Error adding untrusted domains

Hello,
When adding a untrusted forest to configuration manger to discover client and users I receive "Logon failure: unknown user name or bad password when adding a new account for the untrusted domain.  I know the account is ok.  If I use the console
on a pc in the untrusted domain the account works.
Thanks
Dave

Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?
Take a look at this blog, it might help you.
http://anoopcnair.com/2013/05/23/configmgr-2012-tip-on-untrusted-forest-ad-system-discovery/
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ

Similar Messages

  • Error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication" on SQL Server 2008 R2 Enterprise Edition 64-bit SP2 clustered instance

    Hi there,
    I have a Windows 2008 R2 Enterprise x64 SP2 cluster which has 2 SQL Server 2008 R2 Enterprise Edition x64 SP2
    instances.
    A domain account "Domain\Login" is administrator on both physcial nodes and "sysadmin" on both SQL Server instances.
    Currently both instances are running on same node.
    While logging on to SQL Server instance 2 thru "Domain\Login" using "IP2,port2", I get error 18452 "Login failed. The login is from an untrusted domain and cannot be used with Windows authentication". This happened in the past
    as well but issue resolved post insatllation of SQL Server 2008R2 SP2. This has re-occurred now. But it connects using 'SQLVirtual2\Instance2' without issue.
    Same login with same rights is able to access Instance 1 on both 'SQLVirtual1\Instance1' and "IP1,port1" without any issue.
    Please help resolve the issue.
    Thanks,
    AY

    Hello,
    I Confirm that I encountred the same problem when the first domain controller was dow !!
    During a restarting of the first domain controller, i tried to failover my SQL Server instance to a second node, after that I will be able to authenticate SQL Server Login but Windows Login returns Error 18452 !
    When the firts DC restart finishied restarting every thing was Ok !
    The Question here : Why the cluster instance does'nt used the second DC ???
    Best Regards     
    J.K

  • Pull DP error for cross untrusted domain

    I have put the pull DP into untrusted domain and opened bidirectional ports in both firewall.clients are not communicating to primary SCCM server. 

    I am trying to install SCCM agent manually on untrusted forest and getting following error.
    Failed to get assigned site from AD.Error 0x800004005
    getADinstallparams failed with 080004005
    no valid source or MP locations could be identified to download content from ccmsetup.exe cannot continue

  • SCCM 2012 R2 - Distribution Point untrusted domain - Not acknowledging Network Access Account (FYI)

    Hello!
    Scenario
    Built a single primary site server in one domain with multiple distribution points. All site servers are member of this one site.
    The distribution points in the primary site servers' domain function as expected. The distribution point deployed to an untrusted domain does not. The primary site server can see all objects in the domain, publishes successfully, and CCM client on the
    DP in the untrusted domain knows its part of the site, knows its AD site (according to locationservices.log). The DP role is installed properly, logs are populating, queries are being made for application lists and updates. nfortuantely authentication
    errors indicate that this software can'tbe downloaded.
    In essence the DP in the untrusted domain can't pull down content from the primary site server. The role uses BITS to download content from IIS on the primary site server, but the requests each throw a 401 error. Unauthorised. This should be an easy fix.
    Create a Network Access Account in the primary site server's domain, assign it to the site (Software Distribution setting), wait for the DP to pick up the setting and watch it retrieve its content. The DP in the untrusted domain is configured as a Pull DP,
    implying it has to use a Network Access Account to download content. It knows the content is available and makes every effort to download it.
    Problem
    The DP in the untrusted domain doesn't know a Network Access Account (NAA) has been defined for the site.
    The account does exist, created in the primary site server's domain and assigned to the site. Its not a password issue. IIS has not been set for Anonymous access as this isn't needed - the NAA should provide the credentials it requires to pull down content.
    A manual check using the URL of the package confirms the package is accessible from the DP when using the NAA's credentials. I've allowed enough time (i think) for the DP to acknowledge the NAA. For fun the DP role was removed, and the CCM agent removed. Both
    were reinstalled. A fresh install didn't detect the NAA.
    Solution
    After some soul searching and a little frustration, it came down to this: A Pull DP always uses the Network Access Account. If the DP can't find a Network Access account it will fail to pull down content. This is undisputed. Found an article that states
    the Pull DP always uses the CCM client configuration to do its dirty work. At that point the CCM client was checked. It had the classic problem of only displaying two Actions - Machine Policy Retrieval & Evaluation Cycle, User policy Retrieval & Evaluation
    Cycle. Most components were installed but not enabled. This is fairly common. Looked at the console, found the device, added the Approval column. Turns out it wasn't auto-approved. Reason being that the client is in an untrusted domain and clients in untrusted
    domains aren't approved automatically (by default).
    In this case something as simple as an Approving the client fixed these issues. 
    The DataTransferService.log highlights the issue:
    <![LOG[CDTSJob::JobError: DTS Job ID='{17E0B672-F699-434D-B063-87CC2ACF715C}' BITS Job ID='{38B81ADE-55B5-4BD7-A881-DBFF13943EDE}' ErrorCode=0x80190191]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService"
    context="" type="1" thread="3136" file="dtsjob.cpp:3501">
    <![LOG[CDTSJob::JobError: DTS Job ID='{17E0B672-F699-434D-B063-87CC2ACF715C}' URL='http://PRIMARYSERVER.A.B.COM:80/SMS_DP_SMSPKG$/5af1680e-4a14-4dc5-8a60-bda7370e6d68'
    ProtType=1]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService" context="" type="1" thread="3136" file="dtsjob.cpp:3504">
    <![LOG[Authentication required by the proxy, DTS Job ID='{17E0B672-F699-434D-B063-87CC2ACF715C}' BITS Job ID='{38B81ADE-55B5-4BD7-A881-DBFF13943EDE}'.]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService"
    context="" type="3" thread="3136" file="dtsjob.cpp:3513">
    <![LOG[DTSJob {8814E9A1-3D26-4089-83CF-3C7D17BCEC6E} in state 'Cancelled'.]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService" context="" type="1" thread="3688"
    file="dtsjob.h:166">
    <![LOG[DTS job {17E0B672-F699-434D-B063-87CC2ACF715C} BITS job
    {38B81ADE-55B5-4BD7-A881-DBFF13943EDE} encountered Access Denied error during download.  Will retry using Network Access Account.]LOG]!><time="18:25:54.264+00" date="02-19-2015" component="DataTransferService"
    context="" type="2" thread="3136" file="dtsjob.cpp:3652">
    <![LOG[DTSJob {8814E9A1-3D26-4089-83CF-3C7D17BCEC6E} cancelled by client.]LOG]!><time="18:25:54.280+00" date="02-19-2015" component="DataTransferService" context="" type="1" thread="3688"
    file="dtsjob.cpp:3205">
    <![LOG[No network access account info found.]LOG]!><time="18:25:54.327+00" date="02-19-2015" component="DataTransferService" context="" type="1"
    thread="3136" file="netaccessaccount.cpp:288">
    <![LOG[The network access account is not defined.]LOG]!><time="18:25:54.327+00" date="02-19-2015" component="DataTransferService" context=""
    type="1" thread="3136" file="netaccessaccount.cpp:858">
    <![LOG[DTSJob {17E0B672-F699-434D-B063-87CC2ACF715C} encountered error setting BITS job to use Network Access Account
    (0x00000000).]LOG]!><time="18:25:54.327+00" date="02-19-2015" component="DataTransferService" context="" type="3" thread="3136" file="dtsjob.cpp:1885">
    The IIS server logs u_ex150219.log captures the request:
    2015-02-19 123.11.12.13 GET /SMS_DP_SMSPKG$/5af1680e-4a14-4dc5-8a60-bda7370e6d68/sccm /windows6.1-kb3021917-x64.cab 80 - 9.10.11.12 Microsoft+BITS/7.7 -
    401 2 5 1509 2
    2015-02-19 123.11.12.13 GET /SMS_DP_SMSPKG$/5af1680e-4a14-4dc5-8a60-bda7370e6d68/sccm /windows6.1-kb3021917-x64.cab 80 - 9.10.11.12 Microsoft+BITS/7.7 -
    401 1 3221225581 1509 4
    2015-02-19 123.11.12.13 GET /SMS_DP_SMSPKG$/5af1680e-4a14-4dc5-8a60-bda7370e6d68/sccm /windows6.1-kb3021917-x64.cab 80 - 9.10.11.12 Microsoft+BITS/7.7 -
    401 1 3221225581 1509 3
    2 x Domains: DomainA and DomainX
    - Single domain forests
    - No trusts between domains/forests
    DomainA\PRIMARYSERVER
    - Primary Site Server, MP, DP, IIS, all roles
    DomainX\DP1
    - Distribution Point, IIS, etc
    - CCM client installed

    Based on the above, you are using a PullDP. If so, have you installed the client agent on this system? The client agent is required on PullDPs in untrusted domains so that they can acquire the NAA.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • ACS forwarding from untrusted domain 0x80090325 SEC_E_UNTRUSTED_ROOT

    I have SCOM 2012 R2 Update Rollup 4 installed with 2 management servers running WS12R2 in a single management group in my main AD domain. One of the management servers is also an ACS collector. I have an untrusted AD domain, with a SCOM gateway server in
    it, and I used the gateway to install a SCOM agent on a domain controller in that domain. Now I am trying to configure an ACS forwarder on that untrusted domain controller to talk to the ACS collector back on the management server.
    However, when I restart the
    Microsoft Monitoring Agent Audit Forwarding service on that domain controller, I get this error in its
    Event Viewer > Apps and Services > Operations Manager:
    1/23/2015 5:08:01 PM Source AdtAgent Event ID 4369 Forwarder unsuccessfully tried to connect to the following collector(s):
    <acsCollectorFQDN>:51909, status: 0x80090325 (TCP connect), source:registry addresses tried: <IP>:51909. If the list of collectors is blank, then AdtAgent was unable to locate a collector. Common reasons for this message are: The machinef(s)
    listed is not online. AdtServer is not running on the machine(s) listed. AdtServer on the machine(s) listed is not listening on the specified port. TCP connectivity to the AdtServer machine is blocked by firewall, IPSec, or other filtering mechanism AdtServer
    on the machine(s) listed actively refused the connection (due to policy or current activity load). For detailed failure information, enable trace logging using the TraceFlags registry key and examine the AdtAgent.log in the \temp subdirectory of the Windows
    directory.
    I followed these two articles in order to set up the ACS forwarder on the DC in the untrusted domain: "How to configure security events collection by using Audit Collection Services from computers in untrusted environment?" {1/3/12}https://gefufna.wordpress.com/2012/01/03/how-to-configure-security-events-collection-by-using-audit-collection-services-from-computers-in-untrusted-environment/ "Forwarder
    is unable to connect to collector Event id 4369 in forwarder event view" {5/5/14}
    http://jimmy-scom.blogspot.com/2014/05/forwarder-is-unable-to-connect-to.html
    EXTRA INFO Here are the detailed steps that I took (sorry for all this, but there are an awful number of steps!):
    1) I confirmed that the agent for the DC shows as Healthy in OM Console > Monitoring > Operations Manager > Agent Details > Agent Health State > Agent State (right) pane.
    2) On the ACS collector, I stopped
    Operations Manager Audit Collection Service, then from Admin cmd prompt I did this:
    c:> cd \windows\system32\security\adtserver
    c:> adtserver –c
    } 1 certificates found for server authentication usage.
    Enter the number of the certificate you want AdtServer to use for authenticating to AdtAgent or 0 to quit without saving: 1
    Certificate 1 selected. Attempting to save thumbprint to registry ...
    success.
    Then I started
    Operations Manager Audit Collection Service.
    3) On the DC in the untrusted domain, from Admin cmd prompt I did this:
    c:> cd c:\windows\system32
    c:> adtagent -c
    } No  Issued To                   Issued By                   Expires   
    Thumbprint
     1: <untrustedDCfqdn> <untrustedDomainCA>             2015-11-30 02:44:58    <thumbprint>
    2 certificates found for client authentication usage.
    Enter the number of the certificate you want AdtAgent to use for authenticating to AdtServer or 0 to quit without saving: > 1
    } Certificate 1 selected. Attempting to save thumbprint to registry… success.
    4) On the DC in the untrusted domain, I opened mmc > Certificates > Local Computer > Personal > Certificates > I exported the certificate from step 3 to a DER encoded binary X.509 (.CER) file.
    5) I also looked at the Certification Path for the certificate, and figured out which certificate is its Root CA certificate. I copied that certificate to a DER encoded binary X.509 (.CER) file.
    6) I copied the first .CER file to a computer in my main domain, which is at 2012 R2 level. From AD Users and Computers, I created a "dummy" computer object using the NetBios name of the DC back on the untrusted domain. I right clicked the computer
    object > Named Mappings > I added the .CER file, and left "Use Subject for alternate identity" checked. I unchecked "Use Issuer for alternate security identity".
    7) I copied the Root CA certificate .CER file over to the SCOM management server that doubles as my ACS collector, and from there I did mmc > Certificates > Local Computer > Trusted Root Certificates > Certificates > I imported the Root
    CA certificate.
    8) I also went to my CA server on my main domain, I ran pkiview.msc > right clicked “Enterprise PKI” > Manage AD Containers > NTAuthCertificates tab > and I imported the Root CA certificate there as well.
    9) I ran telnet from the DC on the untrusted domain, and confirmed that port 51909 is open from there to the ACS collector on the main domain.
    10) I enabled audit collection fot the DC on the untrusted domain. I did this from OM Console > Monitoring > Operations Manager > Agent Details > Agent Health State > Agent State (second column in middle pane) > I selected the Healthy <untrustedDCfqdn>
    > I clicked Enable Audit Collection.
    Then under "Task Parameters" > i clicked [Override] > for New Value I specified <ACScollectorFQDN>. For task credentials I specified Other account, and specified a domain admin account in the untrusted domain. The result was "The
    task completed successfully. Enable Audit Collection, status:Success".
    11) On the ACS collector, I restarted Operations Manager Audit Collection Service. On the DC in the untrusted domain I restarted Microsoft Monitoring Agent Audit Forwarding service.
    12) Result was this error on the DC in the untrusted domain, in its
    Event Viewer > Apps and Services > Operations Manager
    1/23/2015 5:08:01 PM Source AdtAgent Event ID 4369 Forwarder unsuccessfully tried to connect to the following collector(s):
    <acsCollectorFQDN>:51909, status: 0x80090325 (TCP connect), source:registry addresses tried: 10.1.1.91:51909. If the list of collectors is blank, then AdtAgent was unable to locate a collector. Common reasons for this message are: The machinef(s)
    listed is not online. AdtServer is not running on the machine(s) listed. AdtServer on the machine(s) listed is not listening on the specified port. TCP connectivity to the AdtServer machine is blocked by firewall, IPSec, or other filtering mechanism AdtServer
    on the machine(s) listed actively refused the connection (due to policy or current activity load). For detailed failure information, enable trace logging using the TraceFlags registry key and examine the AdtAgent.log in the \temp subdirectory of the Windows
    directory.
    13) On the DC in the untrusted domain I created DWORD reg value
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdtAgent\Parameters\TraceFlags and set it to 524420 decimal. The resulting c:\windows\temp\AdtAgent.log file only confirmed that I'm getting 0x80090325 errors.
    After all this, why am I getting 0x80090325, which translates to SEC_E_UNTRUSTED_ROOT ??? Did I do something wrong in steps 5, 7 and 8? Thanks for reading all the way through :)
    Marko

    Thanks Yan Li, you gave me an idea. I got the ACS forwarder in the untrusted domain to work (!), by analyzing the setup on the SCOM gateway that I set up in the untrusted domain. I issued the ACS forwarder a certificate from the domain that SCOM is in, INSTEAD
    of configuring the ACS forwarder to use the certificate that it already had from its own domain.
    So the new procedure is: do steps 1 and 2, then instead of step 3 I did this…
    2B) I issued a certificate from the AD domain containing SCOM to the domain controller in the untrusted domain that is my ACS forwarder. I did this from the AD Certificate Services web site, and asked it to use certificate template that I created for the
    SCOM gateway server in the untrusted domain.
    2C) The new certificate appeared in the Personal store of the domain controller. I exported it, then ran the MomCertImport utility so that I would not get an error in the next step (per
    http://www.systemcentercentral.com/scom-deployment-across-multiple-networks/)
    3) On the domain controller in the untrusted domain, I re-ran "adtserver -c", and selected the new certificate.
    3B) I then ran “MomCertImport /Remove”, since I already have a SCOM gateway in the untrusted domain.
    Then I proceeded with steps 4, skipped 5, did 6, skip 7-8, did 9-11, result was this on the DC in the untrusted domain, in its Event Viewer > Apps and Services > Operations Manager
    2/3/2015 12:20:01 PM Source AdtAgent Event ID 4368 Forwarder successfully connected to the following collector:
    <ACScollectorFQDN>:51909, status: 0x0 (success), source: registry
    addresses tried: <IPaddress>:51909
    ACS forwarding works now! I will confirm by repeating the procedure for another domain controller in the untrusted forest.
    Marko

  • SCCM MP Account from accessing across untrusted domain

    Hi,
    I am wondering if anyone has any suggestion on how to setup MP connection account from MP in untrusted domain (DMZ) to site server. I tried to create a user account in the domain where SCCM primary site exists and configured that account for MP to use but
    unfortunately I am getting following error..
      *** [28000][18452][Microsoft][SQL Server Native Client 11.0][SQL Server]Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
    I have not tried using SQL replica yet but I thought if account works then I would refrain from using SQL replica.
    Thanks,

    ** Resolved **
    Instead of using DOMAIN\USER, I created a local account on site server and assigned EXECUTE right to DB.. Its now communicating from DMZ without any problem...

  • JAAS between WLS (untrusted) domains - ServerIdentity failed validation

    I'm trying to create a proxy/delegate class that can be used by clients to
    transparently access a server.
    The class should be usable from clients within WLS containers and from
    regular java apps.
    Using JNDI authentication everything works fine.
    Using JAAS I'm having a problem when my client is a EJB app in an untrusted
    WLS domain. When the login is requested the following error is occuring:
    <ServerIdentity failed validation, downgrading to anonymous.>
    I want to be able to do a JAAS login to a non-trusted domain. I'm assuming
    that the server is trying to pass the subject who is logged into the current
    container, and my call to LoginContext.login()
    Any thoughts?
    //Example of code
    loginContext = new LoginContext("ServiceSecurity", new
    FW_SimpleCallbackHandler(pUser, pPassword, pUrl));
    loginContext.login();
    Subject subject = loginContext.getSubject();
    serviceHome = (ServiceHome)weblogic.security.Security.runAs( subject,
    new PrivilegedExceptionAction() {
    public Object run() throws Exception{
    //JNDI lookup
    //Create session bean instance
    weblogic.security.Security.runAs( subject,
    new PrivilegedExceptionAction() {
    public Object run() throws Exception{
    //do operation on instance

    Then I'd start talking to BEA support to see if they even know how to do
    this.
    Without the trust relationship I'm not sure if you can achieve what you
    want.
    Dejan
    Mark Fine wrote:
    This is exactly what I am doing.
    Implicitly there is a security context within the session bean (the user
    logs in via the web app and context is propagated). I obtain a LoginContext
    to the other server and call the method within that context.
    It doesn't work because it is implicitly passing the security context of the
    session bean and failing due to lack of trust.
    //Example of code
    loginContext = new LoginContext("ServiceSecurity", new
    FW_SimpleCallbackHandler(pUser, pPassword, pUrl));
    loginContext.login();
    Subject subject = loginContext.getSubject();
    serviceHome = (ServiceHome)weblogic.security.Security.runAs( subject,
    new PrivilegedExceptionAction() {
    public Object run() throws Exception{
    //JNDI lookup
    //Create session bean instance
    weblogic.security.Security.runAs( subject,
    new PrivilegedExceptionAction() {
    public Object run() throws Exception{
    //do operation on instance
    "Deyan D. Bektchiev" <[email protected]> wrote in message
    news:[email protected]...
    In that case you should be able to get the two different Subjects from
    the two different domains (return a different url from the URLCallback
    when you login with JAAS), and afterwards use
    weblogic.security.Security.doAs(...);
    with the correct Subject for the appropriate server when you access the
    servers.
    HTH,
    --dejan
    Mark Fine wrote:
    Thanks, but i think the content was miscommunicated. Everything works
    fine
    when the domains are "trusted". I want to know how to have "untrusted"
    domains talk to each other through explicit logins.
    ie. imagine an application on a domain in a finance department. What if
    they are trusted against other domains and can't / don't want to
    establish
    trust with your domain. They just need access to one particular service
    you
    expose.
    Thanks,
    m
    "Deyan D. Bektchiev" <[email protected]> wrote in message
    news:[email protected]...
    Hi Mark,
    You should first establish a trust relationship between your Weblogic
    servers:
    http://e-docs.bea.com/wls/docs70/secmanage/domain.html#1171534
    Then you can use JAAS to authenticate and get valid Subjects for the two
    users.
    --dejan
    Mark Fine wrote:
    I'm trying to create a proxy/delegate class that can be used by clients
    to
    transparently access a server.
    The class should be usable from clients within WLS containers and from
    regular java apps.
    Using JNDI authentication everything works fine.
    Using JAAS I'm having a problem when my client is a EJB app in an
    untrusted
    WLS domain. When the login is requested the following error is
    occuring:
    <ServerIdentity failed validation, downgrading to anonymous.>
    I want to be able to do a JAAS login to a non-trusted domain. I'm
    assuming
    that the server is trying to pass the subject who is logged into the
    current
    container, and my call to LoginContext.login()
    Any thoughts?
    //Example of code
    loginContext = new LoginContext("ServiceSecurity", new
    FW_SimpleCallbackHandler(pUser, pPassword, pUrl));
    loginContext.login();
    Subject subject = loginContext.getSubject();
    serviceHome = (ServiceHome)weblogic.security.Security.runAs( subject,
    new PrivilegedExceptionAction() {
    public Object run() throws Exception{
    //JNDI lookup
    //Create session bean instance
    weblogic.security.Security.runAs( subject,
    new PrivilegedExceptionAction() {
    public Object run() throws Exception{
    //do operation on instance

  • Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.

    Hello,
    I have gone through couple of posts regarding this issue but couldn't get the right solution. Could you please help what exactly we are missing here.
    Details:
    1) we have two SQL instances on one standalone machine (Default Instance (2008 SP3) + Named Instance (SQL 2012 SP1))
    2) Both instances are configured to accept SQL+ Windows authentication.
    3) when we give access to our users they are getting following exception if they connect with 'windows authentication'. (For both instances)
    Login failed. The login is from an untrusted domain and cannot be used with Windows authentication.
    Note: (Being a sys + windows admin I'm able to connect both the instances from same client machine without
    any issues)
    4) Also, we observed following error in windows application event log,
     SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.
    The logon attempt failed   [CLIENT: 192.168.xxx.xyx]
    5) If we create SQL login it is working fine without any issues.
    Could someone guide/help  me identifying and fixing this issue.
    Thank you

    Hello,
    Are those Windows Logins associated to domain Windows accounts? Windows Logins work for domain accounts and local Windows account created on the server where the SQL Server instance is installed (and used to login locally to the server).
    Could you try to delete one of the Windows logins that fail to login , and try to recreate them?
    The following resources may help:
    http://blogs.msdn.com/b/dataaccesstechnologies/archive/2012/12/19/error-message-quot-login-failed-the-login-is-from-an-untrusted-domain-and-cannot-be-used-with-windows-authentication-quot.aspx
    http://support.microsoft.com/kb/555332
    Hope this helps.
    Regards,
    Alberto Morillo
    SQLCoffee.com

  • SQL server(PC1) --- PC2: Login failed. The login is from untrusted domain and cannot be used with windows authentification

    Hey,
    I'want to make connection from my laptop(xxx.xxx.xxx.xxx = A) to a fixed computer(SQL server xxx.xxx.xxx.xxx =B). My connection string = "Provider=SQLNCLI11; Data source:name-pc/SQLEXPRESS; Integrated circuit=SSPI;Intial Catalog=Database name for visual
    studio C#.
    Laptop -> PC1 : Eror
    It works when i use localhost or 127.0.0.1 and i can read my database without any problems if i install SQL server on my laptop. Know i install it to PC1 and uninstall on my laptop. When i change the name-pc by an ip-adress i get this error: Login failed.
    The login is from untrusted domain and cannot be used with windows authentification. I did some research on multiple forums where they say about Local security policy(secpol.exe) but i don't have this file. 
    PC2-> PC3: work fine but i want to work with my laptop and i don't understand why it isn't working with my Laptop. 
    Can someone help me?
    Thx a lot and sry about my english(its a disaster) 
    Thibaut

    Hello,
    Yes, for the Windows Authentication to work you should be using the same Windows account and password.
    Are you willing to create SQL logins inside SQL Server and allow your users to connect to SQL Server using SQL Authentication
    instead of Windows Authentication? That could be a solution on a workgroup network.
    Hope this helps.
    Regards,
    Alberto Morillo
    SQLCoffee.com

  • SQL Server Protection untrusted domain

    DPM 2012 R2 on Server 2008R2
    SQL Server:  2008 R2 running SQL 2008R2 in untrusted domain
    Configured environment as Untrusted - local User and agent is communicating with SQL Server.
    Configured protection group and saw all the DB's.  Initially about 1/2 the DB's went to OK but with no recover point and then all went to replica inconsistent. 
    I have configured the local account with local administrator as well as SYSADMIN rights on the SQL application with no luck.  Interesting is on the SQL Server I get App Log events for 1) I/O frozen on DB, 2) I/O resumed, 3) database backed up. 
    I also get System event logs for Software Shadow Copy Provider starting and stopping but I'm getting no data transferred to the DPM server.
    Ideas?

    Fixed:
    Added port 3718 from protected system to DPM on firewall. MS document does not give connection direction so I initially assumed 5718/5719 to be only towards the protected system.

  • Administer untrusted domain

    I'm trying to administer users in an untrusted domain from my PC.
    I use the below CMD line and I'm able to get ADUC running. Doing some tasks in ADUC, gives me the error "The specified domain either does not exist or could not be contacted."
    C:\Windows\System32\runas.exe /netonly /user:UntrusedDomain\user"mmc dsa.msc /server=1.1.1.1"

    Hi,
    If you want to access the other domains, you have to configure a trust relationship:
    For more and detail information, please refer to:
    http://windowsitpro.com/windows-server/how-do-i-configure-trust-relationship
    Regards.
    Vivian Wang

  • Issues in IDoc Sender Scenario:IDoc  with errors added

    Hi all
             Am working on an IDoc to JDBC scenario. In R/3 system, I have created distribution model, partner profile, RFC destination and port.The IDoc is generated and is sent to XI successfully. But in XI , there is no entry in SXI_MONITOR for this (unfortunately IDX5 is not available in the XI server! ;as of now). Instead an entry is made in WE05 and WE02 with stautus 56(IDoc with errors added). In the status record:
    status 56 : External segment name E2KOMG003 cannot be interpreted
    status 60 : Basic IDoc type COND_A03 could not be found.
    And the segments displayed in data record  are different from the segments in the data record of the IDoc generated at R/3. (say for E1KOMG at R/3, E2KOMG003 in XI).Earlier the flow was working fine and the DB table was updated successfully. And the entire stuff is believed to be 'unmodified' .
    Would any one help in resolving the issue.
    Thanks,
    Chilanka

    Hi,
    >>>>I have created partenr profile in R/3.Need I create a partner profile in XI for R/3 system?
    no you cannot create any partner profiles in XI
    for more about IDOC configuration in XI check :
    <a href="/people/michal.krawczyk2/blog/2006/10/11/xi-new-book-mastering-idoc-business-scenarios-with-sap-xi"><b>Mastering IDoc Business Scenarios with SAP XI</b></a>
    Regards,
    michal
    <a href="/people/michal.krawczyk2/blog/2005/06/28/xipi-faq-frequently-asked-questions"><b>XI / PI FAQ - Frequently Asked Questions</b></a>

  • ERROR: No valid domain present

    While installing OATS in custom mode. getting the below error in deploy.log. kindly suggest as to what can be done.
    ERROR: No valid domain present
    And also Observed this in the "config_ds.log" file .
    Initializing WebLogic Scripting Tool (WLST) ...
    Welcome to WebLogic Server Administration Scripting Shell
    Type help() for help on available commands
    Error: readTemplate() failed. Do dumpStack() to see details.
    Problem invoking WLST - Traceback (innermost last):
    File "C:\OracleATS\bin\..\bin\config_ds_offline.py", line 1, in ?
    File "C:\Users\aime1\AppData\Local\Temp\WLSTOfflineIni7083857516903294319.py", line 17, in readTemplate
    The template to read must be a jar file containing a valid domain configuration
    at com.oracle.cie.domain.script.jython.CommandExceptionHandler.handleException(CommandExceptionHandler.java:51)
    at com.oracle.cie.domain.script.jython.WLScriptContext.handleException(WLScriptContext.java:1538)
    at com.oracle.cie.domain.script.jython.WLScriptContext.readTemplate(WLScriptContext.java:340)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.jython.WLSTException: com.oracle.cie.domain.script.ScriptException: unable to parse "template-info.xml" from template jar "/install/domain/oats.jar
    The template to read must be a jar file containing a valid domain configuration
    Thanks,
    Pradeep

    Many thanks Praveen,
    I have carried out all the checks in the tables and it seems that everything is fine!.
    Creating a RFC Destication for CRM in R/3
    Maintain Table CRMRFCPAR and CRMCONSUM?
    In Table CRMPAROLTP, Parameter "crm release" should set to your CRM version ( ex 500 for crm 5.0)
    Maintain table TBE11, APPI should be NDI(new dimension integration),A yes
    I don't really know where the error could lay.
    Andrea

  • Yahoo email account on iphone 4s error message MFMessageError Domain error 1032 keeps coming up trying to log into my email. Why does this happen?

    I'm trying to log in to my yahoo email account on iphone 4s and the error message MFMessage Domain error 1032 keeps on coming up. Why is this happening and how can I fix it?

    What worked for me was resetting my password on my email then rebooted my iPhone 4S.

  • Error adding buffer entry when using Asynchronous mode of JRA and JCO call

    Enviroment: XMII 12.1.4 / CE EhP1 SP03
    When I using SAP JRA Function Call or SAP JCO Funciton Call in transaction, it works well when I choose 'Process Type' as 'Synchronous processing' in 'Data Buffering Configuration' tab. But when I use 'Asynchronouse processing' it doesn't work.
    I check the Netweaver logs, there some logs like following:
    Error adding buffer entry (com.sap.xmii.dataqueue.DataBufferManager)
    Couldn't add buffer entry (com.sap.xmii.dataqueue.DataBufferManager)
    ManagedConnectionImpl.dissociateConnections(), dissociation of a non-cci transaction, H1, C1(com.sap.mw.jco.jra)
    how could I solve this problem?

    Solved after deploy 12.1 SP05 (xMII 12.1.5 build 91)

Maybe you are looking for

  • Deactivating one of the two registration with Photoshop Elements 8

    My old computer has been cleared from all programs and the system. I'd like to use the Adobe Photoshop Elemets 8 product on my new computer, but I need the one of the two registration of the product cleared to be able to use it. I can not deactivate

  • How to find whether MIRO is done for a PO

    Hi All, Is there any indicator attached to POs that indicates whether MIRO is done for that PO? I mean after PO creation in ME21N -> GR in MIGO -> Excise (if applicable) and -> MIRO... how to find whether MIRO is done for a particular PO? Helpful tip

  • Blocking read on a FIFO

    My java program needs to read data from a FIFO file and then block when the data ends and wait for more data. I can achieve the desired effect with something like while(true) {     while(myReader.ready()) {         ... read data here .... }... but th

  • Opening in the same window

    Hello, My question is two-fold. 1. Is there any way of setting Quicktime so that it plays audio/video immediately after opening, so I don't have to press play? 2. Also, when I play one MP3, Quicktime opens. When I play a second MP3, it opens another

  • I cannot view videos and have tried everything.

    I cannot play videos in Firefox. It does not recognize that Flash has been installed. I have tried everything and am actually tired of this. When I check on page it says the npnul32.dll is missing. I do not know what that is or how to fix it, can you