Event 6, CertificateServicesClient-AutoEnrollment
I installed a new Root CA in for our internal/corporate network a few months back, set up certificate autoenrollment, verified that machines are getting automatically enrolled with new computer certs from new CA, and finally uninstalled certificate services
from the old CA (which was also a domain controller).
Several months later, I finally decommission that old domain controller and remove it from the network. Now, all of my workstations are continually generating an Event 6 from CertificateServicesClient-AutoEnrollment. Error message is
"Automatic certificate enrollment for local system failed (0x8007000d) The data is invalid."
Does anyone know what could be generating this error?
Checking a few of the workstations, I see each of them have a computer certificate issued from the new CA from several months ago, and they also still have the old certificate issued from the old CA (but not yet expired). Could the error message have something
to do with the fact that the old certificate still resides on the machine and now the old CA is gone? That doesn't seem right to me since I uninstalled AD CS from the old CA months ago and am only now seeing this error message. Seems like some issue with the
removal of the domain controller since the error messages only began appearing after that.
Shaun
Hi Shaun,
We recommend to revoke all the old CA Certificates before you uninstalled certificate services from the old CA, if you hadn't done this, which would cause issue to update the certificate revocation list (CRL).
Please try to remove the old CA Certificates from the workstation, and check if it still get the same error.
In addition, to troubleshoot autoenrollment, please also check this article:
Troubleshooting autoenrollment
If you have any feedback on our support, please click here.
Best Regards,
Anna
TechNet Community Support
Similar Messages
-
Event ID 64 CertificateServicesClient-AutoEnrollment about to expire
I noticed this warning appearing on my clients server (DC). I decided to open Certificates console (Local Computer), and under Personal/Certificate there is a certificate issued to mydomaincontroller.mydomain.local which was issues by the CA on my
SBS2008 server which is now decommissioned. It says the Intended Purposes is Client Authentication, Server Authentication. it is going to expire very soon.
Do I need to renew it? How can I if the CA is gone? What is the certificate for?Hi,
Since the CA has been decommissioned, I doubt there is any need for the certificate issued by it. Besides, we cannot renew a certificate without issuing CA present.
You can ignore the event message, or delete the certificate.
More information for you:
How to remove a certificate with the private key
https://social.technet.microsoft.com/Forums/en-US/a016c0c1-131f-4deb-b95e-a8876fa2cbeb/how-to-remove-a-certificate-with-the-private-key-?forum=winserversecurity
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Hello,
Im having issues and errors in the event viewer with the KDC certificates.
We have 2 windows 2003 domain controllers (one was Certificate Authority) and we are migrating to Windows 2012, the steps that we have done are:
- Forest and domain at Windows 2003 level.
- Create 2 new domain controllers in Windows 2012 (only DNS and GC, no fsmo roles yet), adding it as new ones in the domain (so 4 domain controllers).
- Revoke all the certificates from the CA (it was only for tests propousal) and deinstall it completely.
- In the Windows 2003 domain controllers started the error:
Event Type: Warning
Event Source: KDC
Event Category: None
Event ID: 20
Date: 12/17/2006
Time: 1:49:47 AM
User: N/A
Computer: SERVER
Description:
The currently selected KDC certificate was once valid, but now is invalid and no suitable replacement was found. Smartcard logon may not function correctly if this problem is not remedied. Have the system administrator check on the state of the domain's public
key infrastructure. The chain status is in the error data.
- In the Windows 2012 domain controllers started the errors:
Event 82: CertificateServicesClient-CertEnroll: RPC server unavailable, error in template: DomainController
Event 13: CertificateServicesClient-CertEnroll: Error RPC: Server.domain.local/CAdomain (where Server is the domain controller were the CA was, and CAdomain the name of the old CA just deleted)
Event 6: CertificateServicesClient-AutoEnrollment: Error RPC
With certutil -dcinfo verify there was errors, so we applied certutil -dcinfo deleteBad. After that the errors are (for the 4 domain controllers):
*** Testing DC[0]: SERVER
** Enterprise Root Certificates for DC SERVER
No certs in Ent Root store!
** KDC Certificates for DC SERVER
0 KDC certs for SERVER
No KDC Certificate in MY store
KDC certificates: Cannot find object or property. 0x80092004 (-2146885628)
We have deleted templates as this article (as we havent got CA now):
http://www.petenetlive.com/KB/Article/0000473.htm
But the errors still here. We have gpupdate /force and restart the domain controllers but nothing...
We have tried to request a new certificate with this steps:
Create a computer certificate using mmc snap-in 'certificates' by right clicking on 'Certificates' folder Under 'root\Personal' tree, and clicking All Tasks -> Request New Certificate. Certificate Enrollment window appears, you verify you are connected to
your network and you are logged onto the domain.
Then Click Next, which leads to a window stating the issue:
"Certificate types are not available"
"You cannot request a certificate this time because no certificate types are available. If you need a certificate contact your administrator."
Any help will be appreciate.
thanksIt appears that Active Directory wasn't cleaned correctly. You need to completely decommission CA server from Active Directory:
http://social.technet.microsoft.com/wiki/contents/articles/3527.how-to-decommission-a-windows-enterprise-certification-authority-and-how-to-remove-all-related-objects.aspx
Start with step 6.
Vadims Podāns, aka PowerShell CryptoGuy
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell File Checksum Integrity Verifier tool. -
Certificate autoenrollment fails after template update
I was asked to increase the validity period on the certificates we issue to users to authenticate onto our Wireless LAN. We use Group Policy to cause the users to autoenroll for a certificate using a version 3 template (our issuing CA is Windows Server 2003
Enterprise). Users have been able to autoenroll for certificates without any issue.
To increase the validity period, I edited the certificate template as an Enterprise Admin (I also increased the renewal period), then forced all certificate holders to reenroll, which changed the template version on the CA to 101.0 (previously it was 100.2).
None of my users appear to have reenrolled for the updated certificate. Looking in the Event Viewer on my own PC, I see four 'CertificateServicesClient-CertEnroll' information events (Event IDs 65, 64 & 66) suggesting that I am connecting successfully
to the issuing CA, followed by an error (Event ID 13) from source 'CertificateServicesClient-CertEnroll' and an error (Event ID 6) from source 'CertificateServicesClient-AutoEnrollment' (details below). This sequence is generated each time autoenrollment is
triggered.
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-CertEnroll
Date: 18/07/2011 08:44:24
Event ID: 13
Task Category: None
Level: Error
Keywords: Classic
User: DOMAIN\User
Computer: COMPUTER.exe.nhs.uk
Description:
Certificate enrollment for DOMAIN\User failed to enroll for a WirelessUser certificate with request ID 19934 from ISSUINGCA.domain\Issuing CA for domain (The request template version is newer than the supported template version. 0x80094807 (-2146875385)).
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date: 18/07/2011 08:44:25
Event ID: 6
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: COMPUTER.exe.nhs.uk
Description:
Automatic certificate enrollment for DOMAIN\User failed (0x80094807) The request template version is newer than the supported template version.
Looking on the CA, there are lots of failed certificate requests in the Certification Authority snap-in showing the same error code. The details of the request shows that the request contains the 'old' template version number.
Template=Wireless User(1.3.6.1.4.1.311.21.8.13313988.12889471.11486910.12329237.4898732.247.969219678.4239254036)
Major Version Number=100
Minor Version Number=2
Can anyone suggest what might be the issue here? Many thanks, Damion.
P.S. I've also posted this on the Microsoft Answers forum before realising that the TechNet might be a better place to ask.Are you sure about template verision? Windows Server 2003 CA as well as Windows XP/2003 clients don't support Version 3 (Windows Server 2008 Enterprise) templates. Only Version 1 (Windows 2000) and Version 2 (Windows Server 2003 Enterprise) are supported
by your CA.
My weblog: http://en-us.sysadmins.lv
PowerShell PKI Module: http://pspki.codeplex.com -
Server 08 R2 DC - unable to open ADUC, netlogon does not start
Hello everyone, and thank you in advance for any possible support.
Note: All identifying server/domain names have been replaced with "CORP" "Sub" and "Sibling" where appropriate. Our forest consists of 3 domains - two which are 'siblings' at the top, CORP and Sibling, (corp being
the primarily used one), and one which is a 'child' of Corp (Sub).
Today we identified that on one of my domain controllers (named for this post, CORP-DC6) we are unable to open ADUC. This is only one of our 8 DC's, and it does not hold any FSMO roles; the only two important pieces on this server is that it's where we manage
our OCS from (we use ADUC on this system to enable a user for OCS, create SIP addresses, etc) and that Certification Authority is installed on the system.
Attempting to open ADUC gives error "Naming information cannot be located because: The target principal name is incorrect."
Web searches for this prompted me to check DNS for issues. In looking into DNS, I found that the system was somehow assigned a different IP address than it should have (it was now at 192.168.1.124 instead of 192.168.1.290 where it should have been).
I moved the IP address back to the correct IP, and rebooted.
The issue was still there, so I continued searching; which lead me to a suggestion to check out my netlogon service. I found that the Netlogon service was NOT running. When attempting to start the service, it fails and I am presented wih the
following error in the System event log:
Log Name: System
Source: Service Control Manager
Date: 7/24/2013 10:54:59 AM
Event ID: 7023
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CORP-DC6.corp.com
Description:
The Netlogon service terminated with the following error:
%%-1073741724
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7023</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:54:59.175664400Z" />
<EventRecordID>850085</EventRecordID>
<Correlation />
<Execution ProcessID="496" ThreadID="584" />
<Channel>System</Channel>
<Computer>CORP-DC6.corp.om</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Netlogon</Data>
<Data Name="param2">%%-1073741724</Data>
</EventData>
</Event>
Additionally, there is also this error:
Log Name: System
Source: NETLOGON
Date: 7/24/2013 10:54:59 AM
Event ID: 5602
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CORP-DC6.corp.com
Description:
An internal error occurred while accessing the computer's local or network security database.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NETLOGON" />
<EventID Qualifiers="0">5602</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:54:59.000000000Z" />
<EventRecordID>850083</EventRecordID>
<Channel>System</Channel>
<Computer>CORP-DC6.corp.com</Computer>
<Security />
</System>
<EventData>
<Data>%%1317</Data>
<Binary>640000C0</Binary>
</EventData>
</Event>
At this point, I've read a bunch of stuff online and not really found anything that has helped nor seemed completely relevant.
Additional Info that may help out:
When I open Server Manager, it seems to think the local system's name is WIN-3OL3DIFK4S instead of CORP-DC6; similarly opening Device Manager from w/in Server manger gives a message about managing a remote system; even though I am managing the local system.
There are additional errors in the System and Application log which are certainly issues, but I do not know if they pertain to the main issue at hand here or not.
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 7/24/2013 10:55:04 AM
Event ID: 1055
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: CORP-DC6.corp.com
Description:
The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1055</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:55:04.448473700Z" />
<EventRecordID>850088</EventRecordID>
<Correlation ActivityID="{582C2637-5A99-47AE-B50C-C1A063DDABDC}" />
<Execution ProcessID="888" ThreadID="1056" />
<Channel>System</Channel>
<Computer>CORP-DC6.corp.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">1632</Data>
<Data Name="ProcessingMode">1</Data>
<Data Name="ProcessingTimeInMilliseconds">11762</Data>
<Data Name="ErrorCode">5</Data>
<Data Name="ErrorDescription">Access is denied. </Data>
</EventData>
</Event>
Log Name: System
Source: LsaSrv
Date: 7/24/2013 10:55:13 AM
Event ID: 40961
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Computer: CORP-DC6.corp.com
Description:
The Security System could not establish a secured connection with the server ldap/corp-dc1.corp.com/[email protected]. No authentication protocol was available.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" />
<EventID>40961</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:55:13.262489200Z" />
<EventRecordID>850092</EventRecordID>
<Correlation />
<Execution ProcessID="504" ThreadID="1332" />
<Channel>System</Channel>
<Computer>CORP-DC6.corp.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Target">ldap/CORP-dc1.corp.com/[email protected]</Data>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-DfsSvc
Date: 7/24/2013 10:55:24 AM
Event ID: 14548
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CORP-DC6.corp.com
Description:
The DFS Namespace service could not initialize the trusted domain information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DfsSvc" Guid="{7DA4FE0E-FD42-4708-9AA5-89B77A224885}" EventSourceName="DfsSvc" />
<EventID Qualifiers="49152">14548</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:55:24.000000000Z" />
<EventRecordID>850102</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>CORP-DC6.corp.com</Computer>
<Security />
</System>
<EventData Name="DfsNoTrustedDomainInfo">
<Binary>B5060000</Binary>
</EventData>
</Event>
Log Name: System
Source: Microsoft-Windows-Security-Kerberos
Date: 7/24/2013 10:57:44 AM
Event ID: 4
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CORP-DC6.corp.com
Description:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/corp-dc1.corp.com. The target name used was cifs/corp-dc1.corp.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (CORP.COM) is different from the client domain (CORP.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
<EventID Qualifiers="16384">4</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:57:44.000000000Z" />
<EventRecordID>850163</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>CORP-DC6.CORP.com</Computer>
<Security />
</System>
<EventData>
<Data Name="Server">host/corp-dc1.corp.com</Data>
<Data Name="TargetRealm">CORP.COM</Data>
<Data Name="Targetname">cifs/corp-dc1.corp.com</Data>
<Data Name="ClientRealm">CORP.COM</Data>
<Binary>
</Binary>
</EventData>
</Event>
There are also the following errors in the Application event log
Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 7/24/2013 10:55:13 AM
Event ID: 91
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: CORP-DC6.corp.com
Description:
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
<EventID Qualifiers="49754">91</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:55:13.000000000Z" />
<EventRecordID>254767</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>CORP-DC6.corp.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_DS_RETRY">
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Date: 7/24/2013 10:55:30 AM
Event ID: 44
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: CORP-DC6.corp.com
Description:
The "Windows default" Policy Module "Initialize" method returned an error. Logon failure: unknown user name or bad password. The returned status code is 0x8007052e (1326). The Active Directory containing the Certification Authority could not be contacted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
<EventID Qualifiers="49754">44</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:55:30.000000000Z" />
<EventRecordID>254773</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>CORP-DC6.corp.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_POLICY_ERROR">
<Data Name="PolicyModuleDescription">Windows default</Data>
<Data Name="MethodName">Initialize</Data>
<Data Name="ErrorCode">0x8007052e (1326)</Data>
<Data Name="param4">The Active Directory containing the Certification Authority could not be contacted.
</Data>
<Data Name="ErrorString">Logon failure: unknown user name or bad password.</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment
Date: 7/24/2013 10:55:31 AM
Event ID: 6
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: CORP-DC6.corp.com
Description:
Automatic certificate enrollment for local system failed (0x8007052e) Logon failure: unknown user name or bad password.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificateServicesClient-AutoEnrollment" Guid="{F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43}" EventSourceName="AutoEnrollment" />
<EventID Qualifiers="16384">6</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-07-24T14:55:31.000000000Z" />
<EventRecordID>254775</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>CORP-DC6.corp.com</Computer>
<Security />
</System>
<EventData>
<Data Name="Context">local system</Data>
<Data Name="ErrorCode">0x8007052e</Data>
<Data Name="ErrorMsg">Logon failure: unknown user name or bad password.
</Data>
</EventData>
</Event>
Link to output of DCDiag on pastebin: http://pastebin.com/VFPTcEGT
Smply based on a quick look through of the dcdiag and the various event log messages, It seems to me that the NetLogon service not starting up is causing most of the errors; but I am not aware of how to get it to start up.Thank you for the quick response!
Windows firewall is disabled for all network profiles.
We have do have 7 DC's in the forest. here's an image i created a while back that lists our DC's and shows the replication partners (not really relevant, but this shows the DC's) http://i.imgur.com/AtjGuiM.jpg
I believe May 27 was a date in which we performed maintenance/upgrades on our vmware virtual hardware on this VM; when we upgraded the virtual hardware, it created a new NIC device on this server (which is how the system lost it's IP address configuration).
Today, I assigned the correct IP to the 'new' NIC.
will look at link about Kerberos
I'm unfortunately not familiar enough with the purposes of the internal vs external forwarders to comment on this or make a change at this time.
IPConfig info shown below
DNS is AD integrated, each domain has it's own DNS servers and have conditional forwarders to point to the other domain when appropriate. I believe each DC is also running DNS, but via DHCP we only pass out at most two DNS servers to client systems (main
office, it's 192.168.1.7, 192.168.1.8)
C:\Users\daniel_da>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : CORP-DC6
Primary Dns Suffix . . . . . . . : corp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.com
sibling.com
sub.corp.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
Physical Address. . . . . . . . . : 00-50-56-AD-5C-29
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f43a:f215:c266:5a70%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.190(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 285233238
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-F5-25-A1-00-50-56-AD-5C-29
DNS Servers . . . . . . . . . . . : 192.168.1.8
192.168.1.7
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{5B04D7AC-9161-4A51-9ADC-166E37EE4D0E}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\daniel_da>
C:\Documents and Settings\daniel_da>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : corp-dc1
Primary Dns Suffix . . . . . . . : corp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.com
sibling.com
sub.corp.com
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-50-56-AD-29-1D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.8
192.168.1.7
Primary WINS Server . . . . . . . : 192.168.1.7
C:\Documents and Settings\daniel_da>
C:\Documents and Settings\daniel_da>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : CORP-DC2
Primary Dns Suffix . . . . . . . : corp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.com
sibling.com
sub.corp.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter #3
Physical Address. . . . . . . . . : 00-50-56-AD-67-B0
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.7
192.168.1.8
Primary WINS Server . . . . . . . : 192.168.1.7
C:\Documents and Settings\daniel_da>
C:\Documents and Settings\daniel_da>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : sub-dc2
Primary Dns Suffix . . . . . . . : sub.corp.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sub.corp.com
corp.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-50-56-AD-39-7E
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.136
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.8
192.168.1.7
C:\Users\daniel_da>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Sibling-DC3
Primary Dns Suffix . . . . . . . : sibling.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sibling.com
corp.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : corp.com
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection #
2
Physical Address. . . . . . . . . : 00-50-56-AD-6E-97
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7c97:854f:8bf5:efdb%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.147(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, May 27, 2013 2:53:39 PM
Lease Expires . . . . . . . . . . : Thursday, July 25, 2013 2:56:42 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.7
DHCPv6 IAID . . . . . . . . . . . : 285233238
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-B5-55-91-00-50-56-AD-6E-97
DNS Servers . . . . . . . . . . . : 192.168.1.8
192.168.1.7
Primary WINS Server . . . . . . . : 192.168.1.7
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.occfiber.com:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : corp.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Documents and Settings\daniel_da>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : corpsite3-dc7
Primary Dns Suffix . . . . . . . : corp.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.com
sibling.com
sub.corp.com
Ethernet adapter Dallas:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-19-B9-EA-65-FA
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.35.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.35.1
DNS Servers . . . . . . . . . . . : 192.168.35.7
C:\Documents and Settings\daniel_da>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : siblig-dc1
Primary Dns Suffix . . . . . . . : siblingsite2.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : sibling.com
corp.com
Ethernet adapter smpdc1_nw:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-14-5E-2B-0D-88
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.20.24.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.20.24.5
DNS Servers . . . . . . . . . . . : 172.20.24.2
172.20.24.221 -
Files don't open or will only open 'Read Only'. Server reboot resolves issue for 1 day
Greetings!
We have a SharePoint 2010 Foundation server that I recently inherited. I'm a novice at SharePoint, but let me cut to the chase.
Users have recently (within the last week) started experiencing a problem where if they open a file, it will error either saying that the file cannot be opened, or it will only open in read only. This occurs with Excel, Word, Power Point docs. They CAN however,
open and edit these documents in the browser with web apps. After launching the full office application, if they click 'Edit Document', it will appear to switch to editable mode, but the title bar will still contain 'Read Only' and they can't save changes
directly back and are forced to do a 'Save As'. The only thing I have been able to do to remedy this is to quiesce the server and reboot it. After reboot, it will work until something magical happens overnight and it's broken again the next morning. I'm trying
to hunt down what this magical event is but could use some help.
Note that after I reboot the server, users can access and modify normally, no rebooting of workstations or closing of any applications (including the browser that's already on SharePoint) for it to start working, so I believe we can eliminate an endpoint
issue.
Server Specs:
VMWare VM version 9 (VMTools up-to-date)
16GB RAM
250GB HDD
2x vCPU
Windows 2008 R2 (latest updates installed)
SQL DB Hosted remote on a SQL 2008 R2 server running on Windows 2008 R2. The SQL database is set up in a mirror configuration.
I'm sure I missed a lot of pertinent information but want to get something out there. Thanks in advance.There are warnings that repeat every ~1hour and one critical that occurs daily. Under each error, I added notes of what I've done to remedy.
Warning, Event ID 14
The start address sts4://serveraddress/contentdbid={0d061a04-5c82-48e5-b381-e111d1926b8d} cannot be crawled.
Context: Application 'Search_index_file_on_the_search_server', Catalog 'Search'
Details:
The SharePoint server was moved to a different location. (0x8004fd12)
I found in central management that the content database is pointing to an old SQL database but the failover server is set correctly. I assume that is what is generating this but I don't know how to fix it.
Warning, Event ID 2138
The SharePoint Health Analyzer detected a condition requiring your attention. Drives are at risk of running out of free space.
Available drive space is less than five times the value of physical memory. This is dangerous because it does not provide enough room for a full memory dump with continued operation. It also could cause problems with the Virtual Memory swap file:
(SERVERNAME- C:\).
Examine the failing servers and delete old logs or free space on the drives. For more information about this rule, see "http://go.microsoft.com/fwlink/?LinkID=142688".
I Resolved this already an hour ago, extended the HDD from 100GB to 250 GB and made pagefile 2x the RAM (it was set to 8GB, RAM is 16GB)
Critical, Event ID 6398
The Execute method of job definition Microsoft.SharePoint.Administration.SPTimerRecycleJobDefinition (ID b71cb245-29cf-49d5-a157-2c04b881f15f) threw an exception. More information is included below.
The timer service was not recycled because the following jobs were still running: Microsoft SharePoint Foundation Usage Data Import
The timer recycle job was set to run no earlier than 6am and no later than 6am. I manually ran the job and it completed. I set the times for it to run to be 4am - 8am to give it time to run.
This was right after a reboot (barf of the errors below)
Error, Event ID 7043
Load control template file /_controltemplates/TaxonomyPicker.ascx failed: Could not load type 'Microsoft.SharePoint.Portal.WebControls.TaxonomyPicker' from assembly 'Microsoft.SharePoint.Portal, Version=14.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c'.
Here's the App event log over the last 24 hours, filtered without informational items:
Warning 1/31/2014 1:44:25 PM SharePoint Foundation Search 14 Gatherer
Error 1/31/2014 12:51:07 PM SharePoint Foundation 7043 Web Controls
Warning 1/31/2014 12:44:23 PM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 12:15:07 PM SharePoint Server 8088 Taxonomy
Warning 1/31/2014 12:14:55 PM MsiInstaller 1015 None
Warning 1/31/2014 12:14:55 PM MsiInstaller 1001 None
Warning 1/31/2014 12:14:55 PM MsiInstaller 1004 None
Warning 1/31/2014 12:14:55 PM MsiInstaller 1015 None
Warning 1/31/2014 12:14:54 PM MsiInstaller 1001 None
Warning 1/31/2014 12:14:54 PM MsiInstaller 1004 None
Warning 1/31/2014 12:14:29 PM ILM Web Service Configuration 234 None
Warning 1/31/2014 12:14:29 PM ILM Web Service Configuration 234 None
Warning 1/31/2014 12:14:27 PM ILM Web Service Configuration 234 None
Warning 1/31/2014 11:44:23 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 10:44:30 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 10:20:01 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 10:19:46 AM SharePoint Foundation 2138 Health
Error 1/31/2014 10:19:08 AM SharePoint Foundation 7043 Web Controls
Warning 1/31/2014 10:17:15 AM SharePoint Foundation Search 57 Search service
Warning 1/31/2014 10:17:15 AM SharePoint Foundation Search 57 Search service
Error 1/31/2014 10:04:10 AM SharePoint Foundation 5586 Database
Critical 1/31/2014 10:03:15 AM SharePoint Foundation 6398 Timer
Critical 1/31/2014 10:03:10 AM SharePoint Foundation 6398 Timer
Critical 1/31/2014 10:03:03 AM SharePoint Foundation 3355 Database
Error 1/31/2014 10:03:02 AM SharePoint Foundation 6772 Timer
Error 1/31/2014 10:03:02 AM SharePoint Foundation 6772 Timer
Critical 1/31/2014 10:03:01 AM SharePoint Foundation 6398 Timer
Critical 1/31/2014 10:03:01 AM SharePoint Foundation 3355 Database
Error 1/31/2014 10:03:01 AM SharePoint Foundation 5586 Database
Error 1/31/2014 10:03:01 AM SharePoint Foundation 5586 Database
Error 1/31/2014 10:02:56 AM SharePoint Foundation 7043 Web Controls
Warning 1/31/2014 10:00:44 AM SharePoint Foundation Search 57 Search service
Warning 1/31/2014 10:00:39 AM VMware Tools 1000 None
Warning 1/31/2014 9:59:41 AM SharePoint Foundation Search 57 Search service
Warning 1/31/2014 9:59:41 AM SharePoint Foundation Search 57 Search service
Warning 1/31/2014 9:59:37 AM SharePoint Foundation Search 57 Search service
Warning 1/31/2014 9:59:37 AM SharePoint Foundation Search 57 Search service
Error 1/31/2014 9:58:46 AM WMI 10 None
Warning 1/31/2014 9:58:42 AM CertificateServicesClient-AutoEnrollment 64 None
Warning 1/31/2014 9:57:16 AM User Profile Service 1530 None
Warning 1/31/2014 9:57:17 AM VMware Tools 1000 None
Warning 1/31/2014 9:44:29 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 9:27:05 AM CertificateServicesClient-AutoEnrollment 64 None
Error 1/31/2014 9:15:13 AM SharePoint Foundation 5586 Database
Error 1/31/2014 9:03:05 AM SharePoint Foundation 7043 Web Controls
Error 1/31/2014 8:49:46 AM SharePoint Foundation 2137 Health
Warning 1/31/2014 8:47:01 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 8:44:26 AM SharePoint Foundation Search 14 Gatherer
Error 1/31/2014 8:42:52 AM SharePoint Foundation 7043 Web Controls
Error 1/31/2014 8:41:57 AM SharePoint Foundation 7043 Web Controls
Warning 1/31/2014 8:37:32 AM SharePoint Server 8088 Taxonomy
Warning 1/31/2014 8:00:00 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 7:44:23 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 7:00:00 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 6:44:20 AM SharePoint Foundation Search 14 Gatherer
Critical 1/31/2014 6:10:30 AM SharePoint Foundation 6398 Timer
Warning 1/31/2014 6:00:00 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 5:44:28 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 5:00:00 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 4:44:26 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 4:14:28 AM CertificateServicesClient-AutoEnrollment 64 None
Warning 1/31/2014 4:00:00 AM SharePoint Foundation 2138 Health
Error 1/31/2014 3:57:05 AM SharePoint Foundation 7043 Web Controls
Warning 1/31/2014 3:44:23 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 3:00:01 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 2:44:21 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 2:00:00 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 1:44:29 AM SharePoint Foundation Search 14 Gatherer
Warning 1/31/2014 1:00:10 AM MsiInstaller 1015 None
Warning 1/31/2014 1:00:10 AM MsiInstaller 1001 None
Warning 1/31/2014 1:00:10 AM MsiInstaller 1004 None
Warning 1/31/2014 1:00:10 AM MsiInstaller 1015 None
Warning 1/31/2014 1:00:10 AM MsiInstaller 1001 None
Warning 1/31/2014 1:00:10 AM MsiInstaller 1004 None
Warning 1/31/2014 1:00:01 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 12:44:27 AM SharePoint Foundation Search 14 Gatherer
Error 1/31/2014 12:00:06 AM SharePoint Foundation 5586 Database
Warning 1/31/2014 12:00:00 AM SharePoint Foundation 2138 Health
Warning 1/31/2014 12:00:00 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 11:44:25 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 11:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 10:44:22 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 10:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 9:44:28 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 9:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 8:44:26 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 8:14:27 PM CertificateServicesClient-AutoEnrollment 64 None
Warning 1/30/2014 8:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 7:44:23 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 7:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 6:44:21 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 6:00:01 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 5:44:29 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 5:27:04 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 5:27:04 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 5:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 4:44:27 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 4:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 3:44:24 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 3:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 2:44:22 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 2:00:00 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 1:44:29 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 1:00:02 PM SharePoint Foundation 2138 Health
Warning 1/30/2014 12:44:27 PM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 12:35:42 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:35:42 PM SharePoint Foundation Search 57 Search service
Error 1/30/2014 12:18:00 PM SharePoint Foundation 7043 Web Controls
Warning 1/30/2014 12:17:33 PM SharePoint Server 8088 Taxonomy
Warning 1/30/2014 12:17:06 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:15:56 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:15:56 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:15:51 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:15:51 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:15:31 PM VMware Tools 1000 None
Error 1/30/2014 12:14:54 PM WMI 10 None
Warning 1/30/2014 12:14:50 PM CertificateServicesClient-AutoEnrollment 64 None
Warning 1/30/2014 12:12:34 PM VMware Tools 1000 None
Error 1/30/2014 12:12:25 PM SharePoint Foundation 7043 Web Controls
Warning 1/30/2014 12:06:32 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:06:01 PM VMware Tools 1000 None
Warning 1/30/2014 12:05:21 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:05:21 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:05:17 PM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 12:05:17 PM SharePoint Foundation Search 57 Search service
Error 1/30/2014 12:04:22 PM WMI 10 None
Warning 1/30/2014 12:04:18 PM CertificateServicesClient-AutoEnrollment 64 None
Warning 1/30/2014 12:01:51 PM VMware Tools 1000 None
Error 1/30/2014 12:01:49 PM WMI 10 None
Warning 1/30/2014 12:01:44 PM CertificateServicesClient-AutoEnrollment 64 None
Warning 1/30/2014 11:59:46 AM VMware Tools 1000 None
Warning 1/30/2014 11:59:43 AM User Profile Service 1530 None
Warning 1/30/2014 11:46:40 AM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 11:45:08 AM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 11:45:08 AM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 11:44:47 AM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 11:44:47 AM SharePoint Foundation Search 57 Search service
Warning 1/30/2014 11:44:39 AM SharePoint Foundation Search 14 Gatherer
Error 1/30/2014 11:10:43 AM SharePoint Foundation 7043 Web Controls
Warning 1/30/2014 11:00:31 AM SharePoint Foundation 2138 Health
Error 1/30/2014 11:00:12 AM SharePoint Foundation 7043 Web Controls
Warning 1/30/2014 11:00:02 AM SharePoint Foundation 2138 Health
Error 1/30/2014 10:57:51 AM SharePoint Foundation 7043 Web Controls
Error 1/30/2014 10:51:41 AM SharePoint Foundation 5586 Database
Error 1/30/2014 10:51:41 AM SharePoint Foundation 5586 Database
Critical 1/30/2014 10:51:36 AM SharePoint Foundation 3355 Database
Error 1/30/2014 10:51:35 AM SharePoint Foundation 5586 Database
Error 1/30/2014 10:51:35 AM SharePoint Foundation 5586 Database
Warning 1/30/2014 10:44:28 AM SharePoint Foundation Search 14 Gatherer
Error 1/30/2014 10:32:16 AM SharePoint Foundation 7043 Web Controls
Warning 1/30/2014 10:00:00 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 9:44:26 AM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 9:00:01 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 8:44:23 AM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 8:00:00 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 7:44:21 AM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 7:00:00 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 6:44:28 AM SharePoint Foundation Search 14 Gatherer
Critical 1/30/2014 6:10:31 AM SharePoint Foundation 6398 Timer
Warning 1/30/2014 6:00:01 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 5:44:26 AM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 5:00:00 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 4:44:24 AM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 4:03:06 AM CertificateServicesClient-AutoEnrollment 64 None
Warning 1/30/2014 4:00:00 AM SharePoint Foundation 2138 Health
Error 1/30/2014 3:56:31 AM SharePoint Foundation 7043 Web Controls
Warning 1/30/2014 3:44:22 AM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 3:00:01 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 2:44:29 AM SharePoint Foundation Search 14 Gatherer
Warning 1/30/2014 2:13:20 AM Microsoft Forefront Protection 7003 Health Status
Warning 1/30/2014 2:00:00 AM SharePoint Foundation 2138 Health
Warning 1/30/2014 1:44:27 AM SharePoint Foundation Search 14 Gatherer
Error 1/30/2014 1:30:14 AM GetEngineFiles 6020 Engine Error
Error 1/30/2014 1:30:14 AM GetEngineFiles 6014 Engine Error
Warning 1/30/2014 1:13:28 AM FIMSynchronizationService 2004 Server
Critical 1/30/2014 1:00:00 AM SharePoint Portal Server 5555 User Profiles
Critical 1/30/2014 1:00:00 AM SharePoint Portal Server 5555 User Profiles -
Windows Server 2012 CA will not allow Windows XP to autoenroll
I have a Windows Server 2012 Domain Controller with an Enterprise root CA installed. I have created a client authentication certificate template (2003 compatible). Domain Computers have Read, Enroll and Autoenroll permissions. I modified
the Domain Policy to enable Certificate autoenrollment. I have two clients on the same subnet with the domain controller, one Windows 7 Ent SP1 and one Windows XP SP3. The problem: Windows 7 reboots, has client auth cert installed in computer's
personal cert store. The Windows XP machine cannot acquire the certificate. Event ID 13, source is AutoEnrollment, 0x80094011,The permissions on this certification authority do not allow the current user to enroll for certificates. Both machines
belong to the domain. Running gpudate /force on the XP machine generates an info event stating that the computer security policy has be applied successfully, then the autoenrollment error. I've setup autoenrollment dozens of times without any
problems. The only thing different in this environment is that the CA is installed on Server 2012. I could be something else, but the only real difference is Server 2012. There are no errors on the server. It is like the client just
cannot talk to the server at all, but it's getting its policy from that server.
Any ideas?http://technet.microsoft.com/en-us/library/hh831373.aspx
What works differently?
Windows XP clients
will not be compatible with this higher security setting enabled by
default on a Windows Server 2012 CA. If necessary, you can lower the
security setting as previously described.
Try run this command:
certutil -setreg CA\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST
Restart the certification authority
net stop certsvc
net start certsvc
INFO FROM LINK:
What value does this change add?
The CA
enforces enhanced security in the requests that are sent to it. This
higher security level requires that the packets requesting a certificate
are encrypted, so they cannot be intercepted and read. Without this
setting enabled, anyone with access to the network can read packets sent
to and from the CA using a network analyzer. This means that
information could be exposed that might be considered a privacy
violation, such as the names of requesting users or machines, the types
of certificates for which they are enrolling, the public keys involved,
and so on. Within a forest or domain, leaking these data may not be a
concern for most organizations. However, if attackers gain access to the
network traffic, internal company structure and activity could be
gleaned, which could be used for more targeted social engineering or
phishing attacks.
The commands to enable the enhanced security
level of RPC_C_AUTHN_LEVEL_PKT on Windows Server® 2003,
Windows Server® 2003 R2, Windows Server® 2008, or Windows
Server 2008 R2 certification authorities are:
certutil -setreg CA\InterfaceFlags +IF_ENFORCEENCRYPTICERTREQUEST
Restart the certification authority
net stop certsvc
net start certsvc
If
you still have Windows XP client computers that need to request
certificates from a CA that has the setting enabled, you have two
options: -
DC keeps on autoenrolling old Certificate
Hello,
I've recently implemented a Windows 2012 PKI infrastructure using an Enterprise CA. This was due to replace my 2003 Enterprise CA. The old 2003CA had the following setup:
2003CA
- domain joined root enterprise issuing CA on 2003 SP 2
- A combination of default and custom certificate templates loaded.
- Default templates loaded: Domain controller authentication, Directory Email Replication and Domain Controller
- Certificate information published to AD, including AIAs and CDP
2012CA (New PKI)
- offline non domain joined root CA on Windows 2012
- Subordinate domain joined enterprise issuing CA running Windows 2012
- Only HTTP being used for AIA and CDP locations
- Enterprise CA can be found in AD using sites and services container, but the root CA has been distributed using a GPO and not "dspublish"
I've successfully created a copy of the computer certificate template and computers are autoenrolling, but my DCs are not autoenrolling. I have tried the following on DCA to ensure that my 2008 DCs automatically pickup the correct certificate:
- Deleted the certificate templates for DomainController, Domain Controller Authentication and Directory Email Replication from my 2003CA
- Loaded custom copies of DomainController, Domain Controller Authentication and Kerberos Authentication on my 2012IssuingCA, as well as the default Kerberos authentication on my 2012IssuingCA
- Ensured that Domain Controllers and Enterprise DCs have read and Enroll permissions on 2012IssuingCA
- The default domain GPO is configured to allow auto renewal of certs
- Deleted the 2003 DomainController cert from DCA. Ran "gpupdate /force" and "certutil -pulse" a dozen times on DCA, but at no point does DCA pickup a cert from my new CA.
If re-enable the certificate templates on my old CA, DCA automatically picks up a new cert. I've tried the superscedence tick as mentioned here, but that fails:
http://www.open-a-socket.com/index.php/2012/11/21/replacing-legacy-domain-controller-certificates/#comment-18410
Event logs show certificate information
Informational - Certificate enrollment for Local system successfully load policy from policy server
Informational - Certificate enrollment for Local system is successfully authenticated by policy server {F272DA51-8D9D-442E-8D7E-72BBF9C0E6CE}
Error - Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from contoso.com\Contoso Old Enterprise CA (The RPC server is unavailable. 0x800706ba (WIN32: 1722)).
I can manually enroll the DC certs without an issue, but that's not what I want.
Thanks in advanceAh, this is an easy one. Domain Controllers by default are configured to work only with the V1 Domain Controller template. When you create your own template, it can not be a V1 template. So you can no longer use/rely on the built in DC process to enroll.
You will need to mark your new template to enable AUTO ENROLL for the Enterprise Domain Controllers group and then you will need to modify the Default DOMAIN CONTROLLERS GPO - note this is NOT the same as the Default Domain policy. In the GPO you will need
to enable the Auto Enroll feature for computer objects. Your new template with Auto Enroll will then be picked up.
Also, there is no need to have all three templates - Domain Controller, Domain Controller Authentication and Kerberos Authentication on the CA. They all provide practically the same thing for DCs. If you use the Kerberos Authentication one, you dont need
the other two.
Mark B. Cooper, President and Founder of PKI Solutions Inc., former Microsoft Senior Engineer and subject matter expert for Microsoft Active Directory Certificate Services (ADCS). Known as “The PKI Guy” at Microsoft for 10 years. Connect with Mark at http://www.pkisolutions.com -
Training and Event Management - report on list of cancelled courses
Hi All,
Is there any standard report available to get the list of cancelled courses (be it business event grp , type or business event) Would appreciate your inputs on this.
Kind regards
SathyaS_AHR_61016216 - Cancellations per Attendee , i think there is no standard report for cencelation of business events, type and group.
for cancellations per attendee reports is available in the system.
good luck
Devi -
How can I see Calendar event END times at a glance?
How can I display my Calendar event titles exactly as I type them? I do not want Calendar to remove duration from the titles of my events. Otherwise I can't see event END times at a glance in month view; only start times. How can I "trick" Calendar to just show my titles as I type them - as I always could before I upgraded. I used to be able to enter "Seminar 9am-5:45" and it would appear that way regardless of how or what I chose to enter (or not enter) for duration.
I am running OSX 10.9.3.It's a bit weird, but if you type in the time info TWICE into the event title then Calendar uses/deletes one of them to populate the event details and leaves the other.
Apple - Mac OS X - Feedback -
I would love to have an Event List view in iCal like I do on the calendar on my iPhone. Is there such a thing? The particular reason for wanting it (this time) is that one of the calendars in the ON MY MAC list has a number in a oval to the right.
I believe this is trying to tell me that there is a new event that I need to do something about. Problem is, I don't know where to find it.ecernek,
There is no event list option on iCal like the one on the iPhone.
That number means that you have an event invitation. Use iCal>View>Show Notifications to choose what to do with the notification. -
In the Monthly view of iCal the only events that show a color bar in the event is the Birthday Calendar. All other events in all my other calendars only show a color bullet next to the event (unless I click on that event which then shows as a color bar). I would like to know if it is possible for all the calendar events to have a color bar in the monthly view instead of just that tiny color bullet.
Greetings Judith,
Before making any attempts at deleting calendar data, backup what you have just in case:
Click on each calendar on the left hand side of iCal one at a time highlighting it's name and then going to File Export > Export and saving the resulting calendar file to a logical location for safekeeping.
iCal has an automated function located in iCal > Preferences > Advanced > Delete events "X" days after they have passed. By typing in a value for days you can tell iCal to delete all events before that time frame.
Example:
Today is 4-16-2012.
If I wanted to delete all events prior to 1 year ago (4-16-2011) I would type in "365" for the number of days.
Once you type in the number of days you want kept in iCal, close the preferences and then quit iCal.
Re-open iCal and check to see if the events are gone. If not you may want to leave it open for several minutes and then quit again.
Once the events are removed go back to iCal > Preferences > Advanced > Delete events "X" days after they have passed and make sure the check mark is removed to prevent future deletion.
Hope that helps. -
Can you show at a glance which event images are in albums?
Say I had an event containing multiple similar but different images, is there a way to show in the grid view for example which images have already been used in one or more albums?
Would be handy to be able to select a 'show list of albums containing this image'dialogue box. I guess you could hide images you've used but that wouldn't work automatically, nor would any other tagging/rating.
Another approach would be to make albums containing everything in a given event, then move the images out of that album once used, just seems fiddly to me.
ACAC
Would be handy to be able to select a 'show list of albums containing this image'dialogue box.
Yes it would and many people have suggested tit. Add your voice to the chorus at iPhoto Menu -> Provide Apple Feedback.
A workaround - and it's no better - is to go to an album and select al, then give all those pics a keyword. Then in grid view you can see which pics have the keyword. (View -> Keywords)
Regards
TD -
Unable to capture startup and shutdown event of Photoshop in automation Plugin.
Hi,
I am creating an automation plugin and I want to register some events. I have seen listener plugin sample to register event in startup and unregister event in shutdown. I have used same code in my plugin but I am unable to capture the startup nad shutdown event of Photoshop. On clicking the menu item of my plugin the calls come inside the AutoPluginMain but during the startup or shutdown of plugin, the calls does not come inside the AutoPluginMain.
I am unable to detect the cause of the problem. Can someone please giude me??
Thanks in advance.Hi Tom,
Thanks for the suggestion.
Yes, I am working on Windows. As you suggested, I compiled .rc file but the compile option for .r file was disabled. After compiling the .rc file, I again rebuild the complete project and tested my build. But still I was not able to achive the desired result.
Any other thing that I need to do to make it work?
Thanks -
Unable to capture button event in pageLayout Controller
Hi Guys,
I have the following layout
pageLayout
pageLayoutCO (controller)
----header (Region)
----------messageComponentLayout (Region)
-----------------MessageLovInpurt
-----------------MessageChoice(Item)
-----------------MessageTextInput
-----------------MessageLayout
----------HideShow (Region)
-----------------MessageLovInpurt(Item)
-----------------MessageChoice(Item)
-----------------MessageTextInput(Item)
-----------MessageComponentLayout (Region)
-----------------MessageLayout
------------------------SubmitButton(ID:SearchBtn)
------------------------SubmitButton(ID:ClearBtn, fires partial action named clear)
-----------header(Region)
I am not able to capture the event fired by the button ClearBtn in the controller of the pagelayout.....
The two methods I used as follows aren't worked:
if ("clear".equals(pageContext.getParameter(OAWebBeanConstants.EVENT_PARAM)))
if (pageContext.getParameter("ClearBtn") != null) {
what should i do in order to capture the button event in the pageLayout Controller
Thanks in advance
Mandy
Edited by: user8898100 on 2011-8-2 上午7:49Mandy,
Its really strange that its not able to caputure the event in CO.
Below is the way in which we handle to Submit action at CO level.
/Check whether ClearBtn is same in case too.
if(pageContext.getParameter("ClearBtn")!=null){
System.out.println("Inside the Clear Btn Action");
Regards,
Gyan
Maybe you are looking for
-
Hi, I am having a problem, when I go to my time machine folders, I clik IPHOTO library, and all I can see is its image, with the 20g of my photos, but no pictures, how can I look for them in my external hd alias TIME Machine?
-
Webgui theme not rendering toolbar, does not look like SAPgui for Win
Hello all, I just installed the ITS 6.20 Patch 20 and when I started the webgui service, the theme that was genereatd does not look like the SAPgui for Windows at all. All I've got is a gray and blue color theme. The top row is the "SAP Easy Access"
-
Hiya all, is it possible to show an external website in a layer in dreamweaver??? Looking to show a video clip that is hosted elswhere in a window on an existing website. Thanks Paul
-
Cant start my powerbook G4 from start up
UNABLE TO FIND THE SOLUTION TO MY PROBLEM
-
Enhance 0CRM_OPPT_I extract structure
Friends I got a requirement to enhance the extract structure The CRM datsource is 0CRM_OPPT_I. In that we do not have the requested delivery date. Hence i need to enhance the structure. Is that we need to follow the same process as that enhancements