Machine Auth fails after NT domain computer account goes "stale"
AP1231G-A-K9
PEAP/MSCHAPv2
WPA/TKIP
WinXP sp2 with Native Supplicant
Machine Authentication against AD account via CiscoACS 3.2
A couple of things going on here:
1. Machine which hasn't logged into the Domain fails authentication until it's put back on the wire.
2. The client can't login, unless the AD computer object is removed and re-added. ??
Anyone else going through this?
-Dave
I have this going on as well. The machine account will only get re sync'ed during GPO while the machine is booting up. I would think enabling ms-chapv2 to allow password change would allow this but does not seem to work.
Similar Messages
-
i bought itunes match but after change my computer ( account is the same)..why i need to buy itunes match again?
When you are done with this issue, consider the computer back at the office may still
have access to your iTunes account, and it should be de-auhorized. You can do that
remotely, but be sure you carefully do not mess up your other computer iTunes libraries.
Good luck & happy computing! -
Time Machine Backup fails after Restore
Had my 500GB HD on my iMac fail. After being replaced by Apple, I performed a restore from 1TB time machine backup. After this was done, I set time machine back up to back up to this 1TB drive. I want it to append to the previous backups. However, the backup fails due to "backup is too large for the backup volume". It doesn't seem to want to append to previous backups but thinks this is an entirely new backup, which I guess is mostly true. I suspect this has to do with UUIDs of the new and old drives, but I'm not sure how to correct it (I'd prefer not to just wipe the backup disk and start over). I migrated backups before from one extenal HD to another but can't remember what I did... If anyone has steps to fix this, let me know em. Thanks.
Here's the time machine log:
Starting standard backup
Backing up to: /Volumes/MyBook-Mac/Backups.backupdb
Event store UUIDs don't match for volume: Macintosh HD
Node requires deep traversal:/ reason:kFSEDBEventFlagMustScanSubDirs|
Starting pre-backup thinning: 506.55 GB requested (including padding), 502.31 GB available
No expired backups exist - deleting oldest backups to make room
Error: backup disk is full - all 0 possible backups were removed, but space is still needed.
Backup Failed: unable to free 506.55 GB needed space
Backup failed with error: Not enough available disk space on the target volume.
Message was edited by: Delmonte3161Delmonte3161 wrote:
Had my 500GB HD on my iMac fail. After being replaced by Apple, I performed a restore from 1TB time machine backup. After this was done, I set time machine back up to back up to this 1TB drive. I want it to append to the previous backups. However, the backup fails due to "backup is too large for the backup volume". It doesn't seem to want to append to previous backups but thinks this is an entirely new backup, which I guess is mostly true. I suspect this has to do with UUIDs of the new and old drives,
yes, that's correct. TM will make a full backup after a full system restore on a new hard drive because the UUIDs of the new drive is different from the old one.
you may try the following hack to get around it
http://www.macosxhints.com/article.php?story=20090213071015789
But I make no promises about how well it works.
but I'm not sure how to correct it (I'd prefer not to just wipe the backup disk and start over). I migrated backups before from one extenal HD to another but can't remember what I did... If anyone has steps to fix this, let me know em. Thanks.
Here's the time machine log:
Starting standard backup
Backing up to: /Volumes/MyBook-Mac/Backups.backupdb
Event store UUIDs don't match for volume: Macintosh HD
Node requires deep traversal:/ reason:kFSEDBEventFlagMustScanSubDirs|
Starting pre-backup thinning: 506.55 GB requested (including padding), 502.31 GB available
No expired backups exist - deleting oldest backups to make room
Error: backup disk is full - all 0 possible backups were removed, but space is still needed.
Backup Failed: unable to free 506.55 GB needed space
Backup failed with error: Not enough available disk space on the target volume.
Message was edited by: Delmonte3161 -
Autologon fails after MDT domain join.
I have a Post OS Installation Task setup that I've added the
Recover form Domain step to. I use this TS just to join the PC to our domain. When I run the TS the PC does join our domain correctly but after the reboot it tells me that the username or password is incorrect. I'm presented
with a logon prompt and the username is set to ".\Administrator". I simply type in our default local admin password (not changing the username) and the PC logs in and the TS finishes successfully. What has me confused is I've checked the unattend.xml
file and the username and password is correct, although the username is entered as just "Administrator". I'm pretty sure that the ".\" just refers to the local computer instead of a domain so I don't see what the problem is. Any suggestions
on this one?'Define Target Computer
strComputer = "."
'Set object values
Set oArguments = WScript.Arguments.Named
Set oShell = CreateObject("WScript.Shell")
Set oWMI = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\CIMV2")
'Define ASCII Characters
chrSpace = Chr(32)
chrSingleQuote = Chr(39)
chrDoubleQuote = Chr(34)
'Show Script Usage
If (oArguments.Exists("?")) And (WScript.Arguments.Count = "1") Then
WScript.Echo(WScript.ScriptName & chrSpace & "Usage:" & _
vbCrLf & vbCrLf & _
"Script Interpreter: [cscript.exe] or [wscript.exe]" & _
vbCrLf & vbCrLf & _
"Script Location:" & chrSpace & chrDoubleQuote & Replace(oShell.CurrentDirectory & "\" & WScript.ScriptName, "\\", "\") & chrDoubleQuote & _
vbCrLf & vbCrLf & _
"Optional Arguments:" & _
vbCrLf & vbCrLf & _
"[/JoinDomain]" & chrSpace & "And" & chrSpace & "[/Domain:" & chrDoubleQuote & "MyDomain.com" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/JoinWorkgroup]" & chrSpace & "And" & chrSpace & "[/WorkGroup:" & chrDoubleQuote & "MyWorkGroup" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/Rename]" & chrSpace & "And" & chrSpace & "[/Name:" & chrDoubleQuote & "MyDeviceName" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/SvcAcctDmn:" & chrDoubleQuote & "MyDomain" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/SvcAcct:" & chrDoubleQuote & "MyDomain\MySvcAcct" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/SvcAcctPw:" & chrDoubleQuote & "MySvcAcctPw" & chrDoubleQuote & "]" & _
vbCrLf & vbCrLf & _
"[/UnjoinDomain]" & _
vbCrLf & vbCrLf & _
"[/Restart]")
WScript.Quit
End If
'Define Required Arguments
argDomain = Trim(UCase(oArguments.Item("Domain")))
argWorkGroup = Trim(UCase(oArguments.Item("Workgroup")))
argSvcAcct = Trim(UCase(oArguments.Item("SvcAcct")))
argSvcAcctDmn = Trim(UCase(oArguments.Item("SvcAcctDmn")))
argSvcAcctPw = oArguments.Item("SvcAcctPw")
'Define Optional Arguments
If (oArguments.Exists("Name")) Then
argName = Left(oArguments.Item("Name"), 15)
argName = Trim(UCase(argName))
End If
'Define Variables
'Amount of seconds to wait "Change the first number only as WScript.Sleep method expects the value in milliseconds."
intSeconds = Int(15 * 1000)
'Gather Information From WMI
'Query #1 - Win32_BIOS
Set oBIOS = oWMI.ExecQuery("Select * From Win32_BIOS")
If (oBIOS.Count > 0) Then
For Each oItem In oBIOS
If Not IsNull(oItem.SerialNumber) Then
strSerialNumber = Left(oItem.SerialNumber, 15)
strSerialNumber = Trim(UCase(strSerialNumber))
End If
Next
End If
'Query #2 - Win32_OperatingSystem
Function RestartDevice
Set oWMI = GetObject("winmgmts:{(Shutdown)}//" & strComputer & "/root/cimv2")
Set oOperatingSystem = oWMI.ExecQuery("Select * From Win32_OperatingSystem")
If (oOperatingSystem.Count > 0) Then
For Each oItem In oOperatingSystem
If (oItem.Primary = True) Then
RestartDevice = oItem.Reboot()
End If
Next
End If
End Function
'Query #3 - Win32_ComputerSystem
Set oComputerSystem = oWMI.ExecQuery("Select * From Win32_ComputerSystem")
'Process the collection only if the query has results
If (oComputerSystem.Count > 0) Then
'Begin a for loop on the collection
For Each oItem In oComputerSystem
'Determine the value of the "DNSHostName" property
If Not IsNull(oItem.DNSHostName) And Not IsNull(oItem.Domain) Then
strDNSHostName = Trim(UCase(oItem.DNSHostName & "." & oItem.Domain))
End If
'Determine the value of the "Domain" property
If Not IsNull(oItem.Domain) Then
strDomain = Trim(UCase(oItem.Domain))
End If
'Determine the value of the "PartOfDomain" property
If Not IsNull(oItem.PartOfDomain) Then
strPartOfDomain = Trim(UCase(oItem.PartOfDomain))
End If
'Determine the value of the "Name" property
If Not IsNull(oItem.Name) Then
strComputerName = Trim(UCase(oItem.Name))
End If
'Determine the value of the "Username" property
If Not IsNull(oItem.UserName) Then
strDomainUserName = Trim(oItem.UserName)
If InStr(oItem.UserName, "\") > 0 Then
strUserName = Mid(oItem.UserName, InStr(oItem.UserName, "\") + 1)
strUserName = Trim(strUserName)
End If
End If
'Determine the value of the "Workgroup" property
If Not IsNull(oItem.Workgroup) And (oItem.PartOfDomain = False) Then
strWorkgroup = Trim(UCase(oItem.Workgroup))
End If
'Rename the device using the name specified in ArgName (Specified name will be truncated to 15 characters for computer name limit)
If (oArguments.Exists("Rename")) And (oArguments.Exists("Name")) And Not (ArgName = "") Then
RenameDevice = oItem.Rename(argName, argSvcAcct, argSvcAcctPw)
WScript.Sleep(intSeconds)
If (RenameDevice = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successfully renamed to" & chrSpace & chrDoubleQuote & argName & chrDoubleQuote & "." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was not renamed successfully." & chrSpace & "(" & RenameDevice & ")" & "." & vbCrLf)
WScript.Quit(RenameDevice)
End If
'Rename the device using its serial number truncated to 15 characters for computer name limit
ElseIf (oArguments.Exists("Rename")) And Not (oArguments.Exists("Name")) Then
RenameDevice = oItem.Rename(strSerialNumber, argSvcAcct, argSvcAcctPw)
WScript.Sleep(intSeconds)
If (RenameDevice = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successfully renamed to" & chrSpace & chrDoubleQuote & strSerialNumber & chrDoubleQuote & "." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was not renamed successfully." & chrSpace & "(" & RenameDevice & ")" & "." & vbCrLf)
WScript.Quit(RenameDevice)
End If
End If
'Remove device from the Domain
If (strPartOfDomain = "TRUE") And (oArguments.Exists("UnjoinDomain")) Then
UnjoinDomain = oItem.UnjoinDomainOrWorkgroup(argSvcAcctPw, argSvcAcct)
WScript.Sleep(intSeconds)
If (UnjoinDomain = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successfully removed from the" & chrSpace & chrDoubleQuote & strDomain & chrDoubleQuote & chrSpace & "domain." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was unsuccessful" & chrSpace & "(" & UnjoinDomain & ")" & chrSpace & "in being removed from the" & chrSpace & chrDoubleQuote & strDomain & chrDoubleQuote & chrSpace & "domain." & vbCrLf)
WScript.Quit(UnjoinDomain)
End If
End If
'Join the specified Domain
If (strPartOfDomain = "FALSE") And (oArguments.Exists("JoinDomain")) And (oArguments.Exists("Domain")) And Not (argDomain = "") And Not (oArguments.Exists("JoinWorkGroup")) Then
Const Join_Domain = 1
Const Acct_Create = 2
Const Win9x_Upgrade = 16
Const Domain_Join_If_Joined = 32
Const Join_Unsecure = 64
Const Machine_Password_Passed = 128
Const Deferred_Spn_Set = 256
Const Install_Invocation = 262144
fJoinOptions = Join_Domain + Acct_Create
JoinDomain = oItem.JoinDomainOrWorkgroup(argDomain, argSvcAcctPw, argSvcAcct, Null, fJoinOptions)
WScript.Sleep(intSeconds)
If (JoinDomain = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successful in joining the" & chrSpace & argDomain & chrSpace & "domain." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was unsuccessful" & chrSpace & "(" & JoinDomain & ")" & chrSpace & "in joining the" & chrSpace & chrDoubleQuote & argDomain & chrDoubleQuote & chrSpace & "domain." & vbCrLf)
WScript.Quit(JoinDomain)
End If
End If
'Join the specified Workgroup
If (strPartOfDomain = "FALSE") And (oArguments.Exists("JoinWorkGroup")) And (oArguments.Exists("WorkGroup")) And Not (argWorkGroup = "") And Not (oArguments.Exists("JoinDomain")) Then
JoinWorkGroup = oItem.JoinDomainOrWorkgroup(argWorkgroup, argSvcAcctPw, argSvcAcct, Null, 0)
WScript.Sleep(intSeconds)
If (JoinWorkGroup = "0") Then
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was successful in joining the" & chrSpace & argWorkgroup & chrSpace & "workgroup." & vbCrLf)
Else
WScript.Echo(chrDoubleQuote & strComputerName & chrDoubleQuote & chrSpace & "was unsuccessful" & chrSpace & "(" & JoinWorkgroup & ")" & chrSpace & "in joining the" & chrSpace & chrDoubleQuote & argWorkgroup & chrDoubleQuote & chrSpace & "workgroup." & vbCrLf)
WScript.Quit(JoinWorkGroup)
End If
End If
Next
End If
'Provide information about the device
If (oArguments.Exists("Info")) Then
If Not (strDNSHostName = "") Then
WScript.Echo("FDQN:" & chrSpace & strDNSHostName & vbCrLf)
End If
If Not (strDomain = "") Then
WScript.Echo("Domain:" & chrSpace & strDomain & vbCrLf)
End If
If Not (strPartOfDomain = "") Then
WScript.Echo("Currently joined to a domain:" & chrSpace & strPartOfDomain & vbCrLf)
End If
If Not (strComputerName = "") Then
WScript.Echo("Computer name:" & chrSpace & strComputerName & vbCrLf)
End If
If Not (strDomainUserName = "") Then
WScript.Echo("Current Username w/ Domain:" & chrSpace & strDOmainUserName & vbCrLf)
End If
If Not (strUserName = "") Then
WScript.Echo("Current Username w/o Domain:" & chrSpace & strUserName & vbCrLf)
End If
If Not (strWorkgroup = "") And (strPartOfDomain = "FALSE") Then
WScript.Echo("Workgroup:" & chrSpace & strWorkgroup & vbCrLf)
End If
End If
'Optionally Restart Device
If (oArguments.Exists("Restart")) Then
Call RestartDevice
End If
If you use this script at the end of your task sequence, it will complete the domain join. Working and tested successfully.
1. You need to remove Domain Information from Unattend.xml files for MDT so that it cannot write the variables to these sections and join the computer to the domain too early.
2. Create a Task Sequence Group
3. Create a "Run Command Line" Task Sequence Step
3a. Name the step as the following
Join "%OSDDomainName%" Domain as "%OSDJoinAccount%"
3b. Run the following command
cscript.exe "%SCRIPTROOT%\Custom-ZTIDomainJoin.vbs" /JoinDomain /Domain:"%OSDDomainName%"
/SvcAcct:"%OSDJoinAccount%" /SvcAcctPw:"%OSDJoinPassword%"
3c. Place the following conditions on it
If All Conditions Are True
Task Sequence Variable HostName equals %SerialNumber%
Task Sequence Variable IsVM equals False
This script can rename, join workgroup, join domain, unjoin domain, and restart the device all based on arguments
@Microsoft Import this into MDT somehow because the post DomainJoin functionality does not appear to work for my environment, but of course, this could be my environment, but hopefully this helps somebody! -
Time Machine backups fail after initial drive connection, cannot eject drive
I have a Macbook Pro 13" Retina Display, 8GB running OS X Mavericks 10.9.4 and have set Time Machine backups to a 1TB WD My Passport. When I first connect the drive the backup will run fine, but subsequent backups always fail. In addition I typically cannot eject the drive. I've scoured online forums and have completely reformatted the drive, and have even deleted some backup settings files from the hard drive, none of these has resolved my issue.
These instructions must be carried out as an administrator. If you have only one user account, you are the administrator.
Launch the Console application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Console in the icon grid.
The title of the Console window should be All Messages. If it isn't, select
SYSTEM LOG QUERIES ▹ All Messages
from the log list on the left. If you don't see that list, select
View ▹ Show Log List
from the menu bar at the top of the screen.
In the top right corner of the Console window, there's a search box labeled Filter. Initially the words "String Matching" are shown in that box. Enter the word "Starting" (without the quotes.) You should now see log messages with the words "Starting * backup," where * represents any of the words "automatic," "manual," or "standard."
Each message in the log begins with the date and time when it was entered. Note the timestamp of the last "Starting" message that corresponds to the beginning of an an abnormal backup. Now
CLEAR THE WORD "Starting" FROM THE TEXT FIELD
so that all messages are showing, and scroll back in the log to the time you noted. Select the messages timestamped from then until the end of the backup, or the end of the log if that's not clear. Copy them to the Clipboard by pressing the key combination command-C. Paste into a reply to this message by pressing command-V.
☞ If all you see are messages that contain the word "Starting," you didn't clear the text field.
☞ The log contains a vast amount of information, almost all of which is irrelevant to solving any particular problem. When posting a log extract, be selective. Don't post more than is requested.
Please don't indiscriminately dump thousands of lines from the log into this discussion.
Please don't post screenshots of log messages—post the text.
☞ Some private information, such as your name, may appear in the log. Anonymize before posting. -
Time Machine backups fail after initial backup in Yosemite
After upgrading from Mavericks to Yosemite, I was able to run one backup to my trusty USB drive. Subsequent backups all start with "Preparing backup", and will write roughly 900KB to disk (or so it says) and then fails. I created a Time Machine-compatible network drive on my Drobo 5n, and again, the initial backup is successful, and subsequent ones fail. This is concerning and infuriating. I'm hoping someone out there has encountered this problem as well.
Please note: this is regarding backups only. I see a handful of discussions about not being able to perform restores in Yosemite, but that is not my issue.Same here.
From Time Machine Buddy app:
Starting manual backup
Total content size: 424.3 GB excluded items size: 21.01 GB for volume Macintosh HD
Found 2439814 files (403.3 GB) needing backup
424.87 GB required (including padding), 250.63 GB available
Deleted backup /Volumes/Backupmac/Backups.backupdb/.df. (3)/2014-10-23-120445.inProgress/F8CFC567-7E6E-49B0-B366-88DF31DAF49B containing 4 KB; 250.63 GB now available, 424.87 GB required
Removed 1 expired backups so far, more space is needed - deleting oldest backups to make room
Deleted 1 backups containing 4 KB total; 250.63 GB now available, 424.87 GB required
Backup date range was shortened: oldest backup is now Oct 23, 2014
Backup failed with error 7: Not enough available disk space on the target volume.
It wants to do a full backup. Fine... so why doesn't it just delete more of the old backups to do so? I don't want to wipe the backup drive and start over now, but that seems like the only way to go. -
Ldap test tool and auth failing after upgrade to 11gR2
Hi All,
We have recently upgraded our apex database from 10.2.0.3.0 to 11.2.0.2.0 using apex 3.2. We have been able to confirm that all apex applications work as expected apart from the apex ldap utility. The tool returns "Authentication failed!" even though the ldap server port and DN string have not changed from previously. We can confirm that ldap bind works as well as using the sql directly through the database.
Has anyone come accross any problems with something similar?
Thanks in advance,
BrettGot it resolved. Since we are using a custom LDAP application we had to run the script not only for the DB account APEX_030200 but also the DB Account that is associated with the workspace containing the custom application or package.
-
Powershell DSC - xSQLServerInstall - Fails When Using Domain Service Accounts
I'm using the xSQLServerInstall from
http://www.powershellmagazine.com/2014/02/09/desired-state-configuration-dsc-resource-kit-wave-2/ which I've modified to accept parameters for the SQL Server service account and the SQL Agent service account. The script runs to the point where it
validates the service accounts, then fails with an error saying it can't find the account. I'm running it in Powershell ISE as Administrator. When I run ISE under my own credentials the script fails sooner saying I lack permissions even though
I'm a local admin. Any thoughts?
Michael Brule Senior Database Specialist Microsoft SQL Server Voya FinancialWhen I open ISE using the "Run as Administrator" option I get this error in ISE:
PowerShell DSC resource MSFT_xSqlServerInstall failed to execute Set-TargetResource functionality with error message: SQL
Server installation did not succeed. For more details please refer to the logs under C:\Program Files\Microsoft SQL
Server\110\Setup Bootstrap\Log folder.
+ CategoryInfo : InvalidOperation: (:) [], CimException
+ FullyQualifiedErrorId : ProviderOperationExecutionFailure
+ PSComputerName : localhost
The SendConfigurationApply function did not succeed.
+ CategoryInfo : NotSpecified: (root/Microsoft/...gurationManager:String) [], CimException
+ FullyQualifiedErrorId : MI RESULT 1
+ PSComputerName : localhost
....and this error in the bootstrap log:
Overall summary:
Final result: Failed: see details below
Exit code (Decimal): -2068578304
Exit facility code: 1204
Exit error code: 0
Exit message: Account 'ORANGE\SQLSERVICE' provided for service 'SQLAgent$APPLE' does not exist. Provide an existing account name for the service.
Start time: 2015-02-26 09:35:09
End time: 2015-02-26 09:35:48
Requested action: Install
Exception type: Microsoft.SqlServer.Chainer.Infrastructure.InputSettingValidationException
Message:
Account 'ORANGE\SQLSERVICE' provided for service 'SQLAgent$APPLE' does not exist. Provide an existing account name for the service.
HResult : 0x84b40000
FacilityCode : 1204 (4b4)
ErrorCode : 0 (0000)
Data:
SQL.Setup.FailureCategory = InputSettingValidationFailure
DisableWatson = true
Stack:
at Microsoft.SqlServer.Chainer.Infrastructure.InputSettingService.LogAllValidationErrorsAndThrowFirstOne(ValidationState vs)
at Microsoft.SqlServer.Configuration.SetupExtension.ValidateFeatureSettingsAction.ExecuteAction(String actionId)
at Microsoft.SqlServer.Chainer.Infrastructure.Action.Execute(String actionId, TextWriter errorStream)
at Microsoft.SqlServer.Setup.Chainer.Workflow.ActionInvocation.ExecuteActionHelper(TextWriter statusStream, ISequencedAction actionToRun, ServiceContainer context)
Inner exception type: Microsoft.SqlServer.Configuration.Agent.InputValidationException
Message:
Account 'ORANGE\SQLSERVICE' provided for service 'SQLAgent$APPLE' does not exist. Provide an existing account name for the service.
HResult : 0x851c0001
FacilityCode : 1308 (51c)
ErrorCode : 1 (0001)
Michael Brule Senior Database Specialist Microsoft SQL Server Voya Financial -
Setup cannot grant the domain\computer$ account access to the DPM database ID: 832
I'm having an issue getting DPM 2012 to install using a remote database. The remote sql server is Windows 2008 R2 with SQL 2008 R2. The DPM server and the database server are not DC's either. I have tried everything I can think of from granting permissions
to both windows and SQL, rechecking my installation of SQL, checking the application and system logs on both servers and even going through the error log for the DPM installation. No matter what I do I seem to get the same error and it has now been 3 days
without me having a backup. Can someone please help me out? The information on this error seems to be pretty scarce and I am no longer sure what to do besides calling Microsoft for help.Using your naming convention, I pasted my log for the same. It seems to throw an exception right after deleting the group.
[2/22/2013 10:48:10 AM] Information : Adding local group DPMDBAdministrators$DPM3 on server SQLR2
[2/22/2013 10:48:10 AM] Information : Deleting local group DPMDBAdministrators$DPM3on server SQLR2
[2/22/2013 10:48:10 AM] * Exception : Ignoring the following exception intentionally => An error occurred while trying to configure DPM.Uninstall DPM by using Add or Remove Programs in Control Panel, and then run DPM Setup again.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException:
Exception of type 'Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException' was thrown.
at Microsoft.Internal.EnterpriseStorage.Dls.Setup.Wizard.SecurityConfigurationHandler.DeleteLocalGroup(String serverName, String localGroupName)
at Microsoft.Internal.EnterpriseStorage.Dls.Setup.Wizard.SecurityConfigurationHandler.AddLocalGroup(String serverName, String localGroupName)
*** Mojito error was: DpmSetupConfigurationError; 2220; WindowsAPI
[2/22/2013 10:48:10 AM] Information : Add user: CONTOSO\administrator to local group: DPMDBAdministrators$DPM3on server: SQLR2
[2/22/2013 10:48:10 AM] Information : Adding local group MSDPMTrustedUsers on server DPM3
[2/22/2013 10:48:10 AM] Information : Deleting local group MSDPMTrustedUsers on server DPM3
[2/22/2013 10:48:10 AM] * Exception : Ignoring the following exception intentionally => An error occurred while trying to configure DPM.Uninstall DPM by using Add or Remove Programs in Control Panel, and then run DPM Setup again.Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException:
Exception of type 'Microsoft.Internal.EnterpriseStorage.Dls.Setup.Exceptions.BackEndErrorException' was thrown.
SORRY - Just realized I commented with another logon. -
Time Machine restore failing after 08 MacBook Pro updated to Maverick.
hi,
I have a 2.53GHz processor intel core 2 duo. 4GB 1067MHz DDR3 MacBook pro, circa 2008, and running Lion since 2012.
I have been backing up using a 1TB time capsule for the last 2 years.
Now I have just had a clean install to Maverick OSX10.9.5, but cannot see any files in the time machine pre-dating the install.
when I enter the time machine, the date bar on the right shows all the old backup dates, and will 'scoot' back to them, but all the finder window images are black, and will not populate with any data at all.
I've tried restoring from applications - that doesn't work either.
I have tried using the migration assistant and that doesn't see any HD prior to the clean install.
its bugging and worrying me (lost baby photos drama)
notebook to notebook migration help page says something about the source OS needing to be Mountain lion or newer, but does this apply to time machine back ups as well?
I didn't have this information prior to the update. boo.
can anyone shed some light for me?While in Time Machine, press the key combination shift-command-C. The front window will show all mounted volumes. All snapshots should now be accessible. Select the one you want and navigate to the files you want to restore.
-
Wired Dot1x and forcing machine auth on windows
I've got wired dot1x authentication working ok. the ACS server backs off to a windows domain so machine level authentication works fine. However I can't see a way of forcing windows to only ever do machine authentication. Has anyone else looked at this? I could enable the option on the ACS server to require a previous machine auth before it accepts a user auth but it can only cache this for a limited amount of time. The only way to get a machine auth is for there not to be a user logged on at the time. If we accept user auth then any user can bring their own machine onto the network but we this is what we want to stop and only allow bank standard (i.e. domain members) machines on the network.
cheers
MikeRight, you need AuthMode = 2.
If onlky allowing domain memebers onto the network is the primary goal, then you may also want to consider:
* The Machine Access Restriction feature on ACS (what you referred to before as a cache, but does help for mitigation of this threat).
* Denying dial-in permisssions on user accounts (but this may break other things you may be using for remote access).
Example: If someone brought in there PC from home with virtually any supplicant on it, they're on the network as long as their NT credentials check out (whether machine-auth fails or not, b/c remember they can configure their own supplicant). -
Computer Accounts getting corrupted
Hi!
We have Windows 2008 R2 DCs. Our domain computer accounts are many times getting corrupted and showing error "The trust relationship between this computer and domain controller has failed". We have to disjoin and rejoin the pcs to domain to fix
it.
Any Suggestions?
Thanks.I would agree with Manjunath, if you just clone the machine you end up with the exact same SID and when you add multiple machines with this same sid the latest joined machine will alter the name and password of the sid and the old machines will lose the
ability to particpate in the domain. So unfortuantely, if this is the case you need to go back and get each cloned machine corrected or this will continue to occur.
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
SDK service using domain user trying to set SPN for computer account
I have a SDK service running under a domain user account, but it tries to register the SPN for the computer account of the machine?!
Therefore I get the following alert:
The System Center Data Access service failed to register an SPN. A domain admin needs to add MSOMSdkSvc/WIN-9IAJC0HS9RJ and MSOMSdkSvc/WIN-9IAJC0HS9RJ.domainxx.local to the servicePrincipalName of CN=WIN-9IAJC0HS9RJ,CN=Computers,DC=domainxx,DC=local
Which makes sense because it has not the permissions to do that.
When I make the domain user account member of domain admins it has the concerning permissions and it indeed registers that SPN to the computer account. But why?? The SPN should be registered to the domain user account instead (and therefore I had given the
domain user account the read/write permissions to itself to do that).
I have the following SPN registered now for the computer and domain user account:
setspn -l WIN-9IAJC0HS9RJ
Registered ServicePrincipalNames for CN=WIN-9IAJC0HS9RJ,CN=Computers,DC=domainxx
DC=local:
MSOMSdkSvc/WIN-9IAJC0HS9RJ
MSOMSdkSvc/WIN-9IAJC0HS9RJ.domainxx.local
MSOMHSvc/WIN-9IAJC0HS9RJ
MSOMHSvc/WIN-9IAJC0HS9RJ.domainxx.local
TERMSRV/WIN-9IAJC0HS9RJ
TERMSRV/WIN-9IAJC0HS9RJ.domainxx.local
WSMAN/WIN-9IAJC0HS9RJ
WSMAN/WIN-9IAJC0HS9RJ.domainxx.local
RestrictedKrbHost/WIN-9IAJC0HS9RJ
HOST/WIN-9IAJC0HS9RJ
RestrictedKrbHost/WIN-9IAJC0HS9RJ.domainxx.local
HOST/WIN-9IAJC0HS9RJ.domainxx.local
setspn -l domainxx\omdas
Registered ServicePrincipalNames for CN=OMDAS,CN=Users,DC=domainxx,DC=local:
none for this account
I don't get it. Anyone?
I am using SCOM 2012 R2
Pls help.
Thanx in advance.
Regards
ChrisSCOM SDK service really tries to set its SPN to the computer account (although the SDK service is running using a domain user account). The alert is no bug!
I know this for sure because I gave the SDK service permission to do it - by making the domain user account member of the domain admins security group - and it indeed sets the SPN on the computer account.
The latter is the actual bug I would say! It should try to set the SPN for the domain user account the sdk service is running with.
Then again, nog having the SPN been set correctly to this domain user account, does not seem to bother SCOM at all indeed. Perhaps it uses NTLM instead in this scenario.
Can anyone comfirm? -
Adobe Photoshop CS4
I am receiving an error message "Error: 150:30" after having my computer serviced.
Repair shop completely stripped down my machine and reloaded Operating system, Yosemite 10.10.1.
I tried to download a Licensing update, but can't get that to open.????
My machine had originally been a clone of another Mac. Not it looks like a brand new computer.
Possibly there is something in system preferences to change? I turned off Firewall and allow downloads from all parties.
Thank You for you help!
joe150:30 means the licensing failed. Photoshop can't be moved like other programs from another drive or from backup.
I would suggest a reinstall to fix it. Anytime you move Photoshop from from drive to another, it breaks licensing. A install is the quickest way. to fix it.
When you are done with the install, apply all CS4 updates. Product updates
Gene
(Remember to mark the answer that solved your issue by clicking on “correct”. This indicates the question is answered and credits those who took time to help you or followup if there are further questions) -
I want to use SCCM 2012 R2 and OSD, to boot a bare metal machine, install and OS, and bind it to Active Directory. The catch is that I want the deployment process in SCCM to prompt for the following pieces of information, and then use that information to
bind the computer to Active Directory (W/O using MDT) instead of supply the data in the task sequence.
Computer Name
Domain
Domain OU
Domain Join Account
I am approaching this in a similar fashion as stated in this blog.
http://osdblog.com/2013/06/26/add-a-prompt-for-a-computer-name-in-your-sccm-deployment/
I have added the following collection variables to the unknown computers collection:
When I launch the task sequence, I am prompted as I would expect. I input the desired information, the deployment competes, but it does not bind to the domain. Here is what my TS looks like. I intentally disabbled the apply Network Settings step
because it forces you to enter specific information if it enabled. I don't want to that, thus why I am trying to use the variables.
My SMSTS log does not have a whole lot of meaningfull data, but I can post it if someone wants to see it. The only possible thing I could think of would be drivers, their are some driver errors in the log. However, if I turn on the Apply Networking setting
process in the task sequence and turn off the variables, the machines bind fine. With that in mind, I would not think my problem would be driver related. Anyone out there have expertise in using a process like this, that could assist?
--TonyAwesome! Thanks. One more thing, how should I supply the OSDJoinPassword variable? Should I just enter %OSDJoinPassword%
for Password and Confirm Password? I can not tell if it will actually read it as a variable or try to use "%OSDJoinPassword%" for
the actual password.
--Tony
Maybe you are looking for
-
Lightroom won't import a folder of jpg's
I tried to import a folder of jpgs on my Mac. It successfully imported about 175 and then just stopped (but I've got about 5,000+ photos). It will no longer import a single photo. How do I find the offending photo so I can resume my imports. I to
-
Hi all, does any one of you know about any restriction or any other issue involving SSO and JavaScript? We have a web app in an OC4J instance, which uses JSP and JavaScript. When SSO is disabled for the application, everything goes well. But when SSO
-
Hello All, I am using this API for creating a contact for an employee in R12. But, some times i am not able to create the contact successfully, and Unable to figure out proper reason for record erroring out. I dont find any out msg data variables for
-
I only need to convert some PDF to allow saving Fill-in Forms localy but I don't know how !!! Do I need Adobe LiveCycle Reader Extensions absolutely or there is another way to do it ? This web page: http://store.adobe.com/products/acrobat/acrrwhatsne
-
DB_CRYPTO_PASSWORD and Unicode
Hi, with DB_CRYPTO_PASSWORD you get different encodings for the same cleartext-pwd on unicode- and non-unicode-systems I suppose it depends on the different byte-code of char in unicode and non-unicode. You can convert chars from ascii to utf-8 and b