"Grouped" user cannot create Mobile account

Similar Messages

• Helpdesk Report Group Users - Cannot create a connection to data source 'DataSource1'

  Getting the following error for a User accessing the report who is a member of the reporting group. If I add them as a sysadmin in SQL they can get access. What permissions need changing for this user group?
  Cannot create a connection to data source 'DataSource1'. ---> System.Data.SqlClient.SqlException: Login failed for user

  Dave,
  For a complete understanding of the permission and groups, I would rather suggest you to do the installation of the MBAM components in a single server infrastructure in a test environment.
  Create the following domain security groups and use it during the configuration of the MBAM roles:-
  1) MBAM Advanced Helpdesk Users
  2) MBAM Helpdesk Users
  3) MBAM Report Users
  4) MBAM Read and Write Access
  5) MBAM Read Only Access.
  Create an application pool account and create a login in SQL for it. Use it only during:-
  1) Configuration of "Compliance and Audit Database connection"
  2) Configuration for All Web Applications.
  If your application pool account is not a domain administrator, the run the following powershell command to set the service principal name :-
  Setspn
  -s http//<FQDN of MBAM Web Server> domain\<Application pool account>
  Make sure the application pool account must be trusted for delegation.
  That's all you need to do. Then after the installation you can check the properties of each group in SQL to verify the rights and permission assigned during the installation.
  Regards, "Gaurav Ranjan" =========== NOTE: Mark as Answer and Vote as Helpful if it helps =======

• Cannot create mobile account

  I have to admit that I'm new to OS X server and what should have been simple isn't proving to be that way. I have managed to get one of my client laptops authenticating but now when I go to create a mobile account it works for some users but not for mine - I suspect this is because of a clash of names on the host laptop. Is this correct and how can I fix it?

  Look in the system log for clues.
  Also you can turn on ManagedClient logging from Terminal this way:
  sudo defaults write /Library/Preferences/com.apple.MCXDebug debugOutput -2
  Then reproduce the problem. The log will be here:
  /Library/Logs/ManagedClient/ManagedClient.log
  Remove /Library/Preferences/com.apple.MCXDebug.plist to stop logging (and increase performance).
  And please file a bug with Apple.

• Users unable to create Mobile Accounts

  Good afternoon.
  I have an interesting problem with the creation of Mobile Accounts.
  We have a Computer Group with its Preferences set to allow the creation of Mobile Accounts & Portable Home Directories; with due consideration given to what to synchronise and what not to. The iBooks & Mac Books in this group are all used by one staff member only. They are all running 10.4.7 and have 256 or 512 MB RAM.
  The first two laptops added to the list allowed their users to create Mobile Accounts & PHDs no problem, and they continue to work. But any other machines I add to the group refuse to allow the creation of a Mobile Account. It seems that Workgroup Manager does no pass on their changed Preferences during subsequent logons. I have tested this by renaming a laptop at its entry in the group and seeing if the name is changed on the machine at the next login. It is not, but stepping through the machine’s settings at the logon display does give me a green light for network availability.
  I can create a Mobile Account on a machine by logging on as a user and amending their account Preferences, but this does not provide the same degree of flexibility in configuring synchronisation settings.
  Has anyone else seen this problem please?
  Brian Bowell ICT Support
  [email protected]
  Tel: 07 856 6537
  Fax: 07 856 6588-- -

  The problem was an error in naming the computer group. Renaming it solved the problem.

• 10.5.3:  Can't Create  Mobile Account

  I have a MacBook Pro that authenticates to Active Directory.
  When I try to create a Mobile Account
  [ System Preferences --> Accounts --> Mobile Accounts:Create ]
  I get prompted to
  "*Enter your password to create a mobile account*"
  However, it does not accept the password, responding with
  "*Incorrect password*"
  After three attempts, I get
  "*Mobile account creation canceled*"
  and then logged off.
  I've tried both my Active Directory account password, and the local administrator password. Neither work.
  At least I can get that far; in 10.5.2, the Mobile Account:Create button was greyed out.
  Is anyone else having the same problem? Is there a fix for this?
  I'm going to be out of the office next week for a conference, and would really like to get this working before then.
  UPDATE: When trying to enable FileVault for my A.D. account, I get the following message:
  *You cannot turn on FileVault for this account.*
  *This account is either a network account or the home folder is on a server. You cannot turn on FileVault for these types of accounts.*
  This makes this problem more than a minor annoyance, as my company policy -- and plain common sense -- requires encryption enabled for laptops.
  Message was edited by: Robert Racansky

  Hi Robert
  On the Active Directory Server SMB Digital Signing Requirements (there are two: Server and Client) need to be disabled. It's not enough to leave them undefined. Once that has been done make sure client clocks are within 5 minutes of the server's time clock. In the Network Preferences Pane make sure the mac is using the AD DC for resolving internal DNS Services and the Search Domain field is filled in with the appropriate AD Domain Name. It's also advisable to fill in the WINS Tab with the relevant information for the AD..
  Launch Directory Utility and select the Services Icon (click Show Advanced Options to see this). Select the Active Directory plug-in and click the disclosure triangle to show Advanced Options. Leave everything as the default and select 'Create Mobile Account at Login'. Fill in the Active Directory Domain field with the relevant information. For example if the AD's FQDN is adserver.addomain.com then the information should be addomain.com. Now click Bind. In the resulting window key in authentication details for an account that has authority for the AD Domain. Typically this would be the AD admin account name and password. What follows next will be a 5 step process. Depending on how well the AD has been configured this should take anything from 5-10 seconds and possibly 1-2 minutes. If it takes a short time this will be a good sign as to the 'health' of internal DNS Services as well as the AD configuration. The longer it takes the more the likelihood of problems.
  By the way there is no magic fix for integrating/binding mac clients to an AD Server. Over 90% of how well this goes will rest with how well the AD is configured.
  If the bind has been successful you should see a Kerberos TGT (ticket granting ticket) has been created in /Library/Preferences. It will be a file called edu.mit.Kerberos. You can inspect this and it should show the relevant details regarding the KDC (Kerberos Distribution Center). If you now log out you should see the Log in window display the local admin user as well 'Other'. It should look like a shadowed head and shoulders in front of a star field. Select this and supply your AD name and password. Provided the AD admin has defined a UNC path in the Profiles tab for your account on the AD Server for home folder creation and that you have full read/write privileges for that folder then you should be logging into your locally created home folder that also gets created at the same time on the AD.
  Its best if you sync when logging out as there have been problems syncing at other times. Mileage may vary.
  Hope this helps, Tony

• 10.4.11 - Can't create mobile account

  I reimaged one of our powerbook G4 laptops and ran S/W update getting it to version 10.4.11. After rebooting I could not create an Active Directory mobile user account. Tried all the normal things - repair permissions, rebind to AD and reboot, even trashed the edu.mit.kerberos file and all plists in /Library/Preferences/DirectoryService and rebind from scratch. I probably trashed the mcx settings in NetInfo Mgr, but I don't recall for sure. Also the 'ol reset-nvram and reset-all in OpenFirmware. Nothing helped - kept getting the "can't login, users home folder is on an AFP or SMB share". When I logged in as my local admin user, I could connect to the homefolder path using the mobile-user's credentials (with Kerberos).
  My solution was to reimage the laptop again (ver 10.4.10), bind to AD & reboot, create the mobile account and then run S/W update to 10.4.11.
  I'm not really looking for a solution here, just a warning to people that you may not want to create images at 10.4.11 if you use mobile accounts. I plan on using my 10.4.10 images for the time being.
  Ta ta,
  JHL
  P.S. I haven't tried this yet on our iBooks, eMacs or iMacs.

  Similar issue...
  Updated an iBook G4 today to 10.4.11. After reboot it logged in with a Network Account (not mobile account this time - AD set to not create mobile account and to not create local home). I unbound from AD, rebooted and created a NetRestore image. Rebound to AD, set the Authentication order and rebooted. Now the network account wouldn't login - gives the Can't login now, homefolder on an AFP or SMB server error. (homefolders, sharepoints and permissions just fine.)
  Now for the strange part... I got sidetracked for about a half hour, then I went back to the iBook and the Network account was able to login again. After several unbinding/reboot/rebinding/reboot processes, I narrowed it down to it takes about 11 or 12 minutes after binding to AD for the network account to login properly.
  I had another tech install the 10.4.11 update on an eMac and the logins worked ok. But when I had him unbind/reboot/rebind/reboot, he had the same 11 to 12 minutes before a network account can login (same error.)
  Now for another strange part... he tried unbind/rebind again, but left AD 3rd in the Authentication order (after NetInfo and LDAP for OpenDir). The network account could login right away - these are AD useraccts.
  In my experience since 10.3, I've always had to put AD before LDAP/OD in the authentication order for the user-acct to authenticate name/password to Active Directory properly. I plan on trying this with the iBook tomorrow.
  My homefolders for these accounts are on x-server running 10.4.10 (haven't been brave enough to update the servers yet.)
  Has anyone else experienced these 10.4.11 anomolies with network or moble accounts? Either with 10.4.10 or 10.4.11 servers?

• Retroactively create mobile account at login?

  Hi all,
  With one laptop configuration, after binding to AD, I overlooked the "create mobile account at login". This resulted in the main user of this laptop being able to authenticate only if they're connected to the LAN.
  How could one retroactively allow an AD account to be mobile once it's created? The obvious step of checking the proper enable box does not retroactively change the mobile status of an existing account.

  I learned that I'd misunderstood the problem- it was that no network accounts could authenticate on this machine, and the only way the main user could authenticate was to go off the LAN, not on.
  It was a clock time skew. I discovered it while trying to unbind from AD, and got an error regarding time. AD was disallowing network logins to the machine, and it was only the mobile account that was working.

• Cannot create an account to register my printer and acquire my password

  I have a HP Photosmart Plus wireless printer. I cannot create an account to register and acquire my password. It tells me my email address is incorrect...which it is not and/or my password is incorrect. If I go to "forgot my password, it keeps telling me to enter my e-mail address even though I have done that. I tried to sign in using my Facebook account....doesn't let me and tried creating an HP Passport account. Cannot do ANYTHING!

  Hi,
  Thank you for posting,
  You will ge this error message if you have a Snapfish account created on your name.
  Please go to www.hp.com/go/eprintcenter and click on the Sign in Button. In the Sign in Page, please click on the Snap Fish icon and then enter the email address and the password and that will login to the eprint center.
  If you are still unabel to login, please click on Forgot Password on the Snap-Fish popup screen and then you will get an email with a temporary password and a link to reset the password. Once the password is reset, please go back to www.hp.com/go/eprintcenter and click on the Sign in Button. In the Sign in Page, please click on the Snap Fish icon and then enter the email address and the password and that will login to the eprint center.
  Say "Thanks" by clicking the Kudos Star in the post that helped you.
  Please mark the post that solves your problem as "Accepted Solution"
  (Although I am employed by HP, I am speaking for myself and not for HP)

• Cannot Create Blackberry Account?

  I can't set up my Pearl 8110.
  All I get when I get to e mail set up is   "Cannot create and account: An account alreday exists for this Blackeberry device.   It then tells me to call VodUK, who tell me Blackberry is active"
  I've set up through the wizard but when it comes to e mail set up, it won't let me when I enter PIN & IMEI as it says already registered. Phone is brand new unlocked. I';m using a Vodafone SIM and the phone is branded Vodafone.
  How can I resolve this?

  Yes, you need to contact Orange andn ask that the PIN be removed from the old account there.
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• How do you lock a PDF file so that the user cannot create or delete bookmarks?

  How do you lock a PDF file so that the user cannot create or delete bookmarks?
  Thanks!

  There's no way to lock bookmarks specifically, but if you you can apply a
  security policy to prevent editing the PDF in general.

• Cannot creat icloud account

  cannot creat icloud account .i have latest version ios 7

  What happens when you try?  Any error message?

• Active Directory user passwords on mobile account with File Vault

  Hi all,
  I enabled file vault when I moved to my MacBook Pro. I joined the computer to the domain (after enabling file vault), and logged in with my domain account, creating a managed, mobile account so that I could use the computer when not connected to the domain.
  Active Directory has forced a change in my password for the domain account but I cannot get the password on the Mac to change the password and sync with the domain.
  My account (the one with the changed network password) on the Mac is a standard user account. When I open system preferences, go to Security & Preferences, General, click on the lock to unlock and allow change and then click Change Password  ..., I receive the following error message after going through the steps to change the password:
  The password for the account "user" was not changed. There was a problem with your password. It's possible your system administrator doesn't allow you to change your password. Contact your system administrator for help.
  For Old Password, I used the old network password, the one that I use to log into the Mac. For New Password, I used my new, current password.
  The same result happens when I attempt to change the password from the Users & Groups section of the System Preferences.
  I have logged out and logged in with the user account that is identified as the admin and get a similar (same ?) error when attempting to change the password.
  Any suggestions? How do I get the passwords to be one so that I can forget the old password?

  Thanks for your insights.
  The Tech Tool report happened after AppleJack, and never showed up before that. Restarting again just now, it showed up again.
  I had not emptied the trash, but did now, and the 'get info' on my hard drive still shows that I have used nearly all of my 160 GB.
  Re Disk Warrior: I do have it and just ran it. I emptied trash again and checked to see available disk space: I have 2.47 GB, so the problem still exists.
  Here is the disk warrior report for the first part of its tests:
  DiskWarrior has successfully built a new optimized directory for the disk named "Hildegarde." The new directory is
  ready to replace the original directory.
  There is not enough contiguous free space for a fail-safe replacement of the directory. It is highly recommended that
  you create 204 MB of contiguous free space before replacing the original directory.
  All file and folder data was easily located.
  Comparison of the original and replacement directories indicates that there will be changes to the number, the
  contents and/or the attributes of the files and folders. It is recommended that you preview the replacement
  directory and examine the items listed below. All files and folders were compared and a total of 14,627,488
  comparison tests were performed.
  • Errors, if any, in the directory structure such as tree depth, header node, map nodes, node size, node counts, node
  links, indexes and more have been repaired.
  • 1 folder had a directory entry with an incorrect custom icon flag that was repaired.
  Disk Information:
  Files: 552,652
  Folders: 131,014
  Free Space: 2.47 GB
  Format: Mac OS Extended
  Block Size: 4 K
  Disk Sectors: 321,410,736
  Media: HDT722516DLAT80
  Time: 11/28/08 6:54:19 PM
  DiskWarrior Version: 4.1

• How to delete existing user and create the account

  Hi All,
  How to delete the existing user and does not loose the shopping cart link, confirmations for etc and then create back the account for the user?
  Please tell me the steps.
  Thank you.
  Regards,
  Henry

  How to delete the existing user and does not loose the shopping cart link, confirmations for etc and then create back the account for the user?
  I believe you can not delete the user 100% fully since all documents must be closed before.since it had a relation in crmd_partner table. However it has links with business objects..
  Copied from forum threads.. for your reference..
  Note 1148837 - SRM user cannot be deleted
  in consulting note 550071
  Q8. What happens if I delete the user who has created the shopping cart
  A8. If the user is deleted, and the shoping cart exists in the application, then the shooping cart cannot be displayed. If you want to view/ process those shopping carts, then you have to create a dummy user and retrieve the document. In CRMD_PARTNER table, the old user GUID should be replaced with the new user GUID.
  User deleted from SRM, deletion of SC not possible
  if you have a central recipient cancel them with that role or as advised by akash cancel from r/3.
  discussions are welcome..
  regards
  Muthu

• How to accept cards without asking user to create paypal account ?

  On my online store I have two payment methods 1. PayPal balance2. Card Via PayPal If users want to pay with a card . They have to create a paypal account .Is there any way to change that so users wont have to create paypal account to purchase with credit/Debit card on my online store I cannot use stripe and other card processors because I dont own a United States bank accountI am a UAE Citizen So I cannot own a US Account. If there is any way to change how this is . Plz tell me . I mean its not bad that users will create a paypal account and will make it easy for them to pay next time . But some users have complaints about that .  Regards

  Hello MGW,
  Thanks for answering, but I reckon you didn't get my point. I meant that I hope i can change the alias of the original Apple ID ( the alias is disabled ), I don't want to use this new alias of this new Apple ID with the new e-mail, becuz I applied a "new e-mail" for creating this one was only for looking for help in the forum ( I cannot post with my original ID )..
  I know it's easy to create a new alias, a new apple ID, but I mean I would like to use only 1 account (the account of my main e-mail) in apple site. hope you can understand what i mean.
  On the other hand, I have my case number, but I can't find where/who I can ask for changing the alias, any help would be many appericate.. thanks.

• Cannot create an accounting document  for year-end-closure

  Good morning,
  I am dealing with an urgent issue related to the year-end-closing.
  The accounting document cannot be created because the account 9600700000 does not exist in standard chart of accounts.
  The system wants to pick up an account which is used by the chart of accounts of the country CAGR. This is used for the analytical ledger at the end of the month.
  When I compare it with another example which was posted correctly, I see that the account 9600700000 was used in the Special ledger.
  Do you have any idea how to create the accounting document?
  Thank you very much.
  Kind regards,
  Linda

  Issue solved