JCIFS NTLM - giving backup domain controller in web.xml
Hi All,
We are using JCIFS NTLM authentication, for which we've configured the filter in web.xml like this
... other code ...
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>SERVER1</param-value>
</init-param>
..... other code .....the above code specifies a single domain controller SERVER1 for the NTLM authentication. Suppose, I want to give one more server also (i.e. when the SERVER1 down, NTLM should check my backup server SERVER2), how do I give it in the above code? Is it like <param-value>SERVER1, SERVER 2</param-value> ?
Thanks in advance.
I am facing the same exact problem.
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>corg0dc02</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Is it possible to use EL or equivalent instead of hard-coding the param-value? Is this allowed in the Servlet spec?
I would like to read the param-value from a properties file or DB table if possible.
Edited by: asookazian on May 21, 2009 10:34 PM
Similar Messages
-
Problematic issues in installing backup domain controller on Virtual Machine
Hello,<o:p></o:p>
I have a physical domain controller - windows Server 2012 R2 Standard installed
in my domain environment and this is a first root domain controller.
I have also Hyper-V Server 2012 R2 installed and joined in that domain.
Now I want to install an additional (Backup) domain controller as a virtual
machine hosted on Hyper-V Server. So while promoting VM as a DC all actions and
steps go well but the problem arise when I press the install button at the end
of the promotion - installation gets stuck in the process of writing some
configuration files on first DC and also in the process of replication. Unfortunately
VM does not promote as a DC and it goes to restart.
The error event log with - NETLOGON source is logged on the virtual machine as
well.
Do you have some suggestions with this issue, or experience how to resolve this..
Thanks a lot in advance,
GMG
<o:p></o:p>Now I want to install an additional (Backup) domain controller
There is no backup DC. All DCs are RW except RODCs.
I would recommend first checking the health status of the existing DC using
dcdiag command. Also, please check the IP settings in use: Please make sure that the existing DC has its primary IP address in use and that public DNS servers are set as forwarders and not in IP settings of the DC. For the new DC, please make sure
that it points to the existing DC as primary DNS server and once promoted you can see the recommendations here to update the configuration: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
Please also disable temporary all security software in use on the DCs and make sure that needed ports for AD replication and authentication are not blocked or filtered between the DCs.
This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Get Active Directory User Last Logon
Create an Active Directory test domain similar to the production one
Management of test accounts in an Active Directory production domain - Part I
Management of test accounts in an Active Directory production domain - Part II
Management of test accounts in an Active Directory production domain - Part III
Reset Active Directory user password -
STMS Backup Domain Controller.
Hi,
I want to configure a backup domain controller in my SAP system. The current controller is on my Production (PRD). I would like to configure the backup controller on Development (DEV).
Currently, my OS is on AIX. The NFS is at Production for /usr/sap/trans.
My question is, if I have a hardware problem in PRD that also impact my NFS, the backup controller that was created would also be pointless? Please correct me if I am wrong.
Hope to get feedback.
Thanks in advance,
IAzir.Hi,
I know individual /usr/sap/trans can be implemented in Windows but not in UNIX.
Unix uses NFS. I might be wrong. Have your tried it before? -
Can't make a Backup Domain Controller
I have one Open Directory Master and three replicas. The Master is also set to be the Windows Primary Domain Controller. But none of the replicas can join the domain or join as the Backup Domain Controller.
When I search the logs on the Master, I see:
could not find new user/computer luca$ in passdb
luca (a replica) is in Workgroup Manager. I even added a Kerberos entry for it.
Any help is greatly appreciated.Solved my own problem...
Turns out that some users on the network took it upon themselves to join a Workgroup with the same name as our Domain. Samba doesn't seem to like that at all. So make sure your workgroup names are never the same as your domain names. -
Os 10.5.6 OD replica will not create SMB backup domain controller
Hi,
Apologies if this is a redundant posting. I have two xserves both w/ os 10.5.6. One is the OD master and SMB PDC. The other is an OD replica w/ SMB turned on as a standalone server. I'd like to promote this to the BDC, but trying to do so w/ server admin fails consistently.
OD replication works fine, and I've confirmed the diradmin account's information is correct. Is there anything that I'm failing to take into account?
here's is one log entry that looks suspect:
"Loadlmhostsfile: Can't open lmhosts file /private/etc/lmhosts. Error was No such file or directory"
I can provide smb.conf and other logs if anyone wants, but the config is pretty much all defaults. Thanks for any advice.
-SBThis is typically an issue with OD Master. You typically have to demote the PDC to stand alone and then bring the OD Master to stand alone as well and start the process over. Instead of that there is a command you can try, although I haven't and see how it works.
sudo mkpassdb -kerberize
Before doing that make sure hostname and sudo changeip -checkhostname all return good things. Don not forget this as well:
scutil --get HostName
dscl /LDAPv3/127.0.0.1 -read /Config/KerberosKDC > KerberosKDC.out; cat KerberosKDC.out
In either even always make sure you have a good backup of the server and ODM before doing anything. -
Installing a Windows 2012 Domain Controller into a 2000/2003 domain with Exchange 2003
Hello,
I have a client that we are planning to migrate to 2012 over time. They currently have a Windows 200 DC and 2 member servers running Windows 2003, one of which is running Exchange 2003.
We first are going to introduce a 2012 server into the domain and my plan was to DCPromo the 2003 server that isn't running Exchange and raise domain level to 2003 and then demote the 2000 server. I was then going to install the
2012 server into the domain and make it a backup Domain Controller for the time being and leave the newly promoted Windows 2003 server as the primary Domain Controller with all the roles and global catalog. My question is will Exchange 2003 still function
normally in this scenario?
I've been doing research and read some things about Exchange 2003 not working with 2012 Domain Controllers, but I was thinking if the 2003 is still the primary, it might work. We will eventually migrate to 2003, they just don't want to
do it all at once, due to costs and other issues.
Thanks.I didn't ask if it was supported, I just wanted to know if Exchange 2003 would continue
to function if the Windows 2003 DC still held all the FSMO roles and Global Catalog.
A not supported situation means that it is a situation where Microsoft made no testing or do not guarantee that you can operate with no problems. Following a not supported scenario could be done but is on your own risk.
If it won't, can the 2012 server be a member server in the 2003 AD? The 2000
DC it is replacing, just shares files on the network in addition to being the lone AD server
Yes, it can be a member server.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
Windows Server Primary & Secondary Domain Controller Question
lulzchicken wrote:
Right now the DHCP is assigning 192.168.200.1 (DNS server) and 8.8.8.8 (Google's DNS) as DNS servers for each client. I don't necessarilly want to change these assignment settings,Yes, you do. This is absolutely the worst thing you can ever do with DNS. More details why here -> Ramblings of a Sysadmin: How to do DNS correctly
Primary and secondary DNS should ALWAYS be internal.
Your DNS Servers should use FORWARDERS go go out to google. That's the only place that should see google DNS servers in your environment.Hi everyone, thank you for taking the time to listen.
I have successfully implemented an Active Directory setup using a Primary DC and a Secondary DC with Windows Server 2012 R2.
EL1 is my PDC and EL2 is my BDC.
Active Directory is in sync among the two Domain Controllers. Here is my question:
If I were to have a policy (Group Policy) that sets the wallpaper of each client machine to whatever is in the "\\EL1\Wallpaper\wp.jpg" - what would happen if I were to have that Domain Controller fail? That directory is no longer available due to the outage - even though the Backup Domain Controller will still be pushing out the policy (pointing to the down server).
My idea was to have that directory replicated on the Backup Domain Controller, "\\EL2\Wallpaper\wp.jpg" however - the policy will still be looking for the file in the Primary Domain...
This topic first appeared in the Spiceworks Community -
Refreshing the DEV system, which is our domain controller
Hi,
We refreshed our DEV system, which is our domain controller. How to get back our STMS configuration in the domain controller ? Can I run se06 in our proudction system to delete the TMS and then running STMS in production to create the TMS. Then approving that in the domain controller. Is there any other way to restore the configuration ?
Thanks
RabiYou could always specify a backup domain controller before you start.
-
2012 Essentials and Backup Domain Controllers
I understand that 2012 Essentials wants to be the domain controller but what happens if I install a second one on the same network/what is the option for a backup domain controller? Is it recommended to have one 2012E and one 2012S?
As far as I can find you can have a second "replica" domain controller, but you can only have one essentials box in the domain (so the replica would just be Windows Server standard), and that must be the master server, eg it must own the FSMO roles.
Check out
http://blogs.technet.com/b/sbs/archive/2007/10/04/debunking-the-myth-about-additional-domain-controllers-replica-dcs-in-an-sbs-domain.aspx which covers many of the limitations and requirements. It doesn't relate to 2012, but I believe the same rules still
apply. -
Rebuilding Domain controller & Transport Routes after system refresh
I have refreshed Dev from Prdn, now my domain controller only shows single system
I have documentation but, it is confusing to me how to have QAS and Prdn join the domain controller again and show the domain as a three tier system
When I log into QAS and Prdn I still see the old 3 tier system including the domain and the other systems.
Please advise
maria
Edited by: Maria Graziano on Mar 27, 2008 3:53 PMYou don't perform backup of domain controller.
You only designate in STMS one of servers as "Backup Domain Controller"
when Primary controller fails than "Backup domain Controller" takes his role and becomes a primary.
So action to refresh domain controller is:
1. Designate one of servers as backup domain controller
2. Backup transport directory if it is on refreshed server (just in case)
3. Switch backup controller to become primary
4. Refresh primary system
5. Join refreshed system to domain
6. Switch back primary function to refreshed server
Regards,
Wojtek -
Hello Experts,
Currently we have DEV system as our domain controller with no backup domain controller, now we want to configure PRD as Domain controller & DEV as backup doamin controller.
I found that there are 2 ways of doing so:
1. Make PRD as BDC & activate it, then point TRANSDIR & DIR_TRANS to PRD trans directory
Issue: Domain name, group name & profile name will still be the same
2. Delete STMS configuration & reconfigure from start (PRD as DC & DEV as BDC). Set transport directory path in instance profiles
So we decide to go with approach 2 (delete & reconfigure everything).
Need your feedback on both the approaches.
Is there any way to take backup of all STMS configuration (or atleast Routes) & restore it.
Regards,
RajneeshDear All,
We have successfully done the migration of Domain controller fron DEV (Standalone) to PRD (High availabiltiy). Few points to
remember:
1. No need to delete & create routes before / after the activity. It maintains the version.
2. need to run report TMS_MGR_LOADBALANCING after configure PRD as DC to make it high available.
Regards,
Rajneesh -
NTLM Authentication with a domain controller/active directory
Hi,
I have a requirement to do an NTLM authentication with the MS active directory.
I am aware that JNDI doesn't support this protocol to communicate with the AD.
I have looked into couple of online solutions available but that doesn't seem to meet my requirement. Most of the solutions like (Apache commons NTLMScheme/NTCredentials and java.net.Authenticator etc...) are used for only NTLM proxy authentication (where both username, password is sent to the proxy server which does the actual NTLM authentication with the Active Directory.)
What I need is a solution in Java where I can directly contact Active directory for negotiation of challenge/response mechanism.
Can any of you guys suggest any alternative to achieve this ?it really depends to be honest. I'd probably go something like this though:
One Small physical server to act as a domain controller - you could put DHCP on this too
One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined.
Then for your VM's create the following:
1 x additional domain controller
For remote desktop services:
1 x Remote Desktop Session Host
1 x Connection Broker
1 x Gateway and web server
For additional services
1 or 2 x Exchange
1 x sharepoint
1 x IIS
but it really depends what you want to achieve.
The benefit from Virtual machines is that you can keep separate virtual servers for separate applications.
If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance.
Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated.
Regards,
Denis Cooper
MCITP EA - MCT
Help keep the forums tidy, if this has helped please mark it as an answer
My Blog
LinkedIn: -
Domain controller backup and recovery
We have 5 DCS 3 in one location and other 2 in another location
Considering the first location with 3 dcs, we have baremetal backup (windows server backup) configured for all 3 dcs
What will be the best way to restore/recover if one of the dc fails, does normal restore wouldnt give any errors?
Amal RSHi,
If you use AD integrated DNS zones, then System State backup contains the DNS data, your DNS data will get backed up along with your AD. If you run a DHCP server backup from the DHCP management console this is independent from the date, you are just to restore
the one you need.
DNS, DHCP backup and restore
http://social.technet.microsoft.com/Forums/windowsserver/en-US/094ad3b2-1411-4b14-a729-b4f83f45bbec/dns-dhcp-backup-and-restore
Domain Controller Recovery
http://technet.microsoft.com/en-us/library/cc535164.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Domain Controller System State backup script *not working*
Hello I am trying to get an automated backup for my domain controller to a network share using a script and windows task scheduler - our domain controller is windows server 2008r2
this is the code for the script i have written as seen below, however when i run the scrip it does create the folder on the network share but fails to initiate the system state backup power shell returns this error when i run the script.
any suggestions on what i can do to resolve this issue? i am also rather new to powershell so there many be a much easier way of going about it.
many thanks
Gordon
wbadmin 1.0 - Backup command-line tool
(C) Copyright 2004 Microsoft Corp.
ERROR - One of the parameters or options specified is invalid: [quiet].
See the syntax below.
Syntax: WBADMIN START SYSTEMSTATEBACKUP
-backupTarget:<VolumeName>
[-quiet]
Description: Creates a system state backup of the local computer and stores
it on the location specified.
To use this command, you must be a member of the Backup Operators group
or Administrators group.
Parameters:
-backupTarget Specifies the location where you want to store the backup.
The storage location requires a drive letter or a GUID-based
volume of the format: \\?\Volume{GUID}.
-quiet Runs the command with no prompts to the user.
Example:
WBADMIN START SYSTEMSTATEBACKUP -backupTarget:f:
#adds windows server backup powershell snapin
Add-Pssnapin windows.serverbackup
#gets date
$date = Get-Date -Format dd.MM.yyyy
#declares backup location and adds date
$backdir = ("\\backupserver\bpdbackups\DC\$date")
#makes backup directory on network share
mkdir $backdir | out-null
#runs system statebackup
wbadmin start systemstatebackup -backupTarget:$backdir -[quiet]
#sends and email at the nd of the process
$smtp = "192.168.xxx.xxx"
$from = "Domain Controller <[email protected]>"
$to = "Network Admin <[email protected]>"
$body = "The backup operation has been successfully done! Date: $date"
$subject = "Backup on $date"
#Send an Email to User
send-MailMessage -SmtpServer $smtp -From $from -To $to -Subject $subject -Body $body - BodyAsHtml
write-host "Backup Successful"wbadmin start systemstatebackup -backupTarget:$backdir -[quiet]"[quiet]"? I guess you should remove the bracketswbadmin start systemstatebackup -backupTarget:$backdir -quiet
-
HI
we have a sharepoint farm and in domain controller server, this error is in event viewer
Log Name: System
Source: Microsoft-Windows-Kerberos-Key-Distribution-Center
Date: 9/15/2014 10:44:15 PM
Event ID: 11
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: XXXAPP01.xxxportal.com
Description:
The KDC encountered duplicate names while processing a Kerberos authentication request. The duplicate name is HTTP/XXXWFE01.xxxportal.com (of type DS_SERVICE_PRINCIPAL_NAME). This may result in authentication failures or downgrades to NTLM. In order to prevent
this from occuring remove the duplicate entries for HTTP/XXXWFE01.xxxportal.com in Active Directory.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kerberos-Key-Distribution-Center" Guid="{3FD9DA1A-5A54-46C5-9A26-9BD7C0685056}" EventSourceName="KDC" />
<EventID Qualifiers="49152">11</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-09-15T19:44:15.000000000Z" />
<EventRecordID>131824</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>XXXAPP01.xxxportal.com</Computer>
<Security />
</System>
<EventData>
<Data Name="Name">HTTP/XXXWFE01.xxxportal.com</Data>
<Data Name="Type">DS_SERVICE_PRINCIPAL_NAME</Data>
<Binary>
</Binary>
</EventData>
</Event>
adilHi adil,
Service principal names (SPNs) are stored as a property of the associated account object in Active Directory
Domain Services (AD DS). I noticed that you have used setpn –X to identify the duplicate SPN. Please refer to following articles and check if help you to solve this issue.
Event ID 11 — Service Principal
Name Configuration
Event ID 11 in the System log of domain controllers
Please also refer to following article and check if can help you.
The problem with duplicate SPNs
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft
does not guarantee the accuracy of this information.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Maybe you are looking for
-
Text cut of on very bottom of page when I print - Photosmart 6520; Macbook Pro
I don't know what's going on, but when I print two-sided from a word doc on my mac, the the lower half of the text at the very bottom of each page cuts off. Can anyone help me fix this problem? I'd really appreciate it.
-
BAPI_ACC_DOCUMENT_POST long text field missing
Hi, I will have to transfer our vendor open items from v 3.1 to ERP 2004. I am using <b>BAPI_ACC_DOCUMENT_POST</b> to upload these open items. However, I cannot find the <b>'LONG TEXT'</b> field in the said BAPI. In using <b>F-02</b>, a long text fie
-
Registering events for own GUI controls
Hi, I refer to the blog <a href="/people/thomas.jung3/blog/2004/09/01/using-net-windows-controls-in-the-abap-control-framework:///people/thomas.jung3/blog/2004/09/01/using-net-windows-controls-in-the-abap-control-framework In the mean time I was succ
-
Struts in Tomcat ( Exception Handling)
When an exception is rised in an struts application, the StackTrace of the Exception is logged. Ex: 2004-10-27 12:16:27,960 - DEBUG -- org.apache.struts.action.ExceptionHandler -- (ExceptionHandler.java: logException :122) -- ExceptionHandler caught
-
Hi, I've got a new PC with an Audigy 2 soundblaster. The problem is, that neither the speakers (Logitech Z-5500) nor headphones etc. are found. I think I have installed all drivers for the Soundblaster. Actually, the speakers should be found when the