Moving SP2013 and SQL2008R2 to new domain - no trusts between domain

Similar Messages

• Problem creating external trust between domains

  Hello,
  When I try to create one-way incoming external trust between 2 domains (to DomainA from DomainB) in separate forests I get this info:
  This domain already has a one-way trust relationshp with specified domain.
  But I cannot see it on the list of trusts either incoming or outgoing (in both domains).
  For sure trust was never setup before.
  In DomainA there are several other external not transitive trusts with other domains. But for sure DomainB do not have any incoming or outgoing trusts on list. Name resolution betwen domains is OK. I can ping domain name on both sides.
  Any help is welcome.
  Darek.

  Hi,
  Were there error events logged in Event Viewer? Besides, did we open necessary firewall ports for creating external trust?
  Regarding firewall ports, the following thread can be referred to for more information.
  Creating external trust between domain on different forest
  http://social.technet.microsoft.com/Forums/en-US/efe56730-ff95-4d6b-b95c-fc2c01ebd2d3/creating-external-trust-between-domain-on-different-forest?forum=winserverDS
  Best regards,
  Frank Shen

• Moving out and roommate wants new service in her name... 5 day wait?

  Phone/internet/DirectTV are in my name. I am moving out and my roommate would like to have new service in her name. She works a lot from home/is on call and can't be with out internet for any extended period of time. I thought I could schedule termination of my service on one day and she could schedule her new service to start on say the next day. When I called customer service to verify we could do this I was told she would not even be able to put an order in for services until mine were already terminated and it would take at least 5 days from her order date to begin her services. This does not sound right to me. Anyone know if this is true or not?

  Please advise you still need assistance with this issue.  I would be happy to assist you.
  Vz_Judy
  Verizon Support

• Do I need to enable trust between domains in the following scenario

  I have a domain x and domain y on 2 seperate machines. My client logs into domain x does stuff and logs out. The same client now logs into domian y and needs to do stuff, but the second domain kicks out the client by throwing an exception saying "invalid subject" etc .. But the same scenario works if I enable trust between both domains or have my client restart. What should I do so that the client can logout of domain x and login to domain y without having to enable trust betweeen domain x and y and without having to restart the client.
  Thanks
  Prashanth

  Hi Mike,
  there is no switching circuitry on the UMI, that could disable the Iso Power outputs and there is nothing you need to configure in MAX. If you can't measure a voltage between Iso Power and Iso Common pins on the Dsub outputs, the UMI might be defective (e. g. blown fuse). Please contact your local NI branch for repair options.
  Thanks and kind regards,
  Jochen

• Unable to create Trust between domains

  Scenario. I am trying to build 2 way trust between two Windows forests abc.com & xyz.com
  Highest OS in both domain is Win 2008 R2
  FFL and DFL in both is Win2003
  I added forwarders in DNS in both - It is resolving
  I disabled Antivirus
  I stopped Windows firewall in all the DCs of the domains and no n/w level port restrictions is there
  I am able to ping to all DCs from each of the DCs in both domains.
  Doing above all I am unable to create trust - in the trust wizard it is not identifying Domain names.
  Another thing is I have a Primary zone exists in name of each of the domain name. ie In abc.com I have another Primary zone created in xyz.com, Likewise in XYZ.com I have ABC.com primary zone . Will this be an issue?, If not guidelines please...

  Hi,   
  >>In ABC.com I have a Primary zone created as xyz.com, Likewise in XYZ.com I have ABC.com primary zone .
  How
  did
  you create these Primary zones?  Is there a ABC.com zone in ABC.com?
  >>I am unable to put Conditional forwarders because I have a Primary zone exists in name
  of each of the domain name
  If
  there is
  a
  DNS zone of another domain
  then we cannot create a conditional forwarder for the other domain.
  Besides,I
  suggest you check the SRV Records. You can try to restart the netlogon services
  to re-register SRV records.More
  specifically, in the command
  prompt, type
  net stop netlogon to stop netlogon services, then type net start netlogon to start netlogon services.
  Best Regards,
  Erin

• Moving iPod and Library to New Hard Drive

  60GB Video iPod, purchased 11/05. Started using it at work (with permission) and spent a lot of weekend time downloading all of my cd's, as I did not have a working computer at home (it had crashed).
  02/06, a friend gave me their Dell computer. I purchased Anapod software to begin "the move". Mid-transfer, found out that the computer didn't have enough disk space on the C drive! One techy tells me to get a new external drive. Another techy tells me to get an additional internal drive. I did both! I HAVE PLENTY OF MEMORY NOW!!!
  I've tried unsuccessfully to move the library at work to the external drive to take it home and attach it to the home system. I get it moved. I change the settings to tell iTunes to look at that drive, BUT it's NOT WORKING!!!!!
  I HAVE TO GET THIS OFF OF MY WORK COMPUTER, AS I KEEP GETTING A LOW DISK SPACE ERROR! HELP!? HELP!? HELP!?
  I have seriosly had it. I'm ready to just trash everything...but I REALLY don't want to. I've bought several things from iTunes...and I don't want to transfer all my cd's again. I can't take much more of this...two months of pain and suffering is ENOUGH!
  Dinie
  Dell   Windows XP  

  Well, I don't know about getting that external drive behaving, but I know how you can get the music off your iPod and onto your home machine. Once it's safe on the new computer, you can erase it from the work machine
  1)On the work computer, connect the iPod.
  2) Go to Edit>Preferences and choose "iPod"
  3) Select "manually manage songs and playlists"
  4) Bring the iPod home
  5) on the home computer, download "Yamipod" or "PodUtil"
  6) connect your iPod
  7) run Yamipod or PodUtil to remove the songs.
  I believe those programs will tell you how to get the music into your new iTunes, but if they don't, let me know and I'll get instructions to you.

• I moved iTunes and library to new Hard drive M: , now Sync is lost. Need to collect files and rebuild to proper folder.

  I installed a new hard drive and partitioned it into 2, P: Pictures: and M: Music: . I moved all my iTunes Files and Folders to the M: drive. Then when I connected my iPhone4 to iTunes it asked if I wanted to create a new sync, I said no but I seemed it couldn't find my old sync file. So I searched my computer for files and folders of iTunes and placed them all into a iTunes folder on the root of M: drive. I need to rebuild the iTunes folder correctly.
  I have all the correct items on my iPhone and haven't lost anything. Its just a problem trying to sync. Biggest problem is my music. When I try to sync music there is trouble. I can't seen to remove all music from iPhone and resync. When I thought I did iTunes would say no more music will fit. (Music is normally 70% of my memory on phone and I try and leave 1GB of 16GB free on it).
  I wan't to build the iTunes install on the D:\Program Files (x64)\  since I don't install anything on my SSD drive C: except Windows 7.

  How exactly did you move the files or more specifically, what did you move?
  The correct way to move the iTunes files is to move the ENTIRE iTunes folder (or copy it) from the original location to the new location.
  Once moved, hold Shift while launching iTunes and point it to the new location.
  If anything other than the ENTIRE iTunes folder was moved, it needs to be put back in the original location to correct the issues created then moved correctly.

• Moving playlists and podcast to new machine

  How can I move all of my iTunes playlists and podcasts to my new machine? is there any way of keeping all of the settings the same? thank you.

  Found that Apple's _Mac OS X Advanced System Administration v10.5_ book says that cloning works to migrate between machines. Boot from install DVD after cloning and run disc's upgrade. PPC to Intel requires special consideration - recommended to archive old, demote to stand alone, promote, and finally restore from archive.
  If anyone has any experience with this, please report how it worked for you.

• Moving Projects and Events - Some New Info (to me anyway)

  New Info!
  Just came across this in the Apple Support site:
  http://support.apple.com/kb/HT4740
  What this says basically, is that you CAN use Finder to simply move FCP X event folders to remove them from the FCP x lists when working on current projects.
  One concern is  that the support article is silent on doing the same with FCP X project folders.
  Anyone have any insight on that?
  My concern there was that what  I had seen earlier from Apple and other discussion boards was that a Finder move of events and projects was not secure.
  Clearly one can use the FCP x Move Project command to move a project to another drive or to a disk image.  However, I am looking for a way that avoids use of a second drive or disk image.

  Yes, it should work exactly the same for projects.
  One thing I'd highly recommend though is to never do a finder or FCP "move" -- instead do a copy, and then trash (delete) the original once you confirm the copy worked. If, during a "move" command, something unexpected happens, you are vulnerable to losing data.

• Mac Mail Folder on my Mac - Moving it and contents to new MBP

  I have a folder in Mac Mail that is on my Mac. It's an archive of my old emails. I thought if I copied it from Home>Library>Mail>Mailboxes to the same on the MBP I could view them in Mac Mail. Well I was wrong. So how do I move this file over from my old Mac to my new Mac where I can view them in Mac Mail? Thanks.

  Drag the old folder onto the new one's Desktop, then in Mail select File/Import Mailboxes, then check Mac OSX Mail on the next screen and select the old mailbox folder.

• ADFS 3.0 WAP and Non-Claims-Aware Relying Party Trusts

  I am attempting to migrating a Windows Claims SharePoint page to ADFS 3.0 (Windows Server 2012 R2) and the WAP (Web Application Proxy) from UAG, but are running into problems when our external users attempt to authenticate.  Users from our external
  domain (call it Domain2.com) have been accessing our SharePoint pages via SAML tokens but when I attempted to move them to the new WAP and off of UAG, they get a http/500 error.  The WAP error log gives the following:
  Warning Event ID 13016 - Web Application Proxy cannot retrieve a Kerberos ticket on behalf of the user because there is no UPN in the edge token or in the access cookie
  Error Event ID 12027 - Web Application Proxy encountered an unexpected error while processing the request. Error: The specified username is invalid. (0x8007089a).
  I presume the Error Event ID 12027 is because there is no UPN in the token and we are using KCD/Kerberos so I need to pass a UPN.
  The ADFS server and WAP are joined to Domain1.com.  Domain1.com is Active Directory and there is an account for every user in Domain2.com that is allowed access to our SharePoint Sites.  These account contain the standard
  info... UPN, Email Address, sAMAccountName, etc.  The UPN, Email, and sAMAccountName do not always match the accounts with the Domain2.com accounts; however, we have been using an Active Directory Field labled employeeNumber that is synchronized
  on both domains and we have been using a custom lookup based on the employeeNumber in AD.
  When login's occur via Domain1.com, no problem, the UPN is pulled from the Active Directory Claim Provider Trust.  When a user attempts to access from Domain2.com, we have configured ADFS to forwards them to an STS that collects the employeeNumber
  from Domain2.com via a Web Auth SAML token.  We are able to use the SAML token if we use the standard Claims-Aware Relying Party Trust (CARPT) and convert our SharePoint sites to use the trusted URN via powershell scripts, but we are trying to retain
  functionality similar to how we are using UAG so we don't want to change every single SharePoint site to the SAML configuration, hence we are trying to use the Non-Claims-Aware Relying Party Trust (NCARPT)
  Problem1: When we are using CARPT we can configure the custom translation for our employeeNumber lookup in AD.  But CARPT uses SAML Tokens not Kerberos Tolkens so we cannot login when SharePoint is configured for Kerberos.
  Problem2: When we are using NCARPT it works great when authenticating via local (Domain1.com) credentials and look's up the user in AD, but when we attempt to authenticate with remote (Domain2.com) credentials we are unable to configure the employeeNumber
  lookup and ADFS doesn't just go out and make that correlation on its own.
  Question1: Can I configure CARPT to use Kerberos?
  Question2: If not, can I configure NCARPT to lookup the AD employeeNumber, match the UPN, and add the UPN to the token?
  Question3: If neither option is available, am I just stuck with UAG or is there something out (not scheduled for EOL) there that can handle the translation between SAML and Kerberos Tokens?
  Let me know if I left something out, I tend to ramble, but not sure of all the info that is needed...

  Hi,
  Based on the description, is there trust between domain 1 and domain 2? If not, we can try to create trust between these two domains to see if it helps.
  Regarding Event ID 13016 and Event ID 12027, the following article can be referred to for more information.
  Web Application Proxy Troubleshooting
  https://technet.microsoft.com/en-us/library/dn770156.aspx
  Besides, for ADFS questions, in order to get more and better help, it's recommended that we ask for suggestions in the following forum.
  Claim based access platform (CBA), code-named Geneva
  https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=Geneva
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• ISE using 2 domains with trust established

  Hi,
  I need to authenticate wireless network users from two different domains
  abc.company.com
  cde.company.com
  There is trust between domains and ISE joined abc.company.com and it can authenticate and authorize users without issues.
  Users from cde.company.com cannot be authenticated (I don't even get to authorization part).
  My identity source list has only External ID listed and when I see what is the reason of failure, message states that Authentication has failed (not authorization) because user cannot be found in any identity listed.
  Now, users from abc and cde companies are logging with their usernames only. Should they try to login with cde.company\username or something?
  Has anyone done this before?
  Thanks.

  I have trust. I can get the user information with cde\user and  [email protected], but authentication is still not working. So, I see  the user, but it is still not being authenticated by the policy.
  Here is log:
  11001  Received RADIUS Access-Request
  11017  RADIUS created a new session
  Evaluating Service Selection Policy
  15048  Queried PIP
  15048  Queried PIP
  15004  Matched rule
  11507  Extracted EAP-Response/Identity
  12300  Prepared EAP-Request proposing PEAP with challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12302  Extracted EAP-Response containing PEAP challenge-response and accepting PEAP as negotiated
  12318  Successfully negotiated PEAP version 0
  12800  Extracted first TLS record; TLS handshake started
  12805  Extracted TLS ClientHello message
  12806  Prepared TLS ServerHello message
  12807  Prepared TLS Certificate message
  12810  Prepared TLS ServerDone message
  12305  Prepared EAP-Request with another PEAP challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12304  Extracted EAP-Response containing PEAP challenge-response
  12318  Successfully negotiated PEAP version 0
  12812  Extracted TLS ClientKeyExchange message
  12804  Extracted TLS Finished message
  12801  Prepared TLS ChangeCipherSpec message
  12802  Prepared TLS Finished message
  12816  TLS handshake succeeded
  12509  EAP-TLS full handshake finished successfully
  12305  Prepared EAP-Request with another PEAP challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12304  Extracted EAP-Response containing PEAP challenge-response
  12313  PEAP inner method started
  11521  Prepared EAP-Request/Identity for inner EAP method
  12305  Prepared EAP-Request with another PEAP challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12304  Extracted EAP-Response containing PEAP challenge-response
  11522  Extracted EAP-Response/Identity for inner EAP method
  11806  Prepared EAP-Request for inner method proposing EAP-MSCHAP with challenge
  12305  Prepared EAP-Request with another PEAP challenge
  11006  Returned RADIUS Access-Challenge
  11001  Received RADIUS Access-Request
  11018  RADIUS is re-using an existing session
  12304  Extracted EAP-Response containing PEAP challenge-response
  11808  Extracted EAP-Response containing EAP-MSCHAP challenge-response for inner method and accepting EAP-MSCHAP as negotiated
  Evaluating Identity Policy
  15006  Matched Default Rule
  15013  Selected Identity Store - AD-Suffolk
  24430  Authenticating user against Active Directory
  24412  User not found in Active Directory
  22056  Subject not found in the applicable identity store(s)
  22058  The advanced option that is configured for an unknown user is used
  22062  The 'Drop' advanced option is configured in case of a failed authentication request
  12315  PEAP inner method finished with failure
  22028  Authentication failed and the advanced options are ignored

• Global Trust Between WebLogic Domains ?

  Hi there,
  Need clarification on "Global Trust between weblogic domains "
  My scenario :
  WebLogic Version installed                : 10.3.5.0
  Linux physical machines                     :  2
            x - machine
            y - machine
  Now, I've created new domain with AdminServer , and 2 managed servers on x-machine. And, 2 more managed servers on y-machine.
       x-machine --> AdminServer + 2 managed servers
       y-machine -->  2 managed servers
  Created a cluster for all the 4 managed servers.
  My question : Though we have created 2 domains -
                                                                                       Domain 1- on x-machine where we have Admin + 2 nodes
                                                                                       Domain 2 - on y-machine where we have 2 nodes
  Now , do we require to create/enabe "Global trust between these domains to communicate  ? And, enable cross-domain security also  ? Is this required  ?
  Or in which situations we require to enable trust between domains ?
  Can someone explain me.
  Thanks

  Looking to this Oracle Doc >> http://docs.oracle.com/cd/E24329_01/web.1211/e24375/basics.htm#BRDGE128
  "Typical tasks required to manage a messaging bridge using the Administration Console include
  Creating a trusted security relationship. See "Configuring Domains for Inter-Domain Transactions" in Programming JTA for Oracle WebLogic Server"
  And, clicking the link to Configuring Domains for Inter-Domain Transactions, there's two types of communications:
  Inter-domain—The transaction communication is between servers participating in transactions that are not in the same domain.
  Intra-domain—The transaction communication is between servers participating in transactions within the same domain
  Check the rest of the doc to know how to configure each type, and apply the one that matches your case..
  Hope it helps
  Regards,
  Mohab

• No authentication prompt using DFS links to fileserver into another domain with no trusts between both domains

  Users  , Fileservers  and DFS root with DFS links in Domain A all work fine.
  each users from Domain A have also credentials and passwords from Domain B
  There is NO trust between Domain A and Domain B, both Domains are in different site connected with VPN-tunnel.
  Projectdata is stored at fileservers in both Domains. Now DFS links are added in the Domain A to a fileserver from Domain B
  When users from Domain A connects to fileserver in Domain B  first he/she gets a prompt to authenticated, then DFS link to the fileserver in  Domain B work.
  When users just use DFS link they get a prompt "not accessible" + "Logon failure unknown user or bad password"
  No prompt is given to users from Domain A to enter the credential for Domain B.
  We cannot created a trust between these 2 Domains due other policy's

  Hi,
  According to your description, there is no trust between domain A and domain B, right?
  Based on my research, if there is no trust between domains/forests, then it is not possible
  to share information across domain boundaries, because without trust, no authentication traffic can be passed across domain/forest.
  That is why the user cannot access the file he has rights to access across domain.
  Here is an article below for your references:
  Trust Technologies
  http://technet.microsoft.com/en-us/library/cc759554(v=WS.10).aspx
  I hope this helps.
  Amy Wang

• Filter out PeoplePicker results coming from trusted AD domains

  We have individuals who have accounts in multiple trusted domains. Thus when a search in PeoplePicker is performed, results will return multiple entries for those individuals.
  i.e. Bob has account in main AD domain foo.int and also has an account in trusted AD domain bar.int . Search for Bob in PeoplePicker currently returns both entries which is confusing to users.
  We have deprecated the trusted domain and eventually it will go away. However until then we want PeoplePicker to only return results from MAIN domain foo.int.
  I believe the correct solution is to setproperty peoplepicker-searchadcustomquery so that PeoplePicker only returns results from the main domain.
  I am not sure of the proper syntax and proper AD attribute to use in the property value for this command.
  stsadm -o setproperty -pn peoplepicker-searchadcustomquery -pv (?????)
  (from http://technet.microsoft.com/en-us/library/cc262988.aspx)
  Or is there another approach to this problem?

  Hi Bruce, 
  You want to restrict people picker to specific Domain.
  You can use the following command:
  stsadm -o setsiteuseraccountdirectorypath -url http://<RootSiteURL> -path "<Path to OU>"
  Path to OU examples:
  Single Domain: DC=DOMAIN, DC=COM
  For more information, see Setsiteuseraccountdirectorypath: Stsadm operation (Office SharePoint Server) (http://technet.microsoft.com/en-us/library/cc263328.aspx)
  By the way the command you used before can also achieve the goal, what you need to do is specify a correct LDAP filter.
  stsadm -o setproperty -pn peoplepicker -searchadcustomfilter -pv <LDAP Filter>
  Hope the information can be helpful.
  -lambert
  Posting is provided "AS IS" with no warranties, and confers no rights.