ISE : Machine/user ActiveDirectory group retrieving
Hello,
We are migrating our ACS 5.1 to ISE 1.0.4.
- On ACS we were doing 802.1x Authentification over an Activedirectory, assigning Vlan according to computer/user group. In some case the user vlan could be different from the computer vlan (ex admin account connecting to a user account). This works great with ACS
I tested the same function with ISE and the behaviour is a bit different :
- When the computer boot, I can see the computer account being authenticated on ISE. The logs show the AD groups the computer belongs to and the Authorization profile is well applied according to the AD group.
- When the user login, I can see the user account being authenticated on ISE, BUT the logs show the AD groups of the previous authentication, the one belonging to the computer not the user. So the authorization profile is the one from the computer not the user.
It seems that the AD group attributes are not well updated :
- AD logs show the second authentication doesn't engage a new group parsing from AD
- Shutting down the switch port when user is logged engage a new authentication a AD group are well updated.
- Bug toolkit reference the same bug but for WLC CSCto83897 so I suspect it's present in other case.
The NAS is Catalyst 3750 12.2.58(SE2)
Thanks much for your reply.
Hello,
We are migrating our ACS 5.1 to ISE 1.0.4.
- On ACS we were doing 802.1x Authentification over an Activedirectory, assigning Vlan according to computer/user group. In some case the user vlan could be different from the computer vlan (ex admin account connecting to a user account). This works great with ACS
I tested the same function with ISE and the behaviour is a bit different :
- When the computer boot, I can see the computer account being authenticated on ISE. The logs show the AD groups the computer belongs to and the Authorization profile is well applied according to the AD group.
- When the user login, I can see the user account being authenticated on ISE, BUT the logs show the AD groups of the previous authentication, the one belonging to the computer not the user. So the authorization profile is the one from the computer not the user.
It seems that the AD group attributes are not well updated :
- AD logs show the second authentication doesn't engage a new group parsing from AD
- Shutting down the switch port when user is logged engage a new authentication a AD group are well updated.
- Bug toolkit reference the same bug but for WLC CSCto83897 so I suspect it's present in other case.
The NAS is Catalyst 3750 12.2.58(SE2)
Thanks much for your reply.
Similar Messages
-
ISE - Machine + user authentication
I've searched forum, community but I couldn't find exactly what I need:
I have a client that want's to use two step authentication on wireless: first machine authentication to make sure that device is on the domain and then username/password authentication.
Now, I've read about MAR, EAP chaining, and I understood it all, only thing I didn't understand is:
If I configure ISE to authenticate machine, it will allow limited access to DC (for example).
Then, after that AuthZ profile is applied, what will do new authorization? My understanding is once MAR is done, AuthZ profileis applied and authorization is finished.
Now, I am not asking about turning on laptop, getting PC on the network, then logging in and then providing the user/credentials, etc. I am asking for this scenario:
How ISE policy and AuthZ profile should look like, for example, I come in the office, my wireless card is disabled, I login to my laptop, then I notice that my wireless card is disabled and now I enable it. I need to have Machine authentciation happening at that point + prompting user for username/password to complete registration on wireless.
NAM is already refused by client, so I need something that will work on plain Windows 7.
Thanks.Hello Align-
In your post you are referring to two completely separate and independent solutions:
1. MAR
2. EAP-Chaining
MAR only happens when the machine first boots up and the host presents its machine domain credentials. Then the machine MAC address is saved in ISE. The MAC is preserved in ISE as long as configured in the machine timer. Keep in mind that if let's say a computer was booted while connected on the wired network, only that MAC address will be authenticated. If the user moves to wireless, the connection will be denied as ISE will not have any records of the wireless MAC. Along with all of that, you will need another method (usually PEAP) to perform the user authentication. Usually this method is not a very good one to implement due to the issues listed
EAP-Chaining on the other hand utilizes EAP-FAST and it s a multi-phase method during which both machine and user information is passed in a secured TLS tunnel. For that you need to implement Cisco AnyConnect as it is the only software supplicant that supports it at the moment. For more info you might wanna look into Cisco's TrustSec guide:
http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_80_eapchaining_deployment.pdf
I hope this helps!
Thank you for rating! -
Cisco ISE Machine failed machine authentication
Hi, last week we migrated to ISE 1.2 Patch 7 and since then we are having trouble with our corporate SSID.
We have a rule that says :
1) User is domain user.
2) Machine is authenticated.
But for some reason that I can't figure out some machine(I would say around 200/1000) can't seem to authenticate.
This is the message I found in the "steps"
24423 ISE has not been able to confirm previous successful machine authentication for user in Active Directory
I was wondering if I could force something on the controller or on ISE directly.
EDIT : In the operation > Authentication I can see that some host/MachineName are getting authenticated.
Would I be able to force this as a step in my other rule.Hi shertica, and thank you for the explanation. I started working with ISE a month ago and still getting familiarized but I think the problem is the relationship between the Machine and the user because I can't find any Host/MachineName fail in the last 24 hour and I can't seem to have any log further than that.
Failure Reason
15039 Rejected per authorization profile
Resolution
Authorization Profile with ACCESS_REJECT attribute was selected as a result of the matching authorization rule. Check the appropriate Authorization policy rule-results.
Steps
11001
Received RADIUS Access-Request
11017
RADIUS created a new session
15049
Evaluating Policy Group
15008
Evaluating Service Selection Policy
15048
Queried PIP
15048
Queried PIP
15048
Queried PIP
15004
Matched rule
11507
Extracted EAP-Response/Identity
12300
Prepared EAP-Request proposing PEAP with challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12302
Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
12318
Successfully negotiated PEAP version 0
12800
Extracted first TLS record; TLS handshake started
12805
Extracted TLS ClientHello message
12806
Prepared TLS ServerHello message
12807
Prepared TLS Certificate message
12810
Prepared TLS ServerDone message
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12318
Successfully negotiated PEAP version 0
12812
Extracted TLS ClientKeyExchange message
12804
Extracted TLS Finished message
12801
Prepared TLS ChangeCipherSpec message
12802
Prepared TLS Finished message
12816
TLS handshake succeeded
12310
PEAP full handshake finished successfully
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
12313
PEAP inner method started
11521
Prepared EAP-Request/Identity for inner EAP method
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
11522
Extracted EAP-Response/Identity for inner EAP method
11806
Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
11808
Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
15041
Evaluating Identity Policy
15006
Matched Default Rule
15013
Selected Identity Source - IdentityStore_AD_liadom01
24430
Authenticating user against Active Directory
24402
User authentication against Active Directory succeeded
22037
Authentication Passed
11824
EAP-MSCHAP authentication attempt passed
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
11810
Extracted EAP-Response for inner method containing MSCHAP challenge-response
11814
Inner EAP-MSCHAP authentication succeeded
11519
Prepared EAP-Success for inner EAP method
12314
PEAP inner method finished successfully
12305
Prepared EAP-Request with another PEAP challenge
11006
Returned RADIUS Access-Challenge
11001
Received RADIUS Access-Request
11018
RADIUS is re-using an existing session
12304
Extracted EAP-Response containing PEAP challenge-response
24423
ISE has not been able to confirm previous successful machine authentication for user in Active Directory
15036
Evaluating Authorization Policy
24432
Looking up user in Active Directory - LIADOM01\lidoex
24416
User's Groups retrieval from Active Directory succeeded
15048
Queried PIP
15048
Queried PIP
15048
Queried PIP
15048
Queried PIP
15048
Queried PIP
15004
Matched rule - AuthZBlock_DOT1X
15016
Selected Authorization Profile - DenyAccess
15039
Rejected per authorization profile
12306
PEAP authentication succeeded
11503
Prepared EAP-Success
11003
Returned RADIUS Access-Reject
Edit : I found a couple of these :
Event
5400 Authentication failed
Failure Reason
24485 Machine authentication against Active Directory has failed because of wrong password
Resolution
Check if the machine is present in the Active Directory domain and if it is spelled correctly. Also check whether machine authentication is configured properly on the supplicant.
Root cause
Machine authentication against Active Directory has failed because of wrong password.
Username
host/MachineName
I also have an alarming number of : Misconfigured Supplicant Detected(3714) -
Machine +User Auth for windows endpoint autheticating through ISE
Hi
Is there any way to use machine + user auth at same time when authenticating Windows machine through ISE. In Windows native supplicant there is option as
1) Machine OR user Auth
2) User Authentication
3) Machine Authentication
4) Guest authentication
I want to give more priveledge access to endpoints where they are joined to AD domain AND the user is logged in using AD credentials.
Is there any way to achieve this functionality ...With windows you do not have the option, however with ISE 1.1.1 and the latest cisco anyconnect nam supplicant (which is free) has a feature called eap chaining, it uses eap-fast to send the authentication sequence just as you want.
Here is the reference:
ISE release notes
http://www.cisco.com/en/US/docs/security/ise/1.1.1/release_notes/ise111_rn.html#wp307279
Anyconnect release notes
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/release/notes/anyconnect31rn.html#wp998871
Configuration of anyconnect -
http://www.cisco.com/en/US/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/ac04namconfig.html#wp1065210
Tarik Admani
*Please rate helpful posts* -
User or group does not exists.
Hi,
I am running an unattented installation of SQL on a server. I run it with the following configuration:
;SQLSERVER2008 Configuration File
[SQLSERVER2008]
;************************* CORE ARGUMENTS *************************
; Specify the Instance ID for the SQL Server features you have specified. SQL Server directory structure, registry structure, and service names will reflect the instance ID of the SQL Server instance.
INSTANCEID="MSSQLSERVER"
; Specifies a Setup work flow, like INSTALL, UNINSTALL, or UPGRADE. This is a required parameter.
ACTION="Install"
; Specifies features to install, uninstall, or upgrade. The list of top-level features include SQL, AS, RS, IS, and Tools. The SQL feature will install the database engine, replication, and full-text. The Tools feature will install Management Tools, Books
online, Business Intelligence Development Studio, and other shared components.
FEATURES=SQLENGINE,REPLICATION,FULLTEXT,AS,RS,CONN,IS,BC,SDK,SSMS,ADV_SSMS,SNAC_SDK
; Setup will not display any user interface. ***
QUIET="True"
; Needed argument for silent installation
IACCEPTSQLSERVERLICENSETERMS="True"
;*************************** OPTIONAL *****************************
; Displays the command line parameters usage
HELP="False"
; Specifies that the detailed Setup log should be piped to the console. ***
INDICATEPROGRESS="True"
; Setup will display progress only without any user interaction.
QUIETSIMPLE="False"
; Specifies that Setup should install into WOW64. This command line argument is not supported on an IA64 or a 32-bit system.
X86="False"
; Use this parameter to install the English version of SQL Server on a localized operating system when the installation media includes language packs for both English and the language corresponding to the operating system.
ENU="True"
; Specify if errors can be reported to Microsoft to improve future SQL Server releases. Specify 1 or True to enable and 0 or False to disable this feature.
ERRORREPORTING="False"
; Specify that SQL Server feature usage data can be collected and sent to Microsoft. Specify 1 or True to enable and 0 or False to disable this feature.
SQMREPORTING="False"
; Specify a default or named instance. MSSQLSERVER is the default instance for non-Express editions and SQLExpress for Express editions. This parameter is required when installing the SQL Server Database Engine (SQL), Analysis Services (AS), or Reporting
Services (RS).
INSTANCENAME="MSSQLSERVER"
; Agent account name
AGTSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE"
; Auto-start service after installation. ***
AGTSVCSTARTUPTYPE="Automatic"
; Startup type for Integration Services.
ISSVCSTARTUPTYPE="Automatic"
; Account for Integration Services: Domain\User or system account.
ISSVCACCOUNT="NT AUTHORITY\NetworkService"
; The name of the account that the Analysis Services service runs under.
ASSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE"
; Controls the service startup type setting after the service has been created.
ASSVCSTARTUPTYPE="Automatic"
; The collation to be used by Analysis Services.
ASCOLLATION="Latin1_General_CI_AS"
; The location for the Analysis Services data files.
ASDATADIR="C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Data"
; The location for the Analysis Services log files.
ASLOGDIR="C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Log"
; The location for the Analysis Services backup files.
ASBACKUPDIR="C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Backup"
; The location for the Analysis Services temporary files.
ASTEMPDIR="C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Temp"
; The location for the Analysis Services configuration files.
ASCONFIGDIR="C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Config"
; Specifies whether or not the MSOLAP provider is allowed to run in process.
ASPROVIDERMSOLAP="1"
; Specifies the list of administrator accounts that need to be provisioned.
ASSYSADMINACCOUNTS=”CRB\dsstest”
; Startup type for the SQL Server service.
SQLSVCSTARTUPTYPE="Automatic"
; Specifies a Windows collation or an SQL collation to use for the Database Engine.
SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS"
; Account for SQL Server service: Domain\User or system account.
SQLSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE"
; Windows account(s) to provision as SQL Server system administrators.
SQLSYSADMINACCOUNTS=”CRB\dsstest”
; Level to enable FILESTREAM feature at (0, 1, 2 or 3).
FILESTREAMLEVEL="0"
; Set to "1" to enable RANU for SQL Server Express.
ENABLERANU="False"
; Specify 0 to disable or 1 to enable the TCP/IP protocol.
TCPENABLED="1"
; Specify 0 to disable or 1 to enable the Named Pipes protocol.
NPENABLED="0"
; Startup type for Browser Service.
BROWSERSVCSTARTUPTYPE="Automatic"
; Specifies which account the report server NT service should execute under. When omitted or when the value is empty string, the default built-in account for the current operating system.
; The username part of RSSVCACCOUNT is a maximum of 20 characters long and
; The domain part of RSSVCACCOUNT is a maximum of 254 characters long.
RSSVCACCOUNT="NT AUTHORITY\NETWORK SERVICE"
; Specifies how the startup mode of the report server NT service. When
; Manual - Service startup is manual mode (default).
; Automatic - Service startup is automatic mode.
; Disabled - Service is disabled
RSSVCSTARTUPTYPE="Automatic"
; Specifies which mode report server is installed in.
; Default value: “FilesOnly”
RSINSTALLMODE="DefaultNativeMode"
; Full-Text filter launcher service account
FTSVCACCOUNT="NT AUTHORITY\LOCAL SERVICE"
I run the installation with the user crb\dsstest, but i get the following error:
2011-12-28 12:58:47 Slp: Hosting object: Microsoft.SqlServer.Configuration.AnalysisServices.ASConfigurationPublic failed validation
2011-12-28 12:58:47 Slp: Validation for setting 'ASSYSADMINACCOUNTS' failed. Error message: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:58:47 Slp: Error: Action "Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction" threw an exception during execution.
2011-12-28 12:58:47 Slp: Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: ”CRB\dsstest” - User or group does not exists. ---> Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException: ”CRB\dsstest”
- User or group does not exists. ---> System.ApplicationException: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: Error: Action "Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction" threw an exception during execution.
2011-12-28 12:58:47 Slp: Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: ”CRB\dsstest” - User or group does not exists. ---> Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException: ”CRB\dsstest”
- User or group does not exists. ---> System.ApplicationException: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.Workflow.RunWorkflow(WorkflowObject workflowObject, HandleInternalException exceptionHandler)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: Error: Action "Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction" threw an exception during execution.
2011-12-28 12:58:47 Slp: Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: ”CRB\dsstest” - User or group does not exists. ---> Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException: ”CRB\dsstest”
- User or group does not exists. ---> System.ApplicationException: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.Workflow.RunWorkflow(WorkflowObject workflowObject, HandleInternalException exceptionHandler)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.Workflow.RunWorkflow(WorkflowObject workflowObject, HandleInternalException exceptionHandler)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:49 Slp: Received request to add the following file to Watson reporting: C:\Users\dsstest\AppData\Local\Temp\tmp8278.tmp
2011-12-28 12:59:02 Slp: The following is an exception stack listing the exceptions in outermost to innermost order
2011-12-28 12:59:02 Slp: Inner exceptions are being indented
2011-12-28 12:59:02 Slp:
2011-12-28 12:59:02 Slp: Exception type: Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException
2011-12-28 12:59:02 Slp: Message:
2011-12-28 12:59:02 Slp: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:59:02 Slp: Data:
2011-12-28 12:59:02 Slp: SQL.Setup.FailureCategory = InputSettingValidationFailure
2011-12-28 12:59:02 Slp: DisableWatson = true
2011-12-28 12:59:02 Slp: Stack:
2011-12-28 12:59:02 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
2011-12-28 12:59:02 Slp: at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
2011-12-28 12:59:02 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:59:02 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:59:02 Slp: Inner exception type: System.ApplicationException
2011-12-28 12:59:02 Slp: Message:
2011-12-28 12:59:02 Slp: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:59:02 Slp:
2011-12-28 12:59:02 Slp: ----------------------------------------------------------------------
2011-12-28 12:59:02 Slp:
2011-12-28 12:59:02 Slp: Error result: -2068578304
2011-12-28 12:59:02 Slp: Result facility code: 1204
2011-12-28 12:59:02 Slp: Result error code: 0
Can anyone help me?Hi,
I have tried to chech if it exists. If I add the user dsstest during the normal installation it is found. I am also logged in as the user dsstest. Then everything should be okay rigth, or is there anything else i can check?
The following are the error details:
2011-12-28 12:58:47 AS: Action: (Validation) Validating SysAdmin Accounts
2011-12-28 12:58:47 AS: Action: Validation User Account (”CRB\dsstest”)
2011-12-28 12:58:47 AS: Action: Validating Account
2011-12-28 12:58:47 AS: Data: Account=”CRB\dsstest”
2011-12-28 12:58:47 AS: Data: Account After Mapping = ”CRB\dsstest”
2011-12-28 12:58:47 Slp: Sco: Attempting to get account sid for user account ”CRB\dsstest”
2011-12-28 12:58:47 Slp: Sco: Attempting to get sid for user account ”CRB\dsstest”
2011-12-28 12:58:47 Slp: Sco: GetSidForAccount normalized accountName ”CRB\dsstest” parameter to ”CRB\dsstest”
2011-12-28 12:58:47 Slp: Sco: Failed when querying buffer size
2011-12-28 12:58:47 AS: Warning: Failed to retrieved Account SID. Reason: No mapping between account names and security IDs was done.
2011-12-28 12:58:47 AS: Result: Error
2011-12-28 12:58:47 AS: Result: Invalid
2011-12-28 12:58:47 AS: Result: (Validation) Complete
2011-12-28 12:58:47 AS: Action: (Validation) Validating Collation for Analysis Service
2011-12-28 12:58:47 AS: Action: (Validation) Validating Collation Entry
2011-12-28 12:58:47 AS: Data: Latin1_General_CI_AS
2011-12-28 12:58:47 AS: Action: (Utility) Validate Collation Entry
2011-12-28 12:58:47 AS: Data: Latin1_General_CI_AS
2011-12-28 12:58:47 AS: Result: (Utility) Valid
2011-12-28 12:58:47 AS: Result: (Validation) Success
2011-12-28 12:58:47 AS: Action: (Validation) Validating Collation Match
2011-12-28 12:58:47 AS: Data: ASCollation=Latin1_General_CI_AS,SQLCollation=
2011-12-28 12:58:47 AS: Result: (Validation) Success
2011-12-28 12:58:47 AS: Action: Detect Whether it is Valid Collation
2011-12-28 12:58:47 AS: Data: Collation = Latin1_General_CI_AS
2011-12-28 12:58:47 AS: Action: (Utility) Retrieving embedded content
2011-12-28 12:58:47 AS: Data: Resource Name =Microsoft.SqlServer.Configuration.ASExtension.LCIDs.xml
2011-12-28 12:58:47 AS: Result: (Utility) Success
2011-12-28 12:58:47 AS: Data: Locale ID=0x0409
2011-12-28 12:58:47 AS: Result: Valid
2011-12-28 12:58:47 AS: Result: (Validation) Success
2011-12-28 12:58:47 AS: Action: Validating Start Mode
2011-12-28 12:58:47 AS: Result: Success
2011-12-28 12:58:47 AS: Action: Validating Allow in Process
2011-12-28 12:58:47 AS: Data: AllowInProcess=1
2011-12-28 12:58:47 AS: Result: Success
2011-12-28 12:58:47 AS: Result: (Validation) Success
2011-12-28 12:58:47 AS: ----------------------------------------------
2011-12-28 12:58:47 Slp: Hosting object: Microsoft.SqlServer.Configuration.AnalysisServices.ASConfigurationPublic failed validation
2011-12-28 12:58:47 Slp: Validation for setting 'ASSYSADMINACCOUNTS' failed. Error message: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:58:47 Slp: Validation for setting 'ASSYSADMINACCOUNTS' failed. Error message: ”CRB\aml021” - User or group does not exists.
2011-12-28 12:58:47 Slp: Error: Action "Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction" threw an exception during execution.
2011-12-28 12:58:47 Slp: Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: ”CRB\dsstest” - User or group does not exists. ---> Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException: ”CRB\dsstest”
- User or group does not exists. ---> System.ApplicationException: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: Error: Action "Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction" threw an exception during execution.
2011-12-28 12:58:47 Slp: Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: ”CRB\dsstest” - User or group does not exists. ---> Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException: ”CRB\dsstest”
- User or group does not exists. ---> System.ApplicationException: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.Workflow.RunWorkflow(WorkflowObject workflowObject, HandleInternalException exceptionHandler)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: Error: Action "Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction" threw an exception during execution.
2011-12-28 12:58:47 Slp: Microsoft.SqlServer.Setup.Chainer.Workflow.ActionExecutionException: ”CRB\dsstest” - User or group does not exists. ---> Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException: ”CRB\dsstest”
- User or group does not exists. ---> System.ApplicationException: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: --- End of inner exception stack trace ---
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.Workflow.RunWorkflow(WorkflowObject workflowObject, HandleInternalException exceptionHandler)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionEngine.RunActionQueue()
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.Workflow.RunWorkflow(WorkflowObject workflowObject, HandleInternalException exceptionHandler)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Configuration.BootstrapExtension.ExecuteWorkflowAction.ExecuteAction(String actionId)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionWithRetryHelper(WorkflowObject metaDb, ActionKey action, ActionMetadata actionMetadata, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.InvokeAction(WorkflowObject metabase, TextWriter statusStream)
2011-12-28 12:58:47 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.PendingActions.InvokeActions(WorkflowObject metaDb, TextWriter loggingStream)
2011-12-28 12:58:49 Slp: Received request to add the following file to Watson reporting: C:\Users\dsstest\AppData\Local\Temp\tmp8278.tmp
2011-12-28 12:59:02 Slp: The following is an exception stack listing the exceptions in outermost to innermost order
2011-12-28 12:59:02 Slp: Inner exceptions are being indented
2011-12-28 12:59:02 Slp:
2011-12-28 12:59:02 Slp: Exception type: Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException
2011-12-28 12:59:02 Slp: Message:
2011-12-28 12:59:02 Slp: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:59:02 Slp: Data:
2011-12-28 12:59:02 Slp: SQL.Setup.FailureCategory = InputSettingValidationFailure
2011-12-28 12:59:02 Slp: DisableWatson = true
2011-12-28 12:59:02 Slp: Stack:
2011-12-28 12:59:02 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
2011-12-28 12:59:02 Slp: at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
2011-12-28 12:59:02 Slp: at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
2011-12-28 12:59:02 Slp: at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun)
2011-12-28 12:59:02 Slp: Inner exception type: System.ApplicationException
2011-12-28 12:59:02 Slp: Message:
2011-12-28 12:59:02 Slp: ”CRB\dsstest” - User or group does not exists.
2011-12-28 12:59:02 Slp:
2011-12-28 12:59:02 Slp: ----------------------------------------------------------------------
2011-12-28 12:59:02 Slp:
2011-12-28 12:59:02 Slp: Error result: -2068578304
2011-12-28 12:59:02 Slp: Result facility code: 1204
2011-12-28 12:59:02 Slp: Result error code: 0
Do you need more information then above? The above chech do not fail for the network service:
2011-12-28 12:58:46 ACE: Formatting user name 'NT AUTHORITY\NETWORK SERVICE'
2011-12-28 12:58:46 Slp: Sco: Attempting to get network service account name
2011-12-28 12:58:46 Slp: Sco: Attempting to get NT account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get network service account name
2011-12-28 12:58:46 Slp: Sco: Attempting to get NT account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: Attempting to get sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: GetSidForAccount normalized accountName NT AUTHORITY\NETWORK SERVICE parameter to NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 ACE: Formatted user name is 'NT AUTHORITY\NETWORK SERVICE'
2011-12-28 12:58:46 ACE: ValidateUserNameAndPassword started with userName = 'NT AUTHORITY\NETWORK SERVICE', userNameRequired = 'True', mustBeDomainAcct = 'False'
2011-12-28 12:58:46 ACE: Validating username 'NT AUTHORITY\NETWORK SERVICE' and password '<empty>'
2011-12-28 12:58:46 Slp: Sco: Attempting to get network service account name
2011-12-28 12:58:46 Slp: Sco: Attempting to get NT account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get network service account name
2011-12-28 12:58:46 Slp: Sco: Attempting to get NT account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: Attempting to get sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: GetSidForAccount normalized accountName NT AUTHORITY\NETWORK SERVICE parameter to NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 ACE: Getting sid for service account 'NT AUTHORITY\NETWORK SERVICE'
2011-12-28 12:58:46 Slp: Sco: Attempting to get account sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: Attempting to get sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: GetSidForAccount normalized accountName NT AUTHORITY\NETWORK SERVICE parameter to NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 ACE: SID for user account is 'S-1-5-20'
2011-12-28 12:58:46 ACE: Validating service account is not LocalService
2011-12-28 12:58:46 ACE: Validating service account is a user account
2011-12-28 12:58:46 Slp: Sco: Attempting to get account from sid S-1-5-20
2011-12-28 12:58:46 ACE: Validating service account can be used if current machine is domain controller
2011-12-28 12:58:46 Slp: Sco: Attempting to get network service account name
2011-12-28 12:58:46 Slp: Sco: Attempting to get NT account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get network service account name
2011-12-28 12:58:46 Slp: Sco: Attempting to get NT account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: Attempting to get sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: GetSidForAccount normalized accountName NT AUTHORITY\NETWORK SERVICE parameter to NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 ACE: Checking if service account must be a domain account
2011-12-28 12:58:46 ACE: ValidateUserNameAndPassword completed
2011-12-28 12:58:46 Slp: The configuration object document /Datastore/ProductSettings/SSIS/Public was found in the datastore.
2011-12-28 12:58:46 Slp: Sco: Attempting to get network service account name
2011-12-28 12:58:46 Slp: Sco: Attempting to get NT account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account from sid S-1-5-20
2011-12-28 12:58:46 Slp: Sco: Attempting to get account sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: Attempting to get sid for user account NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: Sco: GetSidForAccount normalized accountName NT AUTHORITY\NETWORK SERVICE parameter to NT AUTHORITY\NETWORK SERVICE
2011-12-28 12:58:46 Slp: The configuration object document /Datastore/ProductSettings/AS/Public was found in the datastore.
2011-12-28 12:58:46 AS: ----------------------------------------------
2011-12-28 12:58:46 AS: Action: Logging Input Values and it's Sources
2011-12-28 12:58:46 AS: Data: Parameter=ASSVCACCOUNT,Source=ConfigFile,Value=NT AUTHORITY\NETWORK SERVICE
Do you have any idea what is worong? -
How do I add a user's group calendar in iCal?
How do I add a user's group calendar in iCal?
I just keep getting "the account was not found"
But the account works for its own network calendar.
None of the following locations work -
master.mydomain.net:8008/principals/groups/domainusers/calendar
master.mydomain.net:8008/principals/wikis/domainusers/calendar
master.mydomain.net:8008/calendars/_uids_/wiki-domainusers/calendar
and every variation I can think of (I've tried master.local, http:// & webcal:// and a / at the end)
I can add a users network calendar account to iCal.
I can subscribe to a group / wiki calendar in iCal.
I can add an event on the wiki calendar as a user.
But I want a user to be able to add an event to a group calendar in iCal.
Any ideas would be appreciated.Hi!
I've got the same weird problem..
I tried that url and I can open it in Safari and I even can add the calander in iCal on a macbook with 10.5 - but i just can't add it on my macbookpro with snow leopard.
Did anybody made that work on a snow leopard machine?
Best regards,
Fabian -
Filter List View by User and Groups in SharePoint Does Not Work on site Restore to another Server
We have a scenario where users from a group or seeing items of list views entered by users of other group.
For e.g, we have (ALL are Active Directory users and are authenticated as such)
GROUP A with USER-A1, USER-A2, USER-A3
GROUP B with USER-B1, USER-B2, USER-B3
GROUP C with USER-C1, USER-C2, USER-C3
We created views called
GROUP_A_VIEW
GROUP_B_VIEW
GROUP_C_VIEW
We created a web part for each of this view
And from Advanced Settings, added Target audience for each VIew with respect. For e.g. if Target AUdience is Group A, then USER-A1 will see items entered by himself or USER-A2, and USER-A3 but not the mbers of GROUP_B and GROUP_C
It works fine on the our development machine.
However when we backup and restore to other machine containing the same Active Directory users,
GROUP A members are seeing records entered by GROUP B
GROUP B members are seeing records entered by GROUP C
GROUP C members are seeing records entered by GROUP D
....etc.
Any help will be appreciated.
Murali BoyapatiGroups and users are stored locally in a cache on each site collection. Within that site collection they have IDs assigned which are used internally to identify those groups.
What is probably happening is that the groups you've targeted are being identified by IDs which are not consistent between your source site collection and your destination collection. -
I jumped on my parents computer, which is on a domain. I added a new local user(with my live.com login) and gave it admin status. That's when the trouble began.
The main user profile disappeared. I used the command prompt fix (see other fixes) to add the missing user back into admin. I logged back in, and it set up the account for the first time (WTF?). I cannot access any files from the main account
(that I logged into just fine before to get this debacle started.)
When going to Local Computer Management --> System Tools, my users and groups tool is missing.
I ran lusrmgr.msc only to find out that the most current version of Windows 8.1 and this is what it said "This snapin may not be used with this edition of Windows 8.1. To manage user accounts for this computer, use the User Accounts tool in the
Control Panel." <---- Awesome! (that was sarcasm.)
I have spent over two hours in the User Account tool during the course of this problem only to prove that a picture of a computer is more useful that that "tool".
To anyone reading this ticket, the best advice I can offer you (as long as its not a crucial machine) is to back up what you can gain access to, format your hard-drive and reinstall windows and start over again. I wouldn't recommend reinstalling 8.1,
I would say go back to 7 and wait until 10 comes out. Windows 8 is the new Vista. Good luck!Hello AhavahOlam,
I can understand your feelings.
If my understanding is right, after adding a new local user in domain-joined Windows 8.1, you can’t open the local users and groups.
Can you still add account by going to Control Panel\User Accounts and Family Safety\User Accounts\Manage Accounts?
As this computer is domain-based, it is recommended to contact the domain administrator to see if the option is blocked.
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support -
WebLogic Server 8.1 Integrating Active Directory Filtering Users by Group
I am trying to specify the User Base DN value with a Group. I only want users with in that group retrieved from AD. Any assistance would be appreciated.
Using AD examples from this site:
http://support.bea.com/support_news/product_troubleshooting/LDAP_Issues_Pattern.html
I attempted to enter LDAP config values in the following way. However, while users DO exist in the group Users, which is specified in the UserBaseDN parameter, no users from LDAP show up on the Admin Console's users screen. No error occurs on the lookup either, so this values agrees with the directory structure:
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT" Credential="{3DES}96Kl0euDFQQ="
GroupBaseDN="CN=Users,DC=supportLDAP,DC=example,DC=com"
GroupFromNameFilter="(&(cn=%g)(objectclass=group))"
Host=" HOST IP or NAME OF LDAP"
Name="Security:Name=myrealmActiveDirectoryAuthenticator"
Principal="CN=Administrator,CN=Users,DC=supportLDAP,DC=example,DC=com
Realm="Security:Name=myrealm"
StaticGroupDNsfromMemberDNFilter="(&(member=%M)(objectclass=group))"
StaticGroupNameAttribute="cn"
StaticGroupObjectClass="group"
StaticMemberDNAttribute="member"
UserBaseDN="CN=Users,DC=supportLDAP,DC=example,DC=com"
UserFromNameFilter="(&(cn=%u)(objectclass=user))"
UserNameAttribute="cn" UserObjectClass="user"/>Hi
I didn't filter it on the provider configuration.
Instead I removed some presentation services prvileges from authenticated users and granted them only to some specific application roles. You don't have to remove authentiated users from much privileges just some basic ones as "see Dashboards" and so on.
Now everyone can authenticate on the login page but after logon they get a message that the don't have permissions to access answers, dashboards and so on.
Regards -
Huge list of Groups in Users and Groups
I just upgraded SL to ML. I've been learning and setting things up.
I use the machine as a standard user and I have a "silent" admin user, too.
I was wondering if anyone has come across this? I went into System Preferences and noticed that there was a HUGE list of Groups. Some had "logical" names like admin server, etc. The list was super long. Some of the name were strange, like "umbg" I have no idea how they got there. And, searching here, and googling doesn't give me any info.
I don't know how all these groups got there. I did not add a single one.
I did make a mistake, because I deleted them all and then ML made my admin user a standard user and I could not unlock System Preferences, or use my password anywhere. ugh.
I tried finding a way to fix it, but I ended up just using Restore from disk utility. no worries, didn't have that much going on, yet.
Is it normal to have a list of groups that you did not create? Does ML just create groups in your Users and Groups list??
How do I take care of it if it happens again? Can some be deleted? If so, which ones? What are they for?
Thanks for any help with this.Okay, I did do the restore.
And, the groups were not there.
So, first off, I opened TinkerToolSystem and went through all thes options. I found one: Show Groups in users and groups. I made sure it was not checked. Hopefully, it will not repopulate.
Then I remembered something. I did download Onyx. I was just looking for a way to change something simple. Mostly, I just looked around, didn't click on buttons, etc. But, Onyx may have change this setting (or me using Onyx inadvertently). Whichever, whatever, I've used TinkerToolSystem for years and it's always worked so well. I think I'm sticking with it and not install Onyx - which I had to go through the Gatekeeper exception deal... so it makes me nervous.
I'll post back if further issues with this. -
Hi,
<p>
I have configured an LDAP Authenticator for an external LDAP directory in the security realm of the samples portal. User Management is working, but when I try to access the Group Management for the LDAP Authenticator I get the following error:
</p>
<i>com.bea.p13n.usermgmt.hierarchy.TreeNotBuiltException: State: UNINITIALIZED. Tree is uninitialized. Add provider GAAD to list of providers to build. Tree is uninitialized. Add provider GAAD to list of providers to build.
</i>
<p>
It seems that this needs to be setup. How do I do this?
</p>
<p>
Some general notes on LDAP:
</p><p>
I think that in a production environment it is of great value to manage users and groups in a LDAP directory. For instance we have a company directory which contains all users. It seems that users from LDAP can not been added to groups which are in the DB. LDAP also has the advantage of supporting dynamic groups.
As in previous weblogic releases the LDAP authenticator is read only. It would be great if the write functionality could be added as well. Actually managing LDAP users and groups in one place would be a tremendous improvement for us.
</p><p>
Another thing on my wishlist are examples for delegated administration and visitor entitlements. For the sample portal these are empty. But I think it would be nice to have some out of the box examples that show what is possible and help developers and business analysts to understand the concepts and create their own roles.
</p><p>
It would be interesting to read what Bea and other developer think about this.
</p><p>
Kind regards,
<p>
Kai
</p>Marcus,
Yes, I am using 9.2 TP.
We are already using LDAP for user management with 8.1.
Now, I try to configure 9.2 as well. I am running 9.2 installations on different machines. When I click on Service Administration in the Admin Portal, I get the following error message for each installation:
java.lang.NullPointerException at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746) at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235) at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122) at util.tree.TreeController.constructTree(TreeController.java:142) at util.tree.TreeController.buildTree(TreeController.java:422) at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source) at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source) at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852) at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782) at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456) at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285) at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336) at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984) at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535) at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821) at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625) at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414) at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178)
java.lang.NullPointerException
java.lang.NullPointerException
at com.bea.jsptools.serviceadmin.ads.ToolAdServiceBean.cloneFromAdServiceBean(ToolAdServiceBean.java:190)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdContentProviderNodes(ServiceAdminTreeBuilder.java:769)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.buildAdServiceBranch(ServiceAdminTreeBuilder.java:746)
at com.bea.jsptools.serviceadmin.ServiceAdminTreeBuilder.createTreeElement(ServiceAdminTreeBuilder.java:184)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:234)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildWholeTree(TreeService.java:235)
at com.bea.jsptools.patterns.tree.TreeService$DefaultTreeServiceImpl.buildTree(TreeService.java:122)
at util.tree.TreeController.constructTree(TreeController.java:142)
at util.tree.TreeController.buildTree(TreeController.java:422)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.apache.beehive.netui.pageflow.FlowController.invokeActionMethod(FlowController.java:852)
at org.apache.beehive.netui.pageflow.FlowController.getActionMethodForward(FlowController.java:782)
at org.apache.beehive.netui.pageflow.FlowController.internalExecute(FlowController.java:456)
at org.apache.beehive.netui.pageflow.PageFlowController.internalExecute(PageFlowController.java:285)
at org.apache.beehive.netui.pageflow.FlowController.execute(FlowController.java:336)
at org.apache.beehive.netui.pageflow.internal.FlowControllerAction.execute(FlowControllerAction.java:48)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.access$201(PageFlowRequestProcessor.java:97)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor$ActionRunner.execute(PageFlowRequestProcessor.java:1984)
at org.apache.beehive.netui.pageflow.interceptor.action.internal.ActionInterceptors.wrapAction(ActionInterceptors.java:90)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processActionPerform(PageFlowRequestProcessor.java:2055)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.processInternal(PageFlowRequestProcessor.java:535)
at org.apache.beehive.netui.pageflow.PageFlowRequestProcessor.process(PageFlowRequestProcessor.java:821)
at org.apache.beehive.netui.pageflow.AutoRegisterActionServlet.process(AutoRegisterActionServlet.java:625)
at org.apache.beehive.netui.pageflow.PageFlowActionServlet.process(PageFlowActionServlet.java:156)
at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:414)
at org.apache.beehive.netui.pageflow.PageFlowUtils.strutsLookup(PageFlowUtils.java:1178) -
Dear All,
I am using MSSQL SSRS 2008.
All the reports run properly when viewed via a web browser. However for subscription, I am having a strange
experience.
The subscription having intermitten failure. I need to execute multiple times to get it work.
Following is the exception I am getting:-
Failure sending mail: The user or group name 'xxxxx' is not recognized.Mail will not be resent.
Failure writing file DailyPolicyExportCDN_ST@timestamp : The user or group name 'xxxxx' is not recognized.
Following is the exception I retrieve from log files.
webserver!ReportServer_0-2!1b0c!07/31/2014-05:25:09:: e ERROR: Reporting Services error Microsoft.ReportingServices.Diagnostics.Utilities.ReportServerHttpRuntimeClientDisconnectionException: A client has disconnected from the Report Server Web service application
domain ReportServer_MSSQLSERVER_0-2-130512716074991980. No corrective action is required. An error code has been submitted to ASP.NET to release the connection. The error code is 800708CA. ---> System.Runtime.InteropServices.COMException: This network connection
does not exist. (Exception from HRESULT: 0x800708CA)
Any idea what went wrong?
Thanks in advanceHi NeoCK,
According to your description, you can access your report successfully, but it fail to send e-mail subscription. Right?
In this scenario, since you can access the report successfully, so this user has permission on report server. Please go to E-mail setting in your Reporting Services Configuration Manager, check if the current user has permission on that SMTP server.
If this is still not working, please recreate the subscription and try again.
Reference:
SUBSCRIPTION
ERRORs : Failure sending mail: The user or group name 'CB_OFFICE\XXXX' is not recognized.
The user or group name 'MYDOMAIN\myuser'
is not recognized
SSRS
2008: Failure writing file ... The user or group name 'domain\user' is not recognized
If you have any question, please feel free to ask.
Best Regards,
Simon Hou -
Maxl statement (display user in group all;) is not working.
Hello,
Hyperion version 9.3.1 upgraded to 9.3.3. Not sure the below issue is because of this
I have an interesting issue with a maxl statement : "display user in group all;". When I execute this statement through command prompt doing essmsh, it does give out any records and also doesn't end. I will have to end it with ctrl+c.
When I execute it through EAS console, then EAS console just hangs.
But, if I try to retrieve the users from groups individually ( I mean "display user in group 'examplegrp';"), then its working fine and throwing out the records.
It is giving me a hard time and my dumb mind not able to figure it out.
Any ideas please?
ThanksHi CL, Yes I ran it on the Essbase Server. We actually set it up through a scheduled batch script which was perfectly fine till last month (I guess). We noticed this just a week ago. The only change we had in our environment is that we upgraded 9.3.1 to 9.3.3 recently. Not sure whether it is making any difference.
Thanks,
KK -
Hi Experts,
OIM is giving response as "Group does not exist in target system" for add user to group task. But this group is available in AD. Can any one help me to solve it.
Process which we followed is
defining Group DN using custom adapter (prepared group DN based on user's region -> Group DN: cn=G1,ou=EEE-BASE,ou=Groups)
We have lookup defination "AD Grouplookup recon" with all group values from AD
when we provisiong user, we are getting the abvoe mentioned response for the task "add user to group"
Please suggest me.
regards,
Ravi G.Kevin,
implementation logic:
we have added the defined groupDN value to child form using the method "formIntf.addProcessFormChildData(childKey, processInstanceKey, attrChildData);" in one java method and we are setting the groupDN field value before calling "ADCSADDUSERTOGROUP".
Our log detials are as follows where ITS IS NOT WORKIG in one environment (ENV 1)
INFO [XELLERATE.DATABASE] DB read: select * from lku where upper(lku_field) in ('LKV_KEY', 'LKU_KEY', 'LKV_ENCODED', 'LKV_DECODED', 'LKV_LANGUAGE', 'LKV_COUNTRY', 'LKV_VARIANT', 'LKV_DISABLED', 'LKU_TYPE_STRING_KEY') and lku_type='f'
DEBUG [XELLERATE.DATABASE] select * from lku where upper(lku_field) in ('LKV_KEY', 'LKU_KEY', 'LKV_ENCODED', 'LKV_DECODED', 'LKV_LANGUAGE', 'LKV_COUNTRY', 'LKV_VARIANT', 'LKV_DISABLED', 'LKU_TYPE_STRING_KEY') and lku_type='f'
DEBUG [XELLERATE.SERVER] Class/Method: tcDataBase/eventPreInsert entered.
DEBUG [XELLERATE.SERVER] Class/Method: tcDataBase/tcDataBase left.
DEBUG [XELLERATE.SERVER] Class/Method: tcDataBase/eventPreInsert entered.
DEBUG [XELLERATE.SERVER] Class/Method: tcDataBase/tcDataBase left.
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcUtilAttributeNameMap : getUDFChildRecordIntegrationAttributes:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : getChildTableData:: FINISHED
INFO [STDOUT] Running Add User To Group
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : addUserToGroup:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getAttributeValues:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getPath:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getPath:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : validateCertificates:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : validateCertificates:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD : Critical Extensions Supported
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : invalidateSSLSession:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : invalidateSSLSession:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getAttributeValues:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : getObjectByObjectGUID:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : search:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getPath:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getPath:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : validateCertificates:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : validateCertificates:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD : Critical Extensions Supported
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : invalidateSSLSession:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : invalidateSSLSession:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : disconnect:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : disconnect:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : search:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : disconnect:: STARTED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : disconnect:: FINISHED
DEBUG [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : addUserToGroup:: FINISHED
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/setAdpRetVal entered.
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString entered.
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString - Data: class - Value: java.lang.String
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString - Data: poRetVal.toString() - Value: AD.USER_OR_GROUP_DOES_NOT_EXIST
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString - Data: Returning:sRetVal - Value: AD.USER_OR_GROUP_DOES_NOT_EXIST
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString left.
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/setAdpRetVal - Data: Setting Adapter Return Value to AD.USER_OR_GROUP_DOES_NOT_EXIST - Value:
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/setAdpRetVal left.
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/finalizeProcessAdapter entered.
DEBUG [XELLERATE.SERVER] Class/Method: tcBusinessObj/getString entered.
DEBUG [XELLERATE.SERVER] Class/Method: tcDataBase/readPartialStatement entered.
INFO [XELLERATE.DATABASE] DB read: select mav.spd_key,mav.mav_map_child_table_name, mav.mav_map_to, mav.mav_map_qualifier, mav.mav_map_value, mav.mav_field_length from mav mav, mil mil, adv adv where mav.mil_key = mil.mil_key and mil.mil_key = 81 and mav.adv_key = adv.adv_key and adv.adv_name = 'Adapter return value' and adv.adp_key = 31
DEBUG [XELLERATE.DATABASE] select mav.spd_key,mav.mav_map_child_table_name, mav.mav_map_to, mav.mav_map_qualifier, mav.mav_map_value, mav.mav_field_length from mav mav, mil mil, adv adv where mav.mil_key = mil.mil_key and mil.mil_key = 81 and mav.adv_key = adv.adv_key and adv.adv_name = 'Adapter return value' and adv.adp_key = 31
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/finalizeProcessAdapter - Data: Mapped to Response Code - Value:
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem entered.
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem - Data: event - Value: adpADCSADDUSERTOGROUP
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem - Data: New Status - Value:
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem - Data: SchData - Value: AD.USER_OR_GROUP_DOES_NOT_EXIST
DEBUG [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem - Data: Reason - Value:
DEBUG [XELLERATE.SERVER] Class/Method: tcBusinessObj/getString entered.
DEBUG [XELLERATE.SERVER] Class/Method: tcBusinessObj/getString entered.
please see the log details are as follows where ITS WORKING (some other environment (ENV 2)pointing to different AD)
INFO (JMS SessionPool Worker-0) [XELLERATE.DATABASE] DB read: select * from lku where upper(lku_field) in ('LKV_KEY', 'LKU_KEY', 'LKV_ENCODED', 'LKV_DECODED', 'LKV_LANGUAGE', 'LKV_COUNTRY', 'LKV_VARIANT', 'LKV_DISABLED', 'LKU_TYPE_STRING_KEY') and lku_type='f'
DEBUG (JMS SessionPool Worker-0) [XELLERATE.DATABASE] select * from lku where upper(lku_field) in ('LKV_KEY', 'LKU_KEY', 'LKV_ENCODED', 'LKV_DECODED', 'LKV_LANGUAGE', 'LKV_COUNTRY', 'LKV_VARIANT', 'LKV_DISABLED', 'LKU_TYPE_STRING_KEY') and lku_type='f'
DEBUG (JMS SessionPool Worker-0) [XELLERATE.SERVER] Class/Method: tcDataBase/eventPreInsert entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.SERVER] Class/Method: tcDataBase/tcDataBase left.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.SERVER] Class/Method: tcDataBase/eventPreInsert entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.SERVER] Class/Method: tcDataBase/tcDataBase left.
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcUtilAttributeNameMap : getIntegrationAttributes:: FINISHED
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcADPClassLoader/findClass entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcADPClassLoader:findClass - Data: loading class - Value: com.thortech.xl.schedule.tasks.ADITRes
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : removeDomainFromName:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : removeDomainFromName:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getAttributeValues:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getPath:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getPath:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: FINISHED
INFO (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD : SSL option is not selected in ITResource
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getAttributeValues:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getPath:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : getPath:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForDirContext:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : hashTableEnvForLDAPContext:: FINISHED
INFO (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD : SSL option is not selected in ITResource
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : connectToAvailableAD:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : modifyAttributes:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : modifyAttributes : Attributes modified: CN=ATL-BASE-AD-LOGON,OU=Groups,OU=ATL
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : modifyAttributes:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : disconnect:: STARTED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController : disconnect:: FINISHED
DEBUG (JMS SessionPool Worker-0) [OIMCP.ADCS] com.thortech.xl.integration.ActiveDirectory.tcUtilADTasks : addUserToGroup:: FINISHED
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/setAdpRetVal entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString - Data: class - Value: java.lang.String
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString - Data: poRetVal.toString() - Value: AD.ADD_USER_TO_GROUP_OPERATION_SUCCESSFUL
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString - Data: Returning:sRetVal - Value: AD.ADD_USER_TO_GROUP_OPERATION_SUCCESSFUL
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/getRetValString left.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/setAdpRetVal - Data: Setting Adapter Return Value to AD.ADD_USER_TO_GROUP_OPERATION_SUCCESSFUL - Value:
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/setAdpRetVal left.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/finalizeProcessAdapter entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.SERVER] Class/Method: tcBusinessObj/getString entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.SERVER] Class/Method: tcDataBase/readPartialStatement entered.
INFO (JMS SessionPool Worker-0) [XELLERATE.DATABASE] DB read: select mav.spd_key,mav.mav_map_child_table_name, mav.mav_map_to, mav.mav_map_qualifier, mav.mav_map_value, mav.mav_field_length from mav mav, mil mil, adv adv where mav.mil_key = mil.mil_key and mil.mil_key = 119 and mav.adv_key = adv.adv_key and adv.adv_name = 'Adapter return value' and adv.adp_key = 36
DEBUG (JMS SessionPool Worker-0) [XELLERATE.DATABASE] select mav.spd_key,mav.mav_map_child_table_name, mav.mav_map_to, mav.mav_map_qualifier, mav.mav_map_value, mav.mav_field_length from mav mav, mil mil, adv adv where mav.mil_key = mil.mil_key and mil.mil_key = 119 and mav.adv_key = adv.adv_key and adv.adv_name = 'Adapter return value' and adv.adp_key = 36
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/finalizeProcessAdapter - Data: Mapped to Response Code - Value:
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem - Data: event - Value: adpADCSADDUSERTOGROUP
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem - Data: New Status - Value:
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem - Data: SchData - Value: AD.ADD_USER_TO_GROUP_OPERATION_SUCCESSFUL
DEBUG (JMS SessionPool Worker-0) [XELLERATE.ADAPTERS] Class/Method: tcAdpEvent/updateSchItem - Data: Reason - Value:
DEBUG (JMS SessionPool Worker-0) [XELLERATE.SERVER] Class/Method: tcBusinessObj/getString entered.
DEBUG (JMS SessionPool Worker-0) [XELLERATE.SERVER] Class/Method: tcBusinessObj/getString entered.
Is groupDN value comming as "space" in my environment ENV 1?
or
Is it not calling "tcADPClassLoader:findClass - Data: loading class - Value: com.thortech.xl.schedule.tasks.ADITRes" to removeDomain from Name.
Please suggest me. -
Event ID 1085 on DC - Failed to Apply the Group Policy Local Users and Groups Settings
I have a domain with 2 DCs. The primary DC is running Server 2012 and is raising Event ID 1085 every 10 minutes and 20 seconds.
Windows failed to apply the Group Policy Local Users and Groups settings. Group Policy Local Users and Groups settings might have its own log file. Please click on the "More information" link.
System
- Provider
[ Name] Microsoft-Windows-GroupPolicy
[ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
EventID 1085
Version 0
Level 3
Task 0
Opcode 1
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2014-10-20T20:09:03.706992400Z
EventRecordID 130087
- Correlation
[ ActivityID] {FDDFB8C5-9ECF-41B9-B2B4-3AD0B345A37A}
- Execution
[ ProcessID] 1000
[ ThreadID] 3280
Channel System
Computer SERVER.DOMAIN.NAME
- Security
[ UserID] S-1-5-18
- EventData
SupportInfo1 1
SupportInfo2 4404
ProcessingMode 0
ProcessingTimeInMilliseconds 10343
ErrorCode 183
ErrorDescription Cannot create a file when that file already exists.
DCName \\SERVER.DOMAIN.name
ExtensionName Group Policy Local Users and Groups
ExtensionId {17D89FEC-5C44-4972-B12D-241CAEF74509}
Everything I look up for Event ID 1085 seems to be about a different cause.
Any ideas?I enabled tracing on a domain gpo and I still get the error when running gpupdate /force .
I'm also still getting Event 1085. Here's the trace file. I've anonymized the site/domain and the GUIDs.
2014-10-21 11:16:54.003 [pid=0x3e8,tid=0xcd0] Entering ProcessGroupPolicyExLocUsAndGroups()
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{GUID-1}
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] BackgroundPriorityLevel ( 0 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] DisableRSoP ( 0 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] LogLevel ( 2 )
2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Background priority set to 0 (Idle).
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ----- Parameters
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] CSE GUID : {GUID-1}
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Token (computer or user SID): S-1-5-18
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Abort Flag : Yes (0x313be090)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] HKey Root : Yes (0x80000002)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Deleted GPO List : No
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Changed GPO List : Yes
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Asynchronous Processing : Yes
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Status Callback : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] WMI namespace : Yes (0x32273740)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] RSoP Status : Yes (0x320cc7f4)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Planning Mode Site : (none)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Computer Target : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] User Target : No (0x00000000)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Calculated list relevance. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ----- Changed - 0
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Version : 19267878 (0x01260126)
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-2},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-2}\Machine
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Policy
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-2}
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkDomain - The GPO is linked to a domain.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Prev GPO : No
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Next GPO : Yes
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-4}{GUID-5}{GUID-6}{GUID-7}{GUID-8}][{GUID-9}{GUID-10}][{GUID-11}{GUID-5}{GUID-6}]
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam2 : 0x3146f978
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Link : LDAP://DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-2}\Machine\Preferences\Groups\Groups.xml
2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ----- Changed - 1
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Version : 1245203 (0x00130013)
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-12},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-12}\Machine
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Controllers Policy
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-12}
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkDomain - The GPO is linked to a domain.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Prev GPO : Yes
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Next GPO : No
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-9}{GUID-10}]
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam2 : 0x324e8198
2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Link : LDAP://OU=Domain Controllers,DC=SITE,DC=DOMAIN
2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-12}\Machine\Preferences\Groups\Groups.xml
2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Completed get next GPO. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{GUID-1}"
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Purged 2 old RSoP entries.
2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Logging 2 new RSoP entries.
2014-10-21 11:16:54.159 [pid=0x3e8,tid=0xcd0] RSoP Entry 0
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] RSoP Entry 1
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] Completed get GPO list. [SUCCEEDED(S_FALSE)]
2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed settings update (csePostProcess). [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed CSE post-processing. [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
2014-10-21 11:17:04.267 [pid=0x3e8,tid=0xcd0] Leaving ProcessGroupPolicyExLocUsAndGroups() returned 0x000000b7
Maybe you are looking for
-
Urgent : Auto Clear Down Pyament with Vendor IV and Customer Billing
Dear friends, I have problem about how to set the vendor invoice clear with down payment agianst PO automatically. BTW, customer billing how could be cleared automatically with down payment please give me suggesstion. Thank for all of your help.
-
Migration between SharePoint07 and Crystal Reports - please Help !
I downloaded trial ver. of CR XI R2 with SP3 ( version 11.5.9.1076) so we could use the integration kit to MOSS 2007 (new upgrade). What do I need in order to install the Portal integration kit on Microsoft SharePoint 2007 server ? We have Crystal R
-
Set Parameter Array of OTYPE_ROWID
I have tried to adds a parameter array to a database as OTYPE_ROWID. the sample codes are as follow: //Use oo4o to connect DB CString strRowIDArrayName = "U1"; long ParamRecordCount = 5; ODatabase db; db.open("DSN","UID","PWD"); OParameterCollection
-
Upgrading final Cut Pro - recieved as a gift, and designated "Not for Sale"
I've been working in FCP with a version that a friend, in the business, was given as a perk and passed on to me. The FCP that he gave me is marked "Not for Sale". I did register it. I just upgraded to Tiger and am having problems with dropping frames
-
Lose WiFi connection keep local connection
Several times now I have lost internet connection but am able to keep the local connection part. Yellow triangle states on WiFi signal icon that I have lost internet portion of connection. I run Network troubleshooter and it says its resetting the Wi