Java SE Ver 7 Uxx locking out domain user account failing Kerberos PreAuth

Similar Messages

• Windows 7 PC locking out domain user in Windows Server 2008r2 domain

  I have reviewed dozens of related questions, but none have given me an answer that works on this situation. 
  We replaced an XP desktop with a Windows 7 desktop.  It keeps locking out just user(of over 25 migrated).  I have disabled the Windows 7 credentials, made sure the patches were in place, there are no other devices-wireless or otherwise. 
  The users pc has a kvm attached for another system, we have a Windows 2008r2 server.  The user does not save any passwords, I have make changes recommended in the registry.  They do have a couple mapped drives.  Logs show that it is the users
  pc that is causing the lockout, but much of the users time they are on the other system.  We have 4 other users that have the exact same setup but are not having any issues.  It happens several times a day and I must unlock their password on the
  ad.  Sometimes if we wait 45 min or so it will unlock itself.  Strange considering settings lockout user after 5 bad passwords and lock them out for 120 minutes.
  I have tried virtually everything I have read relating to this issue in Win7, 2008r2.
  User is getting frustrated and so am I!.
  Thank you.
  Rebecca Palmer

  Try using this tool (free for limited period) and check if you can trace from where the account is getting locked : 
  http://www.netwrix.com/account_lockout_examiner.html
  http://www.sophos.com/en-us/products/free-tools/conficker-removal-tool.aspx
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• How an Admin user log into a lock out standard user account?

  I remember that I was able to override the access to the standard account user when the standard user has the screen lock out. This appear to be missing in Lion. Has anyone knows how to do this in Lion? Thanks.

  From my personal experience I can say that at times, four folders (i guess Assets is one of them) somehow get left in C:\Program Files (x86)\Adobe\Elements 11 Organizer folder.
  I delete them and restart my system.. and reinstallation works fine. If that's the case with you, you can try it.
  CS Cleaner tool might also help.
  Thanks
  Andaleeb

• I am locked out of my account because my password includes "[" and my computer is set to spanish. In spanish that key doesn't work. How do I gejt back into my computer?

  i am locked out of my account because my password includes "[" and my computer is set to spanish. In spanish that key doesn't work. How do I gejt back into my computer?

  If the user account is associated with an Apple ID, and you know the Apple ID password, then maybe the Apple ID can be used to reset your user account password.
  Otherwise*, boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the OS X Utilities screen appears, select
  Utilities ▹ Terminal
  from the menu bar.
  In the Terminal window, type this:
  res
  Press the tab key. The partial command you typed will automatically be completed to this:
  resetpassword
  Press return. A Reset Password window opens.
  Select your boot volume if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
  Select
   ▹ Restart
  from the menu bar.
  You should now be able to log in with the new password, but your Keychain will be reset (empty.) If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it.
  *Note: If you've activated FileVault, this procedure doesn't apply. Follow instead the instructions on this page:
  If you forget the password and FileVault is on

• I've forgotten one of my answes to the "security questions" now I am locked out of my account. All I wanted to do was buy an album and now I am "locked out" how do I get Itunes to let me buy this album?

  I am not a ferquent user of Apple aside to download music on to my Ipod touch and I am not overly pleased with it. All I wish to do is download and ablum and cannot remeber the answers to one of my security questions.*seeing as I rarely use it* now I am locked out of my account and all and all very annoyed. how do I become unlocked and change my security questions so that I may download this album and stop using Itunes all in all.

  The Three Best Alternatives for Security Questions and Rescue Mail
      1. Use Apple's Express Lane.
            Go to https://expresslane.apple.com ; click 'See all products and services' at the
            bottom of the page. In the next page click 'More Products and Services, then
            'Apple ID'. In the next page select 'Other Apple ID Topics' then 'Forgotten Apple
            ID security questions' and click 'Continue'. Please be patient waiting for the return
            phone call. It will come in time depending on how heavily the servers are being hit.
       2.  Call Apple Support in your country: Customer Service: Contacting Apple for support or
            Apple ID- Contacting Apple for help with Apple ID account security. Ask to speak to
            Account Security.
       3.  Rescue email address and how to reset Apple ID security questions.
  How to Manage your Apple ID: Manage My Apple ID

• Should I use Managed Service Accounts or individual, Domain User accounts?

  I'm setting up a new SP 2013, and I'm trying to be very granular as it relates to "Least Privilege".
  I'm trying to figure out which accounts could be created as Managed Service Accounts (MSA's) and which ones truly need to be created as Domain User accounts in order to run either specific SQL and/or SharePoint services.
  At face value, I *think* any service could be successfully run using an MSA and yet any installation of either SQL Server 2012 and/or SharePoint 2013 should be done using a Domain User account created for that specific purpose (i.e., SP_FARM, SP_ADMIN, SQL_ADMIN,
  etc.). In fact, I *think* the installation would HAVE to be done with an actual Domain User account, because (unless I'm wrong), MSA's do not have a shell and therefore CAN'T log on...which is by design?
  Here's a Microsoft TechNet article that lists many of the accounts I'm referring to:
  https://social.technet.microsoft.com/wiki/contents/articles/14500.sharepoint-2013-service-accounts.aspx
  Note that it says MOST of the accounts are Domain accounts, but I don't *think* all of these need to BE
  Domain accounts - I think MOST of them could be created as MSA's and assigned to run the specific service without any problems whatsoever?
  So again, my question is: which accounts could be created as Managed Service Accounts (MSA's) and which ones truly need to be created as Domain User accounts in order to run either specific SQL and/or SharePoint service or to even perform a
  successful installation of the software?
  Ed

  No, script 1 does not create Active Directory Managed Service Accounts (see here:
  http://blogs.technet.com/b/askds/archive/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting.aspx) These are not applicable to SharePoint and are not mentioned in any of those scripts, look at the PowerShell
  commandlets, they are very different.
  Script 1 creates active directory users. These are, as far as AD cares, just standard user objects. There is nothing at all special about them in AD.
  At some point you would install SharePoint using those accounts, during that process they get resisted in SharePoint as SharePoint Managed Accounts.
  Script 2 updates the settings on those managed accounts in bulk.

• Query to retrieve windows domain user account

  I am totally new to Oracle. Right now, I have a requirement which needs the windows domain user account and local user accounts to be found and linked to. I ve been searching on google, but no use. Frankly, I have no idea even what I am supposed to do and I am not sure what I wrote here is even framed correct. Please help me out. Thanks a lot.

  Hi,
  I think you've made your first Oracle mistake: think that Oracle is working just the same as MS SQL Server :-)
  First, before trying to do anything, you must read the TFM: Database Concepts(click) in order to begin to understand how Oracle works.
  I'm going to try to explain fast and simple.
  Oracle user accounts are different accounts than OS accounts. That is the first important point to get. A domain user "toto" will not automatically gat an Oracle "toto" account.
  There are 3 types of user authentication:
  . Password: typical authentication, no link between OS account and Oracle account
  . External: User is authentified by the O.S. This means that the DBA has to create a special account that'll be "linked" to the O.S. account (whether it's a local or domain account)
  . Global: The user is authentified by the enterprise directory service.
  You can see these 3 approaches in the SQL Statements: CREATE USER doc(click). So, there is some way to link the Oracle user account to the O.S. user account, but not straight forward!
  I need to verify if my oracle database user account is a windows domain user or not, if he/she is one, then if he/she is a local user account or a global user accountWhen I read this, the closest thing I can think of is the 3 types of authentication. And the info can be found in DBA_USERS (columns USERNAME, EXTERNAL_NAME and PASSWORD - obfuscated of course).
  With these info, maybe can you see why your requirement is a bit strange? Anyway, read the references I linked and come back here with more questions / comments :-)
  HTH,
  Yoann.

• Using Assigned Access on a Domain user account

  We would like to use Assigned Access in Windows 8.1 Enterprise, but it appears to only allow locking down a local user account. Is there any way to lock down a Domain user account with Assigned Access?

  No, it is designed for local user account. Regarding domain user, I think group policy is a better choice.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• I am attempting to make my first purchase in the App store, yet it is asking me security questions I know I didn't enable and I keep getting locked out of my account despite resetting everything.

  This usually wouldn't pose to be a problem, but I am a college freshman and I just redeemed my $100 giftcard to the app store. I am beyond frustrated and don't know what to do.
  It is my first time making a purchase off of this Mac with this account, so it is asking me two security questions. It keeps asking me who my favorite and least favorite teachers were. I know for a fact that these are not the security questions I enabled, so I went in to change them again and logged out of everything. I logged back in and I was getting the same thing from the App store -- it was asking me questions I didn't enable. I've been locked out of my account for eight hours twice and all of my Mac's information is at home and not easily accessable to me, so I don't want to have to call and be asked for information I do not have.
  What do I do? I need some crucial apps for classes that start in less than fourty-eight hours from now?
  I have changed my appleID's information three times now: passwords, rescue email, and of course, my security questions. I am at my wits end and not pleased that I will possibly be losing $100!

  You've been hitten by Apple's recent SNAFU. I fear you are SoL until their pending investigation fiasco is over with.

• "Unable to check revocation" error while checking CDP from non-domain user account

  Hi!
  I use 3-tier PKI infrastructure:
  Stand-alone offline Root CA: RootCA;
  Stand-alone offline Intermediate subordinate CA: SubCA;
  Enterprise CA: EntSubCA.
  In certificate we have three CDP point for CRL check:
  ldap:///, http:// and file://
  I have Windows 2008 R2 server joined to domain.
  I use command certutil –verify –urlfetch <filename.cer> >check.txt for revocation checking of certificate.
  When I use domain user account for revocation checking, all OK.
  I have access to any CDP and all fine.
  But when i use local server user account, I haven't access to ldap:/// and process failed although all other links is OK.
  My question is "why check fail with non-domain user accout while other CDP point succesfully verifed"?
  Here is the logfile from local user:
  Issuer:
  CN=EntSubCA
  DC=DED
  DC=ROOT
  Subject:
  CN=servername.domain_name
  Cert Serial Number: 5a896145000300006ee2
  dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
  dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
  dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_BASE
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ChainContext.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  SimpleChain.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
  Issuer: CN=EntSubCA, DC=DED, DC=ROOT
  NotBefore: 05.02.2015 20:03
  NotAfter: 05.02.2016 20:03
  Subject: CN=servername.domain_name
  Serial: 5a896145000300006ee2
  SubjectAltName: DNS Name=servername.domain_name
  Template: Machine
  70 e4 6b 16 05 a1 62 e3 6d 24 96 ff 44 74 ee a2 3e ce df 18
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ---------------- Certificate AIA ----------------
  Failed "AIA" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?cACertificate?base?objectClass=certificationAuthority
  Verified "Certificate (0)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crt
  Verified "Certificate (0)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crt
  ---------------- Certificate CDP ----------------
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?certificateRevocationList?base?objectClass=cRLDistributionPoint
  Verified "Base CRL (018d)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [1.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [1.0.2] http://webserver/crl/EntSubCA.crl
  Verified "Base CRL (018d)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [2.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [2.0.2] http://webserver/crl/EntSubCA.crl
  ---------------- Base CRL CDP ----------------
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  OK "Base CRL (018d)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [1.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [1.0.2] http://webserver/crl/EntSubCA.crl
  OK "Base CRL (018d)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [2.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [2.0.2] http://webserver/crl/EntSubCA.crl
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 018d:
  Issuer: CN=EntSubCA, DC=DED, DC=ROOT
  33 af 4d be 0e 35 45 94 bc 8b 3f d9 c1 60 e7 0c c4 83 17 b6
  Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
  CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=SubCA
  NotBefore: 13.11.2014 19:12
  NotAfter: 13.11.2017 19:22
  Subject: CN=EntSubCA, DC=DED, DC=ROOT
  Serial: 6109015b000100000008
  Template: SubCA
  9b 04 17 9f c5 fe 52 ca a5 58 49 6c c6 18 fa db 13 b3 92 9e
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Failed "AIA" Time: 0
  Error retrieving URL: The network path was not found. 0x80070035 (WIN32: 53)
  file://\\sub_ca\CertEnroll\sub_ca_SubCA(1).crt
  Verified "Certificate (0)" Time: 0
  [1.0] file://\\ca\crl\SubCA.crt
  Verified "Certificate (0)" Time: 4
  [2.0] http://webserver/crl/SubCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (32)" Time: 0
  [0.0] file://\\ca\crl\SubCA.crl
  Verified "Base CRL (32)" Time: 4
  [1.0] http://webserver/crl/SubCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 32:
  Issuer: CN=SubCA
  8d a9 9d 51 65 a3 8e 77 02 22 40 57 62 70 e8 f6 c5 2e 60 1e
  CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=RootCA
  NotBefore: 28.05.2008 12:09
  NotAfter: 28.05.2058 12:19
  Subject: CN=SubCA
  Serial: 616bd19f000100000004
  Template: SubCA
  06 d2 47 e7 dc 8f a7 97 a2 b8 c3 92 03 19 24 0c 47 45 22 14
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crt
  Verified "Certificate (0)" Time: 4
  [1.0] http://webserver/crl/RootCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (1c)" Time: 4
  [0.0] http://webserver/crl/RootCA.crl
  Verified "Base CRL (1c)" Time: 0
  [1.0] file://\\ca\crl\RootCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 1c:
  Issuer: CN=RootCA
  dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
  CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=RootCA
  NotBefore: 27.05.2008 16:10
  NotAfter: 27.05.2110 16:20
  Subject: CN=RootCA
  Serial: 258de6fbd3bbab92460530e9e9f10536
  5d e4 56 38 13 0a 52 aa 66 51 25 61 19 33 c9 d7 a2 c7 dd 38
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crt
  Verified "Certificate (0)" Time: 4
  [1.0] http://webserver/crl/RootCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (1c)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crl
  Verified "Base CRL (1c)" Time: 4
  [1.0] http://webserver/crl/RootCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 1c:
  Issuer: CN=RootCA
  dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
  Issuance[0] = 1.2.700.113556.1.4.7000.233.28688.7.167403.1102261.1593578.2302197.1
  Exclude leaf cert:
  5b 8d 96 39 f8 a3 6f af f3 89 bc 8d 78 e2 da 53 21 b8 ff aa
  Full chain:
  ca 99 30 47 9b ad ab ce 97 cc 70 80 a5 4e 11 b3 1a 83 98 78
  Verified Issuance Policies: None
  Verified Application Policies:
  1.3.6.1.5.5.7.3.2 Client Authentication
  1.3.6.1.5.5.7.3.1 Server Authentication
  ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613)
  CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
  CertUtil: -verify command completed successfully.

  What you have discovered is the reason to *not* use LDAP URLs for CDP and AIA extensions in your PKI. To access those URLs, the account must access to the URLs. In your output, it is quite clear that the local account does not have necessary permissions
  (you also use FILE URLs for publication, which again is not recommended).
  The best practice is to use a single URL for the CDP extension. It should be an HTTP URL that is hosted on a highly available (internally and externally accessible) Web cluster.
  For the AIA extension, it should contain two URLs: one for the CA certificate - again to an internally and externally accessible, highly available Web cluster and one for the OCSP service - also
  an internally and externally accessible, highly available Web cluster.
  the other issue is that the root CA is *not* trusted when run by a non-domain account. How are you adding the trusted root CA. It is recommended to do this by running
  certutil -dspublish -f RootCA.crt.
  This will ensure that the computer account trusts the root CA. In your output, the root CA certificate is not trusted.
  Brian

• I got locked out of my account for typing in the security questions in wrong to many times how do I reset?

  I got locked out of my account for typing in the security questions in wrong to many times how do I reset?

  Read Kappy's response in this discussion.
  https://discussions.apple.com/thread/4096786?tstart=0

• Software always installs to Domain Admin account on connected PC-cant install to Domain User account

  I have completed the following steps:
  Set up Windows Server 2012 R2 Essentials successfully
  Successfully connected a Windows 8.1 Pro PC to the network by running the Essentials Connector software
  The PC has the following users: Original local account created when I installed Windows 8, Domain Admin account created when I ran the Essentials Connector account, Domain User created after PC was connected to the network.
  Everything seems to be working fine. I have installed MS Office 365 Pro, Skype, various other applications while logged in as the Domain User. Every one of these installs triggered a UAC prompt, which was expected, and after entering the Domain Admin
  credentials the install proceeded successfully. After install, the software was available to the Domain User, shortcuts appeared in the Start Menu or Desktop, appropriate directories were created in the Documents folder.
  All except for 3 applications - upon being prompted for permission to install, I enter the Domain Admin credentials, installation proceeds, but the software is installed to the Domain Admin account-not the Domain User account. Shortcuts appear on the Domain
  Admin desktop-Not the Domain User account, etc. I've tried:
  Downloading a new copy of the software to the Domain User desktop & running it from there
  Right-click file, Install as Admin
  click file, Install as a different user
  Right clicking file, Properties>Compatibility & changing compatibility settings
  Right clicking file, Properties>Compatibility>Run as Administrator
  None of these options have changed the result, the software is still installed to the Domian Admin account as opposed to the Domain User account. Any idea why these 3 software wont install correctly but everything else has? Any suggestions as to how to install
  the software to the profile that doesn't involve making the Domain User an Administrator? Thanks for any help!

  Hi voltron5,
  Many programs may provide options: "install for everyone" or "just for current user", when you install them.
  Please check if there are such options during the installation process.
  If those three programs are all third-party applications. I suggest you should contact with the corresponding
  support and confirm this.
  If those three programs are Microsoft applications, would you please let me know specific information of those
  three applications? Such as their names and so on. Meanwhile, when complete the installation, please check the software path was added in administrator environment variables or system environment variables.
  Hope this helps.
  Best regards,
  Justin Gu

• SSAS issue with Domain user account

  Hi
  I have SSAS 2008 R2 set up running on Windows Server 2012 Standard.
  The server is registered as a part of domain.
  I have had an issue of domain user accounts accessing to a cube and it's starting to get worse. There has been no problem with a local user account (I set up a few for testing purpose). 
  I ran the role report from BIDS Helper and it finds all the domain user accounts invalid. 
  It looks like SSAS is not talking well with the domain server (Windows 2003 server standard) to verify user credentials. But the thing is that everyone is ok with the domain server except for SSAS. IT does not have a clue what's going on here and everything
  is just pointing at me right now.
  I'd like to know if there is anyway to monitor that communication between SSAS and domain server for user credential verification and any guideline on how to resolve it. Most of time, it just works again..  like 10 minitues later.. it resolves by itself.
  But this time, not!!!
  All I know is that 1. Registering the server as a part of domain 2. use domain user account to set the security. 
  MY IT department has set up network monitoring tool and says that they are 100% percent working (No connection loss. It's monitoring Active directory as well). The application installed is 'ManageEngine Applications Manager' 
  I don't know what to do here. 
  P.S Will it be related something like 'Error
  while Add user to SSAS Server - The trust relationship between the primary domain and the trusted domain failed' but it's all the domain accounts including mine are not working.
  Cheers!!!

  First check your DNS servers setting on the server you have SSAS installed. You should only use the IP addresses of the DNS servers (e.g. Domain Controllers) of your domain. Active Directory relies on proper DNS server settings. Adding public DNS servers,
  even if they are on the bottom of the list, will mess up name resolving Active Directory names. This should have been done when IT had provisioned the server. Same goes for own workstation if you run your development/management software not on the server.
  Second make sure SSAS is running under a service account that has access to Active Directory. This can be either a domain account, the local system account, or the network service account. Running SSAS under a local account or the local service account will
  not work because local accounts do not have access to Active Directory. Running SSAS under either a Managed Service Account or a Virtual Account will not work because those features require the domain at least the Windows Server 2008 R2 functional
  level.
  Third make sure the account you use to log on to SSAS is a domain account and has appropriate permissions in SQL Server and SSAS. Local accounts and SQL Server account do not have access to Active Directory

• SharePoint farm - SQL Server - MSSQLSERVER service is running as "Local System" - Can I change it to Domain User account?

  Hi there,
  In my SharePoint 2010 farm - on the SQL Server:
  The MSSQLSERVER service is running under Local System.
  1. Can I change it to run as a normal Domain User account?
  2. Does it need any extra privileges?
  3. Is it a safe thing to do?
  Brief description will be very useful.
  Thanks so much.

  You need to create Service account with password never expire option+ User never change password
  Then you need to go through below recommendation from Microsoft
  Security Considerations for a SQL Server Installation
  Planning for Services, Accounts, and Connections
  Hope you got starting point
  Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

• I forgot my security questions, now Im locked out of my account. How can I log in. I just wanted to change my password

  I forgot my security questions, now Im locked out of my account. How can I log in. I just wanted to change my password

  You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, and filling out and submitting this form.
  (96789)