Kerberos error when using a DNS name that doesn't match the Active Directory domain name
I am running into a weird issue with a new SQL Reporting Services server I built. I installed SQL Reporting 2014 on Windows Server 2012 R2 and configured Kerberos, but the site is extremely slow. After some reconfiguration and log captures I have determined
the issue has to do with the Kerberos setup but it is an exact replica of a Windows Server 2008 R2 server we currently have and it does not have these issues.
The error I see while using Wireshark is KRB Error: KRB5KDC_ERR_BADOPTION NT Status: STATUS_NO_MATCH.
When I drill down the into the error I can see the kerberos string is testprjmnmtreports14.company.com, which is the URL we are using to access the site. I made sure to add that name as an SPN for the service account that is running SQL Reporting Services,
however I still receive the error.
Then I tried configuring the site to run without a hostheader, so I accessed the site with the server name ECTSTSQLRS5 and the site works perfectly fine, no errors are reported either. So it seems I have isolated the issue down to Kerberos but I am not sure
how to resolve it. Here is some more information about my environment:
DNS/URL used: testprjmnmtreports14.company.com
Server Name (FQDN): ECTSTSQLRS5.company.int
AD Domain Name: company.int
Server Version: Windows Server 2012 R2
AD Functional Level: 2008 R2
I also have the following SPNs set for my SQL service account:
http/testprjmngmtreports14.company.com
http/testprjmngmtreports14
http/ECTSTSQLRS5.COMPANY.INT
http/ECTSTSQLRS5
As you can see I am trying to use a .com address but my AD domain is .int which I think is the issue, but I do not have the same problem on my other server that is running Windows Server 2008 R2.
Has anyone see this issue before? What do I need to do to allow my new site on 2012 R2 to work with this DNS Alias?
Thanks,
Brandon
Hi
Quote from there; Kerberos errors in network captures
The most common scenario is a request for a delegated ticket (unconstrained or constrained delegation). You will typically see this on the middle-tier server trying to access a back-end server. There are several reasons for rejection:
1. The service account is not trusted for delegation
2. The service account is not trusted for delegation to the SPN requested
3. The user’s account is marked as sensitive
4. The request was for a constrained delegation ticket to itself (constrained delegation is designed to allow a middle tier service to request a ticket to a back end service on behalf on another user,
not on behalf of itself).
Regards, Philippe
Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it!
Similar Messages
-
Active Directory Domain Name Convention
Hi All
I'm creating a brand new domain for a new company I have just started at. We currently use Office 365 so sharepoint and Exchange are both in the cloud and our website is also outsourced.
I am now rolling out our first DC on Windows 2012 Server and I'm find conflicting reports on what naming convention I should use for AD with use with hosted exchange.
Most seem to point at using a subdomain of our main site, like corp.mydomain.com whereas I come from a background using Server 2003 where its always been mydomain.local
Can anyone advise me on this one and are there any additional thoughts around implementing with an existing Office 365 setup?It seems that mydomain.local is recommended less often (if not discouraged) because certificates from a third-party CA will no longer accept internal domain names, like mydomain.local, in the near future.
Some links on this subject:
http://social.technet.microsoft.com/Forums/exchange/en-US/a460ee18-e674-4c14-b4e8-33afd9ddb2a0/change-local-to-com-to-resolve-ssl-certificate-mismatch?forum=exchange2010
http://www.digicert.com/internal-names.htm
http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/
In any case Office 365 will not interact with internal names. If you use such a name currently, you'd have to configure a UPN suffix allowing users to connect with the external name. This link might
explain it better:
http://www.messageops.com/documentation/office-365-documentation/active-directory-federation-services-design-planning-for-office-365
In particular:
"It is common for organizations to use one domain name internally and a different domain name externally. A best practice was to have your internal Active Directory domain name have a .local or a .corp suffix. With Office 365, the UPN suffix must match
your external domain name which you have registered and verified within Office 365. In these types of situations it is necessary to add a UPN (User Principle Name) suffix to the Active Directory."
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
Is it possible to get the active directory user name of the person
Is it possible to get the active directory user name of the person who is logged onto a windows computer, when they are using your coldfusion site, the same way asp pages can do that?
SECOND TRY TO POST THIS REPLY
You have to turn on "Windows Integrated Security" and turn off anonymous login in the IIS web server, once that condition is met the cgi.AUTH_USER variable will be popluated with the domain/username of the user logged into the cient computer.
If the user is using a windows browser on a windows client computer this will be done silently in the background. Otherwise they will normally be presented with a login dialog box by the browser. -
Activating Windows 7 by using KMS Without the Active Directory Domain environment
Dear,
Can we able to activate the Windows 7 O/S Machines by using KMS without the Active Directory Domain environment,As our some of the Computers will not connect with AD domain, we need to setup the speprate KMS
server for this.
Thanks
Balaji KYou can point the KMS clients to the KMS host machine by opening an Elevated CMD prompt:
and running slmgr /skms to point directly to the KMS host.
You do not need a Domain controller.
Volume Licensing: Key Management Service (KMS) Client Options:
/skms <Name[:Port] | : port> [Activation ID] [Activation ID]
Set the name and/or the port for the KMS computer this machine will use. IPv6 address must be specified in
the format [hostname]:port /ckms [Activation ID]
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
the thread. -
How to Name the Active Directory Domain Service for Local Server
Hello to everyone, I am Karthick from India, currently I am working as a System Engineer in a esteemed institution. So far we have only workgroup network setup now we are planning to migrate our workgroup to domain network. So we planned to install
Windows Server 2008 R2 64 bit server on Wipro Netpower Z1531 server and we have totally 150 systems in our premises and also a broadband connection with 512 kbps download speed and 144 kbps upload speed.
My questions starts here,
1.) what should be my FQDN name for my first domain controller? Our server will be connected to internet for downloading the updates only, so what settings I have to configure?
2.) We don't want other clients communicate with our server i.e. outside of our premises via router or any other.
3.) If suppose in future if we want to access our server from outside either from different town or different country what should I do for that access
Thanks in advance
S.R. KarthickFQDN name for my first domain controller
- FQDN is (by default) is your server name + FQDN of the Domain name
Domain Name - you can select whatever you want. It is an internal name. However, you can also, configure to match with your external domain name. Do you some search of
Split DNS structure.
My recommendation is to review the IPD guide for AD. You should be able to get all information.
http://technet.microsoft.com/en-us/library/cc268216.aspx
Santhosh Sivarajan | Houston, TX
Windows 2012 Book - Migrating from 2008 to Windows Server 2012
http://www.sivarajan.com/
This post is provided ASIS with no warran -
Object name that already exists on the local directory service
Hi,
We have 3 domain controllers with Windows 2008 R2 all GC, and the forrest and domain level 2008 R2.
We replaced one domain controller with a windows server 2012 r2, and kept the name and ip. Every thing seems ok with dcdiag and repadmin, but I can see that one newly created computer object has failed with the information below. I can see the computer object
in AD, but is has a different objectID than the event viewer is reporting. I have also tried to seach for it but cant find it. The event id shows only up in the new DC, and its and information event. How can i remove this event, do i need to remove the object
and try to add it to the domain again ?
Trying to seach for the object
/Regards AndreasHi.
Thanks for reply. I would guess the AD has recognized conflicts sine I have the duplicate COMPUTER accounts displayed in the event logs, but when i search for CNF objects I can`t find any. I have tried the following commands from all 3 DC`s with administrative
rights, but there is no output at all.
PS C:\Windows\system32> Get-ADComputer -LDAPFilter "(cn=*\0ACNF:*)"
PS C:\Windows\system32> dsquery * -filter "(cn=*cnf:*)"
PS C:\Windows\system32> dsquery * -filter "(cn=*\0aCNF:*)"
I have check with the repadmin command one of the computers that are beeing reported as a duplicate from the event viewer.
We have DCA and DCB in the same site, and then we have a second site where DCC is located. See the information below, im not sure how to troubleshoot this... does this information seem to be correct ?
The duplicate messages does not come often, it has now been 2 days since i have seen them, i have not rebooted any DC.
DCA(On this Domain controller there is no report in the event viewer about duplicates. Windows Server 2008 R2 with FSMO roles)
PS C:\Windows\system32> repadmin /showobjmeta "DCA" "CN=SERVER01,CN=Computers,DC=domain,DC=local"
33 entries.
Loc.USN Originating DSA Org.USN Org.Time/Date
Ver Attribute
======= =============== ========= =============
=== =========
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 objectClass
29565429 Site\DCA 29565429 2015-03-26 07:40:05
1 cn
29618104 Site\DCB 296412 2015-03-27 09:15:08
1 description
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 instanceType
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 whenCreated
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 nTSecurityDescriptor
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 name
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 userAccountControl
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 codePage
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 countryCode
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 dBCSPwd
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 localPolicyFlags
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 logonHours
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 unicodePwd
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 ntPwdHistory
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 pwdLastSet
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 primaryGroupID
29565429 Site\DCB 239150 2015-03-26 07:40:04
1 supplementalCredentials
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 objectSid
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 accountExpires
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 lmPwdHistory
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 sAMAccountName
29618121 Site\DCB 296437 2015-03-27 09:15:20
1 location
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 sAMAccountType
29565447 Site\DCB 239158 2015-03-26 07:40:08
1 operatingSystem
29567008 Site\DCA 29567008 2015-03-26 08:25:21
2 operatingSystemVersion
29567008 Site\DCA 29567008 2015-03-26 08:25:21
1 operatingSystemServicePack
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 dNSHostName
29565478 Site\DCB 239218 2015-03-26 07:41:05
3 servicePrincipalName
29565429 Site\DCB 239148 2015-03-26 07:40:04
1 objectCategory
29565429 Site\DCB 239149 2015-03-26 07:40:04
1 isCriticalSystemObject
30041078 Site\DCA 30041078 2015-04-05 09:23:38
2 lastLogonTimestamp
29565478 Site\DCB 239212 2015-03-26 07:41:04
1 msDS-SupportedEncryptionTypes
0 entries.
Type Attribute Last Mod Time Originating DSA Loc.USN
Org.USN Ver
======= ============ ============= ================= ======= ======= ===
Distinguished Name
=============================
DCB (This domain controller reports duplicates in the Event log. Windows Server 2012 R2, this server is new and has replaced the old DCB, kept the same hostname and ip)
PS C:\Windows\system32> repadmin /showobjmeta "DCB" "CN=SERVER01,CN=Computers,DC=domain,DC=local"
33 entries.
Loc.USN Originating DSA Org.USN Org.Time/Date
Ver Attribute
======= =============== ========= =============
=== =========
239148 Site\DCB 239148 2015-03-26
07:40:04 1 objectClass
239148 Site\DCB 239148 2015-03-26
07:40:04 1 cn
296412 Site\DCB 296412 2015-03-27
09:15:08 1 description
239148 Site\DCB 239148 2015-03-26
07:40:04 1 instanceType
239148 Site\DCB 239148 2015-03-26
07:40:04 1 whenCreated
239148 Site\DCB 239148 2015-03-26
07:40:04 1 nTSecurityDescriptor
239148 Site\DCB 239148 2015-03-26
07:40:04 1 name
239148 Site\DCB 239148 2015-03-26
07:40:04 1 userAccountControl
239149 Site\DCB 239149 2015-03-26
07:40:04 1 codePage
239149 Site\DCB 239149 2015-03-26
07:40:04 1 countryCode
239149 Site\DCB 239149 2015-03-26
07:40:04 1 dBCSPwd
239148 Site\DCB 239148 2015-03-26 07:40:04
1 localPolicyFlags
239149 Site\DCB 239149 2015-03-26
07:40:04 1 logonHours
239149 Site\DCB 239149 2015-03-26
07:40:04 1 unicodePwd
239149 Site\DCB 239149 2015-03-26
07:40:04 1 ntPwdHistory
239149 Site\DCB 239149 2015-03-26
07:40:04 1 pwdLastSet
239149 Site\DCB 239149 2015-03-26
07:40:04 1 primaryGroupID
239150 Site\DCB 239150 2015-03-26
07:40:04 1 supplementalCredentials
239148 Site\DCB 239148 2015-03-26
07:40:04 1 objectSid
239149 Site\DCB 239149 2015-03-26
07:40:04 1 accountExpires
239149 Site\DCB 239149 2015-03-26
07:40:04 1 lmPwdHistory
239148 Site\DCB 239148 2015-03-26
07:40:04 1 sAMAccountName
296437 Site\DCB 296437 2015-03-27
09:15:20 1 location
239148 Site\DCB 239148 2015-03-26
07:40:04 1 sAMAccountType
239158 Site\DCB 239158 2015-03-26
07:40:08 1 operatingSystem
240896 Site\DCA 29567008 2015-03-26 08:25:21
2 operatingSystemVersion
240896 Site\DCA 29567008 2015-03-26 08:25:21
1 operatingSystemServicePack
239148 Site\DCB 239148 2015-03-26
07:40:04 1 dNSHostName
239218 Site\DCB 239218 2015-03-26
07:41:05 3 servicePrincipalName
239148 Site\DCB 239148 2015-03-26
07:40:04 1 objectCategory
239149 Site\DCB 239149 2015-03-26
07:40:04 1 isCriticalSystemObject
829883 Site\DCA 30041078 2015-04-05 09:23:38
2 lastLogonTimestamp
239212 Site\DCB 239212 2015-03-26
07:41:04 1 msDS-SupportedEncryptionTypes
0 entries.
Type Attribute Last Mod Time Originating DSA Loc.USN
Org.USN Ver
======= ============ ============= ================= ======= ======= ===
Distinguished Name
=============================
DCC (This server also reports duplicates in Event log. Windows Server 2008 R2)
PS C:\Windows\system32> repadmin /showobjmeta "DCC" "CN=SERVER01,CN=Computers,DC=domain,DC=local"
33 entries.
Loc.USN Originating DSA Org.USN Org.Time/Date
Ver Attribute
======= =============== ========= =============
=== =========
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 objectClass
3256258 Site2\DCC 3256258 2015-03-26 07:46:45
1 cn
3268772 Site\DCB 296412 2015-03-27 09:15:08
1 description
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 instanceType
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 whenCreated
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 nTSecurityDescriptor
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 name
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 userAccountControl
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 codePage
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 countryCode
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 dBCSPwd
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 localPolicyFlags
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 logonHours
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 unicodePwd
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 ntPwdHistory
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 pwdLastSet
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 primaryGroupID
3256258 Site\DCB 239150 2015-03-26 07:40:04
1 supplementalCredentials
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 objectSid
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 accountExpires
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 lmPwdHistory
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 sAMAccountName
3268772 Site\DCB 296437 2015-03-27 09:15:20
1 location
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 sAMAccountType
3256258 Site\DCB 239158 2015-03-26 07:40:08
1 operatingSystem
3256699 Site\DCA 29567008 2015-03-26 08:25:21
2 operatingSystemVersion
3256699 Site\DCA 29567008 2015-03-26 08:25:21
1 operatingSystemServicePack
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 dNSHostName
3256258 Site\DCB 239218 2015-03-26 07:41:05
3 servicePrincipalName
3256258 Site\DCB 239148 2015-03-26 07:40:04
1 objectCategory
3256258 Site\DCB 239149 2015-03-26 07:40:04
1 isCriticalSystemObject
3379266 Site\DCA 30041078 2015-04-05 09:23:38
2 lastLogonTimestamp
3256258 Site\DCB 239212 2015-03-26 07:41:04
1 msDS-SupportedEncryptionTypes
0 entries.
Type Attribute Last Mod Time Originating DSA Loc.USN
Org.USN Ver
======= ============ ============= ================= ======= ======= ===
Distinguished Name
=============================
Thanks for support, I will not go further with replacing the other DCA and DCC with Windows Server 2012 R2 before I have solved this issue.
Added some more information:
I can also see in the event log of DCB
Event ID 1162 - Internal event: The Address Book hierarchy table has been rebuilt.
Not sure if this is related to something?
I can also see in the event log of DCB and DCA
Event ID 2041
Duplicate event log entries were suppressed.
See the previous event log entry for details. An entry is considered a duplicate if the event code and all of its insertion parameters are identical. The time period for this run of duplicates is from the time of the previous event to the time of this event.
Event Code:
4000048a
Number of duplicate entries:
1
(On Windows Server 2008 R2 the Event Code is Event Code: 80000b47)
/Regards Andreas -
i have all the issues stated in my question as of this morning. they werent there last night. WTF happened to my beloved firefox? BTW,
I got an amd dual core 4000, nvidia gtx 9800, 4 gigs ram, running on windows xp sp3.
BTW, windows updated last night, and thats when i got the problems
== User Agent ==
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; WWTClient2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; Creative AutoUpdate v1.40.01)I have had a similar problem with my system. I just recently (within a week of this post) built a brand new desktop. I installed Windows 7 64-bit Home and had a clean install, no problems. Using IE downloaded an anti-virus program, and then, because it was the latest version, downloaded and installed Firefox 4.0. As I began to search the internet for other programs to install after about maybe 10-15 minutes my computer crashes. Blank screen (yet monitor was still receiving a signal from computer) and completely frozen (couldn't even change the caps and num lock on keyboard). I thought I perhaps forgot to reboot after an update so I did a manual reboot and it started up fine.
When ever I got on the internet (still using firefox) it would crash after anywhere between 5-15 minutes. Since I've had good experience with FF in the past I thought it must be either the drivers or a hardware problem. So in-between crashes I updated all the drivers. Still had the same problem. Took the computer to a friend who knows more about computers than I do, made sure all the drivers were updated, same problem. We thought that it might be a hardware problem (bad video card, chipset, overheating issues, etc.), but after my friend played around with my computer for a day he found that when he didn't start FF at all it worked fine, even after watching a movie, or going through a playlist on Youtube.
At the time of this posting I'm going to try to uninstall FF 4.0 and download and install FF 3.6.16 which is currently on my laptop and works like a dream. Hopefully that will do the trick, because I love using FF and would hate to have to switch to another browser. Hopefully Mozilla will work out the kinks with FF 4 so I can continue to use it.
I apologize for the lengthy post. Any feedback would be appreciated, but is not necessary. I will try and post back after I try FF 3.16.6. -
Adobe XI freezes or crashes when using two pdf documents that are open at the same time?
I have run all the updates, taken it off protected mode.........
Hi dojbuckley,
Are you performing edit operations on both the pdf's simultaneously?
Is Acrobat 11 updated to v11.0.7?
Regards,
Rave -
Changing Your Active Directory Domain Name
Our organization is going to need to rename our current AD domain. We're currently at Server 2012 R2 AD level. We're at the very beginning planning level and are looking for some planning guidance. I realize that one can rename a domain but that sounds a
bit too tricky in theory to us. Setting up a new domain would be the best for us in the long run we think.
Are there any planning guides out there for such a change to AD?
Orange County District AttorneyIn terms of a rename, the technet from Ed it perfect. A migration is another option -
http://technet.microsoft.com/en-us/library/cc974332(v=WS.10).aspx
This means setting the new domain up clean and then migrating the objects. Really depends upon how big the existing domain is. If it's large, then migrating the objects in an automated way is easier than recreating them in a new domain by
hand. Food for thought. -
How can I find the currently logined domain name on Windows??
Dear,
I've a program that query some user account information from A.D.
But I don't want to hard code anything.
I've read some previous post about using LDAP, and using DNS queries to found all LDAP server of A.D.
But how can I get the A.D. domain name in Java?
for example
ldcp://_ldap._tcp.xxxx.yyyy
I want to get "xxxx.yyyy" from the logined user account. It is possible in Java.You coud use the NTSystem class to derive the NetBIOS domain name, however without doing some gymnastics it isn't easy to derive the fully qualified domain name. import java.io.*;
import com.sun.security.auth.module.NTSystem;
class NTDomain {
public static void main(String[] args) {
NTSystem system = new NTSystem();
String domain = system.getDomain();
System.out.println("Domain: " + domain);
}The only other alternatives could be to check the domain suffix of the user principal that was authenticated via Kerberos ....
lc = new LoginContext(searchkrb5.class.getName(),new SampleCallbackHandler());
lc.login();
catch (LoginException le) {
System.out.println("Logon failed: " + le);
System.exit(-1);
System.out.println("Authenticated via GSS-API");
System.out.println("User: " + lc.getSubject().getPrincipals().toString); however I think that you still have to specifify the Kerberos realm in the apps configuration file.
Another alternative could be to make assumptions about the machines hostname, however one day an assumption will always be proven wrong, (eg. The machine's DNS domain name does not need to match the Active Directory domain).
Unless there is a Java API to read the Windows registry or extract Kerberos ticket information from the WIndows Kerberos ticket cache, you may be kind of stuck. -
Use Profile Manager to configure 802.1x authentication to Active Directory
I have an OS X Lion Server running profile manager, and I want to authenticate Macs against Active Directory. My test machine is running Lion as well.
If I configure the profile to for WPA/WPA2 Enterprise security type and PEAP protocol with a generic user name and password with explicit access on the RADIUS server, the machine can get on the 802.1x network
If I configure the profile to "Use as a Login Window configuration", the machine can get on the 802.1x network after entering the user name and password of an authorized RADIUS user.
Here's my problem:
I want to enable authentication for machines that are members of the Active Directory domain, but when I use the "Use Directory Authentication" option to authenticate with the target machine's directory credentials, the machine does not connect to my 802.1x network.
Any thoughts?
Thanks!!!!I'm trying to do the same thing, but I'm using Mountain Lion Profile Manager. If I can't get this to work I'm going to try SCEP and certificate authentication.
-
Error when used hana studio to import Delivery Unit
HANA version:1.00.80.00.391861
HANA studio version:1.80.3
Plantform :SUSE Linux Enterprise Server 11.2
I meet a error when used hana studio followed that steps to import Delivery Unit:
Launch HANA Studio
Select your HANA instance
On the Quick launch page, choose Content -> Import
Now Select HANA Content -> Delivery unit.
Choose Next
Select the server, browse the Service DU (Service DU on server: SYS/global/hdb/content): HCO_INA_SERVICE.tgz
Who can help me what shoud i do.
thanks.I has Resolved.
You must set the OS directory privileges which has listed on the picutre to 777 by 'chmod' command ,
if it's 775 or others. -
Is it possible to modify the timeout of the userID on my active directory domain when off network?
My work Macbook Pro is using a domain account from my office. When I travel and the domain controller is not reachable it takes 30 to 60 secs longer to log into my system because it has to wait for the active directory domain controller search to timeout before it will use cached credentials (i.e. a mobile account). Does anyone know how to modify my system settings to reduce the timeout or even eliminate the delay all together? I am running the latest version of Yosemite.
Thanks,
MikeHere is the modified VI, saved in LabVIEW 2012. Follow these steps to patch your system:
1. Close LabVIEW 2012.
2. Backup the following file: LabVIEW 2012\resource\Framework\Providers\VILibrary\libFrame_OpenPageRef.vi
3. Replace it with the version attached to this post.
4. Restart LabVIEW 2012.
Now you should no longer experience the 30 second timeout when the class property page loads. I set the timeout to "-1", so it should wait as long as necessary to open the page.
Note that if you ever repair or reinstall LabVIEW 2012, you'll need to patch this file again. Also, I wouldn't try patching any version other than 2012, since there may be other changes made to this VI across LabVIEW upgrades.
Darren Nattinger, CLA
LabVIEW Artisan and Nugget Penman
Attachments:
libFrame_OpenPageRef.vi 24 KB -
Any solution beside to rename the wifi access point without the spesial Norwegian letters æøå?
Your points match mine pretty well,though here are some thoughts:
1. I thought about this theory myself this morning (iTunes possibly causing more issues), but I haven't been able to verify it.
2. When I set up a new user it seemed better for a while, but the issue croppped back up. Yesterday I fully wiped the machine and reinstalled from scratch. I did not reimport my user from TimeMachine, but the problem has come back. My thinking was that I might have some really old software or prefs hanging around causing the issue. No dice.
3. This is my current theory of the issue, so my next step will be to pull the RAM from Crucial and see how the system behves. IF that doesn't eliminate the problem, I'll pull the factory installed RAM and replace it with the 3rd party RAM. The odd thing is how many people seem to have similar issues - I know two personally, and have seen several posts on forums. I think the most common point for this happening was the 10.7.2 update, which would point to software as the culprit.
4. That matches my experience.
My hope is that this will be repaired in the forthcoming 10.7.3 release (current production version is 10.7.2), but otuside of what I noted above, I'm at a loss. -
ORA-12514 Error when using Net Configuration Assistant
I have recently installed Oracle 11g on a Windows 2008 server and am now trying to connect via the Oracle client on my local machine.
Here is how I've been using Net Configuration Assistant so far:
Listener Configuration
The name of my listener is LISTENER_PROXIMA (proxima is the name of the server). Does this need to be named something else? Something specific?
I'm using TCP to connect.
I'm using standard port 1521.
Naming Methods
Local Naming and Easy Connect Naming
Local Net Service Name
Service name is ADMI04 (checked this against the lsnrstl service status on the server and it's correct)
Using TCP
Using the hostname proxima.domain-name.com
I'm attempting to connect as SYS (but have tried others with the same result)
When I go to test the connection I keep getting the ORA-12514 error. Does anyone know what I should do? Reinstall the listener? If so, are there any suggestions or guidance for that?
Thank you.=================================
A couple of important points.
First, the listener is a server side only process. It's entire purpose in life is to receive requests for connections to databases and set up those connections. Once the connection is established, the listener is out of the picture. It creates the connection. It doesn't sustain the connection. One listener, with the default name of LISTENER, running from one oracle home, listening on a single port, will serve multiple database instances of multiple versions running from multiple homes. It is an unnecessary complexity to try to have multiple listeners or to name the listener as if it belongs to a particular database. That would be like the telephone company building a separate switchboard for each customer.
Second, the tnsnames.ora file is a client side issue. It's purpose is for address resolution - the tns equivalent of the 'hosts' file further down the network stack. The only reason it exists on a host machine is because that machine can also run client processes.
Assume you have the following in your tnsnames.ora:
larry =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT = 1521))
(CONNECT_DATA =
(SERVICE_NAME = curley)
)Now, when you issue a connect, say like this:
$> sqlplus scott/tiger@larrytns will look in your tnsnames.ora for an entry called 'larry'. Next, tns sends a request to (PORT = 1521) on (HOST = myhost) using (PROTOCOL = TCP), asking for a connection to (SERVICE_NAME = curley).
Where is (HOST = myhost) on the network? When the request gets passed from tns to the next layer in the network stack, the name 'myhost' will get resolved to an IP address, either via a local 'hosts' file, via DNS, or possibly other less used mechanisms. You can also hard-code the ip address (HOST = 123.456.789.101) in the tnsnames.ora.
Next, the request arrives at port 1521 on myhost. Hopefully, there is a listener on myhost configured to listen on port 1521, and that listener knows about SERVICE_NAME = curley. If so, you'll be connected.
What can go wrong?
First, there may not be an entry for 'larry' in your tnsnames. In that case you get "ORA-12154: TNS:could not resolve the connect identifier specified" No need to go looking for a problem on the host, with the listener, etc. If you can't place a telephone call because you don't know the number (can't find your telephone directory (tnsnames.ora) or can't find the party you are looking for listed in it (no entry for larry)) you don't look for problems at the telephone switchboard.
Maybe the entry for larry was found, but myhost couldn't be resolved to an IP address (say there was no entry for myhost in the local hosts file). This will result in "ORA-12545: Connect failed because target host or object does not exist"
Maybe there was an entry for myserver in the local hosts file, but it specified a bad IP address. This will result in "ORA-12545: Connect failed because target host or object does not exist"
Maybe the IP was good, but there is no listener running: "ORA-12541: TNS:no listener"
Maybe the IP was good, there is a listener at myhost, but it is listening on a different port. "ORA-12560: TNS:protocol adapter error"
Maybe the IP was good, there is a listener at myhost, it is listening on the specified port, but doesn't know about SERVICE_NAME = curley. "ORA-12514: TNS:listener does not currently know of service requested in connect descriptor"
=====================================
Maybe you are looking for
-
I just downloaded the 7 parts (Oracle8051EE_Intel_[1-7].tar) from ftp://ftp.oracle.com/pub/www/otn/linux/ and after running them through a cat Oracle8051EE_Intel_?.tar | tar xvzf - I had a staging area to install from! Though the massive 167MB .tar.g
-
Project management tool in SAP itself like Microsoft Project planner
Hi Experts, I need to have information on the project management tool available within SAP. Is there any project management tool like microsoft project planner available within SAP. I heard that SAP solution manager does it. Please let me know whethe
-
How can i give a parameter to user to select the column order in runtime
Select * from emp ; in parameter form for i need to create a parameter so the user can select whatever the column order he required. where is should write the order by clause
-
Oracle Database 10g - RAC install
1) I am trying to install Oracle 10g RAC (for Solaris Operating System (SPARC)) using 'Enterprise/Standard Edition for Solaris Operating System (SPARC, 64-bit) - ship_rel10_sol64_db.cpio.gz' downloaded installation. There is no separate installation
-
Firefox 5 crashes constantly when multiple pages are open. What's going on?
I was made by your team to update from Firefox 4.x to Firefox 5. Ever since Firefox stops responding and often crashes. Your new feature to pin pages in the taskbar is great and I currently have 10 pages pinned that I always want up. One of them is G