OCS 2007 r2 new users are unable to sign in Help!!!
a little background: we had an issue with our domain controller and had to flash a backup image that we took 2 weeks prior. after we got everything setup correctly again and added users that were not there when we took the image backup. it all seemed
fine, until we had to add some new hires. now when I add new users and configure them correctly with in OCS and active directory the user cannot sign in. from what I have read it could be a replication error, but when I try to force replication it fails. as
we rely on this service for our business it is very frustrating. I have ran the validation tool and this is what I get.
Attempting to login user using Kerberos
Maximum hops: 2
Successfully established security association with the server: User nancy Domain lj Protocol Kerberos Target sip/Fileserver.LJ.local
Failed to register user: User sip:[email protected] @ Server Fileserver.LJ.local
Failed registration response: [
SIP/2.0 403 Forbidden
FROM: <sip:[email protected]>;epid=epid00;tag=af8d4a32c5
TO: <sip:[email protected]>;tag=1A2FD46AB32C93C71252508422122A62
CSEQ: 2 REGISTER
CALL-ID: cd6769facadf4da68a88921dfc5a4807
VIA: SIP/2.0/TLS 192.168.0.23:57752;branch=z9hG4bKf130bb10;ms-received-port=57752;ms-received-cid=40200
CONTENT-LENGTH: 0
AUTHENTICATION-INFO: Kerberos rspauth="602306092A864886F71201020201011100FFFFFFFF764B3F8B7D0AE7EC1B6FE36DAA9B10B1", srand="C0091F30", snum="1", opaque="EE6E2772", qop="auth", targetname="sip/Fileserver.LJ.local",
realm="SIP Communications Service"
ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from URI";source="Fileserver.LJ.local";AuthenticatedIdentity="LJ\nancy"
ms-diagnostics-public: 4004;reason="Credentials provided are not authorized to act as specified from URI";AuthenticatedIdentity="LJ\nancy"
Suggested Resolution: Use the maximum hop count to determine the server that generated this error. For example, if the maximum hop value is 2, then it is likely that this error was generated by a server that is 1
(immediate target) or 2 hops away. If the target server supplied and the home server for the user are different check the trust relationship between them. If the target server is an access edge server then check whether the internal supported
domain list contains the domain of this user. In addition, check the forest-level domain supported list and make sure the user domain is present. Finally, run the dbanalyze tool on the home server to check whether the user is homed and
configured correctly.
Suggested Resolution: Ensure that the supplied credentials are appropriate for the supplied user. If the user has been moved recently, run dbanalyze to ensure that the user is homed correctly.
Failure
[0xC3FC200D] One or more errors were detected
Maximum hops: 2
Successfully established security association with the server: User nancy Domain lj Protocol NTLM Target Fileserver.LJ.local
Failed to register user: User sip:[email protected] @ Server Fileserver.LJ.local
Failed registration response: [
SIP/2.0 403 Forbidden
FROM: <sip:[email protected]>;epid=epid01;tag=e91f12148
TO: <sip:[email protected]>;tag=1A2FD46AB32C93C71252508422122A62
CSEQ: 5 REGISTER
CALL-ID: 9ac9e3fe41f64e6587b7e744ef4eabc4
VIA: SIP/2.0/TLS 192.168.0.23:57752;branch=z9hG4bK53b7532;ms-received-port=57752;ms-received-cid=40200
CONTENT-LENGTH: 0
AUTHENTICATION-INFO: NTLM rspauth="010000002A86488630F580CBB5BBDB1F", srand="D34E3231", snum="1", opaque="9FC5005B", qop="auth", targetname="Fileserver.LJ.local", realm="SIP
Communications Service"
ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from URI";source="Fileserver.LJ.local";AuthenticatedIdentity="LJ\nancy"
ms-diagnostics-public: 4004;reason="Credentials provided are not authorized to act as specified from URI";AuthenticatedIdentity="LJ\nancy"
Suggested Resolution: Use the maximum hop count to determine the server that generated this error. For example, if the maximum hop value is 2, then it is likely that this error was generated by a server that is 1 (immediate
target) or 2 hops away. If the target server supplied and the home server for the user are different check the trust relationship between them. If the target server is an access edge server then check whether the internal supported
domain list contains the domain of this user. In addition, check the forest-level domain supported list and make sure the user domain is present. Finally, run the dbanalyze tool on the home server to check whether the user is homed and
configured correctly.
Suggested Resolution: Ensure that the supplied credentials are appropriate for the supplied user. If the user has been moved recently, run dbanalyze to ensure that the user is homed correctly.
Depending on how you rolled back Active Directory, you may have entered a situation called "USN Rollback" where your rolled back DC stops replicating with the rest of the DC's in the infrastructure.
This will cause issues like what you are experiencing, and much worse in the long term, such as machines getting dropped from the domain, and user password becoming inconsistent, since you're essentially maintaining two copies of your domain that cannot
talk to each other...
Here are more details: http://support.microsoft.com/kb/875495
I'd recommend resolving the underlying AD issue by removing the restored DC from the infrastructure (you may have to force demote and remove metadata). Once AD is 100% functional then you can start troubleshooting OCS sign in issues, but my guess is they
will resolve themselves once the restored DC is removed.
Hope this helps,
Gonzalo
Similar Messages
-
Few users are unable to sign in after we added 2 more front end servers in existing pool?
Hello,
We have recently extended the Lync 2010 Enterprise pool with 2 Front end servers. Now we have totally 6 Front end servers.
After this change some users are unable to login. Error message: "Cannot loggin as server is temporarily unavailable"
Captured, client logs and received the following:
ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from URI";
We have the following security settings on the newly added front end servers:
Network security: Minimumsecurity for NTLM SSP Based clients - set to - Require 128-bit encryption
In other existing front end servers, it has been set to - No minimum.
Questions:
1. Is that the issue for signin failure?
2. Do we need to change this option to - No minimum in new servers and reboot it?
Please advise. MUCH THANKS.Hello
Those clients running in Windows 7 OS. And the error is different:
"Cannot loggin as server is temporarily unavailable"
Thanks -
We have Lync 2013, Exchange 2010 and several AD
servers in mixed mode 2003/2008.
All user are unable to see their own profile photo
either in the main Lync window, in the settings or in a chat although other user can see that their photo is there and displaying. The user experiencing the issue can go open Outlook 2013 client and will see their photo displaying correctly in the file menu
(and elsewhere) here.
I have confirmed this happens with any new users I set up as well. We have gone through a fair amount of troubleshooting with other Lync photo issues and simple fixes such as deleting the SIP cache folder etc proves to be ineffective.
Our Cs-ClientPolicy Global is set to websearchonly.
We have "Replicate this attribute to the Global Catalog" set
for the ThumbnailPhoto attribute in AD.
We are also forcing photos from AD only (or no photo) by setting the following:
"Set-CsClientPolicy -Identity PhotosControl -DisplayPhoto
PhotosFromADOnly"
and finally we are importing the photo in ad using this PS command:
"Import-RecipientDataProperty -Identity "Test User"
-Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\testuser.jpg" -Encoding Byte -ReadCount 0))"
The pictures being uploaded are under 10KB in size.
I have followed many threads and will provide any information I can to help find the problem. Thank you in advance.
EDIT: I have also tried the following but with no success: https://knowledge.zomers.eu/misc/Pages/How-to-fix-your-photo-not-showing-up-in-the-Lync-client.aspxHi Jdentremont,
Lync client gets user photos by first querying the Address Book Web Query (ABWQ) service on the server, which is exposed through the Distribution List Expansion web service. The client receives
the image file and then copies it to the user's cache to avoid downloading the image each time it needs to be displayed. The attribute values returned from the query are also stored in the cached Address Book Service entry for the user. The Address Book Service
deletes all cached images every 24 hours, which means that it can take up to 24 hours for new user images to be updated in the cache on the server.
To troubleshoot your problem, please follow the steps below:
1. Navigate to
“X:\share\1-WebServices-1\ABfiles\000000000\000000000” folder. (ABS file share)
You should see some photo files in this folder as the following screenshot.
2. Delete all the files in this folder.
3. On test PC, delete local cache files.
%userprofile%\AppData\Local\Microsoft\Office\15.0\Lync\[email protected]
4. Sign-in Lync with the test account.
5. Go back to the ABS file share, check if there is any Photo file in the folder.
Best regards,
Eric
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
New users are getting "cntl_error" whenever login into the portal
Dear Experts,
New users are getting "cntl_error" whenever login into the portal. They are accessing .par application. I have read so many threads, but unable to find exact solution.
I have tried in my browser with the user login, then no error. But the user login there end then its giving "cntl_error" error.
Problem with Internet Explore Browser? Any additional setting required for users browser?
Could you please help me, how to resolve this error.
Thanks in Advance.
Regards,
Vijay.Hi Vijay,
Check this thread - "CNTL_ERROR" raised,error key: RFC_ERROR_SYSTEM_FAILURE- Show Team Calendar , this might help you on what you are looking for.
Regards,
Sen -
Windows Server 2012 R2 RDS: RDS Users are unable to delete files from their desktop
Hello,
We are working with Windows Server 2012 R2 RDS. We also implemented User Profile Disks. This is all working fine without problems. The only issue I have is that normal users are unable to delete files from their desktop. They are getting a message:
you'll need administrator permission to delete this file, with the prompt for administrator access.
They can edit, copy, rename, cut and paste files. But they cannot delete a file from their desktop.
I checked the security permissions of the files on the desktop (for example a normal self-created PDF file) and the users are owner and have "Full Control" over the files.
I checked the file permissions and took a look under "Advanced", selecting the specific domain user and checked the "Advanced Permissions" and the user has the "Delete" option checked. So he should be able to delete the
file.
I am guessing this is UPD related issue, or something in GPO. But I already unlinked the GPO objects, that I felt could be the source of this problem, but without results.
Could someone give me a hint on where to look? It's kinda annoying to users, that they can't delete their own files.Hello Bria,
What you should check first, is the NTFS permissions on the User Profile Disk to begin with. See if the user has full control over the items that are in the UPD.
Also check the GPO's that are enabled for the user and computer account. You can check that by running: gpresult /h <path>\gpresult.html
There are two GPO settings that could prevent the user from deleting his/her own items:
User
Configuration\\Policies\\Administrative Templates\\Windows Components\\Windows Explorer\
Hide these specified drives in My Computer
Prevent access to specified drives in My
Computer
There might be other GPO settings, that block deleting items on the UPD, but can't think of any out of my head.
I can only think NTFS and GPO settings that might prevent the user from deleting items. In my case it was a GPO setting, that I didn't suspect. -
PC Users are unable to check Outlook while my (mac) Mail is open
Ever since I upgraded to 10.4, whenever I have my Mail application open, the PC users are unable to check their IMAP mail through Outlook. The PC Users and myself are all using different accounts, but are checking the same server.
At first, this seemed like it was a coincidence... but then I shut my powerbook and they could check their again. I have to use a web mail client to check my email when I am on the network at work.
Any ideas to resolve this issue? Mail is set to check every 5 minutes.AA8 and AA9 allow Reader Rights so the user can save the form. This is restricted by the license to 500 uses. In the long run, the only advantage of the Reader Rights is for your users, not for you. You can always import the data into the form and have the same result as they had in the form. It is not necessary to transmit the full form to you, only the data. If you were developing a web form that would likely exceed the 500 uses, you would have to negotiate a price with Adobe for Reader Rights (thousands of $$ should be expected).
If saving is important in a company environment, not online, then you may want to read the EULA carefully as to the exceptions. You will still have to have at least AA8.
I guess the printing problem was answered. -
Everyone Except External users are unable to access the subsites
We have a SharePoint online site, in which we have given read permissions to
Everyone Except External Users in the parent site. Now, the users are able to access the parent site. But for sub sites, we have stopped inheriting permissions from the parent site and have given read permissions to Everyone Except External Users in
sub sites as well. But users are unable to access the sub sites. They are getting access denied message.
Can any one help me to resolve the problem?
Thanks in advance!
Anjani.Hi,
Please check below links. They encountered similar issues and they had some assets (Page Layout or master page) checked out by users in sub site due to which users with read permission could not access.
http://sharepoint.stackexchange.com/questions/75263/user-has-correct-permissions-for-subsite-but-access-is-denied
http://sharepoint.stackexchange.com/questions/90478/prevent-access-denied-error-for-domain-users
Hope it helps!
Thanks,
Avni Bhatt
If this helped you resolve your issue, please mark it Answered -
Most of the users are unable to buy apps from Indian App Store. Pl. fix it
We are fellow users here on these forums, we won't know if/when other payment cards might be added to the Indian iTunes store until if/when Apple announce something. Based on what some people have posted some Indian debit cards are still accepted e.g. Re: can i download from itunes using debit card in india ?.
If you want to leave feedback for Apple then you can do so via this page : http://www.apple.com/feedback/ -
we are unable to sign in to iMessages, wifi connection is fine but we get the error message, pls check your network connection. Does anyone know how to fix this
there has been a big problem with facetime and imessage. The best solution for this case is to restore your device http://support.apple.com/kb/HT1414
Make sure you back it up. and I would set up facetime before you reinstall your backup and make sure its working. -
New users are not updated in Outlook address book (Offline)
Hi All,
We are having an Exchange 2010 environment. from few weeks we are experiencing this issue. When we create new user or change the name of a existing user, it is not updated in outlook address book. Can anyone help me to sort this issue?.
Regs,
Sachitha.What is the Outlook client you are using? Is it 2003 or 2007+
You are right, you don;t have to update the OAB manually, the kind of issue you are facing is very know (As far as I experienced). After you update the OAB manually, check the issue and it should be fine.
After that create a Test User and check in Outlook if you see it populated.
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com Twitter:
LinkedIn:
Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Users are unable to print from Adobe Reader X
Hi,
Multiple users in our environment report that they are unable to print from Adobe Reader X. They receive the following error messages (translated from Dutch) Document cannot be printed. There are no pages selected.
We are using Reader version 10.1.3
What we have tried to resolve the issue (without any positive results):
- Repair the installation of Adobe Reader.
- Update Adobe Reader to the latest version for Vista (x86) (10.1.7)
- Created new user profile for the affected users.
The documents can be printed without any errors from Foxit Reader.
At the moment we use the following workaround:
Open the document in Internet Explorer, and then print the document from there.
Does anyone have any idea how we can resolve this?
Best regards,
DuncanJames,
I'm sorry to hear that you were having the same problem under 9.5. I had recently updated to Adobe Reader 10 under Windows 7 and yesterday my "default printer" simply disappeared from the options on my control panel. I re-installed my printer, but today whenever I would open a PDF document and try to print it, the document would simply close with no further ado. After a bit of trial and error, I ended up uninstalling Adobe Reader 10 and going back to Adobe Reader 9.5. Now everything is working just fine.
nlncmjd -
A Pool users are unable to Join the meeting
Hi,
We have a set of users from a pool which is meant for a different site, they are unable to join the meeting. Once they click on Lync meeting in Lync meeting invite, they get the error -
error: A server error occurred. Please contact your support team.
Can you guide me what tests can be performed to troubleshoot this?
Please note: we have 2 sites and the certificate tool checker shows na-join.danahermail.com and eu-join.danahermail.com certficate to be missing an intermediate certificate. Could that be the cause of the issue or I need to check something else?
Thanks & Regards,
Vinay MishraHi,
Would you please elaborate your Lync Server environment?
Please make sure all FE Server services started as normal.
Please also double check if you configure the correct certificate for FE Servers.
More details:
https://technet.microsoft.com/en-us/library/gg398094(v=ocs.14).aspx
Make sure that you add the meet URL such as meet.contoso.com in internal DNS and in the SAN of the FE Server certificate.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Users are unable to access Essbase data-corrupt group
Someone moved a hyperion user to an ldap directory group that hyperion couldn't access which seems to have corrupted the group to which the ID belongs. I got rid of the ID but the users are still experiencing problems accessing essbase data. We have 9.3.1 and I have refreshed security filters and recycled many times. Does anyone have any suggestions? Should I reimport the secfile.txt?
Where I need to check the logs in tbl Logs under Appserver?
Well, I am unable to see complete input schedule. I have unprotected the sheet still there is data N38 but able to see before row 58. unable to expand.
Kindly suggest. -
Project Online - Lite Users Are Unable to See projects in their view
Hi Everyone - I have recently added several new projects and added some new users. I have added these new users, assigned the lite license to each of them, and shared the PWA site with them. However, when they sign in, they do not see any new projects. The
Project Center has no projects listed, just empty lines. I have verified they are resources on some and owners on others to see if that made a difference, but that does not work. Any help would be greatly appreciated.
Thanks,
PeterHi Peter,
This means that you are using the SharePoint permission mode which is indeed the default permission mode with Project Online. Thus you have to share each project and site manually with the users.
See this blog:
http://www.prasannaadavi.com/2013/08/exploring-sharepoint-permissions-mode.html
That being said, I'll suggest to have a look at the
permission modes. The SP permission mode requires a lot of manual operation to give access to every single user on their projects. The PS permission mode is much more granular and requires less operations once
configured.
Hope this helps,
Guillaume Rouyre, MBA, MVP, P-Seller | -
Users are unable to login (HD is located on an AFP or SMB server message)
I've searched on here, but nothing I've tried helps.
This is only happening on certain machines in a building. They have all been re-imaged multiple times. Other machines in other buildings running the exact same setup work fine. It's a 10.4.7 client trying to login to a 10.3.9 server. They get the AFP or SMB error message. They can go to another machine in the building, and login, so it's not their account.
The only thing that I've found will temporarily fix the problem is restarting the server. Right after it comes back up, they can login fine.
I've triple checked their account settings, created brand new user accounts, we've re-imaged the machines, changed computer names (worked for half a day), trashed the DCHPleases file on the server, ran all updates on both clients and server.
Help me!!!
MacBook Mac OS X (10.4.7)This error msg means that the users area is stored on an AFP volume, ie the server which needs to be mounted onto the client mac before the user logins.
What happens is the server boots up, and has share points, /Users for users area. the client then boots up and automounts this volume as /Network/Servers/servername/Users or close to that.
Then a user logs into the login window, the server authenitcates the user and tries to grant them access to the Users volume, if this volume has been unmounted then they user cant get access to thier home folder and thus cant login
This could be caused by network issues, switches, hubs, etc and the client has been cut off from the server, a reboot of the client mac should fix the issue. Then check your switches or hubs
Maybe you are looking for
-
Lost mail after disabling and re-enabling an account
Using Mail 3.6 on Leopard 10.5.7. I was setting up new MobileMe accounts for myself and my wife. She previously had mail checking a gmail account. After the mobileme account was set up on mail, I unchecked the enable account box in the gmail account
-
Hello SAPians, There is an issue from user relating to Baseline date:is as follows User is trying to change the payment blocking in FBL1N, in doing so, the baseline date is being changed automatically. I checked the Payment terms for that vendor ,the
-
Photoshop CS6 - transfer video .psd to another pc
Hello all, I am new to the community and hope that someone can help me out. I have been doing a video timeline project for a college course using Photoshop CS6. I have my file saved and updated on my laptop. I attempted to transfer this file to
-
I couldn't see any music on iTunes that I had previously saved. I looked in Previous iTunes library. "Previous iTunes Library" now appears at the top of my iTunes screen, is this the problem? If so how do I fix it so i can access my saved music?Also
-
my itouch was not backed up to itunes or icloud before malfunctioning. Can I restore Apple store Apps I have purchased?