MfE on N8 Anna - Mandatory server policy failed. A...
Was previously using MfE on N8 with PR1.2 to our corporate exchange server with no problem. The server has security poicly that enforces setting of keylock code and keylock timeout.
Following update to Anna yesterday I'm no longer able to access my exchange mail. The error "Mandatory server policy failed. Access was refused. Contact your Exchange administrator." is displayed. This is a major disaster!
I do not have any control over the Exchange server - and am not able to get any settings changed.
I don't want to delete acount and recreate as if it fails I'll loose all syncronised contacts on phone.
I've seen other threads of MfE access problems, but my problem is specific to the security policy issue.
Regards
Cliff
This item is listed in another topic as solved but unfortunately it is not solved.
It is shame for Nokia. This problem is known since Mid of Jun 2011 so since 4 months, but nothing done.
Altough I just updated my device in mid of October, I was not informed by anyone about this bug.
Blackbarry has published a lot of free applications to their customers because of just two days down time in their mail server. We will see also the power of Nokia after resolvng the problem, (surely if ever anyone resolves this problem)
Thank you Nokia, that you are connecting us just with you by this kind of forums instead of with people...
Similar Messages
-
E6-00 Error mandatory server policy failed access ...
Hello
We just got a new E6-00 and wanted to connect it to our Exchange 2007 Servers using Mail for Exchange and Activesync.
We get the error "mandatory server policy failed access refused". E72 Nokia work with the same Activesync policy and E7-00 also. We have in the policy the setting that the device must be encrypted and I think this causes the error.
Does somebody know what can be done to get the E6-00 to connect, without changing the Activesync Policy?
Thank you for your answers.
regards
d
rHi, Even same isue being observed in E7-00(RM-626) with updated mail for exchange 3.0; but this time now admin_log.txt shows some more help regarding failure.
"04/12/2011 19:46:00 Policy Update: Partial failure
04/12/2011 19:46:00 Policy status 2
04/12/2011 19:46:00 Refused exchange access.
04/12/2011 19:46:00 Policy Update: This device is unable to implement all requested 04/12/2011 19:46:00 password policies. Your Exchange Server's 'Device Security'
04/12/2011 19:46:00 settings are currently configured to disallow access
04/12/2011 19:46:00 from any device that can't support all password policies.
04/12/2011 19:46:00 Contact your Exchange Administrator.
04/12/2011 19:46:00 ProcessStatusResponse LEAVE error=-15017
04/12/2011 19:46:00 CEasCmdHandler:oRunL - Main state machine. PreviousMainState = 8.CurrentMainState = 3. CurrentPolicyState =2.Error =-15017"
so we can approch exchnage server administrator for help and provide little lenecy for configuring mail on E7 handset. i have tried similar connection on iphone and android its working, i am attaching snapshot of android handset procedure which shows server policy downloaded from the GW server. this may help coder for resolution and make nokia suceed in CBA for mail for exchnage.
complete log attached for reference.
04/12/2011 19:40:37 Profile Updated
04/12/2011 19:45:38 Connected to connection method named Vodafone Mobile Connect with type Packet Data
04/12/2011 19:45:44 HTTP error code=449
04/12/2011 19:45:44 Policy Update: The Exchange Server has new Policy information. 04/12/2011 19:45:44 Policy Update: Requesting Policy.
04/12/2011 19:45:44 Server Protocol Version for provisioning is 4
04/12/2011 19:45:44 Ready to process policy response
04/12/2011 19:45:45 Continue Processing elements
04/12/2011 19:45:45 The following policies are not relevant to our phone
04/12/2011 19:45:45 Policy PasswordRecoveryEnabled = 0
04/12/2011 19:45:45 Policy AllowIrDA = 1
04/12/2011 19:45:45 Policy AllowRemoteDesktop = 1
04/12/2011 19:45:45 Policy MaxEmailHTMLBodyTruncationSize = -1
04/12/2011 19:45:46 Policy AllowSMIMESoftCerts = 1
04/12/2011 19:45:46 Policy AllowSMIMEEncryptionAlgorithmNegotiation = 2
04/12/2011 19:45:46 Policy AllowDesktopSync = 1
04/12/2011 19:45:46 Policy Approved Application List
04/12/2011 19:45:46 Policy Unapproved Application List
04/12/2011 19:45:46 End of not relevant policies section
04/12/2011 19:45:46 Version 12.0 policies
04/12/2011 19:45:46 Policy DevicePasswordEnabled = 1
04/12/2011 19:45:46 Policy RequireStorageCardEncryption = 1
04/12/2011 19:45:46 Policy RequireDeviceEncryption = 1
04/12/2011 19:45:46 Policy AlphanumericDevicePasswordRequired = 0
04/12/2011 19:45:46 Policy AttachmentsEnabled = 1
04/12/2011 19:45:46 Policy AllowSimpleDevicePassword = 1
04/12/2011 19:45:46 Policy MinPasswordLength =4
04/12/2011 19:45:46 Policy MaxInactivityTimeDeviceLock = 1800
04/12/2011 19:45:46 Policy MaxDevicePasswordFailedAttempts = 5
04/12/2011 19:45:46 Policy MaxAttachmentSize = -1
04/12/2011 19:45:46 Policy DevicePasswordExpiration = -1
04/12/2011 19:45:46 Policy DevicePasswordHistory = 0
04/12/2011 19:45:46 End Version 12.0 policies
04/12/2011 19:45:46 Version 12.1 policies
04/12/2011 19:45:46 Policy EmailBodyTruncateSize = -1
04/12/2011 19:45:46 Policy MaxCalendarAgeFilter = 0
04/12/2011 19:45:46 Policy MaxEmailAgeFilter = 0
04/12/2011 19:45:46 Policy MinDevicePasswordComplexCharacters = 3
04/12/2011 19:45:46 Policy AllowStorageCard = 1
04/12/2011 19:45:46 Policy AllowCamera = 1
04/12/2011 19:45:46 Policy AllowWiFi = 1
04/12/2011 19:45:46 Policy AllowBluetooth = 2
04/12/2011 19:45:46 End Version 12.1 policies
04/12/2011 19:45:46 The following received policies may cause us to fail server policy support
04/12/2011 19:45:47 Policy AllowTextMessaging = 1
04/12/2011 19:45:47 Policy SyncWhileRoaming = 1
04/12/2011 19:45:47 Policy AllowHtmlEmail = 1
04/12/2011 19:45:47 Policy RequireSignedSMIMEMessages = 0
04/12/2011 19:45:47 Policy RequireEncryptedSMIMEMessages = 0
04/12/2011 19:45:47 Policy RequireSignedSMIMEAlgorithm = 0
04/12/2011 19:45:47 Policy RequireEncryptionSMIMEAlgorithm = 0
04/12/2011 19:45:47 Policy AllowUnsignedApplications = 1
04/12/2011 19:45:47 Policy AllowUnsignedInstallationPackages = 1
04/12/2011 19:45:47 Policy AllowInternetSharing = 1
04/12/2011 19:45:47 Policy AllowPOPIMAPEmail = 1
04/12/2011 19:45:47 Policy AllowConsumerEmail = 1
04/12/2011 19:45:47 Policy AllowBrowser = 1
04/12/2011 19:45:47 *** Warning: Some unsupported server policies were found -- syncing may fail
04/12/2011 19:45:59 Policy Download: Updating to KAttachmentsEnabled = 1
04/12/2011 19:45:59 Policy Download: Updating to KMaxAttachmentSize = 0
04/12/2011 19:45:59 Policy Download: Updating to KEmailBodyTruncationSize = -1 04/12/2011 19:45:59 Policy Download: Updating to KMessageFormat = 1
04/12/2011 19:45:59 Policy Download: Updating to RequireManualSyncWhenRoaming = 1 04/12/2011 19:45:59 Policy Download: Updating to KMaxCalendarAgeFilter = 0
04/12/2011 19:45:59 Policy Download: Updating to KMaxEmailAgeFilter = 0
04/12/2011 19:46:00 Policy Update: Partial failure
04/12/2011 19:46:00 Policy status 2
04/12/2011 19:46:00 Refused exchange access.
04/12/2011 19:46:00 Policy Update: This device is unable to implement all requested 04/12/2011 19:46:00 password policies. Your Exchange Server's 'Device Security'
04/12/2011 19:46:00 settings are currently configured to disallow access
04/12/2011 19:46:00 from any device that can't support all password policies.
04/12/2011 19:46:00 Contact your Exchange Administrator.
04/12/2011 19:46:00 ProcessStatusResponse LEAVE error=-15017
04/12/2011 19:46:00 CEasCmdHandler:oRunL - Main state machine. PreviousMainState = 8.CurrentMainState = 3. CurrentPolicyState =2.Error =-15017
Attachments:
Android_mail.pdf 1299 KB -
E6 - Mail for Exchange (Mandatory Server Policy Fa...
I bought my E6 for couple of weeks, and have been having this problem when I tried to setup Mail for Exchange on my company's email account, and got this "Mandatory Server Policy Failed".
Just have Nokia Care reinstall all latest firmware, same problem exists. My software version is 022.014, version date is 2011-07-05.
I used to have the same setting on C7, E7 and my Android phones for my company's email, all works fine.
Any solutions for this?I have been trying to configure Mail for Exchange on Nokia E6-00, but it doesn't work at all. It doesn't ask for auto phone lock option mandatory. Which is asked while configuring Mail for Exchange on Nokia E63, E72 and 5530, 5800 and so on.
Also I have searched Mail for Exchange software on OVi store but it is not available for E6-00. So that I can updated the existing software in my phone.
Can anyone please guide to resolve this issue?
Mail for exchange is perfectly working on my E6-00 for Hotmail, Gmail, Yahoo but its not working while I tried to configure my Official email. -
Hello all-
I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
Here are the steps I am currently taking:
I create a new Group Policy called All Users and Computers and apply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies. The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
I change the GPO Enforced setting to Enforced.
I attempt to use the gpupdate command to see if the group policy can be updated successfully. In a command prompt, I type gpupdate <enter>. I receive the message 'Updating Policy...' then after about 15 seconds the message 'User Policy update has completed successfully.'
I keep the cmd window open. After about 10 seconds another message apperas which says "Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results."
I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"
Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created! I have no other group policies linked or enforced to any other OU/Domain/etc. Any help resolving this issue would be greatly appreciated.Hello all and thanks for the help. First a few things:
I understand that the DC should not be running RRAS, but this a simple server being used in aa home environment by 4 users and getting another server just for RRAS would be overkill.
Secondly, I currently have it so that while the router is handling DHCP, I have reserved a fixed IP for the server, so it always has 192.168.1.100. If I were to use the server as the DHCP, what would my hardware configuration have to look like? I currently have the router plugged into the ISP modem, and then server plugged into the router. All other clients connect to the router wirelessly.
Here's the dcdiag output. I tried dcdiag /fix but to no avail.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine KELLERDCFS, is a Directory Server.
Home Server = KELLERDCFS
* Connecting to directory service on server KELLERDCFS.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... KELLERDCFS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Advertising
The DC KELLERDCFS is advertising itself as a DC and having a DS.
The DC KELLERDCFS is advertising as an LDAP server
The DC KELLERDCFS is advertising as having a writeable directory
The DC KELLERDCFS is advertising as a Key Distribution Center
The DC KELLERDCFS is advertising as a time server
The DS KELLERDCFS is advertising as a GC.
......................... KELLERDCFS passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the event log File Replication Service does not exist.
......................... KELLERDCFS passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... KELLERDCFS passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KELLERDCFS passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... KELLERDCFS passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Domain Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role PDC Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Rid Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
......................... KELLERDCFS passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC KELLERDCFS on DC KELLERDCFS.
* SPN found :LDAP/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :LDAP/KELLERDCFS.keller-pa.net
* SPN found :LDAP/KELLERDCFS
* SPN found :LDAP/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :LDAP/42268b36-801f-4a6d-b162-34f3b01e04bb._msdcs.keller-pa.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42268b36-801f-4a6d-b162-34f3b01e04bb/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net
* SPN found :HOST/KELLERDCFS
* SPN found :HOST/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :GC/KELLERDCFS.keller-pa.net/keller-pa.net
......................... KELLERDCFS passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC KELLERDCFS.
* Security Permissions Check for
DC=ForestDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=keller-pa,DC=net
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=keller-pa,DC=net
(Configuration,Version 3)
* Security Permissions Check for
DC=keller-pa,DC=net
(Domain,Version 3)
......................... KELLERDCFS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\KELLERDCFS\netlogon
Verified share \\KELLERDCFS\sysvol
......................... KELLERDCFS passed test NetLogons
Starting test: ObjectsReplicated
KELLERDCFS is in domain DC=keller-pa,DC=net
Checking for CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net in domain DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net in domain CN=Configuration,DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
......................... KELLERDCFS passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... KELLERDCFS passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* KELLERDCFS.keller-pa.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1111
......................... KELLERDCFS passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KELLERDCFS passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:53:59
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:59:02
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:04:04
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:09:06
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:14:08
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:19:10
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:24:12
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:29:15
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:34:17
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:39:19
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:49:23
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... KELLERDCFS failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net and backlink
on
CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
The system object reference (serverReferenceBL)
CN=KELLERDCFS,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=keller-pa,DC=net
and backlink on
CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
......................... KELLERDCFS passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : keller-pa
Starting test: CheckSDRefDom
......................... keller-pa passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... keller-pa passed test CrossRefValidation
Running enterprise tests on : keller-pa.net
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
PDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
KDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
......................... keller-pa.net passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... keller-pa.net passed test Intersite
Here's the nslookup from Vista client:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Andrew>nslookup KELLERDCFS
Server: UnKnown
Address: 192.168.1.100
Name: KELLERDCFS.keller-pa.net
Addresses: 192.168.1.150
192.168.1.100
C:\Users\Andrew>
Thanks again! -
Hi there,
I'm a long time linux user (casual) and have recently got hold of a machine that I am using as a server. I am able to SSH into this fine from my laptop and I am doing all the setup from ssh.
I am trying to set it up so I can use Samba, however keep getting the following error
# smbclient -L [i]server[/i] -U%
Connection to [i]server[/i] failed (Error NT_STATUS_IO_TIMEOUT)
I thought I had followed the samba set up wiki to the letter
My smb.conf looks like so
[global]
usershare path = /var/lib/samba/usershare
usershare max shares = 100
usershare allow guests = yes
usershare owner only = false
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = MYGROUP
# server string is the equivalent of the NT Description field
server string = Samba Server
# This option is important for security. It allows you to restrict
# connections to machines which are on your local network. The
# following example restricts access to two C class networks and
# the "loopback" interface. For more examples of the syntax see
# the smb.conf man page
; hosts allow = 192.168.1. 192.168.2. 127.
# if you want to automatically load your printer list rather
# than setting them up individually then you'll need this
printcap name = /etc/printcap
load printers = yes
# It should not be necessary to spell out the print system type unless
# yours is non-standard. Currently supported print systems include:
# bsd, sysv, plp, lprng, aix, hpux, qnx
; printing = bsd
# Uncomment this if you want a guest account, you must add this to /etc/passwd
# otherwise the user "nobody" is used
; guest account = pcguest
# this tells Samba to use a separate log file for each machine
# that connects
log file = /var/log/samba/%m.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
# Security mode. Most people will want user level security. See
# security_level.txt for details.
security = user
# Use password server option only with security = server
; password server = <NT-Server-Name>
# Password Level allows matching of _n_ characters of the password for
# all combinations of upper and lower case.
; username level = 8
# You may wish to use password encryption. Please read
# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation.
# Do not enable this option unless you have read those documents
; encrypt passwords = yes
; smb passwd file = /etc/samba/smbpasswd
# The following are needed to allow password changing from Windows to
# update the Linux sytsem password also.
# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above.
# NOTE2: You do NOT need these to allow workstations to change only
# the encrypted SMB passwords. They allow the Unix password
# to be kept in sync with the SMB password.
; unix password sync = Yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *pass$
# Unix users can map to different SMB User names
; username map = /etc/samba/smbusers
# Using the following line enables you to customise your configuration
# on a per machine basis. The %m gets replaced with the netbios name
# of the machine that is connecting
# Configure Samba to use multiple interfaces
# If you have multiple network interfaces then you must list them
# here. See the man page for details.
; interfaces = 192.168.12.2/24 192.168.13.2/24
# Configure remote browse list synchronisation here
# request announcement to, or browse list sync from:
# a specific host or from / to a whole subnet (see below)
; remote browse sync = 192.168.3.25 192.168.5.255
# Cause this host to announce itself to local subnets here
; remote announce = 192.168.1.255 192.168.2.44
# Browser Control Options:
# set local master to no if you don't want Samba to become a master
# browser on your network. Otherwise the normal election rules apply
; local master = no
# OS Level determines the precedence of this server in master browser
# elections. The default value should be reasonable
; os level = 33
# Domain Master specifies Samba to be the Domain Master Browser. This
# allows Samba to collate browse lists between subnets. Don't use this
# if you already have a Windows NT domain controller doing this job
; domain master = yes
# Preferred Master causes Samba to force a local browser election on startup
# and gives it a slightly higher chance of winning the election
; preferred master = yes
# Use only if you have an NT server on your network that has been
# configured at install time to be a primary domain controller.
; domain controller = <NT-Domain-Controller-SMBName>
# Enable this if you want Samba to be a domain logon server for
# Windows95 workstations.
; domain logons = yes
# if you enable domain logons then you may want a per-machine or
# per user logon script
# run a specific logon batch file per workstation (machine)
; logon script = %m.bat
# Where to store roving profiles (only for Win95 and WinNT)
# %L substitutes for this servers netbios name, %U is username
# You must uncomment the [Profiles] share below
; logon path = \\%L\Profiles\%U
# All NetBIOS names must be resolved to IP Addresses
# 'Name Resolve Order' allows the named resolution mechanism to be specified
# the default order is "host lmhosts wins bcast". "host" means use the unix
# system gethostbyname() function call that will use either /etc/hosts OR
# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf
# and the /etc/resolv.conf file. "host" therefore is system configuration
# dependant. This parameter is most often of use to prevent DNS lookups
# in order to resolve NetBIOS names to IP Addresses. Use with care!
# The example below excludes use of name resolution for machines that are NOT
# on the local network segment
# - OR - are not deliberately to be known via lmhosts or via WINS.
; name resolve order = wins lmhosts bcast
# Windows Internet Name Serving Support Section:
# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server
; wins support = yes
# WINS Server - Tells the NMBD components of Samba to be a WINS Client
# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
; wins server = w.x.y.z
# WINS Proxy - Tells Samba to answer name resolution queries on
# behalf of a non WINS capable client, for this to work there must be
# at least one WINS Server on the network. The default is NO.
; wins proxy = yes
# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
# via DNS nslookups. The built-in default for versions 1.9.17 is yes,
# this has been changed in version 1.9.18 to no.
dns proxy = no
# Case Preservation can be handy - system default is _no_
# NOTE: These can be set on a per share basis
; preserve case = no
; short preserve case = no
# Default case is normally upper case for all DOS files
; default case = lower
# Be very careful with case sensitivity - it can break things!
; case sensitive = no
#============================ Share Definitions ==============================
[homes]
comment = Home Directories
browseable = yes
writable = yes
# Un-comment the following and create the netlogon directory for Domain Logons
; [netlogon]
; comment = Network Logon Service
; path = /home/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share
# the default is to use the user's home directory
;[Profiles]
; path = /home/profiles
; browseable = no
; guest ok = yes
# NOTE: If you have a BSD-style print system there is no need to
# specifically define each individual printer
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
# Set public = yes to allow user 'guest account' to print
guest ok = no
writable = no
printable = yes
[i]<everything else is commented out>[/i]
I have no windows machines so it's only my laptop and desktop both running linux that I need to connect to this. I have tried googling and searching these forums to no avail
Thanks for any help that can be offered
MikeIf I run the following (on the machine I'm trying to set up the share)
smbclient -L localhost -U%
I got the following output
Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
so I thought it might be something incorrect with the iptables side of things, however I haven't really touched that at all and it seems to look correct
iptables -nvL
Chain INPUT (policy ACCEPT 667 packets, 79977 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 157 packets, 20724 bytes)
pkts bytes target prot opt in out source destination
So from my (very little) knowledge this appears correct (I think)... However it appears that something is blocking access somewhere. -
Processing of Group Policy failed - User Policy - Windows 7
OP:
http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/thread/191f1ee1-a551-446b-9808-ff66a952bb25
When running a gpupdate I get the following message:
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows could not authenticate to the Act
ive Directory service on a domain controller. (LDAP Bind function call failed).
Look in the details tab for error code and description.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
This only happens on one computer under a certain account; other accounts work fine and the problem account works fine on other computers. Therefore the problem is located on the Windows 7 computer.
I have tracked it down to an LDAP error code 49.
I tried the MS sollution (http://technet.microsoft.com/en-us/library/cc727283(v=ws.10).aspx) but the credentials are sound.
I can also connect to the DC with LDP.exe fine.
Here are the diagnostic read outs (GPResult was too long to post):
Log Name: System
Source: Microsoft-Windows-GroupPolicy
Date: 2/29/2012 1:56:09 PM
Event ID: 1006
Task Category: None
Level: Error
Keywords:
User: Domain\UserAccount
Computer: Win7-ComputerA.FQDomain
Description:
The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
<EventID>1006</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>1</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-02-29T19:56:09.732842600Z" />
<EventRecordID>32458</EventRecordID>
<Correlation ActivityID="{CECE6DDC-E7CC-4563-8109-E62382F645D4}" />
<Execution ProcessID="984" ThreadID="3688" />
<Channel>System</Channel>
<Computer>Win7-ComputerA.FQDomain</Computer>
<Security UserID="S-1-5-21-416373151-1271962822-2142307910-40105" />
</System>
<EventData>
<Data Name="SupportInfo1">1</Data>
<Data Name="SupportInfo2">5012</Data>
<Data Name="ProcessingMode">0</Data>
<Data Name="ProcessingTimeInMilliseconds">1326</Data>
<Data Name="ErrorCode">49</Data>
<Data Name="ErrorDescription">Invalid Credentials</Data>
<Data Name="DCName">
</Data>
</EventData>
</Event>
Windows IP Configuration
Host Name . . . . . . . . . . . . : WIN7-ComputerA
Primary Dns Suffix . . . . . . . : FQDomain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : FQDomain
ParentDomain
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : FQDomain
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti
on
Physical Address. . . . . . . . . : 00-21-CC-5F-CF-DF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 216.71.244.28(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, February 29, 2012 12:38:25 PM
Lease Expires . . . . . . . . . . : Thursday, March 01, 2012 12:38:24 PM
Default Gateway . . . . . . . . . : 216.71.244.1
DHCP Server . . . . . . . . . . . : 216.71.244.2
DNS Servers . . . . . . . . . . . : 216.71.244.2
216.71.240.120
216.71.240.132
Primary WINS Server . . . . . . . : 216.71.244.2
Secondary WINS Server . . . . . . : 216.71.240.130
216.71.240.122
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 8C-A9-82-B0-67-E8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : YesHi,
It sound like port blocking issue, Seems your client system connecting 216.71.240.x DNS Servers as a logon server and which seems on different subnet
as per subnet mask, So there must be a router or firewall in between and so it might be Active directory ports are being blocked.
So first for testing purpose just remove other
216.71.240.x DNS
servers from TCP/IP configuration and clear dns cache
ipconfig/flushdns
and restart the system. check if it works.
or run this command on DC
dcdiag /test:dns
and share the error report.
Cheers!
Sanjay -
Processing of Group Policy Failed - Single DC error 1058
I have been getting the error every 5 mins for awhile:
The processing of Group Policy failed. Windows attempted to read the file \\xx.company\sysvol\xxx.company\Policies\{0000000-2323-2222-2222-333333}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this
event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
So - this is a single DC 2008R2. It started (I think) back when I joined another server on the domain and did a DCPromo to help build some redundancy. DFS was/is not enabled, do I need to set this up to resolve this?
User are able to login and policy are working, I only see this error on the DC, but other than the error everything seems to be working fine. I can access the share \\xx.company\sysvol\xxx.company\Policies\ and see it from all systems on the domain.
I looked for the Burflags to see if that would help but since there is no DFS there was nothing in the registry.
So at this point, I removed the secondary server via DCpromo, going back to just the 1 server DC but I still get the error. DNS works. When I do a DCDiag everything looks ok except the SysVol - I get about 10 of these
Starting test: SystemLog
An error event occurred. EventID: 0x00000422
Time Generated: 03/17/2015 14:49:41
Event String:
The processing of Group Policy failed... blah blah - same as above.
I looked at this link because of the combination of the 2 errors - Error 1058 and 00422 but its suggesting Authoritative restore, but I don't have the replication.
Now I am wondering if there is a left over connection somewhere in the system that doesn't know that there isn't another DC on the network?
So - any suggestions? Thanks in advance.Hi,
>>Now I am wondering if there is a left over connection somewhere in the system that doesn't know that there isn't another DC on the network?
Did we clean up the metadata of the removed domain controller? If not, we can follow the article below to do this.
Clean Up Server Metadata
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
Besides, on the existing domain controller, check Applications and Services Logs\FRS or DFSR logs in Event Viewer. If the issue persists, we can follow the method below to do an authoritative restore for Sysvol.
If we use FRS to replicate Sysvol, we can try to follow the article below to an authoritative restore for Sysvol.
Using the BurFlags registry key to reinitialize File Replication Service replica sets
https://support.microsoft.com/en-us/kb/290762
If we use DFSR to replicate Sysvol, we can try to follow the article below to do an authoritative restore for Sysvol.
How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
https://support.microsoft.com/en-us/kb/2218556
Best regards,
Frank Shen
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
The processing of Group Policy failed because of lack of network connectivity to a domain controller
We are setting up a new AD environment with one AD/DC running DNS services, and a secondary DNS server configured with secondary zone. The problem is that none of the machines in the the domain are getting GPO.
When I run a gpupdate /force from a machine, I get the following output:
"Updating Policy...
User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed because of lack of network connectivity to
a domain controller. This may be a transient condition. A success message would
be generated once the machine gets connected to the domain controller and Group
Policy has succesfully processed. If you do not see a success message for sever
al hours, then contact your administrator.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results."
While the system event log outputs the following:
"The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy
has succesfully processed. If you do not see a success message for several hours, then contact your administrator."
All the machines that were joined to the domain are able to resolve in forward and reverse lookups, ping the DC and ping each other so I dont understand how the error can be resolved.
Here are few things I have tried:
1. I came across this KB which checked ok for me: http://support.microsoft.com/kb/241515
2. Made a copy of the default GPO, applied to a OU with one machine, and made sure to remove any GPO links from above
3. Enabled the following two local Group policies on a test member:
GP slow link detection
Startup policy processing wait time
4. Modified firewall to allow everything on both member and DC
5. Verified DSN logs, SRV records, access to sysvol ( added authenticated users to sysvol)
I have yet to figure out the reason for this issue. Has anyone seen anything like this before?1. I checked the NIC, it only has one IP. and I followed your article. I set the primary DNS to its own IP and the secondary DNS to the loopback ip
2. This is a new DC and DNS server. I dont have old records yet. I also check the DNS event logs. No errors
3. I made sure the member server is pointing only to the only DC/DNS server
4. Here is the output from the dcdiag.... everything passed except, the Netlogons part. I'm not sure what means or how to fix it yet:
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
"* from network" right.
[hostname] An net use or LsaPolicy operation failed with error
1, Incorrect function..
......................... hostname failed test NetLogons
Complete output:
> hostname
Server: hostname.domain.local
Address: X.X.X.95
> ^C
C:\Windows\system32>
C:\Windows\system32>nslookup
> set type=all
>
>
>
> _ldap._tcp.dc._msdcs.domainname
_ldap._tcp.dc._msdcs.domain.local SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = hostname.domain.local
hostname.domain.local internet address = X.X.X.95
> ^C
C:\Windows\system32>cd ..
C:\Windows>cd SYSVOL
C:\Windows\SYSVOL>cd sysvol
C:\Windows\SYSVOL\sysvol>dir
Volume in drive C has no label.
Volume Serial Number is F624-CDB2
Directory of C:\Windows\SYSVOL\sysvol
10/29/2014 08:25 PM <DIR> .
10/29/2014 08:25 PM <DIR> ..
10/29/2014 08:25 PM <JUNCTION> domain.local [C:\Windows\SYSVOL\domain]
0 File(s) 0 bytes
3 Dir(s) 63,971,037,184 bytes free
C:\Windows\SYSVOL\sysvol>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = hostname
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\hostname
Starting test: Connectivity
......................... hostname passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\hostname
Starting test: Advertising
......................... hostname passed test Advertising
Starting test: FrsEvent
......................... hostname passed test FrsEvent
Starting test: DFSREvent
......................... hostname passed test DFSREvent
Starting test: SysVolCheck
......................... hostname passed test SysVolCheck
Starting test: KccEvent
......................... hostname passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... hostname passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... hostname passed test MachineAccount
Starting test: NCSecDesc
......................... hostname passed test NCSecDesc
Starting test: NetLogons
* Warning BUILTIN\Administrators did not have the "Access this
computer
"* from network" right.
[hostname] An net use or LsaPolicy operation failed with error
1, Incorrect function..
......................... hostname failed test NetLogons
Starting test: ObjectsReplicated
......................... hostname passed test
ObjectsReplicated
Starting test: Replications
......................... hostname passed test Replications
Starting test: RidManager
......................... hostname passed test RidManager
Starting test: Services
......................... hostname passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000003F6
Time Generated: 03/04/2015 18:23:06
Event String:
Name resolution for the name ctldl.windowsupdate.com timed out after
none of the configured DNS servers responded.
......................... hostname passed test SystemLog
Starting test: VerifyReferences
......................... hostname passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : emcdsm
Starting test: CheckSDRefDom
......................... emcdsm passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... emcdsm passed test CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
......................... domain.local passed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite
C:\Windows\SYSVOL\sysvol> -
DAG Sporadic Entire Server DB Fail Over
Hi,
I have been having this issues for a while now, I have two physical exchange servers in a DAG, both on Exchange 2013 CU1. Randomly, every few days and various times, Server1 will fail all of it's databases over to Server2. I'll redistribute them, and again,
say Server2 will fail all databases to Server1. In short, both servers at times have failed their databases over.
I started with this: http://technet.microsoft.com/en-us/library/dd351258(v=exchg.150).aspx which led me to setup monitoring of the Microsoft-Exchange-ManagedAvailability logs. I can tell you that replication tests work fine, and the health of all the
databases are fine.
My monitoring turned up the following errors, in this example "EX0001" was the server that failed all of it's databases over to "EX0002". It seems pretty clear to me, that Exchange Managed Availability, is finding an issue with
EWS, attempting to restart the MSExchangeServicesApp pool and cannot due to "Throttling" so ti fails the DB's over, that's my best guess...the problem is I dont know how to fix this...I've run through troubleshooting EWS Healthset, nothing
really turns up... http://technet.microsoft.com/en-us/library/ms.exch.scom.ews.protocol(v=exchg.150).aspx
EX0001
1011
Microsoft-Exchange-ManagedAvailability
Recovery
Microsoft-Exchange-ManagedAvailability/RecoveryActionLogs
5/22/2014 7:06:43 AM
Warning (Info)
1520183
NT AUTHORITY\SYSTEM
RecycleApplicationPool-MSExchangeServicesAppPool-EWSSelfTestRestart: Throttling rejected the operation
EX0001
4
Microsoft-Exchange-ManagedAvailability
Monitoring
Microsoft-Exchange-ManagedAvailability/Monitoring
5/22/2014 7:17:27 AM
Error (Info)
8287
NT AUTHORITY\SYSTEM
The EWS.Protocol health set has detected a problem on EX0001 beginning at 5/22/2014 10:55:12 AM (UTC). The health manager is reporting that recycling the MSExchangeServicesAppPool
app pool has failed to restore health and it has tried to fail over active copies of local databases to a healthy server. Attempts to auto-recover from this condition have failed and requires Administrator attention. Details below: <b>MachineName:</b>
EX0001 <b>ServiceName:</b> EWS.Protocol <b>ResultName:</b> EWSSelfTestProbe/MSExchangeServicesAppPool <b>Error:</b> System.Exception: System.Exception: >>> PRIMARY ENDPOINT VERIFICATION EwsUrl=https://localhost:444/ews/exchange.asmx
UserName/Password=HealthMailbox663889950a344102878cede289222a46@domain.local/xGAVmP[^jn{qGgOx0Jtx:4X+-j@?d%XM?@7yErsoFF[_#u[%LcX=0hPzMln#1PiQ/7z?14rJJs8Dc)AYLi0F9mU)bMpL_gj{Q3*[Yt1:UgX=:CkQc=[Xuagz%Od=|@tt AuthMethod=CAFE ConvertId (Attempt #0) Status=The
request failed. The operation has timed out ConvertId (Attempt #0) Latency=59521.1327 ConvertId (Attempt #1) Status=iteration 1; 55.427003 seconds elapsed ConvertId (Attempt #1) Latency=55427.003 at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSCommon.RetrySoapActionAndThrow(Action
operation, String soapAction, ExchangeServiceBase service) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSGenericProbeCommon.ExecuteEWSCall(String endPoint, String operation, Boolean verifyAffinity) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSGenericProbeCommon.DoWorkInternal(CancellationToken
cancellationToken) <b>Exception:</b> System.Exception: System.Exception: System.Exception: >>> PRIMARY ENDPOINT VERIFICATION EwsUrl=https://localhost:444/ews/exchange.asmx
UserName/Password=HealthMailbox663889950a344102878cede289222a46@domain.local/xGAVmP[^jn{qGgOx0Jtx:4X+-j@?d%XM?@7yErsoFF[_#u[%LcX=0hPzMln#1PiQ/7z?14rJJs8Dc)AYLi0F9mU)bMpL_gj{Q3*[Yt1:UgX=:CkQc=[Xuagz%Od=|@tt AuthMethod=CAFE ConvertId (Attempt #0) Status=The
request failed. The operation has timed out ConvertId (Attempt #0) Latency=59521.1327 ConvertId (Attempt #1) Status=iteration 1; 55.427003 seconds elapsed ConvertId (Attempt #1) Latency=55427.003 at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSCommon.RetrySoapActionAndThrow(Action
operation, String soapAction, ExchangeServiceBase service) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSGenericProbeCommon.ExecuteEWSCall(String endPoint, String operation, Boolean verifyAffinity) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSGenericProbeCommon.DoWorkInternal(CancellationToken
cancellationToken) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSCommon.ThrowError(Object key, Object exceptiondata, String logDetails) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSGenericProbeCommon.DoWorkInternal(CancellationToken
cancellationToken) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSGenericProbeCommon.RunEWSGenericProbe(CancellationToken cancellationToken) at Microsoft.Exchange.WorkerTaskFramework.WorkItem.Execute(CancellationToken joinedToken) at Microsoft.Exchange.WorkerTaskFramework.WorkItem.<>c__DisplayClass2.<StartExecuting>b__0()
at System.Threading.Tasks.Task.Execute() <b>ExecutionContext:</b> EWSGenericProbeError:Exception=System.Exception: System.Exception: >>> PRIMARY ENDPOINT VERIFICATION EwsUrl=https://localhost:444/ews/exchange.asmx
UserName/Password=HealthMailbox663889950a344102878cede289222a46@domain.local/xGAVmP[^jn{qGgOx0Jtx:4X+-j@?d%XM?@7yErsoFF[_#u[%LcX=0hPzMln#1PiQ/7z?14rJJs8Dc)AYLi0F9mU)bMpL_gj{Q3*[Yt1:UgX=:CkQc=[Xuagz%Od=|@tt AuthMethod=CAFE ConvertId (Attempt #0) Status=The
request failed. The operation has timed out ConvertId (Attempt #0) Latency=59521.1327 ConvertId (Attempt #1) Status=iteration 1; 55.427003 seconds elapsed ConvertId (Attempt #1) Latency=55427.003 at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSCommon.RetrySoapActionAndThrow(Action
operation, String soapAction, ExchangeServiceBase service) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSGenericProbeCommon.ExecuteEWSCall(String endPoint, String operation, Boolean verifyAffinity) at Microsoft.Exchange.Monitoring.ActiveMonitoring.Ews.Probes.EWSGenericProbeCommon
<b>FailureContext:</b> <b>ResultType:</b> Failed <b>IsNotified:</b> False <b>DeploymentId:</b> 0 <b>RetryCount:</b> 0 <b>ExtensionXml:</b> <b>Version:</b> <b>StateAttribute1:</b>
EWS <b>StateAttribute2:</b> Unknown <b>StateAttribute3:</b> <b>StateAttribute4:</b> <b>StateAttribute5:</b> <b>StateAttribute6:</b> 0 <b>StateAttribute7:</b> 0 <b>StateAttribute8:</b>
0 <b>StateAttribute9:</b> 0 <b>StateAttribute10:</b> 0 <b>StateAttribute11:</b> <b>StateAttribute12:</b> <b>StateAttribute13:</b> <b>StateAttribute14:</b> <b>StateAttribute14:</b>
<b>StateAttribute16:</b> 0 <b>StateAttribute17:</b> 0 <b>StateAttribute18:</b> 0 <b>StateAttribute19:</b> 0 <b>StateAttribute20:</b> 120011 <b>StateAttribute21:</b> [000.000] EWSCommon
start: 5/22/2014 11:13:13 AM [000.000] Configuring EWScommon [000.000] Probe time limit: 120000ms, HTTP timeout: 59500ms, RetryCount: 1 [000.047] using authN: CAFE
[email protected] xGAVmP[^jn{qGgOx0Jtx:4X+-j@?d%XM?@7yErsoFF[_#u[%LcX=0hPzMln#1PiQ/7z?14rJJs8Dc)AYLi0F9mU)bMpL_gj{Q3*[Yt1:UgX=:CkQc=[Xuagz%Od=|@tt
[000.047] using HTTP request timeout: 59500 ms [000.047] action iteration 0 [000.047] starting (total time left 119954 ms) [059.568] action threw Microsoft.Exchange.WebServices.Data.ServiceRequestException: The request failed. The operation has timed out [064.584]
action iteration 1 [064.584] starting (total time left 55416 ms) [120.011] action wait timed out [120.011] action threw System.TimeoutException: iteration 1; 55.427003 seconds elapsed <b>StateAttribute22:</b> <b>StateAttribute23:</b>
<b>StateAttribute24:</b> <b>StateAttribute25:</b> <b>PoisonedCount:</b> 0 <b>ExecutionId:</b> 32395373 <b>ExecutionStartTime:</b> 5/22/2014 11:13:13 AM <b>ExecutionEndTime:</b> 5/22/2014
11:15:13 AM <b>ResultId:</b> 253233015 <b>SampleValue:</b> 0 ------------------------------------------------------------------------------- States of all monitors within the health set: Note: Data may be stale. To get current data,
run: Get-ServerHealth -Identity 'EX0001' -HealthSet 'EWS.Protocol' State Name TargetResource HealthSet AlertValue ServerComponent ----- ---- -------------- --------- ---------- --------------- NotApplicable EWSSelfTestMonitor MSExchangeServicesAppPool EWS.Protocol
Unhealthy None NotApplicable EWSDeepTestMonitor DG01DB15 EWS.Protocol Unhealthy None NotApplicable PrivateWorkingSetWarningThresholdExc... msexchangeservicesapppool EWS.Protocol Healthy None NotApplicable ProcessProcessorTimeErrorThresholdEx... msexchangeservicesapppool
EWS.Protocol Healthy None NotApplicable ExchangeCrashEventErrorThresholdExce... msexchangeservicesapppool EWS.Protocol Healthy None States of all health sets: Note: Data may be stale. To get current data, run: Get-HealthReport -Identity 'EX0001' State HealthSet
AlertValue LastTransitionTime MonitorCount ----- --------- ---------- ------------------ ------------ NotApplicable Autodiscover.Protocol Healthy 3/8/2014 12:46:17 AM 4 NotApplicable ActiveSync.Protocol Healthy 3/8/2014 1:15:35 AM 7 NotApplicable ActiveSync
Healthy 3/8/2014 2:08:15 AM 3 NotApplicable EDS Healthy 5/22/2014 5:19:41 AM 13 NotApplicable ECP Healthy 3/8/2014 1:15:27 AM 3 NotApplicable EventAssistants Healthy 5/22/2014 5:48:56 AM 28 NotApplicable EWS.Protocol Unhealthy 5/22/2014 7:07:12 AM 5 NotApplicable
FIPS Healthy 5/21/2014 10:24:01 PM 18 NotApplicable AD Healthy 2/23/2014 10:42:29 PM 10 NotApplicable OWA.Protocol.Dep Healthy 5/22/2014 5:19:40 AM 1 NotApplicable Monitoring Unhealthy 5/22/2014 5:35:31 AM 9 Online HubTransport Unhealthy 5/22/2014 5:19:43
AM 138 NotApplicable DataProtection Healthy 5/22/2014 7:08:02 AM 201 NotApplicable AntiSpam Healthy 5/22/2014 5:19:40 AM 4 NotApplicable Network Healthy 5/21/2014 10:36:54 PM 1 NotApplicable OWA.Protocol Healthy 3/8/2014 1:15:34 AM 5 NotApplicable MailboxMigration
Healthy 3/8/2014 12:46:18 AM 4 NotApplicable MRS Healthy 3/8/2014 12:44:35 AM 9 NotApplicable MailboxTransport Healthy 5/22/2014 5:19:41 AM 57 NotApplicable PublicFolders Healthy 5/21/2014 10:44:15 PM 4 NotApplicable RPS Healthy 2/23/2014 11:38:33 PM 1 NotApplicable
Outlook.Protocol Healthy 4/22/2014 11:04:18 AM 3 NotApplicable UserThrottling Healthy 5/22/2014 5:51:13 AM 7 NotApplicable SiteMailbox Healthy 3/8/2014 2:10:53 AM 3 NotApplicable UM.Protocol Healthy 5/22/2014 5:19:41 AM 17 NotApplicable Store Healthy 5/22/2014
5:19:43 AM 225 NotApplicable MSExchangeCertificateDeplo... Disabled 1/1/0001 12:00:00 AM 2 NotApplicable DAL Healthy 8/2/2013 12:59:03 AM 16 NotApplicable Search Healthy 5/22/2014 5:37:18 AM 269 Online EWS.Proxy Healthy 5/5/2014 1:34:08 AM 1 Online RPS.Proxy
Healthy 5/5/2014 1:34:38 AM 13 Online OAB.Proxy Healthy 5/5/2014 1:34:37 AM 1 Online ECP.Proxy Healthy 5/5/2014 1:34:17 AM 4 Online OWA.Proxy Healthy 5/5/2014 1:34:25 AM 2 Online Outlook.Proxy Healthy 5/5/2014 1:34:08 AM 1 Online Autodiscover.Proxy Healthy
5/5/2014 1:34:08 AM 1 Online ActiveSync.Proxy Healthy 5/5/2014 1:34:35 AM 1 Online RWS.Proxy Healthy 5/5/2014 1:34:18 AM 10 NotApplicable Autodiscover Healthy 5/21/2014 10:24:01 PM 2 Online FrontendTransport Healthy 5/15/2014 12:49:31 AM 11 NotApplicable EWS
Unhealthy 5/22/2014 7:06:01 AM 2 NotApplicable OWA Healthy 2/23/2014 11:37:56 PM 1 NotApplicable Outlook Healthy 3/8/2014 12:45:14 AM 5 Online UM.CallRouter Healthy 5/22/2014 5:19:41 AM 7 NotApplicable RemoteMonitoring Healthy 8/2/2013 12:58:03 AM 1 NotApplicable
POP.Protocol Healthy 5/20/2014 9:22:12 AM 5 NotApplicable IMAP.Protocol Healthy 5/20/2014 9:22:21 AM 5 Online POP.Proxy Healthy 3/7/2014 1:31:10 PM 1 Online IMAP.Proxy Healthy 3/7/2014 1:31:10 PM 1 NotApplicable IMAP Healthy 5/20/2014 9:23:32 AM 2 NotApplicable
POP Healthy 5/20/2014 9:17:18 AM 2 NotApplicable Antimalware Healthy 5/15/2014 8:33:13 AM 8 NotApplicable FfoQuarantine Healthy 8/2/2013 12:58:20 AM 1 Online Transport Healthy 5/22/2014 5:38:00 AM 9 NotApplicable Security Healthy 3/8/2014 12:46:09 AM 3 NotApplicable
Datamining Healthy 3/8/2014 12:45:44 AM 3 NotApplicable Provisioning Healthy 3/8/2014 12:45:40 AM 3 NotApplicable ProcessIsolation Healthy 3/8/2014 12:47:05 AM 12 NotApplicable TransportSync Healthy 3/8/2014 12:45:37 AM 3 NotApplicable MessageTracing Healthy
3/8/2014 12:44:56 AM 3 NotApplicable CentralAdmin Healthy 3/8/2014 12:45:12 AM 3 NotApplicable OAB Healthy 8/2/2013 1:02:27 AM 3 NotApplicable Calendaring Healthy 8/2/2013 1:02:07 AM 3 NotApplicable PushNotifications.Protocol Healthy 2/23/2014 10:46:17 PM
3 NotApplicable Ediscovery.Protocol Healthy 5/21/2014 10:38:16 PM 1 NotApplicable HDPhoto Healthy 5/6/2014 9:36:25 AM 1 NotApplicable Clustering Healthy 3/8/2014 12:45:34 AM 4 NotApplicable DiskController Healthy 4/22/2014 2:51:30 AM 1 NotApplicable MailboxSpace
Healthy 5/22/2014 6:16:51 AM 96 NotApplicable FreeBusy Healthy 5/22/2014 5:32:54 AM 1 Note: Subsequent detected alerts are suppressed until the health set is healthy again.Hi,
Based on the error message, throttling rejected the operation. I recommend you use the Get-ThrottlingPolicy | fl cmdlet to view EWS settings in throttling policy.
You can modify the default throttling policy and set the basic settings for EWS. Then restart the Microsoft Exchange Throttling service and recycle the MSExchangeServicesAppPool to check the result.
For more information about the EWS throttling, you can refer to the following articles.
EWS throttling in Exchange
http://msdn.microsoft.com/en-us/library/office/jj945066(v=exchg.150).aspx
EWS Best Practices: Understand Throttling Policies
http://blogs.msdn.com/b/mstehle/archive/2010/11/09/ews-best-practices-understand-throttling-policies.aspx
Best regards,
Belinda
Belinda Ma
TechNet Community Support -
Admin Server satrtup failing with the error User weblogic is not permitted to boot the server
Hi ,
The admin server is not coming up , its failing with the below error.
<May 25, 2014 10:28:35 PM PDT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
weblogic.security.SecurityInitializationException: User weblogic is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:1010)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace.
I have tried resetting the password as per below link , it hasn't helped. Still facing issue. Please help
http://www.weblogic-tips.com/wls-security/
Thanks,
PradeepCreating New user did not help . Still same error.
<May 26, 2014 8:56:31 PM PDT> <Critical> <Security> <BEA-090404> <User weblogicNew is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.>
<May 26, 2014 8:56:31 PM PDT> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: User weblogicNew is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
weblogic.security.SecurityInitializationException: User weblogicNew is not permitted to boot the server; The server policy may have changed in such a way that the user is no longer able to boot the server.Reboot the server with the administrative user account or contact the system administrator to update the server policy definitions.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:1010)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1054)
at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
at weblogic.security.SecurityService.start(SecurityService.java:141)
at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
Truncated. see log file for complete stacktrace
>
<May 26, 2014 8:56:31 PM PDT> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>" -
No Network - Server Execution failed
I have a laptop connected to my domain runing windows 7. Everything works great until the laptop is no longer connected to my windows domain network. Once the laptop has been disconnected from the domain network i cannot run programs that relie on explorer.exe to run i get Server Execution Failed error. I have tried adding NT AUTHORITY\LOCAL SERVICE to the user group Administrator, this has done nothing.
The problem has to do with having a shell folder (like Documents/Pictures/Music/Videos/etc) mapped to a network location, and that location is (temporarily or permanently) unmapped. For example:
In my environment, I map P: to \\server\users\username so that I can use Group Policy to map their Documents/etc shell folder to P:\Documents (etc).
This usually works GREAT, except that for laptop users that take their computers home and haven't connected to the domain via VPN or other method, the P:\ drive doesn't get mapped when the domain is unavailable at login.
This triggers the error, and the proof is that when I temporarily map the P:\ drive to, let's say, \\computername\c$ the issue immediate goes away.
I view this as a significant bug for corporate users and administrators, because I now have to either wait for a fix before deploying Windows 7 in my environment OR drastically change how my mobile users store their documents so that they're always accessible to them.
I'm in the process this week of evaluating viable work-arounds, so I'll bookmark this and post my findings here in the hopes it will help others.
I've spent quite a bit of time on this and can confirm that it is an issue based on the summary I made above. The issue seems to be that it's annoyed that the user's critical shell folders are unavailable.
The easiest solution is to use Group Policy to redirect any profile folders to UNC paths instead of static mapped drive paths (ie. \\server\share\user\Documents instead of P:\Documents). Then, enable Offline files synchronization if you need the files to be available while the network is not available. -
Error - Web Server Policy Agents setup
Hi
I get the following error message when I try to set up a Web Server Policy Agent on a box
[https-jakarta]: failure: CORE3170: Configuration initialization failed: Error running init function load-modules: dlopen of /opt/SUNWam/agents/es6/lib/libames6.so failed (ld.so.1: webservd: fatal: libamsdk.so.2: open failed: No such file or directory)
[https-jakarta]: failure: server initialization failed
the name of the web server instance is https-jakarta.
And it is talking to the Access Manager instance on the same box.(but set to a different web server instance)
I set up the PA on the above web server instance and then when I try to start up the web server instance it throws up the above message.
Any suggestions?
AnandHi
I get the following error message when I try to set up a Web Server Policy Agent on a box
[https-jakarta]: failure: CORE3170: Configuration initialization failed: Error running init function load-modules: dlopen of /opt/SUNWam/agents/es6/lib/libames6.so failed (ld.so.1: webservd: fatal: libamsdk.so.2: open failed: No such file or directory)
[https-jakarta]: failure: server initialization failed
the name of the web server instance is https-jakarta.
And it is talking to the Access Manager instance on the same box.(but set to a different web server instance)
I set up the PA on the above web server instance and then when I try to start up the web server instance it throws up the above message.
Any suggestions?
Anand -
Group Policy failing intermittently on one of my servers
Have you checked the event logs to see if a specific thing is triggering it?
CMOS battery been changed (if the date/time is being reset this can be the cause)?
Or GPResult to check that what should be applied is being applied?I have a server-2008 R2 box where Group Policy fails intermittently. The result is the server looses it's domain trust connection, exact error message is: Remote Desktop cannot verify the ID of the remote computer because there is a time or date difference....
I can reboot the server and it's fixed, but a month later it will have the same issue.
What can I look for to troubleshoot resolve, and what can I monitor to fix this? GP service? If the service is running & the interface, port, or bad cable, I will not be alerted. Can I configure some type of alert that tells me when GP replication with the domain controller has succeeded/failed?
This topic first appeared in the Spiceworks Community -
FRM-92100 Your Connection to the server is failed
Hi All,
I have a strange problem when i query all records and navigate between the record then the form show me the error frm-92100 your connection to the server is failed------------- it came on the particular record but when i query that record manullay then no error came.
I m using the oracle 10g XE and application server 10g rel.2 .
when i run that form on the 6i then it gave me no error.Verify the following:
1. Recompiled all modules related to the application. This includes FMB, MMB, and PLL files. Be sure this is accomplished on the machine from where the executibles will be deployed.
2. networkRetries=5 in formsweb.cfg. By default the value is 0
3. iAS has been patched to 10.1.2.2. If the installation is on Windows or Solaris, you must also install a required follow-on patch (see below):
o Internet Application Server (iAS) - Patch ID 4960210
o MANDATORY Post Install 10.1.2.2 Patch - Patch ID 5732133 (See Note: 404477.1) -
The ejb I am developing is trying to delete the following file from a local filesystem (Linux SuSE 9.3 Pro) : /path/to/file/delete.me I get the following exception:
java.security.AccessControlException: access denied (java.io.FilePermission /path/to/file/delete.me delete)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
at java.security.AccessController.checkPermission(AccessController.java:427)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
at java.lang.SecurityManager.checkDelete(SecurityManager.java:990)
at java.io.File.delete(File.java:869)
I tried to modify the server.policy file adding the following line:
permission java.io.FilePermission "/path/to/file/delete.me", "delete";
but nothing changes, even when I restart the application server (don't know even if it is necessary to restart). I am using Sun Java System Application Server Enterprise Edition 8.1. Any help is welcome...
Thanks in advance
nullI think I solved the problem. At least I managed to delete the file :-)
First I had to add the following line to JRE's java.policy file:
permission java.io.FilePermission "/path/to/file/delete.me", "delete";Then I added the following entry to the server's server.policy file:
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-apps/MyApp-" {
permission java.io.FilePermission "/path/to/file/delete.me", "delete";
};like described here:
http://docs.sun.com/app/docs/doc/819-3659/6n5s6m58n?a=view#beabz
I hope this could help to someone with the same problem
Maybe you are looking for
-
Does anybody have any tips to make iMessages run smoother?
I have an iMac and the iPhone 4. I have recently upgraded to mountain Lion and as such recieved messages a great feature in my opinion. However it's a bit fiddly. Some examples of things I would like help with: 1: I can only recieve imessages on my m
-
MacBook LCD as Extended Desktop for I Mac
I have the 20 inch Intel iMac at home, and the 13 inch Intel MacBook for the road. When I have both at home, can the the MacBook be connected to the iMac and serve as an extended desktop?
-
Editable form text editing messing up the whole form
Hi All, I've created a fillable form in Acrobat X but at the end, I realized that I left a spelling mistake. Now when I try to fix this mistake using Edit Document Text, it changes the orientation and alignment of other fields around it causing messi
-
PI_BASIS ugrade error in CRM
We are trying to upgrade the PI_BASIS plug-in on our CRM 4.0 server. But we get the foolowing error message: "when you apply a support package further processing steps may be necessary." And it refers to OSS Note 543841. But when I search for this no
-
Migrating Library files (playlists) from Windows to new mac?
Hi There; I have New Mac Mini and WinXP SP2 laptop both sharing a buffalo "network Drive" with all the Media files - music and photos. I want to migrate my iTunes library including -- my rating, playlist, etc ... --to the new Mac Mini. In the laptop,