Principal Name for Active Directory "Domain Users"
Hi,
I successufully integrated Weblogic & Active Directory Kerberos (SSO). I tested a web application and successifully logined it with authentication.
The system automatically recognized my Active Directory username. It worked.
For authentication in my weblogic.xml I used
<security-role-assignment>
<role-name>admin</role-name>
<principal-name>kursat</principal-name>
<principal-name>fenerbahce</principal-name>
</security-role-assignment>
Now I'm trying to allow all domain members to authenticate my application. For my application I only need the actice directory usernames for them.
For this purpose, I removed "kursat","fenerbahce" from my weblogic.xml
<principal-name>kursat</principal-name>
<principal-name>fenerbahce</principal-name>
I added
<principal-name>Domain Users</principal-name>
instead of writing all domain users.
However I couldn't authenticate. I got the "Error 403--Forbidden"
Is there anyone can help me?
test by creating a groups under Domain Users and use it as your principal name in your weblogic.xml
-Faisal
http://www.weblogic-wonders.com
Similar Messages
-
How to Name the Active Directory Domain Service for Local Server
Hello to everyone, I am Karthick from India, currently I am working as a System Engineer in a esteemed institution. So far we have only workgroup network setup now we are planning to migrate our workgroup to domain network. So we planned to install
Windows Server 2008 R2 64 bit server on Wipro Netpower Z1531 server and we have totally 150 systems in our premises and also a broadband connection with 512 kbps download speed and 144 kbps upload speed.
My questions starts here,
1.) what should be my FQDN name for my first domain controller? Our server will be connected to internet for downloading the updates only, so what settings I have to configure?
2.) We don't want other clients communicate with our server i.e. outside of our premises via router or any other.
3.) If suppose in future if we want to access our server from outside either from different town or different country what should I do for that access
Thanks in advance
S.R. KarthickFQDN name for my first domain controller
- FQDN is (by default) is your server name + FQDN of the Domain name
Domain Name - you can select whatever you want. It is an internal name. However, you can also, configure to match with your external domain name. Do you some search of
Split DNS structure.
My recommendation is to review the IPD guide for AD. You should be able to get all information.
http://technet.microsoft.com/en-us/library/cc268216.aspx
Santhosh Sivarajan | Houston, TX
Windows 2012 Book - Migrating from 2008 to Windows Server 2012
http://www.sivarajan.com/
This post is provided ASIS with no warran -
AFP only works for Active Directory "Domain Admins"
I have purchased a new XServe to add to our Active Directory domain as a member server. It all seems to work right except that only users in AD who are members of the "Domain Admins" group seem to function properly under AFP.
The Mac Clients can connect to our Windows boxes just fine and AD login's seem to work for loggin in any clients. I've created a shared volume on the XServe and when I try to access it via AFP with any user account that doesn't have Administrator rights I get "Invalid Login or Password" on the Mac Client.
Anyone got any ideas, this is driving me crazy.Post to the appropriate server forum or AD forum where people dealing with these products hang out.
-
Recommended Specs for Active Directory Domain Controllers?
Duffney wrote:Sosipater wrote:Duffney wrote:
Good to know, most have around the specs you're all recommending. Most have extremely high CPU reading, however I've found out that it's a security software causing this.Best practices would be that a DC run no more than AD DS, DNS, and DHCP.
Good point, I should also write a script to query the roles of each DC and work to migrate extra roles off it.Unless you're bouncing off of licensing limits, there isn't a good reason any more to run anything extra on your DC if you're virtualized.Sosipater wrote:Duffney wrote:
Good to know, most have around the specs you're all recommending. Most have extremely high CPU reading, however I've found out that it's a security software causing this.Best practices would be that a DC run no more than AD DS, DNS, and DHCP.
Good point, I should also write a script to query the roles of each DC and work to migrate extra roles off it. -
Failed to install Active directory domain services
Hi,
I've installed the AD Domain Services on Windows2008R2 by following this guide http://technet.microsoft.com/en-gb/library/cc755059%28WS.10%29.aspx. After click 'Install', step 6, it showed failed to install but there is no clue why it was failed, at all.
Here is a log I copied from C:\Windows\logs\ServerManager.log
2204: 2011-01-05 12:57:54.333 [InstallationProgressPage] Loading progress page...
2204: 2011-01-05 12:57:54.411 [InstallationProgressPage] Begining Sync operation...
2204: 2011-01-05 12:57:54.458 [Sync]
Sync Graph of changed nodes
==========
name : Active Directory Domain Services
state : Changed
rank : 1
sync tech: CBS
guest[1] : Active Directory Domain Controller
guest[2] : Identity Management for UNIX
ant. : empty
pred. : empty
provider : null
name : Active Directory Domain Controller
state : Changed
rank : 4
sync tech: CBS
ant. : .NET Framework 3.5.1
pred. : Active Directory Domain Services, .NET Framework 3.5.1
provider : Provider
2204: 2011-01-05 12:57:54.458 [Sync] Calling sync provider of Active Directory Domain Controller ...
2204: 2011-01-05 12:57:54.473 [Provider] Sync:: guest: 'Active Directory Domain Controller', guest deleted?: False
2204: 2011-01-05 12:57:54.473 [Provider] Begin installation of 'Active Directory Domain Controller'...
2204: 2011-01-05 12:57:54.473 [Provider] Install: Guest: 'Active Directory Domain Controller', updateElement: 'DirectoryServices-DomainController'
2204: 2011-01-05 12:57:54.473 [Provider] Installation queued for 'Active Directory Domain Controller'.
2204: 2011-01-05 12:57:54.473 [CBS] installing 'DirectoryServices-DomainController ' ...
2204: 2011-01-05 12:57:55.020 [CBS] ...parents that will be auto-installed: 'NetFx3 '
2204: 2011-01-05 12:57:55.020 [CBS] ...default children to turn-off: '<none>'
2204: 2011-01-05 12:57:55.036 [CBS] ...current state of 'DirectoryServices-DomainController': p: Staged, a: Staged, s: UninstallRequested
2204: 2011-01-05 12:57:55.036 [CBS] ...setting state of 'DirectoryServices-DomainController' to 'InstallRequested'
2204: 2011-01-05 12:57:55.051 [CBS] ...current state of 'NetFx3': p: Installed, a: Installed, s: InstallRequested
2204: 2011-01-05 12:57:55.051 [CBS] ...skipping 'NetFx3' because it is already in the desired state.
2204: 2011-01-05 12:57:55.098 [CBS] ...'DirectoryServices-DomainController' : applicability: Applicable
2204: 2011-01-05 12:57:55.114 [CBS] ...'NetFx3' : applicability: Applicable
2204: 2011-01-05 12:57:55.770 [CbsUIHandler] Initiate:
2204: 2011-01-05 12:57:55.770 [InstallationProgressPage] Installing...
2204: 2011-01-05 12:58:49.176 [CbsUIHandler] Error: -2147021879 :
2204: 2011-01-05 12:58:49.176 [CbsUIHandler] Terminate:
2204: 2011-01-05 12:58:49.254 [InstallationProgressPage] Verifying installation...
2204: 2011-01-05 12:58:49.270 [CBS] ...done installing 'DirectoryServices-DomainController '. Status: -2147021879 (80070bc9)
2204: 2011-01-05 12:58:49.270 [Provider] Skipped configuration of 'Active Directory Domain Controller' because install operation failed.
2204: 2011-01-05 12:58:49.270 [Provider]
[STAT] ---- CBS Session Consolidation -----
[STAT] For
'Active Directory Domain Controller'[STAT] installation(s) took '54.7870005' second(s) total.
[STAT] Configuration(s) took '0.0003053' second(s) total.
[STAT] Total time: '54.7873058' second(s).
2204: 2011-01-05 12:58:49.270 [Provider] Error (Id=0) Sync Result - Success: False, RebootRequired: True, Id: 110
2204: 2011-01-05 12:58:49.286 [Provider] Error (Id=0) Sync Message - OperationKind: Install, MessageType: Error, MessageCode: -2147021879, Message: <null>, AdditionalMessage: The requested operation failed. A system reboot is required to roll back changes
made
2204: 2011-01-05 12:58:49.286 [InstallationProgressPage] Sync operation completed
2204: 2011-01-05 12:58:49.286 [InstallationProgressPage] Performing post install/uninstall discovery...
2204: 2011-01-05 12:58:49.286 [Provider] C:\Windows\system32\ServerManager\Cache\CbsUpdateState.bin does not exist.
2204: 2011-01-05 12:58:49.286 [CBS] IsCacheStillGood: False.
2204: 2011-01-05 12:58:49.786 [CBS] >>>GetUpdateInfo--------------------------------------------------
2204: 2011-01-05 12:59:46.520 [CBS] Error (Id=0) Function: 'ReadUpdateInfo()->Update_GetInstallState' failed: 80070bc9 (-2147021879)
2204: 2011-01-05 12:59:46.520 [CBS] <<<GetUpdateInfo--------------------------------------------------
2204: 2011-01-05 12:59:46.598 [DISCOVERY] hr: -2147021879 -> reboot required.
2204: 2011-01-05 12:59:46.739 [InstallationProgressPage] About to load finish page...
2204: 2011-01-05 12:59:46.739 [InstallationFinishPage] Loading finish page
2204: 2011-01-05 12:59:46.801 [InstallationFinishPage] Finish page loaded
I also checked the event viewer, here are the event properties occurred during the installation:
Initiating changes to turn on update DirectoryServices-DomainController of package DirectoryServices-DomainController-Package. Client id: RMT
Update Directoryservices-DomainController of package DirectoryServices-DomainController-Package failed to be turned on. Status: 0x80070bc9
Installation failed. A restart is required.
Roles:
Active Directory Domain Services
Error: The server needs to be restarted to undo the changes
Please help.
Thanks,
balrogzAnother thing to check is to ensure the server service is up and running.
http://blogs.dirteam.com/blogs/paulbergson/archive/2014/04/29/can-t-add-the-role-quot-active-directory-domain-services-quot-to-my-2008-r2-server.aspx
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security, BS CSci
2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup.
This posting is provided AS IS with no warranties, and confers no rights. -
Hi everyone,
I've been banging my head against this for a while and hope someone can help me.
Running Windows Server 2008 R2 Standard with Service Pack 1.
When I try to add the Active Directory Domain Services role to the server it gets to about 90% complete and then dies.
The ServerManager.log shows the following information, I have run the System Readiness Tool - output below - with no errors found.
At a loss on what to do next. The only other links I've found suggest rebuilding the server which I would really like to avoid...
Help appreciated,
John
ServerManager.log (extract)
==========
name : Active Directory Domain Services
state : Changed
rank : 1
sync tech: CBS
guest[1] : Active Directory Domain Controller
guest[2] : Identity Management for UNIX
ant. : empty
pred. : empty
provider : null
name : Active Directory Domain Controller
state : Changed
rank : 4
sync tech: CBS
ant. : .NET Framework 3.5.1
pred. : Active Directory Domain Services, .NET Framework 3.5.1
provider : Provider
8720: 2012-01-18 10:54:41.853 [Sync] Calling sync provider of Active Directory Domain Controller ...
8720: 2012-01-18 10:54:41.853 [Provider] Sync:: guest: 'Active Directory Domain Controller', guest deleted?: False
8720: 2012-01-18 10:54:41.853 [Provider] Begin installation of 'Active Directory Domain Controller'...
8720: 2012-01-18 10:54:41.853 [Provider] Install: Guest: 'Active Directory Domain Controller', updateElement: 'DirectoryServices-DomainController'
8720: 2012-01-18 10:54:41.853 [Provider] Installation queued for 'Active Directory Domain Controller'.
8720: 2012-01-18 10:54:41.853 [CBS] installing 'DirectoryServices-DomainController ' ...
8720: 2012-01-18 10:54:42.399 [CBS] ...parents that will be auto-installed: 'NetFx3 '
8720: 2012-01-18 10:54:42.399 [CBS] ...default children to turn-off: 'WCF-HTTP-Activation '
8720: 2012-01-18 10:54:42.415 [CBS] ...current state of 'DirectoryServices-DomainController': p: Staged, a: Staged, s: UninstallRequested
8720: 2012-01-18 10:54:42.415 [CBS] ...setting state of 'DirectoryServices-DomainController' to 'InstallRequested'
8720: 2012-01-18 10:54:42.430 [CBS] ...current state of 'NetFx3': p: Installed, a: Installed, s: InstallRequested
8720: 2012-01-18 10:54:42.430 [CBS] ...skipping 'NetFx3' because it is already in the desired state.
8720: 2012-01-18 10:54:42.430 [CBS] ...current state of default child 'WCF-HTTP-Activation': p: Installed, a: Installed, s: InstallRequested
8720: 2012-01-18 10:54:42.430 [CBS] ...skipped child 'WCF-HTTP-Activation' because it is already installed
8720: 2012-01-18 10:54:42.461 [CBS] ...'DirectoryServices-DomainController' : applicability: Applicable
8720: 2012-01-18 10:54:42.461 [CBS] ...'NetFx3' : applicability: Applicable
8720: 2012-01-18 10:54:42.539 [CbsUIHandler] Initiate:
8720: 2012-01-18 10:54:42.539 [InstallationProgressPage] Installing...
8720: 2012-01-18 10:54:42.758 [InstallationProgressPage] Verifying installation...
8720: 2012-01-18 10:54:42.758 [InstallationProgressPage] Installing...
8720: 2012-01-18 10:55:03.740 [CbsUIHandler] Error: -2147021879 :
8720: 2012-01-18 10:55:03.740 [CbsUIHandler] Terminate:
8720: 2012-01-18 10:55:03.787 [InstallationProgressPage] Verifying installation...
8720: 2012-01-18 10:55:03.802 [CBS] ...done installing 'DirectoryServices-DomainController '. Status: -2147021879 (80070bc9)
8720: 2012-01-18 10:55:03.818 [Provider] Skipped configuration of 'Active Directory Domain Controller' because install operation failed.
8720: 2012-01-18 10:55:03.818 [Provider]
[STAT] ---- CBS Session Consolidation -----
[STAT] For
'Active Directory Domain Controller'[STAT] installation(s) took '21.9535541' second(s) total.
[STAT] Configuration(s) took '0.0007754' second(s) total.
[STAT] Total time: '21.9543295' second(s).
8720: 2012-01-18 10:55:03.818 [Provider] Error (Id=0) Sync Result - Success: False, RebootRequired: True, Id: 110
8720: 2012-01-18 10:55:03.818 [Provider] Error (Id=0) Sync Message - OperationKind: Install, MessageType: Error, MessageCode: -2147021879, Message: <null>, AdditionalMessage: The requested operation failed. A system reboot is required to roll back changes made
8720: 2012-01-18 10:55:03.818 [InstallationProgressPage] Sync operation completed
8720: 2012-01-18 10:55:03.818 [InstallationProgressPage] Performing post install/uninstall discovery...
8720: 2012-01-18 10:55:03.833 [Provider] C:\Windows\system32\ServerManager\Cache\CbsUpdateState.bin does not exist.
8720: 2012-01-18 10:55:03.833 [CBS] IsCacheStillGood: False.
8720: 2012-01-18 10:55:04.333 [CBS] >>>GetUpdateInfo--------------------------------------------------
8720: 2012-01-18 10:55:34.784 [CBS] Error (Id=0) Function: 'ReadUpdateInfo()->Update_GetInstallState' failed: 80070bc9 (-2147021879)
8720: 2012-01-18 10:55:34.784 [CBS] <<<GetUpdateInfo--------------------------------------------------
8720: 2012-01-18 10:55:34.815 [DISCOVERY] hr: -2147021879 -> reboot required.
8720: 2012-01-18 10:55:34.831 [InstallationProgressPage] About to load finish page...
8720: 2012-01-18 10:55:34.831 [InstallationFinishPage] Loading finish page
8720: 2012-01-18 10:55:34.831 [InstallationFinishPage] Finish page loaded
CheckSUR.log
=================================
Checking System Update Readiness.
Binary Version 6.1.7601.21645
Package Version 13.0
2012-01-18 10:33
Checking Windows Servicing Packages
Checking Package Manifests and Catalogs
Checking Package Watchlist
Checking Component Watchlist
Checking Packages
Checking Component Store
Summary:
Seconds executed: 220
No errors detectedHi John,
Thanks for posting.
Performed some research and some results say that this problem can be caused by HD Write Caching.
To disable Write Caching:
1. Go to Device Manager.
2.Click the plus sign (+) next to the Disk Drives branch to expand it.
3.Right-click the drive on which you want to enable or disable disk write caching, and then click Properties.
4.Click the Disk Properties tab.
5.Click to select or clear the Write Cache Enabled check box as appropriate.
6.Click OK.
If no luck, Please check if any erros can be found in Event log, Dcpromoui.Log and Dcpromo.log
The following articles maybe helpful to you:
Known Issues for Installing and Removing AD DS
http://technet.microsoft.com/en-us/library/cc754463(v=WS.10).aspx
You cannot install Active Directory Domain Services
http://support.microsoft.com/kb/975142
Thanks
ZHANG -
hi, I'm using windows server 2012 R2 and I was Just wondering how to make the Remote Desktop enable connection through domain\administrator before actually creating the domain... In other words, I wanted to create an Active Directory Domain User and connect
to the server from the RDP. The problem is that I can only connect through the RDP considering that I'm using Windows Azure, so the physical server isn't actually sitting on my desk... Anyway when I create an AD DS the system automatically reboots and I'm
not able to connect to it anymore, so all I need to do right now is enable somehow the Remote Desktop Services to connect through "Domain\Administrator" before I actually create the AD DS and assign it to my server so that when the system reboots
and I open the RDP I can connect to the server.
Thanks in advance.Hi,
Thank you for posting in Windows Server Forum.
As per your comment, it seems that you are managing the server with .RDP file. I can suggest you to run
"Remote Desktop Connection Manager” for maintaining server. With that you can specify the credential for domain\administrator and when you setup the AD DS, after that you can open the connection through domain\administrator and not as local user.
Hope it helps!
Thanks,
Dharmesh -
Use principal name for email if blank in Active Directory
Hi all,
allthough I set "Use principal name for email if blank in Active Directory", Spiceworks asks me for an emailadress when i want to Login to the Portal with an AD user without emailadress.
This topic first appeared in the Spiceworks CommunityHi,
What if we change the user name of user account, will it have impact on roaming profiles.
Yes, it will affect roaming profiles. Please rename the roaming profile folder as the new user account name, in addition, change the profile path in ADUC.
Here is an related article below for you:
How to Rename a Windows 7 User Account and Related Profile Folder
http://social.technet.microsoft.com/wiki/contents/articles/19834.how-to-rename-a-windows-7-user-account-and-related-profile-folder.aspx
Best Regards,
Amy -
What Is The Domain Name System for Active Directory on My Computer a Mac OS X
When I try to bind my mac to an active directory domain I get the error message (“An invalid Domain and Forest combination was specified. You should enter a fully qualified DNS name for the domain and forest”). I have tried so many things,nothing works
Any suggestions?In general, the domain name you use must be correctly looked up (both backward AND forward) by the Domain Name Server you are using or using Active Directory or Open Directory will not work properly.
In general, the first-listed DNS Address for each workstation must be one that contains the Active Directory or Open Directory names.
You can use Network Utility "Lookup" function to test whether the names and the IP Addresses are looked up correctly. Both symbolic (e.g., mydomain.com) and numeric (e.g., 192.168.2.22) addresses of the Active directory server MUST lookup to the other.
In MacOS X Server installations with private, non-Internet-visible Domain names, this problem can be solved by providing a local DNS Server, and populating the DNS Server with the Active Directory or Open Directory names and IP Addresses set for forward and reverse lookup.
If the above is gibberish to you, you will need to contact your Active Directory Administrator for guidance. -
Hello.
We have two domain controllers - node1 (Windows 2008 R2) and node2 (Windows 2012 R2). When administrator connects to node2 and tries to rename some object in AD (for example, user) AD Domain Services crashes and reboot server after 60 seconds.
In Events I can see these messages:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 04.03.2014 12:37:58
Event ID: 1173
Task Category: Internal Processing
Level: Warning
Keywords: Classic
User: domain\admin
Computer: NODE2.domain.example
Description:
Internal event: Active Directory Domain Services has encountered the following exception and associated parameters.
Exception:
c0000005
Parameter:
0
Additional Data
Error value:
7ffc7c38e45d
Internal ID:
0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="32768">1173</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>9</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.116264800Z" />
<EventRecordID>881</EventRecordID>
<Correlation />
<Execution ProcessID="572" ThreadID="2580" />
<Channel>Directory Service</Channel>
<Computer>NODE2.domain.example</Computer>
<Security UserID="S-1-5-21-3794920928-4165619442-305938157-2047" />
</System>
<EventData>
<Data>c0000005</Data>
<Data>7ffc7c38e45d</Data>
<Data>0</Data>
<Data>0</Data>
</EventData>
</Event>
Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 04.03.2014 12:37:58
Event ID: 1015
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: NODE2.domain.example
Description:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005. The machine must now be restarted.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="49152">1015</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
<EventRecordID>189578</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>NODE2.domain.example</Computer>
<Security />
</System>
<EventData>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>c0000005</Data>
</EventData>
</Event>
Log Name: Application
Source: Application Error
Date: 04.03.2014 12:37:58
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: NODE2.domain.example
Description:
Faulting application name: lsass.exe, version: 6.3.9600.16384, time stamp: 0x5215e25f
Faulting module name: ntdsai.dll, version: 6.3.9600.16421, time stamp: 0x524fcaed
Exception code: 0xc0000005
Fault offset: 0x000000000019e45d
Faulting process id: 0x23c
Faulting application start time: 0x01cf3773fe973e1b
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\system32\ntdsai.dll
Report Id: 85cfbe32-a367-11e3-80cc-00155d006724
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-03-04T06:37:58.000000000Z" />
<EventRecordID>189576</EventRecordID>
<Channel>Application</Channel>
<Computer>NODE2.domain.example</Computer>
<Security />
</System>
<EventData>
<Data>lsass.exe</Data>
<Data>6.3.9600.16384</Data>
<Data>5215e25f</Data>
<Data>ntdsai.dll</Data>
<Data>6.3.9600.16421</Data>
<Data>524fcaed</Data>
<Data>c0000005</Data>
<Data>000000000019e45d</Data>
<Data>23c</Data>
<Data>01cf3773fe973e1b</Data>
<Data>C:\Windows\system32\lsass.exe</Data>
<Data>C:\Windows\system32\ntdsai.dll</Data>
<Data>85cfbe32-a367-11e3-80cc-00155d006724</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
In node2 we installed all available updates and hotfixes.Hi Azamat Hackimov,
Regarding to error messages, it seems that the
ntdsai.dll file caused the issue. Based on current situation, please use
sfc /scannow command to scan protected system files and check if find error and repair. Meanwhile, you can also navigate to the location of this DLL file and confirm details.
In addition, Windows Server 2012 R2 has reboot unexpectedly. Please check if you get some dump file and then analysis it. It may help us to find the root reason. Please refer
to the following KB.
How to read the small dump memory dump file that is created by Windows if a crash occurs.
http://support.microsoft.com/kb/315263/en-us
By the way, it is not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service
and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu -
Active Directory Domain Name Convention
Hi All
I'm creating a brand new domain for a new company I have just started at. We currently use Office 365 so sharepoint and Exchange are both in the cloud and our website is also outsourced.
I am now rolling out our first DC on Windows 2012 Server and I'm find conflicting reports on what naming convention I should use for AD with use with hosted exchange.
Most seem to point at using a subdomain of our main site, like corp.mydomain.com whereas I come from a background using Server 2003 where its always been mydomain.local
Can anyone advise me on this one and are there any additional thoughts around implementing with an existing Office 365 setup?It seems that mydomain.local is recommended less often (if not discouraged) because certificates from a third-party CA will no longer accept internal domain names, like mydomain.local, in the near future.
Some links on this subject:
http://social.technet.microsoft.com/Forums/exchange/en-US/a460ee18-e674-4c14-b4e8-33afd9ddb2a0/change-local-to-com-to-resolve-ssl-certificate-mismatch?forum=exchange2010
http://www.digicert.com/internal-names.htm
http://exchangeserverpro.com/ssl-requirements-for-exchange-when-certificate-authorities-wont-issue-certificate/
In any case Office 365 will not interact with internal names. If you use such a name currently, you'd have to configure a UPN suffix allowing users to connect with the external name. This link might
explain it better:
http://www.messageops.com/documentation/office-365-documentation/active-directory-federation-services-design-planning-for-office-365
In particular:
"It is common for organizations to use one domain name internally and a different domain name externally. A best practice was to have your internal Active Directory domain name have a .local or a .corp suffix. With Office 365, the UPN suffix must match
your external domain name which you have registered and verified within Office 365. In these types of situations it is necessary to add a UPN (User Principle Name) suffix to the Active Directory."
Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. -
Help with setting up active directory domain controller/DNS - need this for Clustering
Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
When I look at my server manager AD DS complain about DNS:
NASE-2012-234 4015 Error Microsoft-Windows-DNS-Server-Service DNS Server 1/14/2014 12:54:06 AM
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
When I click on DNS this is the error:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
Output of DCDiag -v is below.
PS C:\Users\Administrator> dcdiag -v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine NASE-2012-234, is a Directory Server.
Home Server = NASE-2012-234
* Connecting to directory service on server NASE-2012-234.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
e,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
SDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
N=Configuration,DC=lab,DC=nase,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\NASE-2012-234
Starting test: Connectivity
* Active Directory LDAP Services Check
The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
Check the DNS server, DHCP, server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... NASE-2012-234 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NASE-2012-234
Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : lab
Starting test: CheckSDRefDom
......................... lab passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... lab passed test CrossRefValidation
Running enterprise tests on : lab.nasecom
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
PDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
KDC Name: \\NASE-2012-234.lab.nasecom
Locator Flags: 0xe000f3fd
......................... lab.nase.com passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
provided.
......................... lab.nasecom passed test Intersite
PS C:\Users\Administrator>http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions. You might want to post your question there.
.:|:.:|:. tim -
Lion Server 10.7.4 VPN service not using my Active Directory domain for authentication
I have Lion Server 10.7.4 setup on a Mac Mini and I have enabled the VPN service for both L2TP and PPTP. The Mac Mini is joined to my Windows Domain at a functional level of Server 2008 R2. I have set the authentication paths to point to my domain in Directory Utility.
What I would like to have happen is for my laptop to be able to VPN into my office network remotely using domain credentials and not local account credentials on the Mac Mini itself. This is a process I have done numerous times on Windows boxes, but for some reason the only way I can get the VPN to work on this instance of Lion Server 10.7.4 is by authenticating using local accounts only.
Does Lion Server 10.7.4 only authenticate VPN users based on it's local account schema? Or can it truly authenticate against an active directory domain?
Any suggestions or help is greatly appreciated. Thanks,Hi g-pirtle,
Yes, I had already done that a few days ago. I was able to add the desired AD group to the allowed users/groups for the VPN service. Thats exactly what is so weird about this...it allows me to search for and add an AD user or group to the list of allowed users/groups, but then when I actually try to use a domain account to authenticate to the VPN is just gives me the "cannot authenticate" error. Very strange.
I wondered if for some reason Apple is only allowing local accounts to be authenticated against. Sounds crazy, but I cannot for the life of me get this to work. I also wondered if Kerberizing the server would help, but when I go to join a Kerberos realm in Open Directory inside of Server Admin, it just has no realm listed in the drop down menu.
Other than that, all other aspects of the Mac Mini being joined to the AD domain seems to be good. I'm really stumped here...
Thanks again, -
How to create two domains name in one active directory domain service .server 2012 ??
Hi there
I want to try sharepoint foundation and office web apps server .
I installed server 2012 sharepoint found 2013 sql server 2012 and create a new forest on active directory domain sevice
now I want to install office web apps server 2013 but when I run the setup said me can't install office web apps server on the domain name that installed sharepoint .
how can I create second domain name on this active directory domain service to install office web apps server ?
help me please I'm new and just want to try sharepoint and office web apps server .
mostly I need to create MS access custom web app and I need the web place to run my access custom web app on this server and because I live in iran can't create and sign up for office 365 and sharepoint online so i'm forced to run them on my system .help
me to complete ths server ?
Greate Regards :
Raha
whit the best regard : RahaHi,
For how to Use Office Web Apps with SharePoint 2013, the below links should be what you want to refer to:
Configure Office Web Apps for SharePoint 2013
http://technet.microsoft.com/en-us/library/ff431687.aspx
Video: Configure Office Web Apps for SharePoint 2013
http://technet.microsoft.com/en-us/library/dn455088.aspx
How Office Web Apps work on-premises with SharePoint 2013
http://technet.microsoft.com/en-us/library/ff431685.aspx
In addition, for further assistance for Sharepoint, I suggest you post in the SharePoint forum.
Regards,
Yan Li
Regards, Yan Li -
I have 2 domain controllers running 2003 server, server1 and server2. I ran dcpromo on server1 and removed AD and removed him from the domain and disconnected from network. I then added a 2012 server
with the same name and IP address server1 with no problem. Replication from sites and services work fine on both controllers.
The new 2012 server1 is GC. I transferred all FSMO roles to server1. Again no problem and replicating using sites and services. AD on server1 is populated correctly.
Now what I had intended on doing was a dcpromo to remove server2 from the domain so I can then add another 2012 server. That is when I get the: "The box indicating that this domain controller is the last controller for the domain
is unchecked. However, no other Active Directory domain controllers for that domain can be contacted.
I have DNS installed on both servers and both look good with replicating there. Strange thing is when on the 2012 server within DNS if I right click and connect to another DNS server I can add server2 just fine but from server2 adding server1 it tells me it
is not available.
Help please!Hi,
As there is server 2012 DC (SERVER1) DC is operational in a domain then "This domain controller is the last controller for the domain" should be remain unchecked when you demote SERVER2 DC.
If you are getting error "Active Directory domain controllers for that domain can be contacted" while demoting SERVER2 DC then check the DNS pointing on both as per below article, disable windows firewall on all DC, less possiblities but worth to check if both
are different site then check the ports are open on firewall.
http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/
http://technet.microsoft.com/en-us/library/cc766337(v=ws.10).aspx
http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
run “ipconfig /flushdns & ipconfig /registerdns“, restart DNS server and NETLOGON service on each DC and try to demote server2 DC.
If issue reoccurs, post dcdiag /q result.
NOTE: If initial replication was completed between both DC (new 2012 and old DC) then you may remove the server2 DC from Active Directory forcefully (DCPROMO /FORCEREMOVAL) and perform metadata cleanup.
Active Directory Metadata Cleanup
http://abhijitw.wordpress.com/2012/03/03/active-directory-metadata-cleanup/
Best regards,
Abhijit Waikar.
MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
Blog: http://abhijitw.wordpress.com
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
Maybe you are looking for
-
I have had Windows 7 64 bit for the past year and have run Firefox with no problem. It was the most problem free of the three browsers including IE and Chrome. I have a Vista side where I run my online backup and did so yesterday. Went on Firefox. No
-
hi when i open the edit crash and give me [unable to continue because of av hardware or syatim error.sorry ,but this error is unrecoverable] i use xp 32
-
OLE2 from Forms 10g to Microsoft Word 2007 Mail Merge
We have an Oracle Form that allows the user to print off information on the Form to a Microsoft Word document via OLE2 and mail merging; Forms version is 10.1.2.0.2 as it the version of OAS (from Linux Redhat AS4). This currently works fine if the us
-
Can't see iCloud preferences from Mavericks
Hi. I can't see the iCloud preferences since I installed Mavericks in my MacBook Pro (2,66 GHz, Core 2 Duo, 4 GB DDR3, 13-inch Mid 2010). It's completely blank (see screenshot). Is there any solution, please? Many thanks.
-
Is there any way to get an event before the print dialog opens in Photoshop? thx AC