HFM can not authentificate MSAD users

Similar Messages

• Master Data Services - Can not add new User and MDS can not Identify LOCAL Users

  Team,
  We are using  SQL Server 2008 R2 and system working since long and suddenly we observed mentioned two issues. The server MyServer is already restarted but did not help.  The MDS installed and configured on SAME Machine (MyServer).
    I  have two issues here.
  1. MDM website can not Identify the local Users (MyServer\MyUser).
  The User created on local Machine (MyServer\MyUser). I logged into MDM website using Admin login and click on User and Permission. Then I click on add and Text box appears to type UserName. Here I type "MyServer\MyUser" (MyServer\MyUser is already
  exists and working since long). Then click checkName; I received a message "No exact Match was found for MyServer\MyUser". Where as User from OTHER domain identified in MDM but could not identify ONLY the local users like "MyServer\MyUser".
  2. Can not add new user in Existing working MDM.
  I created windows user on machine (MyServer\MyUser1) and add it in UserGroup having an access to MDM. and then I tried to login to MDM using newly created user (MyServer\MyUser1) ; I see error Access Is Denied. The Permission assigned to UserGroup (not
  to individual user). The new User (MyUser1) should automatically get added in MDM once logged in. This is working for existing users in UserGroup; BUT NOT ONLY for new user (MyUser1).

  Now I Solved this problem in my case.
  I just grant again all permissions according http://msdn.microsoft.com/en-us/library/ff486994.aspx. Now all work fine.
  Hope, it will help 

• Can not make network user accounts

  After upgrading from 10.6.8 Server to 10.8 and installing server tools, I can not make network user accounts.  All of my old network user accounts migrated to the new OS and work properly, I just can not seem to make new accounts under 10.8.
  Under 10.6.8 I would log into Workgroup Manager as diradmin and I could pretty easily make new users.
  Under 10.8.2 I launch the server app and click on "users".  The addition (+) symbol in greed out for making new users.  I can make local users via System Preferences, but I can not see any way to change local users to network users via either System Preferences or the Server app.
  I have logged into the server app using a local administrator account, the diradmin account, and the root account.  None of the accounts allow access to create new network users (addition symbol is greed out).
  Is there a trick to making network users in 10.8 that I am missing?
  (as an aside, I have noticed I can log into Directory Utility as diradmin and can view the node with all my network accounts.  It seems like I might be able to manually create a user account this way, but I'm not quite sure how to make the user record)

  Open Directory service is started and functional for all the pre-existing network user accounts that were made under 10.6.8 and earlier.  I just can not seem to create new netowork user accounts.
  I followed the steps on this page and managed to make a user record that appeared as a network user in the Server app, but I still can not seem to log in under the user I made in this fashion (dscl command via terminal).
  http://www.deadmarshes.com/Blog/20111105010130.html

• Can not edit a User Account

  Hello,
  i have a Problem with the Server APP on my MacMini. I had to renew my Domain Name. Everything works good (DNS, Open Directory). But now i can not edit a User Account, or apply a new User on my Server.
  The Plus / Minus Button is grey, and it is not possible for me to edit something under this service.
  I need Help, Please

  Same problem here on an Intel iMac running Mac OS X 10.4.11 - would like to delete an outdated user account (standard), but would like to keep a safety copy of all files before deleting.
  When using Accounts in System Preferences - and choosing "save contents of user's home folder to folder 'deleted users' " ... all I get is the endlessly spinning wheel along with the spinning beach ball instead of the mouse curser.
  Very annoying...
  Is there any way around the Delete Immediately solution ?

• That did not help me find out needy iPhone will break Icloud account for Iphone his serial number (DN**********TTN) for I am I can not activate buy user please help

  That did not help me find out needy iPhone will break Icloud account for Iphone his serial number (DN******TTN) for I am I can not activate buy user please help
  <Personal Information Edited by Host>

  Your question isn't at all clear. Is this a second-hand phone which has been locked by the previous user?  In that case only the previous owner can unlock it, either by providing you with the account ID and password, or by removing it from his list of devices (as he should have done before selling it) - please see http://support.apple.com/kb/ts4515
  If you unable to contact him to do this then I'm afraid you will not be able to use the device - there is no other way of unlocking it at all.
  You should if possible return it to wherever you bought it and ask for a refund as in this event the device is completely useless.
  You should not post serial numbers or any other personal data here; I've asked the Hosts to remove it.

• OID can not display some users - java.lang.ArrayIndexOutOfBoundsException:0

  We have set up AD to OID synchronization for users and groups using Import connector, and it worked fine. The users in OID can log into applications protected by OAM. But recently I found that some users that could be displayed in OID before can not be displayed now. If I click on the DN in Oracle Directory Manager, a error window pops up. It is a long error message, and the first a few lines are as follows :
  0
  java.lang.ArrayIndexOutOfBoundsException:0
  at oracle.ldap.admin.AttrOptions.<init>(entry.jave:3151)
  at Oracle.ldap.admin.Entry.getProp(entry.java:457)
  I don't see any error message in the integration profile or log files. I am testing things on an account that is having this trouble, and the strange thing is that it can not log into application protected by OAM any more, but it can log into OAM console.
  We use OID 10.1.2.3 on Windows, and OAM 10.1.4.0.1.
  I searched in Metalink but didn't find anything helpful. Any help is appreciated. Thanks for your time.
  Hailie

  Pramod,
  Thank you for your reply. Please see below my answers to your questions:
  -> Do you see any pattern in the users (DN) that are unable to be displayed/login?
  Yes I do see some pattern. There is one change on the problem user's dn - the "\" after the last name is gone.
  Before: cn=smith\, john, cn=users,dc=abc,dc=com
  Now: cn=smith, john, cn=users,dc=abc,dc=com
  However I check in Active directory "\" is presented. In OID if I right click on cn=smith, john and try to delete it, I got a error message "LDAP: error code 34 - Error in DN Normalization". Is that caused by the missing of "\"?
  -> Does ldapsearch on these users (with all attributes) show something (special chars, etc)?
  ldapsearch on cn=cn=smith, john,cn=users,dc=abc,dc=com returns no objects:
  $ldapsearch -L -D "cn=orcladmin" -w "*****" -h host -p 389 -b "cn=smith, john,cn=users,dc=abc,dc=com" -s sub "objectclass=*"
  ldap_search: No such object
  ldap_search: matched: cn=Users, dc=abc,dc=com
  Ldap search on cn=smith\, john,cn=users,dc=abc,dc=com:
  $ldapsearch -L -D "cn=orcladmin" -w "*****" -h host -p 389 -b "cn=smith\, john,cn=users,dc=abc,dc=com" -s sub "objectclass=*"
  dn: cn="smith, john",cn=users,dc=abc,dc=com
  uid: [email protected]
  employeenumber: 916963
  cn: smith, john
  registeredaddress: 512
  krbprincipalname: [email protected]
  orclsamaccountname: ABC.COM$JSmith
  sn: johnsmith
  displayname: John
  orclobjectguid: lJO0N+8H4UW/30yHukSfsw==
  orclobjectsid: AQUAAAAAAAUVAAAAohxTYWIV3XFeP55cYjwAAA==
  orcluserprincipalname: [email protected]
  objectclass: oblixorgperson
  objectclass: inetorgperson
  objectclass: orcluserv2
  objectclass: person
  objectclass: orcladuser
  objectclass: organizationalPerson
  objectclass: top
  obver: 10.1.4.0
  -> Do you see the same behavior when you use any generic LDAP browser (Ex: Apache Directory Studio) instead of ODM?
  I don't have Apache Directory Studio installed yet. I will try that later.
  -> Does the changelog for the particular synch (for the affected users) show something?
  Here is what I found in ActiveChgImp.aud
  (weeks ago)
  97426524 : Success : MODIFY : cn=smith\, john,cn=users,dc=abc,dc=com
  (Recently change - The back slach after smith was gone, and "" showed up)
  97469970 : Success : MODIFY : cn="smith, john",cn=users,dc=abc,dc=com
  -> If login to OAM is possible, can the user modify his/her profile, and does it save the changes? If it does, can you try logging in to apps?
  This user can log into OAM identity system, but when I click on "My profile" under "User manager", I got a error message "You do not have sufficient access rights".
  If I log into identity system as orcladmin, I was able to modify it and save the changes. But in OID the user is still not displayed. Same error message. When I tried to add it as administrator, I could search on it, add it, but when I press "done", it didn't show up on the admin list. The users that can be displayed in OID can be added to admin list without a problem.
  Thanks,
  Hailie

• Can not list all user in Sun Iplant Directory Server5.0

  wls61sp1 sun directory server5.0
  when I config the LDAP v1 Realm,
  can only get the users from one user dn
  such as "o=NetscapeRoot,ou=beagz,cn=group1"
  but if group1 include another group group1-1,
  and a user include in group1-1,such user can not
  be see in the wls admin console.
  how can I see all users or all groups in the
  user dn?

  Hi, Eric:
  What are your LDAP configuration settings? Is the "Group Is Context"
  flag set to false?
  - Jim
  Jim Brown
  Developer Relations Engineer
  BEA Support
  "Eric.Nie" wrote:
  >
  wls61sp1 sun directory server5.0
  when I config the LDAP v1 Realm,
  can only get the users from one user dn
  such as "o=NetscapeRoot,ou=beagz,cn=group1"
  but if group1 include another group group1-1,
  and a user include in group1-1,such user can not
  be see in the wls admin console.
  how can I see all users or all groups in the
  user dn?

• Creative Cloud for Teams. I can not remove a user

  I am helping a friend who has bought Creative Cloud for Teams. I am myself a team admin for a company and that's why she asked me to help out.
  She has only one user on the team right now, her self. She is also the admin.
  Different User and Pass for each.
  Anniversary date is in July 2015.
  Trouble started four weeks ago in the beginning of October.
  The iMac was on System 10.7 but I updated to 10.10 when trying to solve the matter.
  I cleaned everything Adobe, using Adobe Cleaner and manually inside out, preferences, Libraries, Applications, Utilities…
  Installed again the Creative Cloud and started with Photoshop to try out once again.
  When she is logged into the Admin Console / Manage Team it shows very clearly that the User is Active.
  When she tries to open any CC application there is a message saying that the account has expired.
  When trying to remove the User, it is not possible and there is a yellow sticker saying: "We're sorry. Something seems to be wrong on our end. Please try again later. If this continues to fail, please contact customer support."
  The User can not use any of the CC applications and the only option now is to run a 30 days trial on the admins Adobe ID while we try solve this matter.
  Is anything of this familiar to anyone? Any suggestions?

  Oh, sorry…
  The problem was partly that the owner of the license should have assigned the first (and only) seat to the admin, herself, the buyer,
  Instead she assigned it to herself under another Adobe ID. She says she was told to do it this way but reading the instructions from Adobe says you should start by assigning the first seat to yourself/the admin.
  But that should not have caused such dramatic problems where she was not able to delete the user and correct it. Also the license for the assigned user expired – strangely after 5 months of use. There was something that happened at Adobe that made this stick and the problem had to be solved by them.
  In the meantime I made the admin a trial for 30 days and the problem was solved within that time and everything is fine now.
  Lesson learned: If one is buying a Team version, one should always assign the first seat to the admin – as the instructions says.

• Can not log on user@domain

  I can not log on the JES identity server 6.1 with user@domain.
  How do i setting the identity server to support user@domain ?
  Thanks

  Configure LDAP attribute name which contains this value in the list of aliases for core and authentication modules.

• Visual Adminstrator: can not create new users

  Hi,
  I've got a problem with my "Sneak Preview SAP NetWeaver 04 - Full Java Edition with Web AS Java 6.40, MaxDB, and Developer Studio" (NW04 SP15) installation. Whenever I start the visual administrator I can not create a new user. All buttons excepting the Refresh Button are disabled.
  If I use the web (http://..../useradmin) I can create new users.
  Now I want to change Security Policies in the Visual Administrator. But the problem is the same.
  Does anyone know any solution?
  Best Regards,
  tobi

  Hi Tobias,
  In VA => Security Provider there is a change button ("pencil") in the top of the right frame. You should enable other buttons by clicking this one.
  Regards,
  Mike

• Can not add Domain User to Local Admin Group Win8.1

  Hello, 
  I am trying to add a domain user to the local admin account on a Win8.1 Enterprise computer. When I click the check name button it asks me to enter network credentials even though I am signed in to the computer with a domain admin account. When I try to
  type in any of my domain admin accounts it says "The Username or Password is incorrect". Even though I used that same account to login with. I can successfully ping all 3 of my DCs from the computer and have tried putting my second DC as the primary
  DNS and my third DC as the primary DC and same problem. I have checked for Active Directory errors on the DC and everything says it is running fine on the DC in server manager. I have this problem on multiple computers. Some of the computers it will work on
  but 90% of them it won't allow me to add the local user to the local admin group. 
  DCs are running Win Server 2008 R2 Enterprise. 
  Any help would be greatly appreciated. 
  Thank You

  I would suggest you to use Restricted Group(via GPO) to add domain users/group to a local admins group 
  1)Create a new group in Active Driectory
  Create a new group in Active Driectory that you wish to add to every workstations local administrator group. DO NOT add any users to this group at this time.
  2.
  Create a new GPO
  Create a new group policy object and link it to the desired OU. Make sure that the GPO you are using covers the OU that the WORKSTATIONS you are wanting to give users local administrative rights over.
  3.
  Edit the newly created GPO
  Navigate within the newly created GPO to Computer Configuration -> Policies -> Windows Settings -> Security Settings --> Restricted Groups
  4.
  Add your new Active Directory group to the Restricted Group
  Right-click the Restricted Groups folder and select "Add Group" to add your new Active Directory group to the Restricted Group. In the Group field, type the name of the newly created Active Directory group and click "OK"
  5.
  Add the Restricted Group to the local administrator group
  In the Restricted Group Properties windows click "Add" under the section titled "This group is a member of:" Type "Administrators" (without the quotes and yes it is plural), in the Group Membership window and click "OK"
  6.
  Wait for GPO updates to apply to the workstations
  Once your users receive their updated group policy settings every workstation within the OU you specified will have your new Active Directory group as a member of the local administrators group. If you need to force the GPO update on a specific workstation,
  run "gpupdate /force" in a command window on that workstation.
  7.
  Add a user or group of users to the Active Directory Restricted Group
  When you are ready, or in a position where you need to provide local workstation admin rights you can simply add the users or group of users to the Active Directory group that you created for use with Restricted Groups within your Active Directory Management
  Console.

• ZCM can not connect to user source - LDAP to eDir

  Hello all,
  We had some issues with our ZCM 10.3.1.0 server this AM. It looks like it was caused by no space on our /var/opt partition.
  I had logged in and manually deleted a large old image file. I then restarted the ZCM server. Everything powers on and works as it should except, my user source can not be contacted.
  When I try to login with one of my Admin users, we get the following error:
  "An error occurred while connecting to the user source. Please make sure the user source is accessible and try again."
  If I login as the Administrator of the Zone, I can see that the connection source is not connecting - unable to read contexts. The weird part is that I can connect through LDAP from other tools to the same source on port 636 - JXplorer works just fine.
  We are running ZCM on the same server as its database and I can use the LDAP browser built in to SLES 11 x64 and the same LDAP credentials work just fine.
  What else can I be looking at?
  I am really new to Linux so any help is appreciated.
  Steve D.

  Originally Posted by sjdimare
  Hello all,
  We had some issues with our ZCM 10.3.1.0 server this AM. It looks like it was caused by no space on our /var/opt partition.
  I had logged in and manually deleted a large old image file. I then restarted the ZCM server. Everything powers on and works as it should except, my user source can not be contacted.
  When I try to login with one of my Admin users, we get the following error:
  "An error occurred while connecting to the user source. Please make sure the user source is accessible and try again."
  If I login as the Administrator of the Zone, I can see that the connection source is not connecting - unable to read contexts. The weird part is that I can connect through LDAP from other tools to the same source on port 636 - JXplorer works just fine.
  We are running ZCM on the same server as its database and I can use the LDAP browser built in to SLES 11 x64 and the same LDAP credentials work just fine.
  What else can I be looking at?
  I am really new to Linux so any help is appreciated.
  Steve D.
  Try removing the user source connection in ZCC and re add it.
  Thomas

• Error in installing BAM, can not create orabam user

  Hi all,
  I tried install Oracle BAM and always getting the same problem. Error at creating orabam user.
  Any idea?
  Afonso

  hi all
  having same problem
  i can cannot create orabam user
  my oracle home is set
  i have also set my path ahead of oracle home
  C:\OracleBAM\ClientForBAM\bin in environmental variable..
  i can login into my database as sysdba also
  but when screen goes to create ORABAM USER it gives me the error cannot create the user
  kindly help pls
  CHeers

• I'm trying to log into a public network and while the fan blade shows I have a connection I can not get the user agreement to load in Safari. This was working until yesterday, what changed?

  I've reset my network settings. I've cleared cache and cookies in the browser. Before yesterday the login screen would appear anytime I attempted to use an app or program that required internet access. Pretty much every program. Now I have a brick tablet at work. I've reset everything I can find. I'm at a dead end. 
  I've seen other ipads that had the auto login togle and auto join togle under network selection, my ipad does not have those options. Logging in at home is working fine on my private network. This public network is not being reset or forgotten when I choose "forget network" or Safari is blocking the login page and I don't know how to un block it.

  Well, when I join a public wifi, a log in page displays a few seconds later, displaying the user agreement. But, earlier today, I was trying to connect my friend's 3GS to a public wifi, and it did not show up. So. I don't really know what happen. I think you should toggle the auto Join to on.

• Can not receive messages - user mailbox locked

  Suddenly my incoming messages stopped coming and a dialogue box appeard, saying: "The sending of password failed. The e-mail server (pop3) answered user mailbox locked."
  I've been in contact with my internet service provider and they found nothing wrong from their side. I can access my mail on the webmail and I can send email from my account.
  I've checked the way the server and the account is configured and everything seems to be ok and according to manuals from both the ISP and Thunderbird. How can I get may incoming mail working again? Hoping for help!

  Yes I asked. That was the first thing I did. And there's nothing wrong on the provider's side. They didn't lock the account and found it very unusual. They didn't know much about Thunderbird, however...
  But I got hands-on-help from my son yesterday and that might have (almost) solved it. Seems that Thunderbird can't have both IMAP and POP3 accounts running and there might have been something in this that disturbed the flow. He made a new inbox and things started to work again. But it's still not working 100 %.