Duplicate UIDs, authentication AD

Similar Messages

• Console messages with 'Duplicate UID'

  I've had quite a few problems with Lion - I'm not sure if they're related. I had, unfortunately, LittleSnitch - which was broken, but took a while to get rid of. I also had problems with screen sharing stopping working, but I've used advice here to fix it.
  Now I have a strange message:
  quicklookd: Duplicate UID: 'then the long UID'
  This is filling my console logs, which is irritating.
  I only have two users on my machine. - 4000 messages saying the same thing over the past twenty minutes or so.
  Any ideas?
  How do I trace the UID to the user anyway?

  Same problem here, started right after updating to OS X Lion (from Snow Leopard)
  Any suggestions?

• Duplicate Queries and Query Components in BI Production Box

  Hi:
  We have a situation where we have duplicate queries and query components in our Production BI box.
  The problem was caused by transports.  We have a development landscape and a support landscape where both are transporting separately up to the BI Production Box. 
  For example, query ABC was created in the development landscape and transported up to our production box.
  The same query ABC was created in our support landscape and transported up to our production box.
  Now in the production box we have 2 queries ABC with the same technical name and description but with different active ELTUIDs.  
  We have found the program ANALYZE_RSZ_TABLES and it does show us this problem in our production box with many queries and query components.
  The question is how do we get rid of the duplicate ELTUIDs in our Production box and how do we stop this from happening during transport?
  any suggestions would be helpful.

  Hi JC,
  I think you can use Tcode RSZDELETE to delete the duplicate UIDs of elements or any query objects.
  Test it in dev box / sandbox before using it in prod.
  Thanks

• UID Uniqueness plug-in getting tripped

  I have the UID Uniqueness enabled in a multi-master environment. Yes I've read the plugin is not designed for multi-master replication environments and that if the UID is modified on more than one server at the same time the plug-in cannot detect it because it does not perform the uniqueness check when receiving replication updates, but only on the master in which the update is being made.
  That being said, the risk I run is that I unknowingly have duplicate UIDs in my system that were not detected. However, what I have recently been experiencing is the UID uniqueness plugin being tripped with false positives. Periodically, maybe once per week, or 0.5% of update transactions, an update to the directory will return err=19, tag=105 with the error log stating Attribute Uniqueness as the problem. In each case, simply re-running the LDAP modify yeilds success. Basically the UID uniqueness plugin is reporting a false positive.
  The UID is not the naming attribute in our system but is configured identically (applicable subtrees) on each of the servers.
  Is there a known scenerio where this can occur? Am I wasting my time having the plugin enabled on each master?
  DS 5.2_4 pkg install
  Solaris 9
  Thanks

  does your system reuse ids? could the system be seeing an entry marked for deletion, and still holds the unique uid value, only when the object is really finally deleted do you see it work, appearing like a false positive?
  I forget how to find a deleted entry, but it assigns it a new objectclass and does a modrdn to a guid value, then deletes the entry later. Just a thought.

• Duplicate queries

  We have duplicate queries and plan to report ANALYZE_RSZ_TABLES to change the name in some and delete in others.
  Part of our checks has referred to considerations that have been made in SAP Note 792779.
  However, we have the following scenario:
  We have a duplicate query that is shown in RSRT whilst the other appears in the Info Area Open Dialog box.  We will be changing the name of the one that appears in RSRT.  After the change will the other version of the query appear in RSRT if I run with COMPID and secondly will the changed query name appear in RSRT and the Info Area Open Dialog box with its new COMPID?
  Thank you in advance for your help

  Hi JC,
  I think you can use Tcode RSZDELETE to delete the duplicate UIDs of elements or any query objects.
  Test it in dev box / sandbox before using it in prod.
  Thanks

• Frequent but unpredictable DB_PAGE_NOTFOUND corruption

  Hi,
  We have developed a multi-process data processing engine that uses BDB as state storage to store queues of pointers to datums in on-disk flat files. The engine is written in Perl, using the standard BerkeleyDB CPAN module as its interface to BDB.
  Platform: Red Hat Enterprise Linux 5.1 x86-64
  Perl: 5.8.8 (with 64-bit support)
  BDB: 4.3.29 (the default for this version of RHEL)
  After running in production for some time without any errors, occasionally one of the data queues (a Btree database) has started to corrupt after a few hours of record creation/deletion by forked children. The error (which is elicited after subsequent db_put() calls is "DB_PAGE_NOTFOUND: Requested page not found"), and running db_verify on the database returns:
  "db_verify: Page 1: internal page is empty and should not be
  db_verify: queue.db: DB_VERIFY_BAD: Database verification failed"
  Worse, is that the error cannot be recreated on any of our development or staging environments - it just intermittently occurs in production, now maybe every 3 to 8 hours.
  Some background:
  Roughly - the child processes that seem to be causing the corruption read a bunch of key/values via a cursor, and then delete the keys from the DB.
  The environment is created with: DB_CREATE | DB_INIT_LOCK | DB_INIT_LOG | DB_INIT_MPOOL | DB_THREAD | DB_INIT_TXN
  The database is created with: DB_CREATE|DB_THREAD
  The parent process closes all Env & DB handles before forking children, then re-opens upon returning from fork().
  The child processes all open their own Env & DB handles after fork().
  There are usually around 5-8 children running in parallel, and will execute the deletes on the DB in parallel.
  Before exiting, the child processes always explicitly call db_sync() before calling db_close() - probably overkill.
  Here's where my understanding of deadlocking in BDB gets shaky:
  DB_INIT_LOCK should implement multiple-writer locking semantics, and because of the way the parent process distributes the work to the child processes, children are never competing to delete the same keys.
  I suspect the reason for the corruption is that BDB's locking may be page-based, not key (record) based, and if (say) child A deleting a key causes an underlying page split (?) whilst child B is also deleting a key stored on that same page, corruption occurs. Am I on the right track here? The app is not yet doing any deadlock detection or resolution - we haven't yet gone down that route because nowhere are any errors regarding deadlocks being surfaced in the statuses of any DB calls, or the output of db_stat().
  Interestingly, none of the db_del() calls in any of children fail, with deadlock errors or otherwise - the corruption is only noticed by calls to db_put() into the same database during a subsequent processing run - obviously after the in-memory cache has been synced to disk.
  We haven't yet gone for upgrading BDB to 4.7 (or even 4.4) , but will attempt to do this if no other fix is forthcoming.
  An alternative, quicker fix we're trying out is to use DB_INIT_CDB to enforce single-writer semantics on the children, or to move the responsibility of writing back up to the parent process, and have no multiple-writers at all.
  I know my understanding of the pitfalls of deadlocking and how they relate to the underlying Btree store aren't great and suspect herein lies the real problem. Many thanks in advance for anyone with advice or recommendations here.

  Thanks Michael. I'll engage here for the sake of Googlers and also follow up by email.
  - Yes, the same flags are used to open the environments and db in the children; all processes use the same storage class that wraps the BDB access.
  - db_sync() before db_close() was paranoia on my part - noted and understood that it's unnecessary.
  - The db_verify output is indeed all it reports. <tt>db_dump -qa queue.db</tt> on a corrupt DB reports:
  <tt>
  In-memory DB structure:
  btree: 0x120200 (duplicates, open called, read-only)
  bt_meta: 0 bt_root: 1
  bt_maxkey: 0 bt_minkey: 2
  bt_compare: 0x30b2222900 bt_prefix: 0x30b2222970
  bt_lpgno: 0
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
  page 0: btree metadata level: 0 (lsn.file: 0 lsn.offset: 1)
  magic: 0x53162
  version: 9
  pagesize: 8192
  type: 9
  keys: 0 records: 0
  free list: 2, 0
  last_pgno: 2
  flags: 0x1 (duplicates)
  uid: 5f 0 db 4 0 fd 0 0 1b d6 75 51 bf 5c 0 0 0 0 0 0
  maxkey: 0 minkey: 2
  root: 1
  page 1: btree internal level: 2 records: 0 (lsn.file: 0 lsn.offset: 1)
  entries: 0 offset: 8192
  page 2: invalid level: 0 (lsn.file: 0 lsn.offset: 1)
  prev: 0 next: 0 entries: 0 offset: 8192
  </tt>
  There are records in the queue.db, though - viewing it reveals recognisable keys.
  Other things I ought to mention, which may be giveaways:
  - Although creating the environment with DB_INIT_TXN, the app does not perform any transaction handling or checkpointing - in effect it is in auto-commit mode.
  - Since modifying the storage to use DB_INIT_CDB overnight, there has been (so far!) no corruption.
  Thanks again.

• Can't enable calendaring for some users in WGM

  10.5.6 server
  OD set up and working fine
  I'm trying to get going with iCal server for the first time
  The 3 accounts that I initially enabled for calendaring seem to work fine, but now I can't add any more. If I enable calendaring for a user in WGM and save the record, if I go to another record and then back to the one I changed, I see that calendaring is disabled for that user.
  It continues to work for the initial 3 users.
  iCal server error log did have some messages about "Record disabled due to conflict: <OpenDirectoryRecord..........."
  I read on another post that this indicates a problem with duplicate UIDs/GIDs
  I found one each UID ad GID that were both duplicated in local and LDAP records, so I changed those in WGM. On top of that I found that groups "Open Director Users" and "Open Directory Administrators" had the same GIDs in both local and LDAP domains, but guessed that I had better leave these alone. There are no other duplicate UIDs or GIDs.
  Stop and start iCal server.
  Problem remains.
  Any ideas please?
  Many thanks......

  Dear All,
  I have the same problem, i can't active the 'web calendaring' for groups and for users, the checkbox 'enable calendaring' don't stay checked if i close and open the workgroup manager...
  Someone has a solution?

• Lost function of Reply & Send butons in Mail 2.1.3.

  A few days ago I booted my G5/10.4.11 into 10.5.8 to help find an answer for a question here. (May or may not be related)
  Everything works fine in other Accounts.
  Upon booting back into 10.4.11, I eventually noticed that in Mail hitting Reply, nothing happens other than the button dims for an instant & this message shows in Console...
  2010-04-18 16:05:48.648 Mail[10891] * -[NSAutoreleasePool dealloc]: Exception ignored while releasing an object in an autorelease pool: * -[NSCFArray addObject:]: attempt to insert nil
  2010-04-18 16:06:00.477 Mail[10891] * -[NSCFArray addObject:]: attempt to insert nil
  If I hit the Forward button a new window opens to reply with as it should, but the send button gives...
  2010-04-18 16:07:39.975 Mail[10891] Exception raised during posting of notification. Ignored. exception: * -[NSCFArray addObject:]: attempt to insert nil
  2010-04-18 16:07:39.994 Mail[10891] * -[NSCFArray addObject:]: attempt to insert nil
  I've Rebuilt the Boxes, Ive run Disk Utility, DiskWarrior, & Drive Genius, I've Repaired Permissions & finally used AppleJack, no change.
  I.ve Safe Booted & done this...
  Move this Folder to the Desktop...
  /Users/YourUserName/Library/Caches/Mail/
  Move this file to the Desktop...
  /Users/YourUserName/Library/Mail/Envelope Index
  Reboot.
  GAACK, now to really confuse me, I just sent myself 2 emails, one from Eudora in this account & one from Mail in another account on this Mac... for one of them the Reply button works but cannot select the message part of the window to type anything, nor does Send work from there!?

  Migrating that user & all prefs from a Clone cured the problem, haven't figured it out yet, but something about logging in as UID 503 is causing it, the duplicate UID 505 login does not exhibit it.

• Thousands of "netboot" users

  Over the weekend several users reported that they could no longer connect to certain sharepoints on our 10.6 server. I checked and sure enough, I couldn't connect either. Looking through the logs I found errors like the following, which I've seen in several discussions here about Directory Services errors:
  2010-04-28 10:16:21 EDT - T[0x000000010070A000] - Misconfiguration detected in hash 'Global UID':
  2010-04-28 10:16:21 EDT - T[0x000000010070A000] - User 'labuser3' (/LDAPv3/127.0.0.1) - ID 1028 - UUID 485094AA-EF5D-45D9-B59B-ED23485FA66D - SID S-1-5-21-2096087002-3884103120-606929893-3056
  2010-04-28 10:16:21 EDT - T[0x000000010070A000] - User 'netboot1028' (/Local/Default) - ID 1028 - UUID E2B2072F-1A2F-4C7B-B548-390E9AFF60F2 - SID S-1-5-21-367286870-2546797680-2483472567-3056
  I can see that I have two users with the same UID (1028). However, one is a user that was created years ago, the other is "netboot1028". Curious as to why there was a random netboot user in the directory, I looked in the System Records and it shows over a thousand similar "netbootXXXX" users in the directory starting with "netboot100" and going through "netboot1297". Any users whose UID overlaps with the netboot user of the same number cannot access any sharepoints with ACL permissions.
  I realize that the problem is the duplicate UIDs, but how and why are these netboot users getting created, and why is it not skipping over existing UIDs?

  this happens automatically as a function of bootpd/netboot.
  the man page describes the process a bit. you should look at the following two parameters to see if modifications help you:
  afpuidstart (Integer) The starting uid used when creating AFP machine users. The default is uid 100.
  afpusersmax (Integer) The number of AFP machine users to automaticaly create. The default is 50. Note: the
  server will never remove a user once it is created, so decreasing this value once the server has
  read it will have no effect.

• New Calander? Sync askes for New Calander?

  Has anyone come across the problem, I try to sync but it keeps asking for new Calander in iCal or entourage.  Suggestions.
  Solved!
  Go to Solution.

  Got it fixed, and it works very well, You have to buy the program to clean your iCal and Sync, but well worth it, much faster, and no issues.  Spanning tools for Mac.
  Ty
  Spanning Tools for Mac
  v1.02
  System Requirements
  System requirements: Mac OS X 10.5 or later (compatible with Mac OS X 10.6 "Snow Leopard")
  What's New in v1.02
      • Fixed a problem that caused the software to enter trial mode for some registered users.
      • "Don't show this message again" checkbox wasn't working for the backup alert.
      • Fixed a minor wording problem for the bad suffix resolution.
  Calendar Cleaner & Contacts Cleaner
  These tools scan your iCal calendars and Address Book contacts for various types of problems including:
  - Duplicate contacts and calendar events
  - Duplicate properties such as contact addresses
  - Badly formatted names and titles
  - Invalid properties such as dates
  When you're finished cleaning up your data with Contacts Cleaner and Calendars Cleaner, you'll probably want to copy your clean set of contacts or calendars over to any other services or devices that you sync with. If you don't, the "bad" data is likely to make its way back to your Mac. Here's how to replace data on some popular devices and services:
  Spanning Sync: Select “Replace Data on Google” from the Advanced tab of the Spanning Sync pref pane.
  iPhone/iPod: Select the device in iTunes, select the info tab, select “Replace calendars” at the bottom of the window.
  MobileMe: Open the MobileMe pref pane, select the Sync tab, click the Advanced button, and select “Reset Sync Data”.
  Sync Tune-Up
  The Sync Tune-Up gives you access to sync information and features that are otherwise difficult or impossible to access within Mac OS X. For a rundown of what's available, just open the Sync Tune-Up app and explore.
  Reporting Problems and Suggestions
  Please send all bug reports and feedback to [email protected].
  Known Issues
  - Calendar events with blank names can't be deleted from Calendar Cleaner. This is a bug in Apple's CalendarStore.framework.
  - It may be impossible to merge calendar events with duplicate UIDs from Calendars Cleaner. If merging fails, try the "delete other event" option instead.
  Spanning Sync, Inc. © 2009.

• ICal is freezing up - have tried everything - Help!

  My iCal has been freezing up on my Mac for the past week.  The functionality on my iPhone works fine though.  I ran Console while starting iCal and here is the script I found:  8/27/12 3:55:41.410 PM iCal: Duplicate UID: u9u5o2tabp84aomgneppgl10ao@google.
  I have already used a Duplicate Event Remover for iCal and ensured that none of my unused calendars are active.  Still no luck.  Any help would be greatly appreciated.

  Well the first game is over, the Mac is together and working again. Tryed every thing electronically that I could find to try, then my background in Aircraft Maint. came out. Tore that sucker apart! Wife just knew we'd be out looking for a new puter next week. Had to remove the disc drive and opened the drive up to remove the disc. Put it back together WITHOUT the drive installed and it worked fine. I'll be shopping for a external drive with mechanical backup! So thanks to those who answered you got me brave enough to tear it apart!

• /dev/console restriction

  I'd like to know how Solaris handles this restriction.
  Is it done via the username or via the UID?
  We have servers managed by an outsourcer, and they have made a duplicate UID 0 account, and I want to know if that account will still be restricted to the console, or if they will be able to telnet/ssh into the servers with this account.
  I would test it myself, but this is taking place on production machines and I cannot alter them for the tests.
  Thanks.

  It checks on UID. At least it does that in Solaris 10, and i believe it did just the same in Solaris 9, at least it makes lot more sence to trigger on UID rather than username..
  http://cvs.opensolaris.org/source/xref/usr/src/cmd/login/login.c#1174

• Mail message in konsole

  What is this?
  10/09/12 23.43.45,778 CalendarAgent[346]: Duplicate UID: 43E9FD09-328F-11D7-B3A6-0003937250A0
  A lot of this. in konsole.
  Please an answer. Thank you.
  Regards
  Kurt, Denmark

  Hi Kurt,
  Q. Calendar Cleaner is showing "duplicate UID" problems that never go away. What's wrong?
  A. Duplicate UID issues are particularly difficult to fix since they keep multiple events from being referenced uniquely. If merging the events doesn't work, try deleting the duplicate event instead. If that doesn't do it, try rebuilding the iCal cache as described above. If that still doesn't help, you'll probably have to delete the calendar and rebuild it from an external source, such as a clean backup or some other device or server that you sync with.
  http://spanningtools.com/mac/calendar-cleaner-help.html

• The KDC encountered duplicate names while processing a Kerberos authentication request in a Domain controller server

  HI
  we have a sharepoint farm and in domain controller server, this error is in event viewer
  Log Name:      System
  Source:        Microsoft-Windows-Kerberos-Key-Distribution-Center
  Date:          9/15/2014 10:44:15 PM
  Event ID:      11
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      XXXAPP01.xxxportal.com
  Description:
  The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is HTTP/XXXWFE01.xxxportal.com (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
  this from occuring remove the duplicate entries for HTTP/XXXWFE01.xxxportal.com in Active Directory.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
      <EventID Qualifiers="49152">11</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-09-15T19:44:15.000000000Z" />
      <EventRecordID>131824</EventRecordID>
      <Correlation />
      <Execution ProcessID="0" ThreadID="0" />
      <Channel>System</Channel>
      <Computer>XXXAPP01.xxxportal.com</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="Name">HTTP/XXXWFE01.xxxportal.com</Data>
      <Data Name="Type">DS_SERVICE_PRINCIPAL_NAME</Data>
      <Binary>
      </Binary>
    </EventData>
  </Event>
  adil

  Hi adil,
  Service principal names (SPNs) are stored as a property of the associated account object in Active Directory
  Domain Services (AD DS). I noticed that you have used setpn –X to identify the duplicate SPN. Please refer to following articles and check if help you to solve this issue.
  Event ID 11 — Service Principal
  Name Configuration
  Event ID 11 in the System log of domain controllers
  Please also refer to following article and check if can help you.
  The problem with duplicate SPNs
  Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
  does not guarantee the accuracy of this information.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Error Event ID 11 The KDC encountered duplicate names while processing a Kerberos authentication request.

  I've been noticing The Error with event ID 11 popping up a lot on our domain controllers:
  The KDC encountered duplicate names while processing a Kerberos authentication request.
  When running setspn -X it says that it found 111 groups of duplicate SPNs. However, when going through the list, it references domain service accounts that are used to run our SQL Server services. We have about 50 remote locations and each of them has 3
  machines participating in a SQL mirror (principal, mirror, witness) and they all run the SQL Server service on the same account (1 account per location).
  We haven't experienced any issues at all but I was wondering if this could cause problems or if we are straying from best practice. Any advice is welcome. Thanks!

  I believe what you should do to follow best practice is to provide unique SPNs for each SQL server, which will also provide increased security, and to do that you must create individual service account for each SQL server so it can associate that
  account with that server's SPN.
  Here's more on it to help guide you. Read Paul's comments, as well as other suggestions in the following thread:
  event ID 11 There are multiple accounts with name MSSQLSvc/xxxxxx
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/8df35316-23ba-48ba-aa3e-2249fcbfecbc/event-id-11-there-are-multiple-accounts-with-name-mssqlsvcxxxxxx?forum=winserverDS
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.