Failed JNDI - Active Directory binding

Hello everyone,
First off, forgive me if I'm posting to the wrong place and please let me know where I should post.
I have a very simple Java application (more or less copied from the Sun tutorial on JNDI) and am trying to connect to a Win 2003 R2 domain controller with active directory configured and populated.
No matter what I try I get
Problem searching directory: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'RootDSE'
I can bind using any of the standard win32 programs including ldp.exe. I can also bind and browse using Softerra LDAP Administrator without problems. I'm obviously missing something, but I can't see what. Please help.
There is no authentication info in the code because I'm hoping that's not needed as long as I'm logged into the windows machine I'm running this on.
Here's the code:
package printerfinder00;
import java.util.Hashtable;
import java.util.jar.Attributes;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NameClassPair;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.naming.ldap.InitialLdapContext;
public class Main {
public static void main(String[] args) {
Hashtable env = new Hashtable();
String ldapURL = "ldap://dc01.hr.local:389/";
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, ldapURL);
try {
DirContext ctx = new InitialLdapContext(env, null);
SearchControls searchCtls = new SearchControls();
String returnedAtts[] = {"sn", "givenName", "mail"};
searchCtls.setReturningAttributes(returnedAtts);
searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
String searchFilter = "(&(objectClass=user)(mail=*))";
String searchBase = "RootDSE";
int totalResults = 0;
NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
while (answer.hasMoreElements()) {
SearchResult sr = (SearchResult) answer.next();
totalResults++;
System.out.println(">>>" + sr.getName());
Attributes attrs = (Attributes) sr.getAttributes();
if (attrs != null) {
try {
System.out.println(" surname: " + attrs.get("sn").get());
System.out.println(" firstname: " + attrs.get("givenName").get());
System.out.println(" mail: " + attrs.get("mail").get());
} catch (NullPointerException e) {
System.out.println("Errors listing attributes: " + e);
System.out.println("Total results: " + totalResults);
ctx.close();
} catch (NamingException e) {
System.err.println("Problem searching directory: " + e);
}

I think the error message is quite descriptive !
Problem searching directory: javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: DSID-0C090627, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, vece]; remaining name 'RootDSE'
Firstly you have not supplied any credentials or configured an authentication mechanism, hence you cannot perfom a search.
For simple authentication, it would be something of the form: String adminName = "FOOBAR\\administrator";
String adminPassword = "xxxxxxx";
//set security credentials, note using simple cleartext authentication
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);Secondly, your search base is incorrect (although you haven't got to the stage where this will generate an error)
BTW, The search base will be a distinguished name of the form:"dc=foobar,dc=com"If you are perfoming this from a Windows client, and want to utilise single sign-on, then you will want to refer to the post titled "JNDI, Active Directory and Authentication (Part 1) (Kerberos)" available at http://forum.java.sun.com/thread.jspa?threadID=579829&tstart=300
Good luck...

Similar Messages

Snow Leopard and Windows 2003 Active Directory Binding Issues

Ok I have a new imac 27" with snow leopard (completely patched).
I am attempting to join it to an active directory domain.
First the prequel:
* I have opened full traffic to and from the machine and our domain controllers
* I have enabled full logging on the firewall and there are no blocked packets
* I have used wireshark to watch the traffic on the mac and there appear to be no anomalies (packets being sent out but not getting a response, dns requests that aren't answered, etc)
* I have enabled full KDC logging on the domain controller in question and there are no errors in any of the event logs on either domain controller.
* The domain admin account in question has Enterprise, Schema and Domain Admin rights
* I have tried it both with and without an existing computer account and with every conceivable combination of caps and no caps on domain name, user and computer names.
I am getting the following error at the very end of the process:
"Unable to add server. Credential operation failed because an invalid parameter was provided (5102)"
I enabled debugging on Directory Services and will post a log in a reply.
Anyone have any ideas? I have been banging my head on this for a week with no luck.

Here is the log with the Active Directory: entries grepped... the full log is far too large to reply to here, if you think you need it let me know and I can email it to you it is 548kb
obviously machine names, usernames and ip addresses have been munged.
2011-02-09 12:13:32 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:36 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:41 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:46 EST - T\[0x0000000100404000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 1 - Searching for Forest/Domain information
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 2 - Finding nearest Domain controllers
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 3 - Verifying credentials
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: DomainConfiguration reachabilityNotification - Node: subdomain.domain.tld - resolves - enabled
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Attempting Replica connect to dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: CheckWithSelect - good socket to host dc3.subdomain.domain.tld. from poll and verified LDAP
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: FindSuitableReplica - Node subdomain.domain.tld - Established connection to dc3.subdomain.domain.tld.
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:vyvyIt4
2011-02-09 12:13:47 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:vyvyIt4
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Processing Site Search with found IP
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: No site name available
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Start checking servers for site "any"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc3.subdomain.domain.tld"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Adding Server - "dc1.subdomain.domain.tld"
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: subdomain.domain.tld - Finished checking servers for domain
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating Mappings from inSchema.........
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated schema for node name subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Configuration naming context = cn=Partitions,CN=Configuration,DC=subdomain,DC=domain,DC=tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Top domain set as <cn=subdomain,cn=partitions,cn=configuration,dc=subdomain,dc=domain,dc=tld>
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating domain hierarchy cache
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updating policies from domain subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Updated policies for node name subdomain.domain.tld
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - Searching for existing computer
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:48 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:zXpbfEi
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:zXpbfEi
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing Computer search for Ethernet address - 10:9a:dd:56:1b:1d
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 4 - no mapping for Ethernet MAC address
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:vyvyIt4 user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:zXpbfEi user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Bind Step 5 - Bind/Join computer to domain
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Password verify for [email protected] succeeded - cache MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Looking for existing Record of machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Doing DN search for account - machinename
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: EstablishConnectionUsingReplica - Node subdomain.domain.tld - New connection requested
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: watchReachability watching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: VerifiedServerConnection - Verified server connectivity - dc3.subdomain.domain.tld.
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: establishConnectionUsingReplica - Node subdomain.domain.tld - Previous replica = dc3.subdomain.domain.tld. responded
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: kadmEntry port is nil, will use default 464
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: populateKerberosToDomain - Bailing no domain cache for
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Switching active cache to MEMORY:10xG6op
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Secure BIND Session Success with server dc3.subdomain.domain.tld.:389 using cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: KerberosID Found for account CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld - MACHINENAME$
2011-02-09 12:13:49 EST - T\[0x0000000102481000\] - Active Directory: Existing record found @ CN=MACHINENAME,CN=Computers,DC=subdomain,DC=domain,DC=tld with [email protected].
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Setting Computer Password FAILED for existing record......
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Computer password change date is 2011-02-04 18:21:01 -0500
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Schtldled computer password change every 1209600 seconds - starting 2011-02-09 12:13:50 -0500
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Closing All Connections
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 21, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: stopWatching socket = 18, xxx.xxx.164.71 -> xxx.xxx.174.77
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: LDAP connection closed - dc3.subdomain.domain.tld.:389 - cache MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: Destroying cache name MEMORY:10xG6op user [email protected]
2011-02-09 12:13:50 EST - T\[0x00000001026AA000\] - Active Directory: Failed to changed computer password in Active Directory domain
2011-02-09 12:13:50 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
2011-02-09 12:13:51 EST - T\[0x0000000102481000\] - Active Directory: copyNodeInfo called for /Active Directory
Message was edited by: aelana

Active Directory Binding Problems

Hi all,
I'm trying to bind to Active Directory but keep on getting the "unknown error occurred" at step 5.
I captured the adplugin debug log, the only error I can see is the following:
2006-03-30 15:53:48 BST - ADPlugin: Setting Computer Password FAILED Deleted Record......
Has anyone had the same problem? If so any ideas how to overcome it?
See Complete debug log below.
2006-03-30 15:33:07 BST - ADPlugin: PeriodicTask Called.......
2006-03-30 15:33:07 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:07 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:07 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:35 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:35 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:35 BST - ADPlugin: Doing CheckServerRecords......
2006-03-30 15:33:35 BST - ADPlugin: student.hastings.ac.uk - Start checking servers for site "any"
2006-03-30 15:33:35 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 1, kPasswd - 1
2006-03-30 15:33:35 BST - ADPlugin: No matching _kerberos records for server - "napier.student.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: student.hastings.ac.uk - Finished checking servers for domain
2006-03-30 15:33:36 BST - ADPlugin: Got rootDSE for server rutherford.student.hastings.ac.uk to determine forest
2006-03-30 15:33:36 BST - ADPlugin: Determined Forest of hastings.ac.uk from Domain Controller rutherford.student.hastings.ac.uk
2006-03-30 15:33:36 BST - ADPlugin: Found Default Domain student.hastings.ac.uk
2006-03-30 15:33:36 BST - ADPlugin: Global Catalogs - Start checking servers for site "any"
2006-03-30 15:33:36 BST - ADPlugin: Total Servers "any" LDAP - 3, Kerberos - 2, kPasswd - 2
2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Server #2 picked - "kepler.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Found Forest Domain GC hastings.ac.uk
2006-03-30 15:33:36 BST - ADPlugin: hastings.ac.uk - Start checking servers for site "any"
2006-03-30 15:33:36 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2006-03-30 15:33:36 BST - ADPlugin: Server #1 picked - "kepler.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Server #2 picked - "galileo.hastings.ac.uk"
2006-03-30 15:33:36 BST - ADPlugin: Found Forest Domain hastings.ac.uk
2006-03-30 15:33:36 BST - ADPlugin: Something wrong, unable to determine domain information from Config container......
2006-03-30 15:33:36 BST - ADPlugin: Finished CheckServerRecords......
2006-03-30 15:33:36 BST - ADPlugin: Created KerberosClient record Generation ID 165422016
2006-03-30 15:33:36 BST - ADPlugin: Rebuilt Kerberos File
2006-03-30 15:33:36 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:36 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:36 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:36 BST - ADPlugin: Doing CheckServerRecords......
2006-03-30 15:33:37 BST - ADPlugin: PeriodicTask Called.......
2006-03-30 15:33:41 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:41 BST - ADPlugin: No existing connection in connection mgr for [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:41 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
2006-03-30 15:33:41 BST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:41 BST - ADPlugin: Processing Site Search with found IP
2006-03-30 15:33:41 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:41 BST - ADPlugin: student.hastings.ac.uk - Start checking servers for site "any"
2006-03-30 15:33:41 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 1, kPasswd - 1
2006-03-30 15:33:41 BST - ADPlugin: No matching _kerberos records for server - "napier.student.hastings.ac.uk"
2006-03-30 15:33:41 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
2006-03-30 15:33:41 BST - ADPlugin: student.hastings.ac.uk - Finished checking servers for domain
2006-03-30 15:33:42 BST - ADPlugin: Got rootDSE for server rutherford.student.hastings.ac.uk to determine forest
2006-03-30 15:33:42 BST - ADPlugin: Determined Forest of hastings.ac.uk from Domain Controller rutherford.student.hastings.ac.uk
2006-03-30 15:33:42 BST - ADPlugin: Found Default Domain student.hastings.ac.uk
2006-03-30 15:33:42 BST - ADPlugin: Global Catalogs - Start checking servers for site "any"
2006-03-30 15:33:42 BST - ADPlugin: Total Servers "any" LDAP - 3, Kerberos - 2, kPasswd - 2
2006-03-30 15:33:42 BST - ADPlugin: Server #1 picked - "rutherford.student.hastings.ac.uk"
2006-03-30 15:33:42 BST - ADPlugin: Server #2 picked - "kepler.hastings.ac.uk"
2006-03-30 15:33:42 BST - ADPlugin: Found Forest Domain GC hastings.ac.uk
2006-03-30 15:33:42 BST - ADPlugin: hastings.ac.uk - Start checking servers for site "any"
2006-03-30 15:33:42 BST - ADPlugin: Total Servers "any" LDAP - 2, Kerberos - 2, kPasswd - 2
2006-03-30 15:33:42 BST - ADPlugin: Server #1 picked - "kepler.hastings.ac.uk"
2006-03-30 15:33:42 BST - ADPlugin: Server #2 picked - "galileo.hastings.ac.uk"
2006-03-30 15:33:42 BST - ADPlugin: Found Forest Domain hastings.ac.uk
2006-03-30 15:33:42 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:42 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:42 BST - ADPlugin: Read Context information from server for configurationNamingContext of CN=Configuration,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:42 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:42 BST - ADPlugin: Finished CheckServerRecords......
2006-03-30 15:33:42 BST - ADPlugin: Created KerberosClient record Generation ID 165422022
2006-03-30 15:33:42 BST - ADPlugin: Rebuilt Kerberos File
2006-03-30 15:33:42 BST - ADPlugin: Closing All Connections - Connection Manager
2006-03-30 15:33:42 BST - ADPlugin: Closing Connection - [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:42 BST - ADPlugin: Closing All Connections - Connection Manager Completed
2006-03-30 15:33:42 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:42 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:42 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:42 BST - ADPlugin: Verify called for [email protected]
2006-03-30 15:33:43 BST - ADPlugin: Verify successful for [email protected]
2006-03-30 15:33:43 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:43 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:43 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:43 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:43 BST - ADPlugin: No existing connection in connection mgr for [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:43 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
2006-03-30 15:33:43 BST - ADPlugin: Read Context information from server for schemaNamingContext of CN=Schema,CN=Configuration,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:47 BST - ADPlugin: Updating Mappings from Schema..........
2006-03-30 15:33:47 BST - ADPlugin: Doing Computer search for Ethernet address - 00:0a:95:e4:05:84
2006-03-30 15:33:47 BST - ADPlugin: Doing DN search for account - testibook
2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus -14136.
2006-03-30 15:33:47 BST - ADPlugin: Calling CloseDirNode
2006-03-30 15:33:47 BST - ADPlugin: Calling OpenDirNode
2006-03-30 15:33:47 BST - ADPlugin: Calling CustomCall
2006-03-30 15:33:47 BST - ADPlugin: Looking for existing Record of testibook
2006-03-30 15:33:47 BST - ADPlugin: Doing DN search for account - testibook
2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus -14136.
2006-03-30 15:33:47 BST - ADPlugin: Attempting Add Record......
2006-03-30 15:33:47 BST - ADPlugin: Adding in OU = CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:47 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:33:47 BST - ADPlugin: Retrieved existing connection from connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:33:47 BST - ADPlugin: Added record CN=testibook,CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk
2006-03-30 15:33:47 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:33:47 BST - ADPlugin: Setting Computer Password......
2006-03-30 15:33:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:35:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:37:47 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:39:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:41:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:43:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:45:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:47:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:49:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:51:48 BST - ADPlugin: Changing Password for User [email protected] as [email protected]
2006-03-30 15:53:48 BST - ADPlugin: Good credentials for [email protected]
2006-03-30 15:53:48 BST - ADPlugin: Existing connection too old in connection mgr [email protected]@student.hastings.ac.uk:389
2006-03-30 15:53:48 BST - ADPlugin: Secure BIND Session with server rutherford.student.hastings.ac.uk:389
2006-03-30 15:53:48 BST - ADPlugin: Deleting Record CN=testibook,CN=Computers,DC=student,DC=hastings,DC=ac,DC=uk...
2006-03-30 15:53:48 BST - ADPlugin: Returning connection to pool for domain student.hastings.ac.uk with dsStatus 0.
2006-03-30 15:53:48 BST - ADPlugin: Setting Computer Password FAILED Deleted Record......
2006-03-30 15:53:48 BST - ADPlugin: Updating Local Admin Group
2006-03-30 15:53:49 BST - ADPlugin: Cleaning Previous Additions to Local Admin Group
2006-03-30 15:53:49 BST - ADPlugin: Sending lookupd flushcache at request!
2006-03-30 15:53:49 BST - ADPlugin: Resetting memberd cache also!
2006-03-30 15:53:49 BST - ADPlugin: Closing All Connections - Connection Manager
2006-03-30 15:53:49 BST - ADPlugin: Closing Connection - [email protected]@student.hastings.ac.uk:389
2006-03-30 15:53:49 BST - ADPlugin: Closing All Connections - Connection Manager Completed
2006-03-30 15:53:49 BST - ADPlugin: Bind/Join failed - Launching kerberosautoconfig -u
2006-03-30 15:53:49 BST - ADPlugin: Calling CloseDirNode
Many Thanks
Paul

Hi Paul!
I've personally never seen this error message, but a quick search on Google (which you may have already done as well) for "Setting Computer Password FAILED Deleted Record" found someone else who had the same problem. His issue was firewall related and was fixed by opening some ports for AD. He also provides a link to a Microsoft KB article about this.
Hope this helps and good luck! bill
1 GHz Powerbook G4 Mac OS X (10.4.5)

Os x server loses active directory binding

I am running an open directory/active directory network. Authentication is from the Windows server 2003 active directory. It has worked fine until the last month. Now clients stop authenticating & when I check the AD plugin it says network accounts are not available. I can force the server to unbind, then renew the binding & everything works great.
Is there any work around or fix for this other than upgrading the windows server to 2008?
Thanks

Yes. You are likely experiencing one of two common issues. 1: You time skew is too large (although an unbind/bind will not solve this) or 2: you are failing to properly set the random machine password.
Try this command on the server:
sudo dsconfigad -passinterval 0
Then:
sudo dsconfigad -show
to confirm the setting. This will prevent the machine from refeshing its machine password with the domain every 14 days (default setting). The issue is that Apple's plugin does not properly catch an exception. What happens is the plugin detects that it should re-randomize the machine password so it creates a new one, records it to the config file, and THEN tries to write it to the domain. When the write to the domain fails, the system then sends the new password already recorded in the config file and now they mismatch. This is a common AD integration issue and is likely associated with your binding rights in AD.
As for time, make sure you are pointing all your Macs to the DC for time info or to a mutually agreed upon external server.
Hope this helps. Easy to fix.

JNDI, Active Directory and Persistent Searches (part 2)

The original post of this title which was located at http://forum.java.sun.com/thread.jspa?threadID=578342&tstart=200 subsequently disappeared into the ether (as with many other posts).
By request I am reposting the sample code which demonstrates receiving notifications of object changes on the Active Directory.
Further information on both the Active Directory and dirsynch and ldap notification mechanisms can be found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ad/ad/overview_of_change_tracking_techniques.asp
* ldapnotify.java
* December 2004
* Sample JNDI application that uses AD LDAP Notification Control.
import java.util.Hashtable;
import java.util.Enumeration;
import javax.naming.*;
import javax.naming.ldap.*;
import com.sun.jndi.ldap.ctl.*;
import javax.naming.directory.*;
class NotifyControl implements Control {
     public byte[] getEncodedValue() {
             return new byte[] {};
     public String getID() {
          return "1.2.840.113556.1.4.528";
     public boolean isCritical() {
          return true;
class ldapnotify {
     public static void main(String[] args) {
          Hashtable env = new Hashtable();
          String adminName = "CN=Administrator,CN=Users,DC=antipodes,DC=com";
          String adminPassword = "XXXXXXXX";
          String ldapURL = "ldap://mydc.antipodes.com:389";
          String searchBase = "DC=antipodes,DC=com";
          //For persistent search can only use objectClass=*
          String searchFilter = "(objectClass=*)";
               env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
          //set security credentials, note using simple cleartext authentication
          env.put(Context.SECURITY_AUTHENTICATION,"simple");
          env.put(Context.SECURITY_PRINCIPAL,adminName);
          env.put(Context.SECURITY_CREDENTIALS,adminPassword);
          //connect to my domain controller
          env.put(Context.PROVIDER_URL,ldapURL);
          try {
               //bind to the domain controller
                  LdapContext ctx = new InitialLdapContext(env,null);
               // Create the search controls
               SearchControls searchCtls = new SearchControls();
               //Specify the attributes to return
               String returnedAtts[] = null;
               searchCtls.setReturningAttributes(returnedAtts);
               //Specify the search scope
               searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                     //Specifiy the search time limit, in this case unlimited
               searchCtls.setTimeLimit(0);
               //Request the LDAP Persistent Search control
                     Control[] rqstCtls = new Control[]{new NotifyControl()};
                     ctx.setRequestControls(rqstCtls);
               //Now perform the search
               NamingEnumeration answer = ctx.search(searchBase,searchFilter,searchCtls);
               SearchResult sr;
                     Attributes attrs;
               //Continue waiting for changes....forever
               while(true) {
                    System.out.println("Waiting for changes..., press Ctrl C to exit");
                    sr = (SearchResult)answer.next();
                          System.out.println(">>>" + sr.getName());
                    //Print out the modified attributes
                    //instanceType and objectGUID are always returned
                    attrs = sr.getAttributes();
                    if (attrs != null) {
                         try {
                              for (NamingEnumeration ae = attrs.getAll();ae.hasMore();) {
                                   Attribute attr = (Attribute)ae.next();
                                   System.out.println("Attribute: " + attr.getID());
                                   for (NamingEnumeration e = attr.getAll();e.hasMore();System.out.println("   " + e.next().toString()));
                         catch (NullPointerException e)     {
                              System.err.println("Problem listing attributes: " + e);
          catch (NamingException e) {
                      System.err.println("LDAP Notifications failure. " + e);
}

Hi Steven
How can I detect what change was made ? Is there an attribute that tell us ?
Thanks
MHM

SharePoint 2013 Workflow (SPD 2013) fails for Active Directory Group members

Hi
I have a SharePoint 2013 site called "Team Meetings". There are a number of lists and an InfoPath form library.
The site's SharePoint Group "Team Meeting Members" has two Active Directory groups (All Club Managers and All Club Police) as members. Those two AD groups contain all the people that I want to have access to the library and list, except for
a few additional folk who I have made individual members.
My PROBLEM:
I have created a SharePoint 2013 Workflow using SPD 2013 associated with the Form Library. Workflow is set to start on new or modified item. The first action is to write to history list, then determine the status (Submitted or Pending) of
the form and go to different Stages depending on that status.
The workflow works perfectly for any user who has been added directly to the SharePoint group (Team Meetings Members) BUT FAILS at the very first action for anyone who is a member of one of the AD groups. I know the Workflow is fine because I've tested it
with numerous people who are direct members of the SharePoint Group, but whenever a person who is a member of the AD group tries it the Workflow just fails.
Here's a print of the info from the Workflow Status page (I don't have access to server logs):
RequestorId: 4494760f-92ff-2e8c-90d2-cc7df0e6baa4. Details: System.ApplicationException: HTTP 401 {"Transfer-Encoding":["chunked"],"X-SharePointHealthScore":["0"],"SPRequestGuid":["4494760f-92ff-2e8c-90d2-cc7df0e6baa4"],"request-id":["4494760f-92ff-2e8c-90d2-cc7df0e6baa4"],"X-FRAME-OPTIONS":["SAMEORIGIN"],"MicrosoftSharePointTeamServices":["15.0.0.4420"],"X-Content-Type-Options":["nosniff"],"X-MS-InvokeApp":["1;
RequireReadOnly"],"Cache-Control":["max-age=0, private"],"Date":["Mon, 10 Mar 2014 01:31:42 GMT"],"Server":["Microsoft-IIS\/8.0"],"WWW-Authenticate":["NTLM"],"X-AspNet-Version":["4.0.30319"],"X-Powered-By":["ASP.NET"]}
The HTTP response content could not be read. 'Error while copying content to a stream.'. at Microsoft.Activities.Hosting.Runtime.Subroutine.SubroutineChild.Execute(CodeActivityContext context) at System.Activities.CodeActivity.InternalExecute(ActivityInstance
instance, ActivityExecutor executor, BookmarkManager bookmarkManager) at System.Activities.Runtime.ActivityExecutor.ExecuteActivityWorkItem.ExecuteBody(ActivityExecutor
Members of the SharePoint Group "Team Meetings Members" have Contribute Access to both the form library and another list that the workflow writes to as well as the Workflow History list (which in SP 2013 uses the credentials of the
user who started the workflow, unlike 2010 which used System Account).
All members of the Team Meetings Members group, whether they are individual members or part of one of the AD groups, have no problems opening and saving forms etc. It's just the Workflow that doesn't like them...
I am stumped. I've spent many hours searching for a reason for this. There are about 200 people in the two AD groups so I really don't want to have to add them all individually - especially when these groups are managed in AD for a whole bunch of other reasons
and using the AD groups means I'll basically never have to worry about modifying the SharePoint access permissions.
Does anyone have any ideas why this is happening and what I can try to fix it?
Mark

Hi Lars,
I'm afraid not so far but we are trying a few things today so I will post back with results.
First thing we are doing is making the AD Group universal because one of our (external provider) gurus remembers seeing something about that. He also sent me a link to a post where they were talking about earlier
versions but having similar issues and their solution was to make sure the app pool account has sufficient permissions in AD::
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/27a547da-5cc0-49d7-8056-6eb40b4c3242/failed-to-start-workflow-access-is-denied-exception-from-hresult-0x80070005-eaccessdenied
This part of that thread looks interesting but we haven't checked it yet as were trying the universal setting first:
"If the users participating in the workflows have been added to the SharePoint site via Active Directory groups, SharePoint has to update the user’s security token periodically by connecting to
the domain controller. By default, the token times out every 24 hours. But if the application pool account did not have the right permissions on the domain controller to update the user’s token, user will keep getting the access denied error. The error was
intermittent because when the user browsed to any page other than the workflow form, the token was getting updated successfully.
You can try to fix it through granting the application pool account the appropriate permission by adding the account to the group “Windows Authorization Access Group” in Active Directory."
I'll update when we try these ideas. If you have any luck please do the same.
Mark
(sorry about formatting - using my phone....)
Mark

Active Directory binding not working

Hi
I'm trying to bind to my active directory at work.
On tiger I used the following settings
serverdomain.ad
the servers name is machine
Which worked fine.
On leopard when I use either serverdomain.ad or machine.serverdomain.ad I get the following error message
(loosely translated from swedish)
An unknown combination of domain and treecollection was used. You should use a complete DNS-name for the domain and tree collection (i.e something.company.se)
Does anyone know what I should use..the FQDN is machine.serverdomain.ad - shouldnt that work?

The answer was dns.. my client was using the correct nameserver.
The binding worked after that..although I'm not sure its autenticating as it should

Active Directory Binding Post 10.5.2 (Domain authentication that works!)

Main points: Be sure your local time is being updated by a time server on your network, be sure that all devices are syncing with the same NTP server.
Pre add your computer you want to bind in your domain.
Key: in Directory Utility, choose to authenticate against a known server. So under the Administrative tab choose "prefer this domain server" and enter in the DNS name of a DC in your domain. Also uncheck authentication with any DC in the forest.
Now bind and click Ok.
Now in Directory Utility, click on Search Policy, and add servers in the Authentication tab by choosing Custom Path. Click the + and you should see your domain or multiple domains in your forrest listed. Add them appropriately. In some configurations, you may want to do this for "Contacts".
You can now go back into the Active Directory plugin, and choose to authenticate from any DC in the forest, and remove the selection that allows only authenticating against one server.
Sorry for the lack of deep explanation, but if you are at the point where the AD and DNS is working fine, then this should be pretty straightforward and to the point.

alex.est wrote:
miscategorized and inaccurate this post is from 2004 and has no relevance to 10.5.2
What? I wrote this the day that it says I did. And, yeah this solved issues with 10.5.2's AD binding issues.

Macs Lose Active Directory Binding

We run 10.5.8 and use Deploy Studio 1.0.rc12 for imaging. We run several Mac labs here all with basically the same image. Lately, they have been un-binding themselves from our Active Directory and we can't get them to stay reattached. We try manually and have flushed the DS Cache etc. Removed the Server Policy and so forth. Nothing has worked to date. I do see over the internet that there are many problems of this sort, but none of those fixes have worked for us. Any suggestions would be greatly appreciated.
Thanks
Chris

Hi
You don't have to do it if you don't want to but it would be helpful if you posted the solution. That way others looking to fix similar problems can find it more readily.
Tony

Active Directory Binding Issues

I am having difficulties trying to rejoin a Mac Pro back to the domain.
It is currently running Lion 10.7.4 - some reason it dropped out of the domain
and now I can not rejoin it to the domain.
Every time I go thru Directory Utility to join it I get "unable to connect to server" or
I get "invalid credentials supplied for binding to the server" - I've gone thru terminal and also tried to
force the bind. Still nothing.
I've also done repair permissions and then try to rebind and nothing.
It's odd cuz I can ping the server from the Mac Pro - and when I launch Safari it wants proxy authentication
so it seems like it's on the domain but it isn't.
I go into Active Directory on Windows Server and can not find it in any OU's.
Pretty much at my witt's end.
Is there a way to remove all previous Active Directory Bindings and computer names from the Mac Pro and
then restart from scratch.

I am having difficulties trying to rejoin a Mac Pro back to the domain.
It is currently running Lion 10.7.4 - some reason it dropped out of the domain
and now I can not rejoin it to the domain.
Every time I go thru Directory Utility to join it I get "unable to connect to server" or
I get "invalid credentials supplied for binding to the server" - I've gone thru terminal and also tried to
force the bind. Still nothing.
I've also done repair permissions and then try to rebind and nothing.
It's odd cuz I can ping the server from the Mac Pro - and when I launch Safari it wants proxy authentication
so it seems like it's on the domain but it isn't.
I go into Active Directory on Windows Server and can not find it in any OU's.
Pretty much at my witt's end.
Is there a way to remove all previous Active Directory Bindings and computer names from the Mac Pro and
then restart from scratch.

Outlook 2003 mail delivery failed for Active Directory user

Server 2003/Exchange2003
We are using an outside company (Integra) to handle our email and only use Exchange for shared archived email.
When configuring active directory users the wizard automatically sets up email entries in the format: [email protected]
When responding to a meeting invite from outlook to a local AD user, all users receive undeliverable messages for the accounts in the format [email protected] as below...
The example below was a bounce back when I accepted the invite. The invite shows up on my calendar just fine.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
    Unrouteable address
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from wsip-70-166-120-183.ph.ph.cox.net ([70.166.120.183] helo=PK01)
   by arelay1 with esmtpa (Exim 4.72)
   (envelope-from <[email protected]>)
   id 1W8D9b-0001kB-24
   for [email protected]; Tue, 28 Jan 2014 10:12:56 -0800
From: "Kevin Simmons" <[email protected]>
To: "miguel saucedo" <[email protected]>
Subject: Accepted: Miguel Chaperone School
Date: Tue, 28 Jan 2014 11:13:05 -0700
Message-ID: <398EA47278F54C9FA9CFFB725FD6C079@PK01>
MIME-Version: 1.0
Content-Type: text/calendar; method=REPLY;
   charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac8cSpjUhKBGTbBKQt+PScNbb6MWwAABfTJgAABJyYAAALiiEA==
X-MimeOLE: Produced By Microsoft MimeOLE V6.3.9600.16384
BEGIN:VCALENDAR
PRODID:-//Microsoft Corporation//Outlook 11.0 MIMEDIR//EN VERSION:2.0 METHOD:REPLY BEGIN:VEVENT ORGANIZER:MAILTO:/o=PKArchitects/ou=First Administrative
Group/cn=Recipients/cn=miguel
DTSTART:20140206T070000Z
DTEND:20140208T070000Z
LOCATION:Flagstaff
TRANSP:OPAQUE
SEQUENCE:3
UID:040000008200E00074C5B7101A82E00800000000102573EC0F1CCF010000000000000000100
0000037C3D09157000340AA5D3F23F6A60078
DTSTAMP:20140128T181305Z
SUMMARY:Accepted: Miguel Chaperone School
PRIORITY:5
X-MICROSOFT-CDO-IMPORTANCE:1
CLASS:PUBLIC
ATTENDEE;PARTSTAT=ACCEPTED:MAILTO:[email protected]
END:VEVENT
END:VCALENDAR

Well it looks like none of our outlook installations actually are accessing the exchange email, nor are we able to send to those email addresses even though they exist. I have 2 email inboxes in Outlook, 1 is the Integra inbox - works fine. The
other is called Mailbox - UserName - populated with folder that are and always have been empty. If I send an email to myself at [email protected] I get the following bounce back.
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
[email protected]
    Unrouteable address
------ This is a copy of the message, including all the headers. ------
Return-path: <[email protected]>
Received: from wsip-70-166-120-183.ph.ph.cox.net ([70.166.120.183] helo=PK01)
   by arelay2.integra.engr with esmtpa (Exim 4.72)
   (envelope-from <[email protected]>)
   id 1WBtMM-0005N1-Gr
   for [email protected]; Fri, 07 Feb 2014 13:53:18 -0800
Reply-To: <[email protected]>
From: "Kevin Simmons" <[email protected]>
To: <[email protected]>
Subject: test
Date: Fri, 7 Feb 2014 14:53:18 -0700
Message-ID: <F708D49EB6A64BE69891BF9C7B528529@PK01>
MIME-Version: 1.0
Content-Type: multipart/related;
   boundary="----=_NextPart_000_0050_01CF2414.572804A0"
X-Mailer: Microsoft Office Outlook 11
Thread-Index: Ac8kTwKRc8hlRKNXSlye9E4r5UyfJQ==
X-MimeOLE: Produced By Microsoft MimeOLE V6.3.9600.16384
This is a multi-part message in MIME format.
------=_NextPart_000_0050_01CF2414.572804A0
Content-Type: multipart/alternative;
   boundary="----=_NextPart_001_0051_01CF2414.572804A0"
------=_NextPart_001_0051_01CF2414.572804A0
Content-Type: text/plain;
   charset="us-ascii"
Content-Transfer-Encoding: 7bit
test
Thanks!
Kevin Simmons
Project Manager
4515 S McClintock Dr. Suite 206
Tempe, Arizona 85282
p 602 283 1620
f 602 283 1621
c 480 702 9687
[email protected]
------=_NextPart_001_0051_01CF2414.572804A0
Content-Type: text/html;
   charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META content=3D"text/html; charset=3Dus-ascii" = http-equiv=3DContent-Type> <META name=3DGENERATOR content=3D"MSHTML 11.00.9600.16476"></HEAD> <BODY>
<DIV><FONT size=3D2 face=3DArial><SPAN=20 class=3D831025321-07022014>test</SPAN></FONT></DIV>
<DIV> </DIV><?xml:namespace prefix =3D "o" ns =3D=20 "urn:schemas-microsoft-com:office:office" /><o:SmartTagType=20 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"PostalCode"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"State"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"City"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"place"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"Street"></o:SmartTagType><o:SmartTagType=20
namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"=20
name=3D"address"></o:SmartTagType>
<STYLE>@page Section1 {size: 8.5in 11.0in; margin: 1.0in 1.25in 1.0in = 1.25in; mso-header-margin: .5in; mso-footer-margin: .5in; =
mso-paper-source: 0; }
P.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
LI.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
DIV.MsoNormal {
   FONT-SIZE: 12pt; FONT-FAMILY: "Times New Roman"; MARGIN: 0in 0in 0pt; =
mso-style-parent: ""; mso-pagination: widow-orphan; =
mso-fareast-font-family: "Times New Roman"
SPAN.GramE {
   mso-style-name: ""; mso-gram-e: yes
DIV.Section1 {
   page: Section1
</STYLE>
<DIV class=3DSection1>
<P class=3DMsoNormal align=3Dleft><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">Thanks!</SPAN></P> <P class=3DMsoNormal> </P> <P class=3DMsoNormal><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Kevin=20 Simmons</SPAN></P> <P
class=3DMsoNormal><SPAN style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Project=20 Manager</SPAN></P> <P class=3DMsoNormal><o:p> </o:p></P>
<P class=3DMsoNormal><IMG src=3D"cid:831025321@07022014-2937" = width=3D130 height=3D130=20 v:shapes=3D"_x0000_i1025"></P> <P class=3DMsoNormal><?xml:namespace prefix =3D "st1" ns =3D=20 "urn:schemas-microsoft-com:office:smarttags"
/><st1:Street=20 w:st=3D"on"><st1:address w:st=3D"on"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">4515 S McClintock Dr. = Suite=20 206</SPAN></st1:address></st1:Street></P>
<P class=3DMsoNormal><st1:place w:st=3D"on"><st1:City w:st=3D"on"><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">Tempe</SPAN></st1:City><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">, <st1:State=20 w:st=3D"on">Arizona</st1:State> <st1:PostalCode=20 w:st=3D"on">85282</st1:PostalCode></SPAN></st1:place></P>
<P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">p</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 602 283 1620</SPAN></P> <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">f</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 602 283 1621</SPAN></P> <P class=3DMsoNormal><SPAN class=3DGramE><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial">c</SPAN></SPAN><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Arial"> 480 702 9687</SPAN></P> <P class=3DMsoNormal><SPAN=20
style=3D"FONT-SIZE: 10pt; FONT-FAMILY: = Arial">[email protected]</SPAN></P></DIV>
<DIV> </DIV></BODY></HTML>
------=_NextPart_001_0051_01CF2414.572804A0--
------=_NextPart_000_0050_01CF2414.572804A0
Content-Type: image/jpeg;
   name="image002.jpg"
Content-Transfer-Encoding: base64
Content-ID: <831025321@07022014-2937>
/9j/4AAQSkZJRgABAQEAYABgAAD/2wBDAAgGBgcGBQgHBwcJCQgKDBQNDAsLDBkSEw8UHRofHh0a
HBwgJC4nICIsIxwcKDcpLDAxNDQ0Hyc5PTgyPC4zNDL/2wBDAQkJCQwLDBgNDRgyIRwhMjIyMjIy
MjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjL/wAARCACCAIIDASIA
AhEBAxEB/8QAHwAAAQUBAQEBAQEAAAAAAAAAAAECAwQFBgcICQoL/8QAtRAAAgEDAwIEAwUFBAQA
AAF9AQIDAAQRBRIhMUEGE1FhByJxFDKBkaEII0KxwRVS0fAkM2JyggkKFhcYGRolJicoKSo0NTY3
ODk6Q0RFRkdISUpTVFVWV1hZWmNkZWZnaGlqc3R1dnd4eXqDhIWGh4iJipKTlJWWl5iZmqKjpKWm
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+Pn6/8QA
p6ipqrKztLW2t7i5usLDxMXGx8jJytLT1NXW19jZ2uHi4+Tl5ufo6erx8vP09fb3+HwEA
AwEBAQEBAQEBAQAAAAAAAAECAwQFBgcICQoL/8QAtREAAgECBAQDBAcFBAQAAQJ3AAECAxEEBSEx
BhJBUQdhcRMiMoEIFEKRobHBCSMzUvAVYnLRChYkNOEl8RcYGRomJygpKjU2Nzg5OkNERUZHSElK
U1RVVldYWVpjZGVmZ2hpanN0dXZ3eHl6goOEhYaHiImKkpOUlZaXmJmaoqOkpaanqKmqsrO0tba3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3+Pn6/9oADAMBAAIRAxEAPwD3
uLm6wsPExcbHyMnK0tPU1dbX2Nna4uPk5ebn6Onq8vP09fb3++iii
gAooooAKKKKACq97dGzg81bae4O4DZAoLfXkjirFFAHltr8ZNKtPtNteadrU00V1OhZbdCABIwA+
+OgwPwqf/hdmg/8AQI13/wABk/8Ai68juv8AkL6t/wBhG5/9GtTKxdVp2PKqY+cJuKS0PfvB
+Xiwe
JdNFylnqHlyXE4WaeNVVVEjYU4bqBgdO1dZXA/Bz/knsP/X5c/8Ao1q76tkepF3SYUUUUDCiiigA
ooooAKKy9S1yz017ZZJ4B5twIWLzKuzIJyc/T9ak/t3R/wDoK2P/AIEJ/jQBoUVjXfibTLc2yxX1
nM006Q4W4XKhu/XtWvHIkqB43V1PdTkUAOoqhqWqRad9nDFC0s6QkFwpUMcZq6jpIu5GVh6g5oAd
RRRQB8sXX/IX1b/sI3P/AKNamU+6/wCQvq3/AGEbn/0a1Mrkl8TPnK/8WXqz2z4Of8k9h/6/Ln/0
a1d9XA/Bz/knsP8A1+XP/o1q76upbH0MPhQUUUEgDJOAKZQUVU0/UYNTt2uLUs0O8qshXAkx/Evq
voe+OKG1G3GqLpysz3JjMjKi5Ea9ix7Z7euD6GgC3RRRQB5X8atNsF8N2EosbYSy6pH5jiJd
voe+z5R8
5OOa8g/s2x/58rf/AL9L/hXtPxs/5FXS/wDsKRf+gSV4vPMfMECZyeWK9ceg9/ft+VYVdzyce5e0
ST6EKCHT9Rsbuy06zlmtrlJNskYEZx/C2Oo9q3L7Xtd1NDHdarNFbEki0sP9GgXPbamCfxJrHkiY
JEC21RIoCJwB+PWtbQfDq+I9Ua0zJFaRY+0SwjdK7HlYogf4yASSeFHJ7VMXJ6IypTqztTgz
JEC21RIoCJwB+PWtbQfDq+I9Ua0zJFaRY+nbyD
SYHQTi3Ehdc+Y2Wx+JzV6yjht2FxplxLav2ls7hoz+amvZZfh/aaZZWRtlXSzLdQx+TaHd/F
SYHQTi3Ehdc+Y2Wx+JzV6yjht2FxplxLav2ls7hoz+96R2
yXb3GB9etUPFPw2sLiALa2NppusAn7NdQKVt7xv+ecqnO1j2Jzz0J6Vp7N9Gdbwc0rxm7nPa
yXb3GB9etUPFPw2sLiALa2NppusAn7NdQKVt7xv+F8Tv
E2hsqXzjW7MdVmwlwo/2XAw30YfjXsvhvxRpXivTftulXBdVO2WJxtkhb+669j/PtmvmaONWVsxy
W8qMUkjPDRupwykeoIIq3pesal4a1ePV9OkC3CYVweEuE/55yD09G7GlGo07MzoYyUZclUS6/wCQ
vq3/AGEbn/0a1MqG3vV1GS7vVjaIXF3PL5b9U3SMcH3GamrKXxM4K/8AFl6s9s+Dn/JPYf8Ar8uf
/RrV31cD8HP+Sew/9flz/wCjWrvWZUUsxCqBkknAArqWx9DD4UDMqKWYhVAySTgAV8/eNvFv9uX0
1hoWo6iukgss9x9sc/aieqoCeIx69+3HW98QPiA/ieSXR9HlZNEUlZ7hDg3hHVVP/PP1P8X068no
+j6h4i1aPR9HjUzkAyysP3dtH/eb+i96zlN35YnFiMRJy9lR3J9Gi8U+INVi0bRtd1nztoMk
+hv5P
LtY+m5sH8l7/AEr3bRPB1pokMQTUNUuJwyyTTTXjkzuMfM4zg5wOOmOKn8K+FdO8I6OthYKW
LtY+Zjvn
uH5knfuzH+nQDgVuVcVZanVSpuEbSd2FFFFUanmfxvcR+EdOdui6nGT/AN8SV4zaRMkW+Ufv
uH5knfuzH+nQDgVuVcVZanVSpuEbSd2FFFFUanmfxvcR+pPmf
2J7fhXsnxvCS+E9MTcP+QrETg+ivXkeR6isKu55OYv30vIr3sqwQCZ/uowY/QV7r8KfDDaL4
2J7fhXsnxvCS+E9MTcP+QrETg+Ttb2
9jxqN6puHDDmMPg7frjbn6Adq8JvIBdi2te091DEfozgH+dfUt1fpZ3FhAqqVuZjDndjYAjN
9jxqN6puHDDmMPg7frjbn6Adq8JvIBdi2te091DEfozgH+n/x3
H41VJaXNcuguRyK3iD/V6d/2EIP/AEKtK5toby2kt7iMSQyLtZT3FZfiB0MenfOv/H/B3/2quajq
K2MEcoCvvnihxuxje4XP4ZzWp6J4B4+06TR/HMsUuSbuISFz/wAtSvAf6suAfVkY96wSARgj
K2MEcoCvvnihxuxje4XP4ZzWp6J4B4+Ir0z
44WUZTw7qiFfMju2tmweSroT+hX9a8zyPUVz1V7x4mPhy1brqZcGbLWXt+fJuU8xP95eo/LH
44WUZTw7qiFfMju2tmweSroT+hX9a8zyPUVz1V7x4mPhy1brqZcGbLWXt+5VqV
Q1PC/ZJ/4orhOfZvlP8AOrryLGAzfdzgn0+tQ9Tmn7yUj234PMqfDuNmIVRd3JJJwAPNauJ+IHxA
bxNJJo+kTFNFVik9wpwbwjqqn/nn6n+L6deStPE2oXPg1PDcG6200XE73Mit811ukYhBjomO
bxNJJo+vr06
daNxGWg8qNQCcBT2T0P4VrKelkejXxfLFU4PXq+xoaPo+oeItWj0fR41M5AMsrD93bR/3m/o
daNxGWg8qNQCcBT2T0P4VrKelkejXxfLFU4PXq+xoaPo+vevo
Twr4V07wjo62FgpZmO+e4fmSd+7Mf6dAOBXL/By50h/CLWtlAIdSt5MakGO55JT0kJ7qw6en
Twr4V07wjo62FgpZmO+e4fmSd+I7V6
JVwikjqw1CNKGmrfUKKKKs6QooooA8n+M+laZZ+G9PuYrC2ilk1WMPIkQDNlXzk98mvKPs0H
JVwikjqw1CNKGmrfUKKKKs6QooooA8n+M+laZZ+/PGP
/vkV7F8cE8zwjpyZxnU4xn0+SSvHLaYzQgtgSL8rj0Ydawq7nk5hfnTXYjljtoJ7KV4YvLS8gL5U
Y2+Yuc+2K+k73wlpM11p8kOk6eEhnLyjyFG5fLdcdOeSp/CvmzUYRc2hgPHmELn0zX0J8N/E
Y2+Yuc+2K+x8Q+
EbE3T/6fDEEmB6vtO0t+YIPuPpVUnpY2y+d4OJNrvh3RY47DZpNku6+hU4gUZBbp0qzqnhLSrm2i
S20iwV1uIXb9yo+VZFLdvQGrXiD/AFenf9hCD/0KtZ3WNGd2CqoyWJwAPWtT0Dxr4z2Ok2Nt
S20iwV1uIXb9yo+4fs7
SxtIJ571pG8uJVJRIznoOmWFebfZoP8AnjH/AN8iul+Imqtr3jwT5PkWdsEhQjoHOQT7sPm+jLXP
1z1X7x4uPnerZdDM1OGER20SxIGluEUYXsDk/oKvPbxPEYtoEZPzKvAPsaoA/bdcRwcw2qEj0LNw
D+Wf8mtSoZzTbikvmUtPFxDAi3ETJFM8ptZD0lVXKsM+qnqPQg1dr0fwp4Th8X/B1bPcsV7D
D+Wf8mtSoZzTbikvmUtPFxDAi3ETJFM8ptZD0lVXKsM+e3Mt
ncEf6uUStjP+yehHoa83AmjklguYWguoHMU8LdY3HUf4HuMVU421N8VQ5LTWz/MvaHrl34X1
ncEf6uUStjP+6DWr
NWfyxsuYFP8Ar4SeV/3h1X3HvX0npuo2ur6bb6hYzLNa3EYkjkXoQa+X67b4YeLf+Ef1caHeyY0v
UJM27MeILg/w+yv+jfWqpz6M3wOIt+6l8j3Siiitz1QooooA81+Nn/Iq6X/2FIv/AECSvF5YzHJ5
yHbnhj2+p9q9o+Nn/Iq6X/2FIv8A0CSvH6wq7nkZg7VF6FWaYARCQGM+YvXofoa6Pwj4ki8N
yHbnhj2+p9q9o+6o32
qd4dOuH3/aYvmazlxjeV/ijYAB19ge1c89tcyXFpbWMPnyz3CRxwbgu5j0AJ4H48U65VLG6NtqNo
9hdA8xXcXlt+GeD9QTUxutUY0XOnapBaHuur+LrNbfTRevGWN3DKk1mfPimUHOV25I+jD6E1
9hdA8xXcXlt+GeD9QTUxutUY0XOnapBaHuur+LrNbfTRevGWN3DKk1mfPimUHOV25I+R8Ye
OLO004PcPFI8mfsukxzK0lw3ZpypwkY6kd+5P3a8UWJbbDWM89qHlUsLWdowxzwcKQM+9NMW
OLO004PcPFI8mfsukxzK0lw3ZpypwkY6kd+5P3a8UWJbbDWM89qHlUsLWdowxzwcKQM+n2YZ
pPIQsdzvKwLMfUk8k1o6qtodkswjy+6ncsPdNJPNcXlyJ7y5kaadxyXduuAO3YDsAKakN5qN
pPIQsdzvKwLMfUk8k1o6qtodkswjy+1BY2
ls8tzcvsht1+9Kff+6o6k+laug+Gtc8TOq6JpjC3Y4N7cIYoFHqCRl/oor2/wX4C0/whA0oc
ls8tzcvsht1+9Kff+6o6k+laug+3mqT
DE97IoDEf3UH8K+w/HNTGDbuzGjhZ1Jc9TT8z53srOWx+1W1wyPcRXMscrp0Zlcrx7cce1Wq
DE97IoDEf3UH8K+fdf8
hfVv+wjc/wDo1qZWct2cdf8Aiy9T2z4Of8k9h/6/Ln/0a1Y3xa8IEqfFmnREywoF1GJBzJEO
hfVv+kgH9
5O/qv0FbPwc/5J7D/wBflz/6Nau9ZQ6lWAKkYII4IrptdWPe5FOnyy2aPlUEMoZSCpGQR3FNliSe
JopBlWGDXR+N/CZ8HeIPKgQ/2RfMz2Tdom6tCfp1X247Vz9c0k4ux4NWnKjPlZ7Z8MPGT+IN
JopBlWGDXR+LbSt
Sl3avYKA7HrcRdFl+vZvf6iu+r5bsr+80fVLXVtOYLe2jbkBOFkU/ejb2Yce3B7V9IeHdes/
Sl3avYKA7HrcRdFl+vZvf6iu+r5bsr+Euh2
2q2LHypl5RvvRsOGRvQg5FdEJcyPZwuI9tDXdGpRRRVnUea/Gz/kVdL/AOwpF/6BJXj9ewfGz/kV
dL/7CkX/AKBJXj9YVdzx8x/iL0Lug/8AI4eHf+wpB/OvpW8sbTUIDBe2sFzCesc0YdT+Br5q0H/k
cPDv/YUg/nX07V0vhOrL/wCF8ziNV+FvhO7MDW/h3T42FwjS7E8vKZ+YfLWvp/gXwppcgksvD2mx
SDo/2dSw/EjNHh3xpovim/1Sy0u4eSbTZfKnDJtGckZX1GVPNc3qfxq8IaRqt5pt098J7SVoZdls
SoZTg856Vodx6IAAMAYAqte2n22DyvtFxB8wO+B9jfTPpWLN478OQeEU8UPqSf2TIPklAOWb
SoZTg856Vodx6IAAMAYAqte2n22DyvtFxB8wO+ONoX
ruyCMexql4X+JnhvxdNc2+nTzpdW8Zle3uItjlB/EB3HT86AMG2+Dei3P2i4vbnWI55bqZyF
ruyCMexql4X+JnhvxdNc2+vOCD
IxB6dxg/jU//AApXw1/z/a1/4G//AFq6K08daLe+CpfFkLTnS4ldmJiw+Fbafl+oqtd/Ejw/Zm3E
rXWZ9M/tVNsJP7jGf++valZEOnB6tIk8G+Eo/DVgIIri/Ecc85SGW43qVaRtrEY6kYP1rqq81tfj
n4Nu7yK1ibUDLK6xqDanqTgZ5qfVPjT4R0jVrzTLlr/7RaTNDLstiwDKcHBzTLOh8SeDNO8U2k9v
qE975cuGVUuGCxuPusq9AQea5Sw+DWgSWaG+/tSO5GVkCagxViDjcPY9cdRnFdDe/Efw5p3h
qE975cuGVUuGCxuPusq9AQea5Sw+DWgSWaG+Oz8S
XVzLFZXv/HvGYz5spyRgJ+H0qnY/FjwrqPh7UdZgnuPK07b9pgaEiZAzBQdvcZPUGlZEuMXuin/w
pbwr/wA9tW/8Dnq3pXw+tvDN6i6Rdap9huWJuYvtzAq+OJPfptI+h7Gqel/Gvwjq+q2um2rX5uLm
ZYYw1qQNzHAyc8danv8A4x+DtO1+TSJrycyRTCCa4SEmGJ84IZvY9SMiiyBRitkd9RSAhlDK
ZYYw1qQNzHAyc8danv8A4x+DtO1+QQRk
Ed6KZR5t8bP+RV0v/sKRf+gSV4/XsvxK0TXvENjYWEB02NDqSNC0jyZOFfG7C+npXH/8Kh8Y
Ed6KZR5t8bP+f8/e
hf8Afyb/AOJrKpByeh52Mw9SrNOC6HL6D/yOHh3/ALCkH86998ca8PDPgrVtW3ASQQN5We8jfKn/
AI8RXlUPw28U6LrWjX9xcaM6xahCwWOSXJbPHVelem+JPCbeMtHtLDWbjyEhuluJY7Q5SYLn
AI8RXlUPw28U6LrWjX9xcaM6xahCwWOSXJbPHVelem+CksM
455qqaaVmb4SlKnT5Zb3PD/hdr+h6J458ORabePLJqdi1pqgdGUC5LF1OT15IXI9PerMniHxX4a1
Lx/qGiaZp91pqatILuS4Qu0RJIBCgjK888GvafFHgjTPE2n21uf9BltrlLmG4to1Do6dO3TmjSfB
Gn6Y3iHfLJdRa7O81zHKBtG4EFRjtyas6jyWDQrXSofhZpst3DqGm3N9NdSSqP3UkrbWQAHsM4wf
f6V6pq1v4VXxfFNOLdfExsJBbDcQ7RYbPA4P8XXnrWbB8J9JXwR/wi11fXlzaxTm4tJ2KrLat/sE
D1J6+pqTwt8MNP8ADmoXWp3Gp3+q6pPCYBd3sm5o4z2X/GgDxrSZPHQ+B90lpBpJ8M+VNvdy
D1J6+pqTwt8MNP8ADmoXWp3Gp3+ftG3
ed2OcZznHFdt4cAPxL8CgjI/4RJP5Gu4sfh5Y2Hw6m8GJe3LWkqSIZ2C+YN7Fj2x3qWw8B2Wn+IN
H1dLy4aXS9MGmxowXa6D+I8daAOd8Hov/C7PHo2rgR2mOOnyVy3h0eOD4w8bf8IpForwf2vJ
H1dLy4aXS9MGmxowXa6D+5x1D
du3ZONu3tivV9L8J22leLta8RR3Mzz6qsQkibG1Ni4GO/wCdcjffBuC61rUdTtvFWuWDX9w1xLFa
zBF3E57devegCldx3dx8ZPBcPiOO1NxHpMsgSIZh+0/Nu2A+gAI+grtrS28KJ48v3thbjxK9
zBF3E57devegCldx3dx8ZPBcPiOO1NxHpMsgSIZh+qv2p
VJ3mLIwSOn93nr0rM1L4Y6fq3hjTdKu9T1F7zTWZ7XVfN/0lGJyfm7jp+Qq14L+H2n+DZby7S7u9
Q1O8x9ovbt90jAdB7D/PYUAYPw2Rf+E3+IXyjjVFxx04auM+y6p4e0rXLzRBpPinwJPdS3F7bsds
0YyC4zwcqMc89M4r2DQPClt4f1fXNRguJpZNXuRcSq4GEIzwuO3PeuRv/grpF3qt1PBq+qWenXk3
nXemQTbYZWzkjHYH9O2KAPQtLmtrjSbOazXbayQI8K4xhCoKj8sUVYhhjt4I4YUCRRqERR0UAYAo
oAcVVsblBwcjI6GloooARlVsblBwcjI6GloooAKKKKACiiigAooooAKKKKACiiigAooooAKKKKAP
/9k=
------=_NextPart_000_0050_01CF2414.572804A0--
beyond that - the Global Address Book does not update!

Active Directory Binding

When binding a computer to Active Directory the plug-in asks for the AD forest, AD domain and computer ID. My assumption is that the computer ID is the Active Directory user ID and it needs to be unique for every computer you bind to AD. Is this correct?

OK, here's the deal.
"After I click on bind, I have to enter a nettworkadministrator name and password"
Yes, your Windows admin, has to make your AD ID a "Domain Admin (adding machines into AD), if he will and knows how to. When you input your AD name and password, it will work.
Now, you could also do this with the Win Admin in front of you, when he is in front of his PC, controlling the Win 2003 / AD server, or in front of the actual server.
My guess is he has not created the "container / object name", just ask him to do it just as he would for a Win PC being added to the AD domain, what is he using to name the PC's, they should not be "User names", but Unique ID's, like Asset tag info, as long as they are unique.
Now I also suspect, the Fully Qualified Domain Name, FQDN. It must be used in the Active Directory (Directory Access) app. Don't worry about forest, it is automatic. The admin or someone, must know the FQDN, ours is something like, LA.AD.'companyname'.ORG
Once you know this and are sure it is correct, go to a PC and do Start, RUN, CMD, to get a dos / command line:
and do: ping 'your FQDN here'
if the DNS in AD is working properly, it will return an actual IP address, if this happens, then we know the FQDN is correct and the name is being resolved by DNS in AD and that it won't be an issue with OS X Directory Access.
Also, take anything out that you might have in OS X "Network" prefs pane on DNS, even if it is right , not needed to bind, but if it is wrong, won't find the AD server.
And the network time must be right, AD is picky about this, if your Mac is even minutes off, it will not Bind, but it will also give you a Message saying your Mac time is off.
In Sys Prefs, Date/Time, I input the internal AD server, FQDN, not the Apple's time server (since I think the Win Admins are blocking NTP outgoing), plus you want your time synced, internally anyhow.
Just some tips that got AD working for us.
E-mail me if you have any further questions, I am sure we can get you bound to your AD server, I can email you some screen shots if needed.
[email protected]
Power Mac G5 Dual 2.0 Mac OS X (10.4.7)
Power Mac G5 Dual 2.0 Mac OS X (10.4.7)
Power Mac G5 Dual 2.0 Mac OS X (10.4.7)
Power Mac G5 Dual 2.0 Mac OS X (10.4.7)
Power Mac G5 Dual 2.0 Mac OS X (10.4.7)

10.5.3 and Active Directory Binding

Hi gang!
Ever since I updated to 10.5.3, I am having all sorts of issues with AD binding to our domain now.
I'll try to keep it short...
It started with a Kerberos prompt from Entourage 2008. I was prompted with an update Kerberos window to enter my password. Entered my password but got an error that my password was invalid.
Navigated and opened the kerberos.app and noticed no ticket. Tried to create a new ticket. I was prompted with my account does not exist.
Opened directory utility and saw that my AD domain was red and my server was not responding.
Tried to unbind, got an error that the account and every other account I tried was invalid, again. Could not unbind even after restarting a few times.
So I decided to reset everything by deleting the DirectoryService directory from Library/Preferences and restarted.
Re-entered all my company information to now get an INVALID ERROR!
I cannot bind now no matter what information I enter.
And if it does pass all the steps and bind, the forest information and domain administration is not entered or received. Red dot server not responding.
I even reinstalled 10.5.3.
Still cannot bind.
Anyone know what gives?

Ok here is what I did to fix our AD/OD issues.
Login in as root.
Unbind both AD/OD and delete them.
On the Mac Server remove all three entries pertaining to machine in OD.
machine$, machine.local, LKDC......
from a terminal you can type with no quotes "dscl . -read /Users/Admin AuthenticationAuthority" to get the Hash value.
On AD delete the machine record for the computer your trying to bind (if it exists)
Delete contents of /Library/Preferences/DirectoryService (not the folder!)
Delete system keychain /Library/Keychain/System.keychain
Empty Trash
Open up Terminal Go > Utilities > Terminal
type with no quotes: "sudo rm -fr /var/db/krb5kdc"
Then type with no quotes: "sudo /usr/libexec/configureLocalKDC"
this will recreate the Hash value for the machine.
Reboot (Important)
Login as root.
Open directory Services.
Bind to OD, then to AD.
Under services make sure your "/Active Directory/All Domains" is higher than your OD record if you want authentication from AD.
Open up your Date & Time preferences and sync clock with your AD server.
Reboot.
Login. (It did take awhile before I could login, about 5-15 minutes)
I hope this helps.

Operation Not Supported Exception in JNDI/Active Directory

Hi all,
When i am trying to change password or create user from JNDI program
on Active Directory i am getting OperationNotSupported Exception.
I wonder i am doing a common mistake in both functions.just when the execution comes to
ctx.createSubcontext("cn=surendra,cn=Users,DC=ABSI,dc=pcs",attrs);
in createUser method and
ctx.modifyAttributes(userString, ctx.REPLACE_ATTRIBUTE, testAttrs);
in changePassword method i am getting the below exception.
javax.naming.OperationNotSupportedException: [LDAP: error code 53 - 00002077: SvcErr: DSID-031D0AAB, problem 5003 (WILL_NOT
_PERFORM), data 0
]; remaining name 'cn=surendra,cn=Users,DC=ABSI,dc=pcs'
at java.lang.Throwable.fillInStackTrace(Native Method)
at java.lang.Throwable.fillInStackTrace(Compiled Code)
at java.lang.Throwable.<init>(Compiled Code)
at java.lang.Exception.<init>(Exception.java:42)
at javax.naming.NamingException.<init>(NamingException.java:106)
at javax.naming.OperationNotSupportedException.<init>(OperationNotSupportedException.java:50)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(Compiled Code)
at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:657)
at com.sun.jndi.ldap.LdapCtx.c_createSubcontext(Compiled Code)
at com.sun.jndi.toolkit.ComponentDirContext.p_createSubcontext(ComponentDirContext.java:341)
at com.sun.jndi.toolkit.PartialCompositeDirContext.createSubcontext(Compiled Code)
at com.sun.jndi.toolkit.PartialCompositeDirContext.createSubcontext(PartialCompositeDirContext.java:258)
at javax.naming.directory.InitialDirContext.createSubcontext(InitialDirContext.java:183)
Your help is needed to go ahead......
Thanks in advance
Naga

Hi!
I just happened to stumble across your post today looking for something else, but...
Are you aware that you can only update a password ActiveDirectory/LDAP with a secure network connection? A certificate must be installed on the domain controller and tied to AD, and then the client must support an SSL connection to AD for LDAP. The other attributes in the schema do not have this restriction and can be updated without a secure connection.
Joel Mussman
Smallrock Internet Services

Tomcat 5 JNDI Active Directory

Hi:
I've been trying to use JNDI to allow my java applications to log using the Active Directory information. I am using the Tomcat 5 and i hava a Windows 2003 server that holds the AD.
I edited the server.xml file of tomcat conf like this
<Realm className="org.apache.catalina.realm.JNDIRealm"
     connectionURL="ldap://[server ip]"
     userBase="CN=Users,dc=yage,dc=com,dc=ec"
     userSearch="(userPrincipalName={0})"
     userRoleName="member"
     roleBase="CN=Users,dc=yage,dc=com,dc=ec"
     roleName="cn"
     roleSearch="(member={0})"
     connectionName="CN=[username],CN=Users,DC=yage,DC=com,DC=ec"
     connectionPassword="[password]"
     roleSubtree="true"
     userSubtree="true" />
But everytime i stop and restart the Tomcat it doesn't respond, it just hang for a while and then tells me that the server cannot be found
Anyone knows if there is anything that i am missing to do ?
I am really knew to all of this J2EE stuff so i really need help
Thanks

I am trying to do something similar. I found that the org.apache.catalina.realm.JNDIRealm class doesn't seem to pick up the connectionURL attribute. Make sure you use the alternateURL attribue as well.

Failed JNDI - Active Directory binding

Similar Messages

Maybe you are looking for