get rid of this account?

  Within the guest account, was there any higher privilege given to make it
  equal to your main Admin account? In those cases where a secondary
  account was given high privilege, that would have to be revoked prior to
  being able to simply remove the account from the system.
  Some access from the guest account may be holding up the delete process.
  (This is an area where I have only read several things about; however I did
  add a link and quote to this reply which may be of help if nothing else works.
  But it has a limited answer, too; the main command is dimmed out, inviting
  you to try other advanced or even routine maintenance on your computer.)
  An account access permissions issue may likely only be a maintenance matter.
  But check the settings used to create and maintain the Guest user accounts.
  *See this topic:* "How do I completely disable the Guest Account in Leopard?"
  http://www.askdavetaylor.com/completelydisable_guest_account_mac_os_xleopard.html
  Sometimes, issues within accounts, users and privileges go odd; it may
  be you would need to repair disk and disk permissions from the booted
  Installer's Disk Utility version. Also, check and repair anything in the OS
  that may have been lacking. There are times where general maintenance
  is a way to fix odd issues that otherwise have no explanation.
  Have you started the computer into SafeBoot, and when then in the admin
  account, see about removing the guest or other user; or at least try to make
  the settings function? Some extensions and system bits are inactive when
  the computer system is booted into SafeBoot Mode, but you can use this to
  an advantage since it does a basic repair on startup. Then run Disk Utility,
  and its 'repair disk permissions' then when done, quit D.U. & restart normally.
  There are several Support documents on the topic of user accounts and how
  to manage them; some troubleshooting of them involves reading up on the
  variable and ways you can change the settings. I'd use caution since there is
  a way to Delete a Guest User Account that involves the terminal or root level
  and fair attention to detail is required so as to not affect more than the one item.
  A post in this Discussion tread tells of how to delete a guest user account:
  http://discussions.info.apple.com/thread.jspa?threadID=1521487
  From May 14, 2008 as contributed by V.K. to resolve another user's problem:
  +"From an admin account uncheck the option enabling Guest account in accounts+
  +system preferences and then enter the following command in terminal.+
  *sudo dscl . delete /users/Guest*
  +Please just copy and paste the above. That's very important, you don't want+
  +to delete a wrong thing here. You'll have to enter your admin password which+
  +you won't see (that's normal).+
  *This command will delete the Guest user.*
  +Now go to the accounts preferences and enable Guest. This should create+
  +Guest user afresh and hopefully resolve the password issue. Restart and+
  +try the guest user again. Double check and make sure that it's enabled."+
  {This last part, should you need to re-create a guest user again.}
  While I have not tried this, nor have I ever created a Guest User account in
  any of my dozens of Macs, (prefer to create Standard user for daily use; or
  try the Parental Controls to minimize damages an inexperienced user may
  create in the process of over-reaching their grasp) I can see it may be handy.
  Hopefully some of the above may be helpful. Usually if a system function is
  acting oddly, sticks, or won't work correctly, some systematic maintenance
  is likely behind the situation. To have and run AppleJack from single user or
  perform other preventative actions to head off possible issues, are ideas, too.
  Since I don't use AppleJack, and seldom need to run in the command line or
  single user or terminal mode, some of that is out of my range. I've found most
  of the issues I've read about can be prevented. However, if a user gets into the
  OS and can move things around, trash or misplace important parts, etc; odd
  things can happen. Unfriendly or careless/unwanted user access can mess it up.
  Usually about once a month whether or not the computer needs it, I run OnyX
  and have it complete all items check-marked in Automation, and have it set to
  restart the computer when that group is finished. There are other tools in it, too.
  Perhaps the combination of things can help; or just what Dave Taylor said.
  Good luck & happy computing!
  +{ edited to add more confusion }+

• How to change the thread number for user account

  I remember that for each user account, we can limit the maximum thread number it can create for a user process. But how to change this number?
  Thanks,
  Iris

  Hi ,
  I do not think that there is a way to control the number of "threads per user".
  Are you referring to "thread id" ? Please elaborate on your requirement.
  You may want to take a look at the complete list of process sizing tunables
  at:
  http://docs.sun.com/ab2/coll.707.1/SOLTUNEPARAMREF/@Ab2PageView/idmatch(CHAPTER2-4)?Ab2Lang=C&Ab2Enc=iso-8859-1#CHAPTER2-4
  The link can also be accessed as:
  http://docs.sun.com
  Collection Titles
  Solaris Tunable Parameters Collection
  Solaris Tunable Parameters Reference Manual HTH
  Gopinath.
  Developer Technical Support
  Sun Microsystems Inc

• IMac keeps asking for user account password when changing Airport

  Whenever I change anything in Airport (switching networks mainly) my iMac constantly prompts me to submit my user account password. All other macs don't do that. Any clues?

  Suggest that if you haven't already taken the next steps....open System Preferences > Network > AirPort and delete the current wireless connection by highlighting the name of the network, then clicking the - (minus) button at the bottom of the connection list. Click OK and then Apply.
  Open Macintosh HD > Applications > Utilities > KeyChain Access and locate the name of the wireless network, then highlight and delete that entry.
  Restart your Mac to see if that will allow you to start fresh.
  If still no luck, I'm afraid it's getting down to a re-installation of the operating system on the Mac.
  Message was edited by: Bob Timmons

• Help for user accounts

  Hi all, I have a problem that I am trying to resolve. I have a new computer with a partition M: that is dedicated to music only. I am going to import all my music from an external hard drive. There are 3 users that will be using Itunes on this computer, 2 administrator accounts..and my wifes limited account. My wife and I each have an Ipod to link to our own account. What I want to do is have Itunes add the songs to each of these accounts when I import music to the Itunes music folder in (M:). I created a shared folder in (M:) and put the Itunes music folder in it, but my songs are only recognized by the main administrator account. How do I get them to the other Users? I figure that this is possible because the shared folder on (C:) that has the two sample songs in it, makes those songs available to each user but I'm going crazy trying to figure this out..... Thanks in advance

  iTunes does not at present have any feature for watching folders and automatically importing tracks you add to a folder. Here are a couple of potential solutions from other developers, though:
  http://albumbrowser.klarita.net/iTunesFolderWatch.html
  http://www.lifehacker.com/software/itunes/hack-attack-automatically-sync-itunes- to-any-folders-175161.php
  Thanks to Meg and Hudgie for the tips.

• Remove Security Settings automatically for User account

  Hi all,
  In windows server 2003R2 -> AD users and computers -> (user)administrator account -> porperties -> security tag
  I have added group 'power user' and denied all permission for this group to manage this account.
  However, after about an hr, once I login again, the group was removed automatically in the security tag.
  Anyone have ideas about this?

  Hi,
  Please confirm, whether you have configured Restricted Groups setting in Group Policy?
  Checkout the below thread on similar discussion,
  http://social.technet.microsoft.com/Forums/en-US/a23a1dbb-19de-4b61-9548-1bf2ad062baa/domain-accounts-memberhsip-removes-automatically?forum=winserverDS
  Regards,
  Gopi
  JiJi
  Technologies