ISE 1.2 AuthZ fail because of 'extra' AD lookup

Similar Messages

• ISE Wired DOT1X authorization fails

  I'm configuring wired dot1x, and it won't work. My end goal is to use machine/user authentication for this wired profile, but for now, because of issues I'm just attempting wired user authentication. Below is what I have
  -authorization profile to allow a user based on the default (wired dot1x) and AD memberOF to get the person into the network
  -the network card on the computer is setup to use "user authetication" inside of the NIC authentication tab....this is PEAP by the way.
  Here is what I am seeing. I do a reboot of the machine, and the login for Windows comes up and I login. Once in Windows I look at the NIC and it says Authentication failed. ISE says that it PASSED and used my authorization profile to pass it and says that it sent my dacl. Doing a show authentication session int gi8/36 says "status authz FAILED".
  I get the same thing if I use both machine and user. Machine boot->login->ISE says there was a successful authentication for the machine and sends a dacl->sh auth sess int gi8/36 says status authz failed on the switch, and the NIC shuts due to failed authentication which after that it's obviously not going to pass the user side of my policy. This is driving my nuts. If anyone could help it would be greatly appreciated. Below is config info. Thanks
  Windows machines are Win7/64
  switch is 6509e with 12.2(33)SXI 11 running on it.
  Interface:  GigabitEthernet8/36
            MAC Address:  10ee.f10c.4820
             IP Address:  Unknown
              User-Name:  jcarrabine
                 Status:  Authz Failed
                 Domain:  DATA
         Oper host mode:  multi-auth
       Oper control dir:  both
        Session timeout:  N/A
           Idle timeout:  N/A
      Common Session ID:  0A800C010000018CF35CA5D8
        Acct Session ID:  0x0000077B
                 Handle:  0x0000018C
  Runnable methods list:
         Method   State
         dot1x    Authc Success
         mab      Not run
  Dot1x Info for GigabitEthernet8/36
  PAE                       = AUTHENTICATOR
  PortControl               = AUTO
  ControlDirection          = Both
  HostMode                  = MULTI_AUTH
  QuietPeriod               = 60
  ServerTimeout             = 0
  SuppTimeout               = 30
  ReAuthMax                 = 2
  MaxReq                    = 2
  TxPeriod                  = 10
  interface GigabitEthernet8/36
  description TEST PORT
  switchport
  switchport access vlan 52
  switchport mode access
  switchport voice vlan 143
  authentication event fail action next-method
  authentication host-mode multi-auth
  authentication open
  authentication order dot1x mab
  authentication priority dot1x mab
  authentication port-control auto
  authentication timer inactivity 10
  authentication violation restrict
  mab
  dot1x pae authenticator
  dot1x timeout tx-period 10
  spanning-tree portfast edge
  spanning-tree bpduguard enable
  end
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa accounting dot1x default start-stop group radius
  ip radius source-interface Loopback0
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server host 10.128.12.41 auth-port 1812 acct-port 1813 key 7 061106324961273C464640
  radius-server host 10.126.12.41 auth-port 1812 acct-port 1813 key 7 120E0C0417242221697A76
  radius-server vsa send accounting
  radius-server vsa send authentication

  I fixed this issue So to the trained eye this should be obvious. The authz ultimatly failed not because of my authorization policies, but because I have no default permit ip any any ACL on the port. This is a requirement for the IOS I'm running. The dACL's can not be applied to the switchport without it, and thus will throw the port into an authz fail without it.

• Which Is True for 24/7 Sleep? Hard Drive Could Fail Because It's Constantly Spinning or Because It's Suddenly Switched ON

  Hi. It's sleep vs. shutdown again. I read some computer components are better off on sleep mode, some components are better off shutted down. If each component lasts longer in sleep mode and some shutted down, what then is the best for Macs as a whole?
  If it's sleeping for 24/7 won't the hardisk for example wear out more because it's constantly spinning. Won't the power supply wear out more because there's some heat? On the other hand with shutting it down then turning it back on, the components could fail because of the sudden expansion they say from cold components when it's switched ON (or sudden jerk to moving components when it's switched ON)?
  Doesn't sleep turn off components anyway like they were shutyed down so even if you use sleep, there's still a possibilit of it expanding from a cold components to warm components (or sudden jerks with components like in the hard drive)?
  Apple's manual says put it on sleep. What do they mean exactly? Are the recent Macs designed be ON 24/7 for years? Or do they mean put it to sleep mode as must as possible in a day but still shut it down at some point?
  There should be a more thorough scientific study on component failure for Macs and computers already on sleep vs. shutdown. Thank you in advance. Gbu.
  What're your experiences between sleep and shutdown. Which components lasted longer for sleep, for shutdown?

  baltwo wrote:
  I never sleep desktop computers or their HDs, only their displays, run 24/7, and have only had one HD faiurel the past 11 years. Most electromechanical devicesw fail during power on.
  Some questions: Is it possible to keep the drive platters constantly spinning? Doesn't most drive firmware set the drive to spin down after about 10 minutes of inactivity? If this is the case, wouldn't it make the question moot, at least as far as drive life is concerned? Drives have a finite number of spin up/ spin down cycles. I don't know if you get around this by never sleeping the computer. If the computer is sleeping, the drive is spun down and the heads are parked. If the computer is set to never sleep, will the drive spin down anyway?
  In additon, even if the platters can be kept constantly spinning, don't we have to figure in the long term damage from the extra heat that generates, which might make the whole thing a wash?
  Message was edited by: WZZZ
  This would appear to support Baltwo's and Dennis's usage scenario. But it doesn't address the drive firmware question I raised, above.
  It is better to spin down the hard disk drive whenever you can to       reduce stress on the spindle motor.
  Truth :
  Normally, the platters are spun up at start up and kept spinning           after that. The spinning up process is the most taxing part on the hard disk drive's spindle motor. Maintaining the spindle speed thereafter requires a lot less           effort.
  If the platters have spun down and you need to read/write something           on the platters, you will need to spin up the platters to full speed         before you can read or write. Therefore, if you want maximum performance, it's better to keep the hard disk drive spinning.
  However, spinning down the hard disk drive during periods of inactivity can not only reduce power consumption, it can also reduce the heat produced. The reduced thermal output will increase the longevity of your hard disk drive.
  So, while spinning down the hard disk drive will not reduce stress on the spindle motor, it can reduce the hard disk drive's power consumption and thermal output as well as increase its lifespan.
  http://www.techarp.com/showarticle.aspx?artno=84&pgno=3

• I got an error message while burning a cd in itunes - "The attempt to burn a disc failed.  The burn failed because of a medium write error.  What is that and how can i fix it?t

  I got an error message while burning a CD in iTunes - "the attempt to burn a disc failed.  The burn failed because of a medium write error."  What does this mean and how do I fix it?

  The disk you are using probably has a defect, not uncommon on consumer grade disks. Try another disk or better yet another disk from a different manufacturer or at least a different batch.

• Processing this item failed because of a PDF parser error. Input string was not in a correct format.

  Good Morning,
  We're having issues parsing several hundred PDF files located in two separate Record Center sites. All other PDF documents in the environment are being crawled and parsed without issue. I've verified the permissions for the Search service account, but that
  doesn't seem to be the issue. Searching for this particular error hasn't returned much, but I have ensured that the Search service account has been added to the necessary Local Security Policy objects and cleared the configuration cache. Any help would be
  greatly appreciated.
  Processing this item failed because of a PDF parser error. ( Error parsing document 'https://asdf.com/sites/HRRecords/asdf.pdf'. Input string was not in a correct format.; ; SearchID = 6642FEEF-6921-434E-B084-02809173D8A7 )

  This issue came back up for me as my results aren't displaying since this data is not part of the search index.
  Curious if anyone knows of a way to increase the parser server memory in SharePoint 2013 search?
  http://sharepoint/materials-ca/HPSActiveCDs/Votrevieprofessionnelleetvotrecarrireenregistrement.zip
  Processing this item failed because the parser server ran out of memory. ( Error parsing document 'http://sharepoint/materials-ca/HPSActiveCDs/Votrevieprofessionnelleetvotrecarrireenregistrement.zip'. Document failed to be processed. It probably crashed the
  server.; ; SearchID = 097AE4B0-9EB0-4AEC-AECE-AEFA631D4AA6 )
  http://sharepoint/materials-ca/HPSActiveCDs/Travaillerauseindunequipemultignrationnelle.zip
  Processing this item failed because of a IFilter parser error. ( Error parsing document 'http://sharepoint/materials-ca/HPSActiveCDs/Travaillerauseindunequipemultignrationnelle.zip'. Error loading IFilter for extension '.zip' (Error code is 0x80CB4204). The
  function encountered an unknown error.; ; SearchID = 4A0C99B1-CF44-4C8B-A6FF-E42309F97B72 )

• SharePoint 2013 Search - Zip - Parser server ran out of memory - Processing this item failed because of a IFilter parser error

  Moving content databases from 2010 to 2013 August CU. Have 7 databases attached and ready to go, all the content is crawled successfully except zip files. Getting errors such as 
  Processing this item failed because of a IFilter parser error. ( Error parsing document 'http://sharepoint/file1.zip'. Error loading IFilter for extension '.zip' (Error code is 0x80CB4204). The function encountered an unknown error.; ; SearchID = 7A541F21-1CD3-4300-A95C-7E2A67B2563C
  Processing this item failed because the parser server ran out of memory. ( Error parsing document 'http://sharepoint/file2.zip'. Document failed to be processed. It probably crashed the server.; ; SearchID = 91B5D685-1C1A-4C43-9505-DA5414E40169 )
  SharePoint 2013 in a single instance out-of-the-box. Didn't install custom iFilters as 2013 supports zip. No other extensions have this issue. Range in file size from 60-90MB per zip. They contain mp3 files. I can download and unzip the file as needed. 
  Should I care that the index isn't being populated with these items since they contain no metadata? I am thinking I should just omit these from the crawl. 

  This issue came back up for me as my results aren't displaying since this data is not part of the search index.
  Curious if anyone knows of a way to increase the parser server memory in SharePoint 2013 search?
  http://sharepoint/materials-ca/HPSActiveCDs/Votrevieprofessionnelleetvotrecarrireenregistrement.zip
  Processing this item failed because the parser server ran out of memory. ( Error parsing document 'http://sharepoint/materials-ca/HPSActiveCDs/Votrevieprofessionnelleetvotrecarrireenregistrement.zip'. Document failed to be processed. It probably crashed the
  server.; ; SearchID = 097AE4B0-9EB0-4AEC-AECE-AEFA631D4AA6 )
  http://sharepoint/materials-ca/HPSActiveCDs/Travaillerauseindunequipemultignrationnelle.zip
  Processing this item failed because of a IFilter parser error. ( Error parsing document 'http://sharepoint/materials-ca/HPSActiveCDs/Travaillerauseindunequipemultignrationnelle.zip'. Error loading IFilter for extension '.zip' (Error code is 0x80CB4204). The
  function encountered an unknown error.; ; SearchID = 4A0C99B1-CF44-4C8B-A6FF-E42309F97B72 )

• The timesheet creation failed, because of problems with the project I server or with data validation

  Hi,
  One of my user is facing issue in creating new time sheet,
  "The time sheet creation failed, because of problems with the project server or with data validations".
  This issue is coming to only few members out of 10000 members.
  Note: For the same user, can able to do in other machines. only the problem in his machine. Have ran the office diagnostics, but still the problem persists.
  Is any add-on's/any settings need to update in IE. Could any one please help me on how to fix this issue?
  Many thanks in advance.

  I would check the compatibility settings in IE etc, or try another browser (chrome, safari etc.)
  Ben Howard [MVP] | web |
  blog | book

• HT201413 I am having a problem updating itunes to the latest version on my windows xp i get the error message 126 and the sign that says this application has failed because MSVCR80.dll was not found.

  I am having a problem updating itunes to the latest version on my windows xp i get the error message 126 and the banner that says this application has failed because MSVCR80.dll was not found. anyone have a fix suggestion? thanks

  Click here and follow the instructions.
  (98724)

• Error message: "Logging into the account failed because an error occurred."

  Hello,
  We had an XServe G5 2.0 DP 5GB/80/2x250 running Mac OS X 10.3.9 Server with all updates as a main server for a school. The server provides Open Directory Master as well as File-Sharing (AFP and SMB) and e-mail services to about 30 teachers and 300 students. The user home directories reside on the server. A web server also runs on the machine. The students use a pool of laptops, which are configured with a local guest and admin account as well as access to the server-based home directories with Directory Access. The server had the OS running on the 80 GB hard drive and all data (Home directories, mail database, website, etc. were on the two mirrored 250 GB drives.) All was working well until...
  A few weeks ago, one of the two 250 GB died. We decided to use the opportunity to upgrade the server and set it up with 3 x 750 GB, two drives running as a mirrored pair to hold OS AND Data, the other as a stand-by unit to help replace a failing drive.
  We migrated the OS and all data from the previous drives without a problem. Since now, all data is residing on one pair of drives, we put the data from the old "Data" drive in a folder on the root level of the new HD pair. We wrote a script that launches at startup which creates the symlink in /Volumes/Data to link to /Data. We thought that with this, all would be well.
  However: When any user tries to log into his account from any iBook (10.3.9 or 10.4.11) (wirelessly), he gets the message:
  "Logging into the account failed because an error occurred. The home folder for the user account is located on an afp or smb server. contact your system administrator for help"
  If the user logs in to the guest account on the iBook, then accesses his home directory via file-sharing, he can see (read/write) all his data. So, the data and privileges seem to be OK, as well as Open Directory working correctly. Mail and the web work well also, as does logging in to a user account from one of the PC's (wired).
  Can anyone make any suggestions as to how to fix the situation? Currently, the users are using the guest accounts and accessing their data via filesharing, as well as using webmail for their e-mail, but this is a major nuisance.
  Any help will be greatly appreciated.
  Best regards,
  Alain Chammas
  A user trying to access his account from a PC (wired) has no problems.

  A good number of folks are having problems with this same error message at login, and nobody seems to have found a fix.
  I believe I have stumbled upon, if not a solution, at least part of the answer. If you're logged into a 10.4 workstation, open a Finder window and click the "Network" icon. The first time you do this, you'll only see "Library" and "Servers" icons, but if you let it sit for a moment, other folders will magically appear. One of these is "My Network" which is the critical part.
  In Workgroup Manager, edit one of your users' home directory configuration. There's a URL piece, usually "afp://server.domain.com/Users" (which is what shows up in the window when you click on the "Home" tab for that user), and then there's a "Home" path that is usually something like "/Network/Servers/servername/Users/username". Trouble is, you've noticed that 10.4 doesn't put servers into the "Servers" path, but rather into the "My Network" path.
  So, if you change that "Home" path to read "/Network/My Network/servername/Users/username", it should work--with one caveat. Apparently 10.4 doesn't create the "My Network" path on a given client until you actually browse the network on that client. If you haven't logged into a 10.4 workstation and browsed the network, the "My Network" path won't be there, and you'll still get the error. Login as a local user, browse the network (so that the "My Network" folder shows up), logout, and then login as an Open Directory user, and it should work.
  I'm betting that 10.3, 10.4, and 10.5 all handle this issue differently, so if you're in a mixed-version situation, you may have to experiment to find a workable fix.
  Derndest thing I ever saw.

• HT4863 I have an error message coming up when trying to send an email which says 'sending the message failed because you're exceeding the limit' can anyone help me to resolve this please

  I have an error message coming up when trying to send an email which says 'sending the message failed because you're exceeding the limit' can anyone help me to resolve this please

  Try reentering the password in your iCloud mail settings.

• Job scheduling failed because the user has no permission to access this rep

  Hi. I've OBIP 10.1.3.4.1.
  When I launch a print with the scheduler I see this error:
  oracle.apps.xdo.servlet.scheduler.ProcessingException: Job scheduling failed because the user has no permission to access this report. [REPORT_URL]=[folderreport/report/report.xdo], [USERNAME]=[administrator]
       at oracle.apps.xdo.servlet.ui.scheduler.SchedulerServlet.scheduleJob(SchedulerServlet.java:1140)
       at oracle.apps.xdo.servlet.ui.scheduler.SchedulerServlet.doPost(SchedulerServlet.java:295)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:763)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
       at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:64)
       at oracle.apps.xdo.servlet.security.SecurityFilter.doFilter(SecurityFilter.java:100)
       at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:621)
       at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:368)
       at com.evermind.server.http.HttpRequestHandler.doProcessRequest(HttpRequestHandler.java:866)
       at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:448)
       at com.evermind.server.http.HttpRequestHandler.serveOneRequest(HttpRequestHandler.java:216)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:117)
       at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:110)
       at oracle.oc4j.network.ServerSocketReadHandler$SafeRunnable.run(ServerSocketReadHandler.java:260)
       at oracle.oc4j.network.ServerSocketAcceptHandler.procClientSocket(ServerSocketAcceptHandler.java:239)
       at oracle.oc4j.network.ServerSocketAcceptHandler.access$700(ServerSocketAcceptHandler.java:34)
       at oracle.oc4j.network.ServerSocketAcceptHandler$AcceptHandlerHorse.run(ServerSocketAcceptHandler.java:880)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:303)
       at java.lang.Thread.run(Thread.java:595)
  In this env. I've a LDAP Security Model and all the report and all the users work.

  Please check whether you have assigned below responsibility to the user trying to schedule report.
  XMLP_SCHEDULER

• Logging in to the account failed because an error occurred

  I've been looking after Mac's in an ophthalmologist's office for about 6 years.  We initially used Panther server with networked home directories.  With the large images, slow computers, and slow network we moved about 4 years ago to local accounts and local home directories using a Leopard Server for file sharing and print serving.  About a year ago we moved to a Mac Mini Server but kept local home directories.  We would like to move back to networked home directories and implement group folders for sharing.
  I have another Mac Mini Server at home and am trying to set up a test environment but am having trouble getting networked home directories to work.  I'm trying to log in using my MacBook Pro.  Both machines are at 10.6.8.  I followed the outstanding setup instructions from
           http://www.wazmac.com/servers_network/fileservers/osxserver_setup/osxserver106_s etup.htm
  but omitted the part of setting up the groups.   I just set up an account, Test1 but am unable to log in using it.  I can log into the account and access the home folder through my finder though.  When I try log in I get:
           You are unable to log in to the user account "test1" at this time
            logging in to the account failed because an error occurred.
  I have looked for several days now and have found no answers that have resolved this.
  My DNS tests fine and it appears that my password is working.  I have turned off all the services  except for AFP, DNS, and Open Directory.  The home folder is on the second drive /Volumes/MacHD2/Homes/test1 and it is set for automount and home directories.  I set each of the separately with a save between. The server appears in my /Network/Servers/ directory right down to the Homes directory.
  The following is the only log file that indicates any error.  This is from the most recent reboot:
  Directory Services Error Log:
  2011-07-09 09:19:12 PDT - T[0x00007FFF70C75CC0] - DNSServiceProcessResult returned -65563
  2011-07-09 09:19:45 PDT - T[0x0000000101C8D000] - Misconfiguration detected in hash 'Global SID':
  2011-07-09 09:19:45 PDT - T[0x0000000101C8D000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID 3A0E5953-EC2B-4F6E-A929-3B32406A10C3 - SID S-1-5-21-3687144454-2494095375-1043814123-998
  2011-07-09 09:19:45 PDT - T[0x0000000101C8D000] - Computer 'MiniServer.tolan.homeip.net$' (/Local/Default) - ID -1 - UUID 87FB76C0-A528-44FC-ADBF-2A7EC7809A9A - SID S-1-5-21-3687144454-2494095375-1043814123-998
  2011-07-09 09:19:45 PDT - T[0x0000000101C8D000] - Misconfiguration detected in hash 'Global SID':
  2011-07-09 09:19:45 PDT - T[0x0000000101C8D000] - Computer 'guest' (/LDAPv3/127.0.0.1) - ID -1 - UUID 3A0E5953-EC2B-4F6E-A929-3B32406A10C3 - SID S-1-5-21-3687144454-2494095375-1043814123-998
  2011-07-09 09:19:45 PDT - T[0x0000000101C8D000] - Computer 'MiniServer.tolan.homeip.net$' (/Local/Default) - ID -1 - UUID 87FB76C0-A528-44FC-ADBF-2A7EC7809A9A - SID S-1-5-21-3687144454-2494095375-1043814123-998
  The following are the relevant messages from the other log files that captured the login attempt:
  AFP Access Log:
  IP 192.168.77.20 - - [09/Jul/2011:11:25:11 -0800] "Login test1" 0 0 0
  IP 192.168.77.20 - - [09/Jul/2011:11:25:11 -0800] "Logout test1" 0 0 0
  DNS Log:
  09-Jul-2011 09:38:09.777 received control channel command 'freeze'
  09-Jul-2011 09:38:09.778 freezing all zones: success
  09-Jul-2011 09:38:09.885 received control channel command 'reload'
  09-Jul-2011 09:38:09.885 loading configuration from '/private/etc/named.conf'
  09-Jul-2011 09:38:09.886 using default UDP/IPv4 port range: [49152, 65535]
  09-Jul-2011 09:38:09.886 using default UDP/IPv6 port range: [49152, 65535]
  09-Jul-2011 09:38:09.888 reloading configuration succeeded
  09-Jul-2011 09:38:09.888 reloading zones succeeded
  09-Jul-2011 09:38:09.889 zone 77.168.192.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2011070804
  09-Jul-2011 09:38:09.889 zone tolan.homeip.net/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2011070900
  09-Jul-2011 09:38:09.893 received control channel command 'thaw'
  09-Jul-2011 09:38:09.893 thawing all zones: success
  09-Jul-2011 09:38:09.893 zone 77.168.192.in-addr.arpa/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2011070804
  09-Jul-2011 09:38:09.893 zone tolan.homeip.net/IN/com.apple.ServerAdmin.DNS.public: loaded serial 2011070900
  Kerberos Server Log:
  Jul 09 11:25:07 MiniServer.tolan.homeip.net krb5kdc[55](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.77.20: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required
  Jul 09 11:25:07 MiniServer.tolan.homeip.net krb5kdc[55](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.77.20: NEEDED_PREAUTH: [email protected] for krbtgt/[email protected], Additional pre-authentication required
  Jul 09 11:25:07 MiniServer.tolan.homeip.net krb5kdc[55](debug): handling authdata
  Jul 09 11:25:07 MiniServer.tolan.homeip.net krb5kdc[55](debug): handling authdata
  Jul 09 11:25:07 MiniServer.tolan.homeip.net krb5kdc[55](debug): .. .. ok
  Jul 09 11:25:07 MiniServer.tolan.homeip.net krb5kdc[55](debug): .. .. ok
  Jul 09 11:25:07 MiniServer.tolan.homeip.net krb5kdc[55](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.77.20: ISSUE: authtime 1310235907, etypes {rep=18 tkt=16 ses=18}, [email protected] for krbtgt/[email protected]
  Jul 09 11:25:07 MiniServer.tolan.homeip.net krb5kdc[55](info): AS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.77.20: ISSUE: authtime 1310235907, etypes {rep=18 tkt=16 ses=18}, [email protected] for krbtgt/[email protected]
  Jul 09 11:25:11 MiniServer.tolan.homeip.net krb5kdc[55](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.77.20: ISSUE: authtime 1310235907, etypes {rep=18 tkt=16 ses=18}, [email protected] for afpserver/[email protected]
  Jul 09 11:25:11 MiniServer.tolan.homeip.net krb5kdc[55](info): TGS_REQ (7 etypes {18 17 16 23 1 3 2}) 192.168.77.20: ISSUE: authtime 1310235907, etypes {rep=18 tkt=16 ses=18}, [email protected] for afpserver/[email protected]
  Password Service Server Log:
  Jul  9 2011 11:25:07    RSAVALIDATE: success.
  Jul  9 2011 11:25:07    AUTH2: {0x4e17e4b75f13dc1d0000000600000006, test1} DHX authentication succeeded.
  Jul  9 2011 11:25:07    KERBEROS-LOGIN-CHECK: user {0x4e17e4b75f13dc1d0000000600000006, test1} is in good standing.
  Jul  9 2011 11:25:07    KERBEROS-LOGIN-CHECK: user {0x4e17e4b75f13dc1d0000000600000006, test1} authentication succeeded.
  Jul  9 2011 11:25:07    GETPOLICY: user {0x4e17e4b75f13dc1d0000000600000006, test1}.
  Jul  9 2011 11:25:07    GETPOLICY: user {0x4e17e4b75f13dc1d0000000600000006, test1}.
  I would appreciate any and all assistance with this.  I've never had a problem in the past with configuring and using networked home directories.  This has me stumped.  This is now my 3rd day working on it.  I've been through numerous discussion groups, googled endlessly, and even re-installed the server software twice to make sure I'm working with a clean current copy.
  Thanks in advance for any advice you can offer....

  Thanks for your comments, and particularly for confirming that the Kerberos and AFP logs indicated success.   I did have my sharing set properly as you describe however checking that I had set sharing appropriately it led me to the answer to my problem...
  You were right about the location of Test1's home directory and it is on the second disk.   I have always had a level of discomfort setting up the Home URL under 'Home' when setting up a home directory.  I thought I had to put the fully qualified directory name, in this case:
        afp://miniserver.tolan.homeip.net/Volumes/MacHD2/Homes
  After turning sharing off and on for the Homes directory, just to ensure, I saw that WGM had inserted another, more abbreviated URL for me to select:
        afp://MiniServer.tolan.homeip.net/Homes
  When I selected this URL all started working.   I guess I've been outsmarting myself over the years by overthinking what I had to do.
  So, while your suggestion was correct, that wasn't my problem, but checking to ensure that I'd done it right did lead me to the solution.   Hence, a helpful answer, rather than a correct one even though you are correct.
  This issue of what the URL should look like has always bothered me but now I know.  I guess I've just been lucky up until now and in this business good luck doesn't teach you anything...   :-)
  Cheers, and thanks for this...   

• Can not log into server computer with any accounts - "You are unable to login to the user account "abcdefg" at this time. Logging in to the account failed because an error occurred."

  I have a Mac mini running the latest version of OS X and Server. Been running fine and flawlessly. However, I had a strange problem with the iCloud preferences panel crashing when I tried to access it, so I rebooted. Now I can not log into the system with any accounts. My master admin account (along with all the others) gives me the error:
  You are unable to login to the user account "abcdefg" at this time. Logging in to the account failed because an error occurred."
  I am able to see the server from other macs and I can log into it using the same account, but it only shows me a few of the shared folders I have access to but NOT to my main directories.
  Rebooting into Command-R and doing a disk utility, I try and repair permission on that drive and get a bunch of errors like:
  ACL found but not expected on Users
  Repaired "Users"
  ACL found but not expected on Users/.localized
  Repaired "Users/.localized"
  ACL found but not expected on Users/Shared
  Repaired "Users/shared"
  ACL found but not expected on Users/Shared/.localized
  Repaired "Users/Shared/.localized"
  Permissions repair complete.
  But rebooting is no joy...same problem. Any idea what is going on or how to repair it? Should I do a time machine restore? Complete new OS X install? Any idea what is causing this or how to salvage it?

  Got everything to re-install and it worked fine...for a few hours. Then I came in to find ALL of my network users deleted. Just GONE. Then found out the Open Directory was trashed and was unable to open, recover or restore from a backup. Looks like I may have a bad drive here.
  I installed a new drive in the system, re-installed and so far (for a couple of hours anyway) the system seems to be working and stable.

• Window server 2008 r2 error show "stop :- c00002e3 security account manager initialization failed because of the for A DIVICE ATTACHED to the system is not funcation"

  Hi All
  Please help
  my server not working showing display error window server 2008 r2  error show "stop :- c00002e3 security account manager initialization failed because of the for A DIVICE ATTACHED to the system is not funcation"
  Please help me how to resolve this issue ???
  thnaks !!!

  Hi,
  If there is any external device plug into your computer, please unplug it and restart the Server.
  You can also test the issue in Safe mode.
  If it can boot into Safe mode, please update any driver has yellow warning on it, also check if the dump file is existing under %SystemRoot%\, if so, please help to post back for our research.
  Kate Li
  TechNet Community Support

• Error, After applying the patch for 10.1.0.2ERROR: OPatch failed because of

  Download this patch from oracle metalink
  This Bug for Linux x86 for oracle server 10.1.0.2
  Bugs Fixed by this patch:
  # 3520157 : CREATE INDEX USES EXISTING INDEX (IDX FAST FULL SCAN) AND RUNS SLOWER THAN TABLE
  steps followed
  for oracle_home
  $export ORACLE_HOME=/home/APP/ORACLE/product/10.1.0/db_1
  $/home/APP/ORACLE/product/10.1.0/db_1/OPatch/opatch apply
  PERL5LIB=/home/APP/ORACLE/product/10.1.0/db_1/perl/lib/5.6.1:/home
  /APP/ORACLE/product/10.1.0/db_1/OPatch/perl_modules; export PERL5LIB
  /home/APP/ORACLE/product/10.1.0/db_1/perl/bin/perl /home/APP/ORACL
  E/product/10.1.0/db_1/OPatch/opatch.pl apply
  OPatch Version 1.0.0.0.47
  Perl Version 5.006001
  Oracle Home = /home/APP/ORACLE/product/10.1.0/db_1
  Location of Oracle Inventory = /home/APP/ORACLE/product/10.1.0/db_1/inven tory
  Oracle Universal Installer shared library = /home/mandar/APP/ORACLE/product/10.1 .0/db_1/oui/lib/linux/liboraInstaller.so
  Path to Java = /home/APP/ORACLE/product/10.1.0/db_1/jdk/jre/bin/java
  Location of Oracle Inventory Pointer = /etc/oraInst.loc
  Location of Oracle Universal Installer components = /home/APP/ORACLE/prod uct/10.1.0/db_1/oui
  Required Jar File under Oracle Universal Installer = jlib/OraInstaller.jar
  /home/APP/ORACLE/product/10.1.0/db_1/OPatch/opatch.pl version: 1.0.0.0.47
  Copyright (c) 2001,2002,2003 Oracle Corporation. All Rights Reserved.
  Cannot set up OUI inventory session
  ERROR: OPatch failed because of Inventory problem.
  $

  The error is due to the fact that, contrary what written in the documentation, the services shouldn't be restarted until the update process is completed