Few users are unable to sign in after we added 2 more front end servers in existing pool?
Hello,
We have recently extended the Lync 2010 Enterprise pool with 2 Front end servers. Now we have totally 6 Front end servers.
After this change some users are unable to login. Error message: "Cannot loggin as server is temporarily unavailable"
Captured, client logs and received the following:
ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from URI";
We have the following security settings on the newly added front end servers:
Network security: Minimumsecurity for NTLM SSP Based clients - set to - Require 128-bit encryption
In other existing front end servers, it has been set to - No minimum.
Questions:
1. Is that the issue for signin failure?
2. Do we need to change this option to - No minimum in new servers and reboot it?
Please advise. MUCH THANKS.
Hello
Those clients running in Windows 7 OS. And the error is different:
"Cannot loggin as server is temporarily unavailable"
Thanks
Similar Messages
-
Few Users are unable to open reports from workspace
Hi ,
Few users are nt able to open reports from workspace. Can anyone let em know what all privalleges we need to give for the users who want to open reports.
Thanks in AdvanceIn general if a user can see a report and cannot open, this should be related with the application security that the reports' grid is connecting.
If opening request from users are failing with an error, please paste the error here,
Sometimes reports may be open with blank pages or no data, make sure users have necessary access to data...easy way to check this, connect to application and try to retrieve data from application, Lets say your report grid is connecting to Essbase, try if you can retrieve same grid from essbase excel add-in.
Good Luck,
Ahmet -
OCS 2007 r2 new users are unable to sign in Help!!!
a little background: we had an issue with our domain controller and had to flash a backup image that we took 2 weeks prior. after we got everything setup correctly again and added users that were not there when we took the image backup. it all seemed
fine, until we had to add some new hires. now when I add new users and configure them correctly with in OCS and active directory the user cannot sign in. from what I have read it could be a replication error, but when I try to force replication it fails. as
we rely on this service for our business it is very frustrating. I have ran the validation tool and this is what I get.
Attempting to login user using Kerberos
Maximum hops: 2
Successfully established security association with the server: User nancy Domain lj Protocol Kerberos Target sip/Fileserver.LJ.local
Failed to register user: User sip:[email protected] @ Server Fileserver.LJ.local
Failed registration response: [
SIP/2.0 403 Forbidden
FROM: <sip:[email protected]>;epid=epid00;tag=af8d4a32c5
TO: <sip:[email protected]>;tag=1A2FD46AB32C93C71252508422122A62
CSEQ: 2 REGISTER
CALL-ID: cd6769facadf4da68a88921dfc5a4807
VIA: SIP/2.0/TLS 192.168.0.23:57752;branch=z9hG4bKf130bb10;ms-received-port=57752;ms-received-cid=40200
CONTENT-LENGTH: 0
AUTHENTICATION-INFO: Kerberos rspauth="602306092A864886F71201020201011100FFFFFFFF764B3F8B7D0AE7EC1B6FE36DAA9B10B1", srand="C0091F30", snum="1", opaque="EE6E2772", qop="auth", targetname="sip/Fileserver.LJ.local",
realm="SIP Communications Service"
ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from URI";source="Fileserver.LJ.local";AuthenticatedIdentity="LJ\nancy"
ms-diagnostics-public: 4004;reason="Credentials provided are not authorized to act as specified from URI";AuthenticatedIdentity="LJ\nancy"
Suggested Resolution: Use the maximum hop count to determine the server that generated this error. For example, if the maximum hop value is 2, then it is likely that this error was generated by a server that is 1
(immediate target) or 2 hops away. If the target server supplied and the home server for the user are different check the trust relationship between them. If the target server is an access edge server then check whether the internal supported
domain list contains the domain of this user. In addition, check the forest-level domain supported list and make sure the user domain is present. Finally, run the dbanalyze tool on the home server to check whether the user is homed and
configured correctly.
Suggested Resolution: Ensure that the supplied credentials are appropriate for the supplied user. If the user has been moved recently, run dbanalyze to ensure that the user is homed correctly.
Failure
[0xC3FC200D] One or more errors were detected
Maximum hops: 2
Successfully established security association with the server: User nancy Domain lj Protocol NTLM Target Fileserver.LJ.local
Failed to register user: User sip:[email protected] @ Server Fileserver.LJ.local
Failed registration response: [
SIP/2.0 403 Forbidden
FROM: <sip:[email protected]>;epid=epid01;tag=e91f12148
TO: <sip:[email protected]>;tag=1A2FD46AB32C93C71252508422122A62
CSEQ: 5 REGISTER
CALL-ID: 9ac9e3fe41f64e6587b7e744ef4eabc4
VIA: SIP/2.0/TLS 192.168.0.23:57752;branch=z9hG4bK53b7532;ms-received-port=57752;ms-received-cid=40200
CONTENT-LENGTH: 0
AUTHENTICATION-INFO: NTLM rspauth="010000002A86488630F580CBB5BBDB1F", srand="D34E3231", snum="1", opaque="9FC5005B", qop="auth", targetname="Fileserver.LJ.local", realm="SIP
Communications Service"
ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from URI";source="Fileserver.LJ.local";AuthenticatedIdentity="LJ\nancy"
ms-diagnostics-public: 4004;reason="Credentials provided are not authorized to act as specified from URI";AuthenticatedIdentity="LJ\nancy"
Suggested Resolution: Use the maximum hop count to determine the server that generated this error. For example, if the maximum hop value is 2, then it is likely that this error was generated by a server that is 1 (immediate
target) or 2 hops away. If the target server supplied and the home server for the user are different check the trust relationship between them. If the target server is an access edge server then check whether the internal supported
domain list contains the domain of this user. In addition, check the forest-level domain supported list and make sure the user domain is present. Finally, run the dbanalyze tool on the home server to check whether the user is homed and
configured correctly.
Suggested Resolution: Ensure that the supplied credentials are appropriate for the supplied user. If the user has been moved recently, run dbanalyze to ensure that the user is homed correctly.Depending on how you rolled back Active Directory, you may have entered a situation called "USN Rollback" where your rolled back DC stops replicating with the rest of the DC's in the infrastructure.
This will cause issues like what you are experiencing, and much worse in the long term, such as machines getting dropped from the domain, and user password becoming inconsistent, since you're essentially maintaining two copies of your domain that cannot
talk to each other...
Here are more details: http://support.microsoft.com/kb/875495
I'd recommend resolving the underlying AD issue by removing the restored DC from the infrastructure (you may have to force demote and remove metadata). Once AD is 100% functional then you can start troubleshooting OCS sign in issues, but my guess is they
will resolve themselves once the restored DC is removed.
Hope this helps,
Gonzalo -
We have Lync 2013, Exchange 2010 and several AD
servers in mixed mode 2003/2008.
All user are unable to see their own profile photo
either in the main Lync window, in the settings or in a chat although other user can see that their photo is there and displaying. The user experiencing the issue can go open Outlook 2013 client and will see their photo displaying correctly in the file menu
(and elsewhere) here.
I have confirmed this happens with any new users I set up as well. We have gone through a fair amount of troubleshooting with other Lync photo issues and simple fixes such as deleting the SIP cache folder etc proves to be ineffective.
Our Cs-ClientPolicy Global is set to websearchonly.
We have "Replicate this attribute to the Global Catalog" set
for the ThumbnailPhoto attribute in AD.
We are also forcing photos from AD only (or no photo) by setting the following:
"Set-CsClientPolicy -Identity PhotosControl -DisplayPhoto
PhotosFromADOnly"
and finally we are importing the photo in ad using this PS command:
"Import-RecipientDataProperty -Identity "Test User"
-Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\testuser.jpg" -Encoding Byte -ReadCount 0))"
The pictures being uploaded are under 10KB in size.
I have followed many threads and will provide any information I can to help find the problem. Thank you in advance.
EDIT: I have also tried the following but with no success: https://knowledge.zomers.eu/misc/Pages/How-to-fix-your-photo-not-showing-up-in-the-Lync-client.aspxHi Jdentremont,
Lync client gets user photos by first querying the Address Book Web Query (ABWQ) service on the server, which is exposed through the Distribution List Expansion web service. The client receives
the image file and then copies it to the user's cache to avoid downloading the image each time it needs to be displayed. The attribute values returned from the query are also stored in the cached Address Book Service entry for the user. The Address Book Service
deletes all cached images every 24 hours, which means that it can take up to 24 hours for new user images to be updated in the cache on the server.
To troubleshoot your problem, please follow the steps below:
1. Navigate to
“X:\share\1-WebServices-1\ABfiles\000000000\000000000” folder. (ABS file share)
You should see some photo files in this folder as the following screenshot.
2. Delete all the files in this folder.
3. On test PC, delete local cache files.
%userprofile%\AppData\Local\Microsoft\Office\15.0\Lync\[email protected]
4. Sign-in Lync with the test account.
5. Go back to the ABS file share, check if there is any Photo file in the folder.
Best regards,
Eric
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Windows Server 2012 R2 RDS: RDS Users are unable to delete files from their desktop
Hello,
We are working with Windows Server 2012 R2 RDS. We also implemented User Profile Disks. This is all working fine without problems. The only issue I have is that normal users are unable to delete files from their desktop. They are getting a message:
you'll need administrator permission to delete this file, with the prompt for administrator access.
They can edit, copy, rename, cut and paste files. But they cannot delete a file from their desktop.
I checked the security permissions of the files on the desktop (for example a normal self-created PDF file) and the users are owner and have "Full Control" over the files.
I checked the file permissions and took a look under "Advanced", selecting the specific domain user and checked the "Advanced Permissions" and the user has the "Delete" option checked. So he should be able to delete the
file.
I am guessing this is UPD related issue, or something in GPO. But I already unlinked the GPO objects, that I felt could be the source of this problem, but without results.
Could someone give me a hint on where to look? It's kinda annoying to users, that they can't delete their own files.Hello Bria,
What you should check first, is the NTFS permissions on the User Profile Disk to begin with. See if the user has full control over the items that are in the UPD.
Also check the GPO's that are enabled for the user and computer account. You can check that by running: gpresult /h <path>\gpresult.html
There are two GPO settings that could prevent the user from deleting his/her own items:
User
Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows Explorer\
Hide these specified drives in My Computer
Prevent access to specified drives in My
Computer
There might be other GPO settings, that block deleting items on the UPD, but can't think of any out of my head.
I can only think NTFS and GPO settings that might prevent the user from deleting items. In my case it was a GPO setting, that I didn't suspect. -
PC Users are unable to check Outlook while my (mac) Mail is open
Ever since I upgraded to 10.4, whenever I have my Mail application open, the PC users are unable to check their IMAP mail through Outlook. The PC Users and myself are all using different accounts, but are checking the same server.
At first, this seemed like it was a coincidence... but then I shut my powerbook and they could check their again. I have to use a web mail client to check my email when I am on the network at work.
Any ideas to resolve this issue? Mail is set to check every 5 minutes.AA8 and AA9 allow Reader Rights so the user can save the form. This is restricted by the license to 500 uses. In the long run, the only advantage of the Reader Rights is for your users, not for you. You can always import the data into the form and have the same result as they had in the form. It is not necessary to transmit the full form to you, only the data. If you were developing a web form that would likely exceed the 500 uses, you would have to negotiate a price with Adobe for Reader Rights (thousands of $$ should be expected).
If saving is important in a company environment, not online, then you may want to read the EULA carefully as to the exceptions. You will still have to have at least AA8.
I guess the printing problem was answered. -
Not all users are displayed for log on after a reboot or startup...
Problem summary: Not all users are displayed for log on after a reboot or startup...
This problem only occurs after a fresh start-up or restart. The only users displayed are the initial (admin user) and "Guest". Two other (non-admin) users are not shown for log on.
To work around this problem and get them to log on we have to log on as the admin user, then we can see the other users in the Fast User Switching menu (top right-hand corner of the screen), listed under the current logged on user. After selecting the non-admin user we can log in and use the laptop as normal.
If we lock the screen, use fast user switching or log out all users; all users are available for log in, until a reboot is done; at which point the non-admin users disappear again and we have to log in as the admin user and use fast user switching again.
The laptops are both brand new MacBook Airs. The initial configuration of Mac OS X Yosemite was done using the Apple ID of the purchaser (parent) and then the OS was patched, immediately, through the App store (no further updates available as of the date of this posting). After this Family Sharing was activated and new users set up for the two children who will be using these laptops.
Has anybody else experienced this problem with Yosemite?
Cheers,
David.David,
Users not enabled for FileVault unlock are only able to log into the computer after an unlock-enabled user has started or unlocked the drive. Once unlocked, the drive remains unlocked and available to all users, until the computer is restarted.
FileVault has to be On.
To Enable the users to be able to unlock FileVault Go to:
System Preferences > Security & Privacy > FileVault ( Tab ) > Click the Lock in the bottom left > Put in your administrator password > Should see an option to Enable Users > Enable User.
Hope that helps,
Weston
Supporting Articles,
OS X: About FileVault 2 - Apple Support -
we are unable to sign in to iMessages, wifi connection is fine but we get the error message, pls check your network connection. Does anyone know how to fix this
there has been a big problem with facetime and imessage. The best solution for this case is to restore your device http://support.apple.com/kb/HT1414
Make sure you back it up. and I would set up facetime before you reinstall your backup and make sure its working. -
Everyone Except External users are unable to access the subsites
We have a SharePoint online site, in which we have given read permissions to
Everyone Except External Users in the parent site. Now, the users are able to access the parent site. But for sub sites, we have stopped inheriting permissions from the parent site and have given read permissions to Everyone Except External Users in
sub sites as well. But users are unable to access the sub sites. They are getting access denied message.
Can any one help me to resolve the problem?
Thanks in advance!
Anjani.Hi,
Please check below links. They encountered similar issues and they had some assets (Page Layout or master page) checked out by users in sub site due to which users with read permission could not access.
http://sharepoint.stackexchange.com/questions/75263/user-has-correct-permissions-for-subsite-but-access-is-denied
http://sharepoint.stackexchange.com/questions/90478/prevent-access-denied-error-for-domain-users
Hope it helps!
Thanks,
Avni Bhatt
If this helped you resolve your issue, please mark it Answered -
Most of the users are unable to buy apps from Indian App Store. Pl. fix it
We are fellow users here on these forums, we won't know if/when other payment cards might be added to the Indian iTunes store until if/when Apple announce something. Based on what some people have posted some Indian debit cards are still accepted e.g. Re: can i download from itunes using debit card in india ?.
If you want to leave feedback for Apple then you can do so via this page : http://www.apple.com/feedback/ -
Not sure whats going on here...
SharePoint WSS3.0 -> SharePoint 2013 Ent
Used ShareGate migration tool.
I migrated the site, and everything appears to be in place as expected. Users and groups are all assigned just like before.
But when users try to access the new site, they are prompted to request access.
Some users are in AD groups, that are in SharePoint groups, and some users are direct members of SharePoint groups. So far it seems to be groups with read or contribute access. The owners seem to be able to access the site fine.
This makes no since...?
Any ideas?
Joshua FuenteThanks, I think I may have found the issue... But it still odd, and I am still verifying if it is in fact the issue.
The old site has a visitors group, that contains an AD security group.... But that AD security group contains a DL. I know that's a problem... But it should also be a problem in the source site. (but its not)
Only thing I can imagine is that at some point the user had direct access, and it was changed to AD group. And then AD group was changed, and somehow SharePoint just didn't catch on.... (just a guess)
In any case, I am having the users added to the AD security group to see if that works.
But I will check out your script if that doesn't work.
Thanks!
Joshua Fuente -
Users are unable to print from Adobe Reader X
Hi,
Multiple users in our environment report that they are unable to print from Adobe Reader X. They receive the following error messages (translated from Dutch) Document cannot be printed. There are no pages selected.
We are using Reader version 10.1.3
What we have tried to resolve the issue (without any positive results):
- Repair the installation of Adobe Reader.
- Update Adobe Reader to the latest version for Vista (x86) (10.1.7)
- Created new user profile for the affected users.
The documents can be printed without any errors from Foxit Reader.
At the moment we use the following workaround:
Open the document in Internet Explorer, and then print the document from there.
Does anyone have any idea how we can resolve this?
Best regards,
DuncanJames,
I'm sorry to hear that you were having the same problem under 9.5. I had recently updated to Adobe Reader 10 under Windows 7 and yesterday my "default printer" simply disappeared from the options on my control panel. I re-installed my printer, but today whenever I would open a PDF document and try to print it, the document would simply close with no further ado. After a bit of trial and error, I ended up uninstalling Adobe Reader 10 and going back to Adobe Reader 9.5. Now everything is working just fine.
nlncmjd -
Users are unable to access Essbase data-corrupt group
Someone moved a hyperion user to an ldap directory group that hyperion couldn't access which seems to have corrupted the group to which the ID belongs. I got rid of the ID but the users are still experiencing problems accessing essbase data. We have 9.3.1 and I have refreshed security filters and recycled many times. Does anyone have any suggestions? Should I reimport the secfile.txt?
Where I need to check the logs in tbl Logs under Appserver?
Well, I am unable to see complete input schedule. I have unprotected the sheet still there is data N38 but able to see before row 58. unable to expand.
Kindly suggest. -
Users are unable to login (HD is located on an AFP or SMB server message)
I've searched on here, but nothing I've tried helps.
This is only happening on certain machines in a building. They have all been re-imaged multiple times. Other machines in other buildings running the exact same setup work fine. It's a 10.4.7 client trying to login to a 10.3.9 server. They get the AFP or SMB error message. They can go to another machine in the building, and login, so it's not their account.
The only thing that I've found will temporarily fix the problem is restarting the server. Right after it comes back up, they can login fine.
I've triple checked their account settings, created brand new user accounts, we've re-imaged the machines, changed computer names (worked for half a day), trashed the DCHPleases file on the server, ran all updates on both clients and server.
Help me!!!
MacBook Mac OS X (10.4.7)This error msg means that the users area is stored on an AFP volume, ie the server which needs to be mounted onto the client mac before the user logins.
What happens is the server boots up, and has share points, /Users for users area. the client then boots up and automounts this volume as /Network/Servers/servername/Users or close to that.
Then a user logs into the login window, the server authenitcates the user and tries to grant them access to the Users volume, if this volume has been unmounted then they user cant get access to thier home folder and thus cant login
This could be caused by network issues, switches, hubs, etc and the client has been cut off from the server, a reboot of the client mac should fix the issue. Then check your switches or hubs -
Few users are not showing up in Corporate directory
We have few users at a repote site who are not showing up in Corporate directory. they have UDP profile and they are logged in . i ahve compared the configration with other user of the same site who is showing up in corporate directory and config seems fine
the User is LDAP integrated in CUCM and not a local user
the corporate directory is activated as default parameter for entire cluster
Please help if we have any further things to be checked ?There was a similar issue a couple weeks ago here
https://supportforums.cisco.com/discussion/12343101/how-refresh-corporate-directory-cucm-91
Did you check if the users are not listed if you are registered at the subscriber?
this was the solution in that mentioned post:
"worked with cisco we found that the issue only occurs when the phones are registered to the subscriber server...when the phone is registered to the publisher, the directory shows the current information. this indicates and issue with the database replication between the 2 servers.
the databases have been reset and are replication is resyncing...this will take a couple of hours..."
Eike
Maybe you are looking for
-
HOW CAN I REDEEM AN ITUNES GIFT CARD IN THE US BOUGHT IN CANADA?
HOW CAN I REDEEM AN ITUNES GIFT CARD IN THE US BOUGHT IN CANADA?
-
Is there any event at abap like form_unload event of windows programming
I want to code some thing just before the user leaves the selection screen, etiher by clicking on back gui button(f3) or exit button. Is there such an event? Thanks in advance.
-
Clubbing of multiple excise invoices
Dear All, Is Clubbing of multiple excise invoice for a single commercial invoice generation for export possible in ECC6.0? Regards Subrat
-
Update partner in equipment master
Hi I want to update partners in equipment master, I can do this using FM 'PM_PARTNER_UPDATE'. But its not updating change document. So I want do this through FM 'PM_PARTNER_INIT' and 'PM_PARTNER_MAINTAIN'. Can any one tell me what are the parameters
-
I'm considering putting the 320GB WD Scorpio Black 2.5", SATA II, 7200 rpm, 16 MB cache WD3200BJKT into a friend's current model MBP 15,4". A while ago I read somewhere that the drive's built-in free-fall sensor conflicts with the one in the MBP itse