Hyper-V 2012 R2 roles, access denied, failed to connect to service, AzMan....

Similar Messages

• Access Denied - Failed to Open Document

  I've done a few hours of searching for a solution to my problem with no specific answer helping me.
  I recently upgraded 63 various reports from Crystal Reports version 8.5 to Crystal Reports 2011 (using a Windows 7 box). I realigned all of the report fields, and ensured all the variables within the report worked as they did before. Basically all 63 worked like old. I deployed these reports to a Windows 2012 R2 server which has Crystal Reports 2011 installed (as well as Crystal Report Runtime for .Net Framework) and 4 out of 63 no longer work. When I try to open them with Crystal Reports 2011 it gives me an error 'Access Denied [line break] Failed to Open Document' In the Event Viewer for Windows it gives me the following details as to what happened.
  Problem signature:
    Problem Event Name:                        APPCRASH
    Application Name:                             crw32.exe
    Application Version:                           14.0.4.738
    Application Timestamp:                     4fd6ccca
    Fault Module Name:                          crw32.exe
    Fault Module Version:                        14.0.4.738
    Fault Module Timestamp:                  4fd6ccca
    Exception Code:                                  c0000005
    Exception Offset:                                000cf0e5
    OS Version:                                          6.1.7601.2.1.0.272.7
    Locale ID:                                             1033
    Additional Information 1:                  0a9e
    Additional Information 2:                  0a9e372d3b4ad19135b953a78882e789
    Additional Information 3:                  0a9e
    Additional Information 4:                  0a9e372d3b4ad19135b953a78882e789
  Here are the things I've done to try and troubleshoot/resolve it:
  Re-upgrade the original CR 8.5 Report to 2011 and migrate it to server. (Didn't work)
  Migrate the original CR 8.5 Report to Windows 2012 Server and try to upgrade it there (Same error on 8.5 report)
  Repair/Reinstall Crystal Reports 2011 on Windows 2012 Server via Windows Control Panel->Uninstall Program tool (Didn't Work)
  Repair/Reinstall Crystal Reports Runtime for .Net Framework on Windows 2012 Server via Windows Control Panel->Uninstall Program tool (Didn't Work)
  Add three System Environment Variables to enable Crystal Reports Error Logging through CRLogger.dll (LOGGING_DIR = C:\CRLOGGING; LOGGING_ENABLED_ASSERT = 1; LOGGING_ENABLED_RUNTIME = 30)
  Now..the error logging gives me error numbers, and which line of which .cpp file is encountering a problem, but that really doesn't help me because I don't have access to Crystal Reports Source Code. (Pasted below for those who are really curious).
  I've seen Ludek or other SAP staff shut down discussions with some line about 'Report Development is not a ...' but I feel that this isn't related to how the report was developed and instead something in the application not jiving well with something else.
  Any help or suggestions would be incredibly well received and appreciated.
  Time Stamp
  Thread ID
  File Name
  Line Number
  Logged Data
  Level
  2015-4-24-12-48-43
  3820
  ..\cserrinf.cpp
  523
  Error 31831 (..\..\src\data\preQEFileIO.cpp, 3578)
  1
  2015-4-24-12-48-43
  3820
  ..\cserrinf.cpp
  523
  Error 31831 (..\..\src\data\preQEFileIO.cpp, 3847)
  1

  Hi Thomas,
  Statistically speaking, 4 out of 63 reports isn't bad for a migration.  So something in these 4 reports is different from the others.  I've had this happen if there are images or an object inserted into the report and the update doesn't know how to handle that object. 
  The best way to try and find the problem is by process of elimination.  Open the reports again in 8.5 and remove a couple of things at a time.  Save it then open in 2011 and see if it fails or not.  Continue doing that until the report actually opens.  The problem could be anything from a formula or printer settings to attachments. 
  Good luck,
  Brian

• Sharepoint 2013 adding ECT fails with "Access Denied by Business Connectivity Service"

  Using SharePoint Designer 2013 I am attempting to setup an External Content Type to a SQL DB. I have setup the SQL database with a valid login that was also used to setup an account with the Secure Store Service. I am running SharePoint 2013 designer and
  have opened my site with administrative credentials. No matter what, I continue to get the "access denied" message when I try to add this SQL database to my ECT section in SPD. All users have access to invoke the BCS app.
  I have deleted and recreated the BCS service application and it is running with farm credentials and temporarily I added the farm account to the local admin account....and again verified that all users have rights to run BCS...
  In all other aspects my SharePoint sites are working, I can modify and add via SPD and publish...etc...but I cannot add a connection to an external SQL server. I have also verified through Excel that I can connect to my SQL DB with the same credentials that
  I am trying in SharePoint and everything works.
  Most of the posts I see in this area relate to permissions or access problems AFTER the ECT connection is created. My problem is I can't even get a connection created.

  Here are the error logs that are generated when I try to connect....maybe this will help someone tell me where to correct the issue.....(I removed the actual domain names) but my account was listed which is an admin on the sharepoint system and domain.
  06/25/2013 16:48:00.24 w3wp.exe (0x1908) 0x0EE4 Business Connectivity Services Business Data 9f4c Unexpected 'Business Data Connectivity Service' BdcServiceApplication logging server side AccessDeniedException before marshalling
  and rethrowing on client side: Access Denied for User '0#.w|"domain\my account', which may be an impersonation by 'Domain\"sharepoint admin account"'. Securable IMetadataCatalog with Name 'ApplicationRegistry' denied access. Stack Trace:   
  at Microsoft.SharePoint.BusinessData.SharedService.ModelAccessor.Create(MetadataObjectStruct rawValues, MetadataObjectStruct applicationRegistryStruct, DbSessionWrapper dbSessionWrapper)     at Microsoft.SharePoint.BusinessData.SharedService.BdcServiceApplication.Execute[T](String
  operationName, UInt32 maxRunningTime, ExecuteDelegate`1 operation) 97fe289c-5245-e040-0f76-59614537398e
  06/25/2013 16:48:00.24 w3wp.exe (0x1908) 0x0EE4 Business Connectivity Services Business Data g0kc High Access Denied for User '0#.w|domain\my user account', which may be an impersonation by 'Domain\"sharepoint admin account"'.
  Securable IMetadataCatalog with Name 'ApplicationRegistry' has ACL that contains: 97fe289c-5245-e040-0f76-59614537398e

• Hyper-V Remote Admin on a Domain - Failed to connect to root\cimv2

  I'm trying to configure our Hyper-V server so that a user on our domain has administrative control.  Our Hyper-V server is on the domain running 2008 R2 (named SERVER85 below), and the client is on Win 7 Ent x64 (named DEV03 below, username accuraty\jkessel).
  In the output below you can see that it appears we might have a problem with this user's access to the WMI path root\CIMv2, but if I pull up the advanced security settings for that node in WMI, I see:
  Name: Justin Kessel ([email protected])
  Apply to: This namespace and subnamespaces
  Permissions allowed: "Enable Account" and "Remote Enable" (no others, no denies).
  IMHO, the server, the desktop, and user are all fairly "vanilla" with nothing unusual going on.  Maybe one thing worth noting: our Small Business Server 2008 (i.e. domain controller) is running as a VPS on SERVER85, so SERVER85 never boots with the
  domain controller on.  This hasn't ever caused problems except that the machine always thinks it's firewall should be in the "work" configuration instead of the "domain" configuration.  I tested running the HVRemote script while the SERVER85 firewall
  was turned off, and I get exactly the same results below.
  One more note: this user currently can logon through RDP to SERVER85 and administer Hyper-V just fine.  This user is *not* a domain admin or an admin on that server - I've simply provided him with the right permissions to be able to RDP and admin Hyper-V
  only.
  We used HVRemote and it output this info when run on the client:
  Microsoft (R) Windows Script Host Version 5.8
  Copyright (C) Microsoft Corporation. All rights reserved.
  Hyper-V Remote Management Configuration & Checkup Utility
  John Howard, Hyper-V Team, Microsoft Corporation.
  http://blogs.technet.com/jhoward
  Version 0.7 7th August 2009
  INFO: Computername is DEV03
  INFO: Computer is in domain accuraty.local
  INFO: Current user is ACCURATY\JKessel
  INFO: Assuming /mode:client as the Hyper-V role is not installed
  INFO: Build 7600.16617.amd64fre.win7_gdr.100618-1621
  INFO: Detected Windows 7/Windows Server 2008 R2 OS
  INFO: Remote Server Administration Tools are installed
  INFO: Hyper-V Tools Windows feature is enabled
  DACL for COM Security Access Permissions
  \Everyone    (S-1-1-0)
       Allow: LocalLaunch RemoteLaunch (7)
  NT AUTHORITY\ANONYMOUS LOGON    (S-1-5-7)
       Allow: LocalLaunch (3)
  BUILTIN\Distributed COM Users    (S-1-5-32-562)
       Allow: LocalLaunch RemoteLaunch (7)
  BUILTIN\Performance Log Users    (S-1-5-32-559)
       Allow: LocalLaunch RemoteLaunch (7)
  ANONYMOUS LOGON Machine DCOM Access
  ANONYMOUS LOGON does not have remote access
    This setting should only be enabled if required as security on this
    machine will be lowered. This computer is in a domain. It is not
    required if the server(s) being managed are in the same or trusted
    domains.
    Use hvremote /mode:client /anondcom:enable to turn on
  Firewall Settings for Hyper-V Management Clients
  Domain Firewall Profile is active
     Enabled:  Hyper-V Management Clients - WMI (Async-In)
     Enabled:  Hyper-V Management Clients - WMI (TCP-Out)
     Enabled:  Hyper-V Management Clients - WMI (TCP-In)
     Enabled:  Hyper-V Management Clients - WMI (DCOM-In)
  Windows Firewall exception rule(s) for mmc.exe
  Domain Firewall Profile is active
     Enabled:  Microsoft Management Console (UDP)
     Enabled:  Microsoft Management Console (TCP)
  Additional configuration may be necessary
    This computer is in a domain. If the target server is in a workgroup,
    you may need to set credentials for the server for Hyper-V Remote
    Management to operate correctly. This step should not be necssary if
    the target server is in the same or trusted domain as this computer.
    If necessary, from a *NON* elevated command prompt, enter:
       cmdkey /add:ServerComputerName /user:ServerComputerName\UserName /pass
    Note that you MUST enter ServerComputerName to BOTH parameters.
    You will be prompted for a password after entering the command.
  IP Configuration
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : DEV03
     Primary Dns Suffix  . . . . . . . : accuraty.local
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : accuraty.local
  Ethernet adapter Local Area Connection:
     Connection-specific DNS Suffix  . : accuraty.local
     Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection
     Physical Address. . . . . . . . . : 00-19-D1-05-57-01
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     Link-local IPv6 Address . . . . . : fe80::4406:b48c:dea3:de50%11(Preferred)
     IPv4 Address. . . . . . . . . . . : 172.16.48.185(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Wednesday, November 10, 2010 3:19:23 AM
     Lease Expires . . . . . . . . . . : Monday, December 20, 2010 9:39:25 AM
     Default Gateway . . . . . . . . . : 172.16.48.1
     DHCP Server . . . . . . . . . . . : 172.16.48.210
     DHCPv6 IAID . . . . . . . . . . . : 234887633
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-62-35-81-00-19-D1-05-57-01
     DNS Servers . . . . . . . . . . . : 172.16.48.210
  66.209.192.5
  8.8.8.8
                                         66.209.192.15
  8.8.4.4
  4.2.2.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.accuraty.local:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Tunnel adapter Teredo Tunneling Pseudo-Interface:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  Stored Credentials
  Currently stored credentials:
      Target: WindowsLive:[email protected]
      Type: Generic
      User:
  [email protected]
      Local machine persistence
      Target: LegacyGeneric:target=WindowsLive:(token):[email protected];serviceuri=contacts.msn.com
      Type: Generic
      User:
  [email protected]
      Local machine persistence
      Target: Domain:target=TERMSRV/server85
      Type: Domain Password
      User: ACCURATY\jkessel
      Local machine persistence
      Target: WindowsLive:target=virtualapp/didlogical
      Type: Generic
      User: 02mybhosqazs
      Local machine persistence
  Testing connectivity to server:server85
  1: - nslookup for DNS verification.
       Note that failure is OK if you don't have a DNS infrastructure
  ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
  Server:  sbs01.accuraty.local
  Address:  172.16.48.210
  Name:    server85.accuraty.local
  Address:  172.16.48.201
  ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
  2: - ping attempt (ping -4 -n -1 server85)
       Note the ping may timeout - that is OK. However, if you get an
       error that server85 could not be found, you need to fix DNS
       or add an entry to the hosts file. Test 3 will fail and provide more
       guidance.
       This may take a second or two...
  ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
  Pinging server85.accuraty.local [172.16.48.201] with 32 bytes of data:
  Reply from 172.16.48.201: bytes=32 time<1ms TTL=128
  Ping statistics for 172.16.48.201:
      Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
  Approximate round trip times in milli-seconds:
      Minimum = 0ms, Maximum = 0ms, Average = 0ms
  ~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
  3: - Connect to root\cimv2 WMI namespace
  ***** Failed to connect to root\cimv2
  ***** Error:     -2147024891 Access is denied.
  ***** Namespace: root\cimv2
       FAIL - Was unable to connect. Diagnosis steps:
       - Have you run hvremote /add:user or hvremote /add:domain\user
         on server85 to grant access?
       - Are you sure the server name 'server85' is correct?
       - Did you use cmdkey if needed? More information higher up.
       - Did you restart server85 after running hvremote /add for
         the very first time? (Subsequent adds, no restart needed.)
       - Is DNS operating correctly and was server85 found?
         Look at the output of tests 1 and 2 above to verify that the
         IPv4 address matches the output of 'ipconfig /all' when run on
         server85. If you do not have a DNS infrastructure,
         edit \windows\system32\drivers\etc on DEV03
         to add an entry for server85.
  INFO: Are running the latest version
  3 warning(s) or error(s) were found in the configuration. Review the
  detailed output above to determine whether you need to take further action.
  Summary is below.
  1: Anonymous Logon does not have remote access (may be ok)
  2: You *may* need to set credentials for access to the server
  3: Cannot connect to root\cimv2 on server85
  I'd greatly appreciate some help!
  Thanks!

  Hi,
  It seems that you were using Hyper-V Remote Management Configuration Utility from the link
  http://code.msdn.microsoft.com/HVRemote, if so, you can refer to the following link.
  Configure Hyper-V Remote Management in seconds
  http://blogs.technet.com/jhoward/archive/2008/11/14/configure-hyper-v-remote-management-in-seconds.aspx
  By the way, if you want to perform the further research about Hyper-V Remote Management Configuration Utility, it is recommend that you to get further
  support in the corresponding community so that you can get the most qualified pool of respondents. Thanks for your understanding.
  For your convenience, I have list the related link as followed.
  Discussions for Hyper-V Remote Management Configuration Utility
  http://code.msdn.microsoft.com/HVRemote/Thread/List.aspx
  Best Regards,
  Vincent Hu

• Access denied Error while calling Web Service form Infopath Form 2010.

  Hi Dear All,
  I have been facing an error while calling an GetUserProfileByName() web service method from InfoPath 2010 from.
  i have FBA(Forms Base Authentication )configured . After Infopath form published to site collection when i select an user from people picker control i want to get Email Id of Selected user for that i am calling getUserProfileByName() Web Method, but 
  i am getting Access denied error code 500.
  Any Help would be more than welcome.
  Thanks.

  Hi,
  Greetings. Please check 
  Check the IE settings. Click Internet Options> Security>Custom level. Make sure that the ‘Access data source across domains’ is enabled. Make sure that you have permission to the web service and to the content which the web service tries to modify.
  For more information, please refer to this site:
  "Access is denied." error in Infopath 2007 form + ASMX: http://us.generation-nt.com/answer/access-denied-error-infopath-2007-form-plus-asmx-help-65808252.html
  Please remember to click 'Mark as Answer' on the answer if it helps you

• Access Manager Failed to Connect to Directory Server

  Dear All,
  I have problem with Directory Server connection in Access Manager. This happened in Production site, all application that integrated with Oracle Access Manager (OAM) for Single Sign On are not accessible after the Directory Server connection problem occur in OAM. The problem has only started occurring suddenly, before it the all service including the OAM and Directory Server is running well. Below are the error messages that appear in WebGate log file (ohs1.log) and OAM log file (oblog.log) :
  >> OHS/WebGate (ohs1.log) :
  [2014-01-21T09:25:12.0053+07:00] https://community.oracle.com/OHS https://community.oracle.com/OHS-9999 https://community.oracle.com/apache2entry_web_gate.cpp host_id: &lt;WEBGATE_HOSTNAME&gt; [host_addr:10.10.254.178] [ecid: 004w76rlRYt0NuapxKL6iW0000sE001oGY] The host and port from the requested URL could not be found in the Policy database. Check if the corresponding directory service is up.
  >> OAM (Oblog.log):
  2014/01/15@03:12:23.833746      [30573 30606 | tel:30573%20%20%2030606]   DB_RUNTIME      ERROR  0x000008C1      ../ldap_connection_mngr.cpp:443 "Failed to connect to directory server" lpszHost&lt;LDAP_HOSTNAME_VIA_LOADBALANCER&gt; port&lt;LDAP_PORT_VIA_LOAD_BALANCER&gt;
  The OAM using the Load Balancer between the LDAP Directory Server to OAM's component. When the error appears, there are no problem with the Load Balancer and all of Directory Sever services is up. There are two Directory Server servers in Multi Master Replication and 14 WebGate servers that integrated with OAM. Is there a limitation number of WebGate for integrated to the OAM?
  I have tried to set some parameters in OAM configuration to solve this problem. I set the Maximum Connection of Directory Server parameter to 10 value (in OAM Console), the LDAPOperationTimeout paramater to 1 hour value and the LDAPMaxNoOfRetries parameter to 2 value (in the globalparams.xml). After set these parameters, the error is not appear in some days, but suddenly appear again in the same error message. May be set these parameters is not appropriate solution for the problem or the value that I set is not correct. Any experience with this?
  I still don't know what the root cause of this problem. Restart all of OAM services (including the WebGate) is temporary solution when the error appear.
  Any idea for this problem?
  Thanks in advice.

  Hi Jun-Y,
  Thank you for your answer.
  What do you means with the Directory Server's idle timeout is the "Idle Timeout" parameter in LDAP Client Control Settings?
  I use Oracle Directory Server Enterprise 11.1.1.5.0. Now, the Directory Server's idle timeout parameter is "unlimited" value.
  If the idle timeout of the load balancer set 1 hour, it means that I must change the directory server's idle timeout to be less than 1 hour. Isn't right?

• Direct Access Troubleshooting: Failed to connect to domain sysvol share

  Hi, I've been setting up DirectAccess on windows server 2012 r2, using the single interface setup and have successfully connected to the intranet passing all important troubleshooting tests. 
  Now when troubleshooting the internet connection I am facing the following error:
  Failed to connect to domain sysvol share
  Here is the stack trace:
  7/11/2014 12:46:18μμ[P:1340T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: Added ChildNode CertTestsNodeChild3.
  7/11/2014 12:46:18μμ[P:1340T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: RootNode CertTestsNode found at index 4.
  7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: TheRootNode CertTestsNode has already 4 ChildNodes.
  7/11/2014 12:46:18μμ[P:1340 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.InfraTunnelChecker] Info: Enter CheckSysvolShare - check the availability of the domain sysvol share.
  7/11/2014 12:46:18μμ[P:1340 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.InfraTunnelChecker] Info: Trying to enumerate \\premiernic.com\sysvol\premiernic.com\Policies.
  7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: AddedChildNode CertTestsNodeChild4.
  7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: RootNode CertTestsNode found at index 4.
  7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: The RootNode CertTestsNode has already 5 ChildNodes.
  7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: AddedChildNode CertTestsNodeChild5.
  7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: About to add a new RootNode to the TreeView object.
  7/11/2014 12:46:18μμ[P:1340 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.InfraTunnelChecker] ERROR: AnException occurred while connecting to the domain sysvol share. Message: The network path was not found.
  7/11/2014 12:46:18μμ[P:1340 T:1] [MicrosoftServices.WS2012DA.ClientTroubleshooter.TreeViewHandler] Info: Added new RootNode: InfraTunnelTestsNode. The list has now 6 nodes.
  7/11/2014 12:46:18μμ[P:1340 T:6] [MicrosoftServices.WS2012DA.ClientTroubleshooter.MainForm] Info: Finished running IPsec Infrastructure Tunnel tests.​
  To troubleshoot I run:
   "netsh dns show state"
  - machine location correctly shows as outside corporate network
   "netsh namespace show effectivepolicy"
  - neither entries show Certification Authority.
  - .premiernic.com lists ipv6 addresses for DNS servers, cy-da-01.premiernic.com does not
  - proxy settings are correct
  - in both cases IPSec is disabled
  "ipconfig /all"
  - Shows Teredo Tunneling used as ipv6 transition technology
  "nltest /dsget:
  - getting dc name failed, no such domain
  Anyone got any ideas what may be going wrong?

  Hi Steven, thanks for your answer. 
  When connected to the internet, i can ping the IPV6 DNS server addresses. When I try nslookup <aninternalFQDN> <IPV6DNS> i get a time-out. Same applies when testing the same commands from DirectAccess server. 
  Note that now, when looking at operation status, I see DNS as not operational and not responding to requests.
  Finally, I check my server security logs for IPSec and find the following error (code 4653).
  IPSec Main Negotiation failed
  Failure location: Local computer
  Failure reason: No Policy Configured
  Verifying the infrastructure tunnel
  Following the guide provided in the link, i first check whether the client can successfully create the tunnel. As expected I am able to see all the expected client policies in connection security rules(pt.3).
  However, when I look at Monitoring \ Connection Security (pt.4) i don't see DirectAccess Policy-ClientToDnsDc (but
  I do see directaccess policy-ClientToDNS64NAT64PrefixExemption).
  I then run netsh
  advfirewall monitor show currentprofile where I only see my public profile with my ISP settings, which to my understanding is correct.
  When I run netsh advfirewall monitor show mmsa main mode shows computer cert and user ntlm for auth. 
  When I run netsh advfirewall monitor show qmsa  quick mode shows remote address as expected.
  When I run nltest /dsgetdc: /force on client machine i get "getting dc name failed", however from my directaccess server to dc command completes successfully.
  Verifying the intranet tunnel
  When running net view \\IntranetFileServer I
  see an offline share (would be online if accessible). Web interface wont load for the same system.
  When running netsh advfirewall monitor show mmsa and qmsa everything is as expected.
  Conclusions
  Couldn't find anything in either server firewall rules or gateway that would be blocking dns.
  I think the culprit is the following:
  IPSec negotiation failed - no policy found (on server)
  Missing DirectAccess Policy - ClientToDnsDc
  I've done a couple of gpupdates on both client and server, and double checked gpresult. Nothing seems out of order, except no refernce to to clienttodnsdc. Still nothing.
  Anybody?

• Hyper-V 2012 R2 Gen 2 VM failed to boot from SCSI DVD drive using ISO image file

  Hello:
  I'm having a problem trying to install Windows 8.1 Professional on a new Gen 2 VM. I created a new Gen 2 VM using Hyper-V Manager running on Windows Server 2012 R2 and then told it to boot off DVD drive which pionts to the ISO file that I copied to the E:
  drive.  The ISO file mounted in the virtual DVD drive is the Windows 8.1 Professional x64 VL ISO that I downloaded off of TechNet. When I start up the VM to install the OS, I receive this error:
  "Synthetic SCSI Controller (Instance ID 7512B228-F7BC-4DD8-B4F4-72A5B042C2E9): Failed to Power on with Error 'The file or directory is corrupted and unreadable.' (0x80070570). (Virtual machine ID 4195A398-3531-4A34-8588-D1FC3F3DD2D4)"
  Basically the SCSI controller can't read the ISO file. However, the IDE controller on a Gen1 VM can read and boot from the ISO just fine. Has anyone else run into this problem? Is there a way to resolve this issue and allow me to boot the ISO from a SCSI
  controller?
  Or is there a bug with the Hyper-V SCSI controller that makes it unable to boot from ISOs properly?
  -JP

  Hi JP,
  In addition , please try  :
  1. copy the ISO to an not shared local folder or drive
  2. uncheck the   "enable secure boot" in VM settings .
  If the issue still persists , maybe you can try to down load a new ISO file then try to boot again .
  Hope it helps
  Best Regards
  Elton Ji 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Hyper-V 2012 R2 - Problem accessing shared VHDX file

  We're in the process of building a greenfield environment based upon a Windows 2012 R2 Hyper-V virtual infrastructure. A 12 node failover cluster (AD integrated) was build, for now 2 CSV volumes are created. We are now working on a virtual SQL 2012 Failover
  Cluster on top of the Hyper-V cluster. First we created a (Gen 2) VM with Windows 2012 R2 installed on it, then we (offline) added a new VHDX file (on the same CSV volume) and in the advanced features, we select 'Enable virtual hard disk sharing'. We boot
  the VM, disk manager sees a new disk, trying to initialize the disk and an error states 'The request could not be performed because of an I/O device error.'
  If we disable the advanced sharing option, the disk is accessible, can be initialized and a volume can be created. Enable the feature again and we are in the same phase as where we need to (again) initialize the disk which is not possible. We have the same
  problem with a Gen 1 VM.
  The CSV volumes reside on a Dell Equallogic storage and are connected via iSCSI, beta of Dell Hit Kitt is installed on the Dell Blade servers (Hyper-V nodes). The CSV volumes have a 4K blocksize, could this be an issue?

  Hi ,
  Many thanks for your sharing .
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Access denied error on connecting to office365

  I'm trying to connect to Office365 with Powershell.
  $username = "[email protected]"
  $password = "password"
  $secure_password = $password | ConvertTo-SecureString -AsPlainText -Force
  $credencial = New-Object System.Management.Automation.PSCredential ($username, $secure_password)
  $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "https://ps.outlook.com/powershell/" -Credential $credencial -Authentication Basic -AllowRedirection -ErrorAction Stop -WarningAction SilentlyContinue
  Import-PSSession $session -AllowClobber | Out-Null
  Problem is that on Powershell console on local PC and on server it works fine without any errors, but when I'm trying to run this with PHP:
  <?php
  $command = 'powershell -File "'.dirname(__DIR__).'\\ps\\test.ps1"';
  exec($command, $output);
  print_r($output);
  ?>
  I'm getting error, that "Access is denied":
  Array
  [0] => New-PSSession : [pod51047psh.outlook.com] Connecting to remote server pod51047p
  [1] => sh.outlook.com failed with the following error message : Access is denied. For
  [2] => more information, see the about_Remote_Troubleshooting Help topic.
  [3] => At C:\inetpub\Distribution list\ps\test.ps1:6 char:12
  [4] => + $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
  [5] => "h ...
  [6] => + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  [7] => ~~~
  [8] => + CategoryInfo : OpenError: (System.Manageme....RemoteRunspace:Re
  [9] => moteRunspace) [New-PSSession], PSRemotingTransportException
  [10] => + FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed
  Any suggestions what I'm doing wrong? Are there other ways to run this Powershell script with PHP?

  Hello Ludek,
  I had to take ownership and then change persmissions to full. The problem did not go away however. As I noticed that the register key mentioned did not contain any subkeys I tried to remove it. This again failed because of persmission denied error. Funnily some subkeys suddenly showed up. I took ownership, changed permissions and tried again. Lo and behold the subkeys I tried to delete (and in which no subkeys were visible) suddenly showed more subkeys. At this point I stopped fearing that I was damaging the client's computer. The subkeys were related to the RAS server. Does that say anyting to you?
  André

• SOLVED: powershell script working on its own, access denied when called from a service

  Hi powershell experts,
  I'm using a powershell script, called by a service with serviceaccount PWSService, which gives an exception denied. This powershell script sets up a remote powershell connection(with a specific account), and runs some powershell scripts remotely on
  that server. 
  When I launch the powershell script manually, by opening the powershell console myself(with "run as" PWSService), the remote session starts and I'm able to succesfully run commands through it.
  The PWSService is local admin on the server.
  Is there any diffrence in behaviour when powershell scripts are started by a service or started as a "user"? Can someone shed a light on this?
  Thanks in advance,
  Robin
  MCTS, MCPD

  hi mjolinor,
  We use the following class for the service(Microsoft
  live@edu connector):
  http://msdn.microsoft.com/en-us/library/system.management.automation.runspaces.wsmanconnectioninfo%28v=vs.85%29.aspx
  I use Enter-PSSession to start the commands in de powershell console which works.
  MCPD

• Printing Problem: "Access denied, unable to connect"

  Although I was able to print the test page successfully, I could print nothing else from my Vista machine (actually a MacBook running Vista under Boot Camp) to the printer attached to my Airport Extreme. Apple Nugget supplied the following solution for the same problem under XP and it worked for me under Vista:
  1. Make sure the printer is recognized by the base station.
  2. Select 'Add a new printer' in Windows
  3. Select 'Local Printer' in the dialog box (auto detect and install should be off), click next.
  4. Choose 'Create a new port' and "Standard TCP/IP Port'. Click next.
  5. For the printer IP address, enter the address of the base station ie. 10.0.1.1. The port name will be filled automatically. Click next.
  6. For the device type, choose your printer from the list and follow the rest of the prompts to install and configure the driver.
  As I said, these steps worked perfectly for Vista, too. Note the counterintuitive instruction to create a local printer for what is really a network printed plugged into the Airport Extreme. I don't care; it worked?

  You did not say what operating system you are using - I guessed XP.  Check this out.
  Say thanks by clicking "Kudos" "thumbs up" in the post that helped you.
  I am employed by HP

• Network Load Balancing - "access denied" when loading configuration information from host2

  We have 2 Windows 2012 R2 servers, both are running on workgroup.
  We set up NLB cluster.  When we open NLB Manager on the server2, then message shows "loading configuration information. Access denied. Error connecting to server1". 
  There is no issue doing this on server1, NLB Manager is able to connect to both servers. We login using default administrator account, both account name and password are the same for 2 servers.
  When we check security event log on server1, there is this strange Audit Failure log using account "test_nlb" from server2 which related to "Access denied" error. Please let us know how to resolve this. Thanks in advance.
        Event ID: 4776
        The computer attempted to validate the credentials for an account.
        Authentication Package:   
  MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
        Logon Account:   
  test_nlb
        Source Workstation:   
  WPAAP2
        Error Code:   
  0xc0000064           
        An account failed to log on.
  Event ID: 4625
  Subject:
      Security ID:       
  S-1-0-0
      Account Name:       
      Account Domain:       
      Logon ID:       
  0x0
  Logon Type:           
  3
  Account For Which Logon Failed:
      Security ID:       
  S-1-0-0
      Account Name:       
  test_nlb
     Account Domain:       
  WPAAP2
  Failure Information:
      Failure Reason:       
  Unknown user name or bad password.
      Status:           
  0xc000006d
      Sub Status:       
  0xc0000064
  Process Information:
      Caller Process ID:   
  0x0
      Caller Process Name:   
  Network Information:
      Workstation Name:   
  WPAAP2
      Source Network Address:   
  192.168.70.45
      Source Port:       
  55136
  Detailed Authentication Information:
      Logon Process:       
  NtLmSsp
      Authentication Package:   
  NTLM
      Transited Services:   
      Package Name (NTLM only):   
      Key Length:       
  0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
      - Transited services indicate which intermediate services have participated in this logon request.
      - Package name indicates which sub-protocol was used among the NTLM protocols.
      - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

  Hi Zhong Gang,
  When you are using Network Load Balancing (NLB) Manager, you must be a member of the Administrators group on the host that you are configuring, or you must have been delegated
  the appropriate authority. If you are configuring a cluster or host by running NLB Manager from a computer that is not part of the cluster, you do not have to be a member of the Administrators group on that computer. Please disable your nodes firewall and
  try again.
  The related KB:
  Add a Host to the Network Load Balancing Cluster
  http://technet.microsoft.com/en-us/library/cc753744.aspx
  I’m glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Error while trying to backup - Microsoft.SqlServer.SmoExtended, Error 5 (access denied)

  Hey guy,
  I have a problem with my SQL Express Server.
  If I try to backup a database I'm getting the following error:
  (Microsoft.SqlServer.SmoExtended)
  System.Data.SqlClient.SqlError: Das Sicherungsmedium 'D:\my-database.bak' kann nicht geöffnet werden. Betriebssystemfehler 5(Access denied). (Microsoft.SqlServer.Smo)
  I have done this a month ago and it worked.
  Can someone help me please?
  I am logged in as sa, the OS is Windows Server 2012 Essentials.
  Thanks
  Regards,
  Alex

  'D:\my-database.bak' kann nicht geöffnet werden. Betriebssystemfehler 5(Access denied). (Microsoft.SqlServer.Smo)
  Hi,
  Since error is access denied it means SQL server service account ,the account with which SQL Server service is running, does not have read/write privilege on folder where you are taking backup. It does not matters whether you login with SA.
  Now I see you are backing database to root(D:) drive. This should not be practiced its a bad practice and has lots of drawbacks. Instead create a folder BACKUP in D rive and give SQL Server service account read write privileges on that folder and start backup
  Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
  My Technet Articles

• When sending an email to all our members under a group email I get a fatal error relay access denied. Very important I get these emails out to all our members.

  Trying to email a group of all our members and I keep getting an error message.
  he original message was received at Tue, 18 Nov 2014 13:50:51 -0500
  from d154-20-241-245.bchsia.telus.net [154.20.241.245]
  ----- The following addresses had permanent fatal errors -----
  <[email protected]>
  (reason: 554 5.7.1 <[email protected]>: Relay access denied)
  ----- Transcript of session follows -----
  ... while talking to scariboochamber.org.:
  >>> RCPT To:<[email protected]>
  <<< 554 5.7.1 <[email protected]>: Relay access denied
  554 5.0.0 Service unavailable

  However, I added "allowpercenthack = no" to main.cf
  and that seemed to allow postfix to not attempt to
  process it itself and let my application do the
  work.
  However, if I now send mail now to my server (from
  another server) destined to
  user%[email protected], I (and my
  log) gets:
  Hardly ever had a need for this, but if I remember correctly you will need to set:
  allowuntrustedrouting = yes
  in main.cf
  (No need for allowpercenthack (I think))
  or you could create a hash table before rejectunauthdestination to return OK based on your needed patterns.
  I think the first method will work though.
  Side question: I placed `rejectnon_fqdnsender'
  after rejectunauthdestination destination because I
  didn't want to bother checking the sender unless I
  confirmed the recipient was at my server. Does that
  comment that it doesn't work after
  checkrelaydomains, mean that it also doesn't get
  processed after
  checkrelaydomains is deprecated
  You can place rejectnon_fqdnsender anywhere you like or even omit it, but I don't see why you would have to.