Pcnscfg, domain wide setting?
When you're implementing PCNS, once you have PCNS installed on all your DCs and you add a target using the Pcnscfg.exe addtarget command in the command prompt. Is this setting domain wide? Do you run it just once on one of the DCs and the value for the
target FIM instance will replicate to all the others or do you need to run the command on each DC with PCNS installed?
All settings are stored in configuration partition not in Schema.
One thing that is good to know and that I could not find. If you PCNS is installed in a different forest the SPN should be created in the domain that the target server is in. The pcnscfg.exe will tell you about that the SPN is missing but it's ok if you
got it right.
/Robert
Similar Messages
-
Enterprise Edition 5 domain-wide SSL cert
We have a domain-wide cert (valid for hostnames *.uwrf.edu) we'd like to use for new installs of DSEE v5.2 2005 Q4. The Manage Certificates task, as well as the documentation I can find on certutil, assume that you will be generating the private key for Directory Server certs on the host in question, and within the Sun tools to boot. Neither of those is true when you create a cert to be used domain-wide. Is it possible to convince the DS cert store to use the private key and cert we already have?
Is it possible to convince the DS cert store to use
the private key and cert we already have?Should be. Try using pk12util to set up your cert8/key3.db. It is part of the Mozilla NSS toolkit, which is the SSL package used by Sun DS.
http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html
It's included in recent versions of Solaris at /usr/sfw/bin/pk12util.
Good luck! -
WLST with Domain-wide Admin Port configured
Anybody tried WLST with Domain-wide Administration Port (DAP) turned on?
Is there a set of instuctions to change over smoothly to using the DAP URL instead
of the plain-text URL?
Thanks,
-RAJHello Raj, to use DAP start WLST as
java -Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.TrustKeyStore=DemoTrust weblogic.WLST
if you are using the demonstration SSL keys and certificates
Thanks,
-satya
Raj Sesetti wrote:
Anybody tried WLST with Domain-wide Administration Port (DAP) turned on?
Is there a set of instuctions to change over smoothly to using the DAP URL instead
of the plain-text URL?
Thanks,
-RAJ -
Domain-wide administration port?
Hi,
I tried to start a cluster of 2 servers across 2 physical machines, I got error and server starting failed:
"Starting Managed Servers in Standby mode requires the domain-wide administration port."
My topology is as following:
Domain A is created in machine A and copy to machine B:
Machine A: admin serverr at port 8001. Managed server at port 8088 of cluster1.
Machine B: Managed server at port 8088 of the same cluster1.
What is wrong? Why I cannot start cluster? Why I got error " need domain-wide administration port"? What is "domain-wide administration port"? Why my created domain admin server at Machine A didn't work?
Your prompt help is highly appreciated. I am waiting for your help.
Thank you in advanceHi,
First of all the domain-wide administration port enables you to start a WebLogic Server instance in STANDBY state. It also allows you to separate administration traffic from application traffic in your domain.
so check in ur console whether u have specified the start up mode as STANDBY.if so change it to Running and try restarting the server:-
You can do that by chking the below link:-
http://e-docs.bea.com/wls/docs92/ConsoleHelp/taskhelp/startstop/SpecifyAStartupMode.html.
Domain-wide administration port is used when you have configured ssl for ur servers. Refer http://e-docs.bea.com/wls/docs103/ConsoleHelp/taskhelp/domainconfig/EnableTheDomainwideAdministrationPort.html for more info. -
Datasync and domain Wide administration port problem
Hi,
After enabling domain wide administration port in WLP 8.1, wee start to see following
exception on our managed servers log file. This happes in every mananaged server.
Datasync.war is deployed only in adminserver as the manual says. We see this error
every time we boot our managed servers.
Any ideas?
####<Nov 3, 2003 11:00:27 PM EET> <Error> <DataSync> <demomachine> <ManagedServer1>
<main> <<anonymous>> <> <BEA-400618> <Creation of the Master Data Repository failed.
Application data will not be available to services. Correct the problem and redeploy
the application.
java.lang.SecurityException: User <anonymous> does not have access to the administrator
port.
Regards, MikaCause might The managed server was given a URL to boot from that resolves to a managed server address. If the managed server is running on the same machine as the admin server, this can be caused by a failure to specify a unique admin port.
Inspect the address:port provided to the managed server from which to boot. This address should be changed to reference the admin server rather than resolving to a managed server. If the managed server is running on the same machine as the admin server, you must differentiate them by providing a unique port number.
Now we log a clear message that prints something like ,
The address provided to get to the admin server x.x.x.x resolves to a m
anaged server local address x.x.x.x:nnnn rather than a remote address as
expected, or the local managed server port might already be in use if you
have setup domain wide admin port, please check the configuration and correct
the problem.
Regards,
Prasanna Yalam -
Domain wide administration port and node manager
I need a little help understanding how to properly configure the domain-wide
administration port in a clustered domain using node manager. After I enabled
the port in my domain, node manager will no longer start the managed servers
running on the same box as the domain's admin server. I don't have problems
starting remote managed servers. I see the problem but I don't know how to
fix it.
<Error> <Configuration Management> <BEA-150019> <The address provided to
get to the admin server (https://<host>@port) resolves to a managed server
local address (host@port) rather than a remote address as expected, or the
local managed server port might already be in use if you have setup domain
wide admin port, please check the configuration and correct the problem.>
The host I'm specifying is the host of my admin server, the port is the domain-wide
administration port. I don't get this error when starting my remote managed
servers, only the managed servers running on the same box as the admin server.
GrantCause might The managed server was given a URL to boot from that resolves to a managed server address. If the managed server is running on the same machine as the admin server, this can be caused by a failure to specify a unique admin port.
Inspect the address:port provided to the managed server from which to boot. This address should be changed to reference the admin server rather than resolving to a managed server. If the managed server is running on the same machine as the admin server, you must differentiate them by providing a unique port number.
Now we log a clear message that prints something like ,
The address provided to get to the admin server x.x.x.x resolves to a m
anaged server local address x.x.x.x:nnnn rather than a remote address as
expected, or the local managed server port might already be in use if you
have setup domain wide admin port, please check the configuration and correct
the problem.
Regards,
Prasanna Yalam -
HT5622 why I cannot use an apple domain to set up an apple ID?
why I cannot use an apple domain to set up an apple ID?
You cannot use an existing @mac.com, @me.com or @icloud.com address to become an Apple ID because they either already are one or are associated with an existing one, and in the latter case these cannot be moved to another ID.
The option is be there to create an @icloud.com address as use it as an ID when you create an iCloud account - please see imp68's post here:
https://discussions.apple.com/message/22283348#22283348 -
What is the domain name setting under internet tcp/ip?
In the airport utility > Internet > TCP/IP panel, what is the 'Domain Name' field used for?
The Domain Name setting would be that of your ISP. For example, I have Cox as my ISP. My Domain Name setting is: cox.net
This field is not mandatory and is used to establish the appropriate domain that your Public IP address is located to assist DNS in directing requests. -
SSO using a domain wide cookie
Hi,
I need to implement SSO b/w two web applications deployed on two different weblogic
servers(8.1) under same dns domain and same weblogic domain.Both of the web applications
use Form based authentication.
Both of them have their session configured for file persistence and have a cookie
with same name.
I am not able to make SSO work with above mentioned set up.
Can somebody pls tell me if above mentioned setup is sufficient for SSO implementation
or do I need to do something else?
Thanks,
Roopali
Reference article http://dev2dev.bea.com/products/wlplatform81/whitepapers/wlp_81_sso.jsp#CrossThought I'd update this inc ase someone ever has the same problem.
Now have port number based SPN's working fine with multiple J2EE systems on the one host using SPNEGO. The fix on the client end was the MS KB I linked in the op, this fix works with all versions IE (6, 7, 8, 9). -
HT4864 windows mobile 7.5 asks for the domain when setting up email accounts
can anynoe tell me what the icloud domain is?
It sounds like Verizon set your data plan up wrong. They may have activated you for a Enterprise Server plan but not a regular BlackBerry Internet Service plan. This would cause the exact issue you are having when you go into email setup. You see the no accounts activated error then right below that it has a place for you to place your Enterprise email and password. Call Verizon back and get them to provision you correctly for personal email.
-
The times new roman font is wider set on some of my document compared to others
I am writing multiple essays right now, yay college, in iwork Pages. On one of them, the font has more space in between the letters and on the other is is more narrow set. I have the same font settings (Times New Roman, regular and double spaced) for both of my documents so I can't figure out why the fonts look different. they have about the same number of words and yet one of them is longer by almost half a page. I like the way the wider-spaced font looks so I'm trying to figure out how to make the narrow spaced font in one essay look like the wider spaced font in in the other essay.
Can anyone help? :/Check in Font Book whether you have 2 versions of Times New Roman installed, you may have got a second from an installation of MsWord.
Is one of the documents perhaps converted from a Word .doc?
Also check:
Inspector > Text > Text > Spacing > Character
Peter -
Submitting tickets with using a single domains user set.
Hi,
We have service manager 2012 sp1 UR4. We have connectors to 3 different active directory sets in 3 different domains.
We would like to have all of our incident management tickets only use 1 of the domains set of users but as it sits now, we might show the user in all 3 domains domain1\lance_lyons, domain2\lance_lyons and domain3. We only want domain1's set of
users to be selectable (reporter, assigned to, etc, etc).
How do we do this in Service Manager? Do i have to shutdown the 2 AD connectors that we dont want to use?
Thanks
Lance
Thanks LanceHi,
For any user picker target towards IT, you can scope those user pickers using the Global Operators Group. (This Group is pre-created by default and is located under Library -> Groups. You just need to configure it). Using the Global Operators Group you
can scope the User Pickers targeting IT to only show users from Domain1 (User Pickers targeted IT are for example, Assigned To, Primary User)
There is no easy way to scope any of the other User Pickers on the forms (those targeted the End Users). But here's a couple of workarounds:
1. Remove the user CIs from the other domains (as you wrote)
2. Create a new Group only containing users in Domain1, then make sure to only give your analysts access to that particular Group in your User Role.
3. Create your own Custom Control using Visual Studio and replace the original User Picker on the forms with this custom made.
Regards
//Anders
Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se -
Keyboard Layout User Account Domain Wide Issue
I have a 2008 R2 Standard as my Domain Controller and File Server, 2012 R2 Standard Remote Desktop Server and 2012 Standard Server running some applications.
All my computers log on and switch the default keyboard layout to Canadian English with the French layout. I have tried to install US English and removed the Canadian layout, and even after removing it the Canadian Multilingual layout keeps coming
back as default. I am lost as to the reason and do not know how to fix this. I even opened registry and US English is the only keyboard layout listed.
Ideas?
Thanks.Hi,
At first, I would check that registry key;HKEY_USERS\.DEFAULT\Keyboard Layout\1
What do you see ?
And, if the value is ok there, you could make sure the imported keyboard is not check;
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout
IgnoreRemoteKeyboardLayout (REG_DWORD) = 1
With the above two key, the new users will always get the default layout. Just watch out as user profile already created might have the bad keyboard.
Edited; I wrote my answer first answer as if it's an issue when they logon the RDS's server, but if it's locally on their workstation, check the default layout in the first registry I give. If you see an 1109, or something like that it's more the canadian's
keyboard code.
Regards, Philippe
Don't forget to mark as answer or vote as
helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
Answer an interesting question ? Create a
wiki article about it! -
System wide setting for View Options
I like to view documents/folders in Name order, this is simple to do via the View Options menu and select Name for the particular folder you are viewing at the time, there must be a way to set this parameter for the whole system, but i can't find it ...... anyone ??
Thx
JohnJohn,
Open up a finder windows and 'right' click, selecting 'Show View Options'. You can change all your defaults which should change subsequent folder options. Just change arrange by to what you want and click 'Use as Default' on the bottom. -
Stand-alone media, how to domain join & set computername?
Hi
I've created a stand-alone media. The computer is connected to the network.
After the setup, the computer (it is already in a collection in sccm with the correct mac address) won't renamed correctly and won't join in the domain.
What do I need to have the machine staged via stand-alone media have a correct host name and joined in the domain?
Thx for the reply.Hi,
Please take a look at this thread:
http://social.technet.microsoft.com/Forums/en-US/configmgrosd/thread/b435dc26-bdc2-4b3d-a305-2e105eaf9a57
Maybe you are looking for
-
Can I connect my iphone 5s to a projector?
I would like to no if there is a special cable for connecting a iphone 5s to an old school projector or connecting it to a tv? Or maybe a cable for the ipad class projector? Thanks!
-
I've tried to download the Woodvine Media Optimizer, which is require to view videos via Hoopla, a library service, and first I get a dialog box saying "Firefox prevented this site (tools.google.com) from asking you to install software on your comput
-
Login issue after Firmware Upgrade Ver.4.21.5 for WRT54g v2
I just updated the firmware to Ver.4.21.5. After I log in to the router, each time I change Tabs or I save a change I am prompted for the Admin password. This is annoying, but not a limiting factor for changing settings. Is there a fix for this? T
-
I'm trying to run a webservice client on jdk1.5 and gives me the following error: javax.xml.ws.WebServiceException: Provider com.sun.xml.internal.ws.spi.ProviderImpl not found Any suggestions will be appreciated.
-
How do I uninstall In-Home Agent when it's not listed in Control Panel?
My PC crashed and some files including In-Home Agent were corrupted. Attempted to delete In-Home Agent from Control Panel but the program was not listed. Then tried to download In-Home Agent but it would not install over fragments of the previously