Query re permissions / unknown user or object?

Similar Messages

• Disk Utility & Repair Disk Permissions & Unknown User on External Seagate

  I have a new iMac running Leopard and don't do stupid things to my mac. I have a couple external Seagate Freeagent drives but 1 of them is giving me a little trouble. So I figure, I'll try to repair disk permissions on it but the problem is when I go into Disk Utility, the Repair Disk Permissions option is NOT available. It's there, I just can't select it; it's grayed out. Why? I'm an admin! The other externals have this option available but not this one, so I'm not really sure what to do. I've about 300gb of family movies on it that I'd rather not wipe out just to be able to do a disk permission repair.
  Whenever I do a command+i on the drive I do see an UNKNOWN user but this article, http://www.pcworld.com/article/145425-1/quickand_easy_folder_sharing_in105.html, leads me to believe that Apple hasn't done jack squat to allow us to fix the problem.
  Thoughts? Suggestions? Thanks in advance!

  mrpeepers wrote:
  I don't think that statement is true.
  I have 3 externals and can repair disk permission on all but 2. All my externals are for storage purposes and non have OSX installed, so that fact that I can repair disk permissions on them sort of contradicts what you say, however, the effectiveness of running a repair disk permission on a drive that doesn't have OSX may be nothing.
  I don't know how you manage to repair permissions on externals without system files on them but what I said is quite true. Repair permissions ONLY checks permissions of system files against the database of correct permissions. It wouldn't know what to do with any other files and never touches them. It should also not be possible on non OS X drives. I've never seen it enabled on any of my external or secondary drives. I really wonder why and how it was enabled on your external drives.
  I did have Tiger installed for 3 months before I got Leopard, but my externals have known nothing but Leopard.
  That doesn't matter. the ownership of files on your external were set in Tiger and it remains in leopard. that's what causes the "unknown" user to show up.
  The problem I'm having with one of the drives is that starting yesterday it's having difficulties mounting. Sometimes I restart the computer and the drive doesn't show. So in order to get it to show, I have to power down the external (which is and appears to be running) and then power it back up, and if that doesn't work, usually reseating the USB works.
  Then again... My problems started happening after I installed CandyBar and applied some folder changes. I have since dumped it.
  whatever problems you have with that external they have absolutely nothing to do with Candy bar. all candy bar does is change a few icon files on your main hard drive. that can have no effect on mountability of anything.
  This sounds to me like a hardware problem with your external. the drive could be failing. the USB bus could be failing either on the drive or on the computer. One thing you could do is check to see if there are any firmware upgrades for that drive. Look at the manufacturer's website. also try testing the drive with another computer if you can.
  On another note... Anyone use CandyBar and NOT have any problems or really like it? Maybe it was just a coincidence.
  yes, I use it and REALLY like it. no problems whatsoever.

• How do I remove (unknown) user in permissions & sharing, please?

  I re-installed OS X with archive install.  I am reinstalling preferences, etc... using Time Machine and my archived Previous System folder.  However, many folders are marked and I have an (unknown) user with Read&Write Priveleges in Sharing & Permissions for files within 'Previous System' folders.  I am unable to remove (unknown) with - and I have no option for setting 'No Access' to this user.
  How do I remove (unknown) user with Read&Write Priveleges in Permissions?
  Using Terminal,  I have ascertained that my uid=501
  Macintosh:~ symone$ ls -ladeO /Previous\ Systems.localized/Previous\ System\ 1/Users/symone/Library/Audio
  drwx------+ 5 502  staff  - 170  8 Sep  2011 /Previous Systems.localized/Previous System 1/Users/symone/Library/Audio
  0: group:everyone deny delete
  Macintosh:~ symone$ id
  uid=501(symone) gid=501(symone) groups=501(symone),98(_lpadmin),81(_appserveradm),79(_appserverusr),80(admin)

  Hmmm, doesn't sound good for your drive.
  Check the S.M.A.R.T. status of the drive in Disk Utilty by highlighting the Drive & looking at the bottom of the window.
  Could be many things, we should start with this...
  "Try Disk Utility
  1. Insert the Mac OS X Install disc, then restart the computer while holding the C key.
  2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu at top of the screen. (In Mac OS X 10.4 or later, you must select your language first.)
  *Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
  3. Click the First Aid tab.
  4. Select your Mac OS X volume.
  5. Click Repair Disk, (not Repair Permissions). Disk Utility checks and repairs the disk."
  http://docs.info.apple.com/article.html?artnum=106214
  Then try a Safe Boot, (holding Shift key down at bootup), run Disk Utility in Applications>Utilities, then highlight your drive, click on Repair Permissions, reboot when it completes.
  (Safe boot may stay on the gray radian for a long time, let it go, it's trying to repair the Hard Drive.)
  If perchance you can't find your install Disc, at least try it from the Safe Boot part onward.

• How to assign a query retrived value to a user defined  object in a table

  how to assign a query retrived value to a user defined  object in a table

  Rajeshwar,
  If you use the "Search" feature in this forum, you should be able to find helpful links to similar questions.  You could also look at the RecordSet and DoQuery documentation in the SAP Business One SDK Help Center documentation to assist you with your question.
  HTH,
  Eddy

• "unknown user type" exception when the object don't exist for i/p key.

  Hi
  I'm using Coherence REST service(comes with the Coherence bundle) to validate my cache data.
  When I hit the cache for a valid key, I get data returned back. But for the object that don't exist in the cache I get "Internal Server" error.
  I'm fine with "Internal Server" response show in the browser, but I don't want it to be printed as part of my coherence logs.
  For example, when I hit the REST url for key that don't exist in the cache, I get below exception in coherence logs.
  How can I get rid off it (or) suppress the exception logs.
  Thanks for your time.
  (Wrapped) java.io.IOException: unknown user type: com.tangosol.coherence.rest.internal.Get
       at com.tangosol.util.Base.ensureRuntimeException(Base.java:288)
       at com.tangosol.util.Base.ensureRuntimeException(Base.java:269)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.packetProcessor.PacketPublisher.packetizeMessage(PacketPublisher.CDB:23)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.packetProcessor.PacketPublisher$InQueue.add(PacketPublisher.CDB:11)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.dispatchMessage(Grid.CDB:62)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.post(Grid.CDB:31)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.send(Grid.CDB:1)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.poll(Grid.CDB:13)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.poll(Grid.CDB:11)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$BinaryMap.invoke(PartitionedCache.CDB:30)
       at com.tangosol.util.ConverterCollections$ConverterInvocableMap.invoke(ConverterCollections.java:2282)
       at com.tangosol.util.ConverterCollections$ConverterNamedCache.invoke(ConverterCollections.java:2748)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$ViewMap.invoke(PartitionedCache.CDB:11)
       at com.tangosol.coherence.component.util.SafeNamedCache.invoke(SafeNamedCache.CDB:1)
       at com.tangosol.coherence.rest.EntryResource.getValue(EntryResource.java:241)
       at com.tangosol.coherence.rest.EntryResource.get(EntryResource.java:85)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
       at java.lang.reflect.Method.invoke(Method.java:616)
       at com.sun.jersey.spi.container.JavaMethodInvokerFactory$1.invoke(JavaMethodInvokerFactory.java:60)
       at com.sun.jersey.server.impl.model.method.dispatch.AbstractResourceMethodDispatchProvider$ResponseOutInvoker._dispatch(AbstractResourceMethodDispatchProvider.java:205)
       at com.sun.jersey.server.impl.model.method.dispatch.ResourceJavaMethodDispatcher.dispatch(ResourceJavaMethodDispatcher.java:75)
       at com.sun.jersey.server.impl.uri.rules.HttpMethodRule.accept(HttpMethodRule.java:288)
       at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:134)
       at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
       at com.sun.jersey.server.impl.uri.rules.SubLocatorRule.accept(SubLocatorRule.java:134)
       at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
       at com.sun.jersey.server.impl.uri.rules.ResourceClassRule.accept(ResourceClassRule.java:108)
       at com.sun.jersey.server.impl.uri.rules.RightHandPathRule.accept(RightHandPathRule.java:147)
       at com.sun.jersey.server.impl.uri.rules.RootResourceClassesRule.accept(RootResourceClassesRule.java:84)
       at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1469)
       at com.sun.jersey.server.impl.application.WebApplicationImpl._handleRequest(WebApplicationImpl.java:1400)
       at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1349)
       at com.sun.jersey.server.impl.application.WebApplicationImpl.handleRequest(WebApplicationImpl.java:1339)
       at com.sun.jersey.server.impl.container.httpserver.HttpHandlerContainer.handle(HttpHandlerContainer.java:191)
       at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:83)
       at sun.net.httpserver.AuthFilter.doFilter(AuthFilter.java:83)
       at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:86)
       at sun.net.httpserver.ServerImpl$Exchange$LinkHandler.handle(ServerImpl.java:589)
       at com.sun.net.httpserver.Filter$Chain.doFilter(Filter.java:83)
       at sun.net.httpserver.ServerImpl$Exchange.run(ServerImpl.java:561)
       at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
       at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
       at java.lang.Thread.run(Thread.java:679)
  Caused by: java.io.IOException: unknown user type: com.tangosol.coherence.rest.internal.Get
       at com.tangosol.io.pof.ConfigurablePofContext.serialize(ConfigurablePofContext.java:351)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.writeObject(Service.CDB:1)
       at com.tangosol.coherence.component.net.Message.writeObject(Message.CDB:1)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.partitionedService.PartitionedCache$InvokeRequest.write(PartitionedCache.CDB:7)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.serializeMessage(Grid.CDB:14)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.packetProcessor.PacketPublisher.packetizeMessage(PacketPublisher.CDB:17)
       ... 42 more
  Caused by: java.lang.IllegalArgumentException: unknown user type: com.tangosol.coherence.rest.internal.Get
       at com.tangosol.io.pof.ConfigurablePofContext.getUserTypeIdentifier(ConfigurablePofContext.java:430)
       at com.tangosol.io.pof.ConfigurablePofContext.getUserTypeIdentifier(ConfigurablePofContext.java:419)
       at com.tangosol.io.pof.PofBufferWriter.writeUserType(PofBufferWriter.java:1671)
       at com.tangosol.io.pof.PofBufferWriter.writeObject(PofBufferWriter.java:1623)
       at com.tangosol.io.pof.ConfigurablePofContext.serialize(ConfigurablePofContext.java:345)
       ... 47 more

  Hi,
  I included coherence-rest-pof-config.xml as part of my pof-config as shown below.
  <pof-config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xmlns="http://xmlns.oracle.com/coherence/coherence-pof-config"
  xsi:schemaLocation="http://xmlns.oracle.com/coherence/coherence-pof-config coherence-pof-config.xsd">
  <user-type-list>
  <include>coherence-pof-config.xml</include>
  <include>coherence-rest-pof-config.xml</include>
  <user-type>
  <type-id>1001</type-id>
  I also checked my coherence-rest.jar files for the configuration and the clasess, and all of them exist.
  I started my coherence by passing the classpath as below:
  $JAVAEXEC -server -Xms6g -Xmx6g -XX:+UseParNewGC -XX:MaxGCPauseMillis=50 -XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode -XX:CMSInitiatingOccupancyFraction=25 -XX:MinHeapFreeRatio=40 -XX:MaxHeapFreeRatio=70 -Duser.timezone=GMT -Djava.rmi.server.hostname=xx.xx.xx.xx -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=13366 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dtangosol.coherence.log.level=3 -Dtangosol.coherence.log=log4j -showversion $JAVA_OPTS -cp $COHERENCE_HOME/config/:$COHERENCE_HOME/lib/coherence.jar:$COHERENCE_HOME/lib/guidecacheclient.jar:$COHERENCE_HOME/lib/jersey-server-1.8.jar:$COHERENCE_HOME/lib/jersey-core-1.8.jar:$COHERENCE_HOME/lib/jersey-json-1.8.jar:$COHERENCE_HOME/lib/jackson-all-1.8.1.jar:$COHERENCE_HOME/lib/coherence-rest.jar:$COHERENCE_HOME/lib/log4j-1.2.16.jar -Dtangosol.coherence.management=all -Dtangosol.coherence.management.remote=true -Dtangosol.coherence.localhost=xx.xx.xx.xx -Dtangosol.coherence.mode=eval com.tangosol.net.DefaultCacheServer $1
  While starting, I'm getting configuration missing exception as shown below. What am I still missing.
  Exception in thread "main" (Wrapped) (Wrapped: error creating class "com.tangosol.io.pof.ConfigurablePofContext") java.lang.IllegalStateException: Missing PofSerializer configuration (Config=pgs-pof-config.xml, Type-Id=801, Class-Name=com.tangosol.coherence.rest.internal.Get)
       at com.tangosol.coherence.component.util.Daemon.start(Daemon.CDB:52)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.start(Service.CDB:7)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.start(Grid.CDB:6)
       at com.tangosol.coherence.component.util.SafeService.startService(SafeService.CDB:39)
       at com.tangosol.coherence.component.util.safeService.SafeCacheService.startService(SafeCacheService.CDB:5)
       at com.tangosol.coherence.component.util.SafeService.ensureRunningService(SafeService.CDB:27)
       at com.tangosol.coherence.component.util.SafeService.start(SafeService.CDB:14)
       at com.tangosol.net.DefaultConfigurableCacheFactory.ensureServiceInternal(DefaultConfigurableCacheFactory.java:1105)
       at com.tangosol.net.DefaultConfigurableCacheFactory.ensureService(DefaultConfigurableCacheFactory.java:937)
       at com.tangosol.net.DefaultCacheServer.startServices(DefaultCacheServer.java:81)
       at com.tangosol.net.DefaultCacheServer.intialStartServices(DefaultCacheServer.java:250)
       at com.tangosol.net.DefaultCacheServer.startAndMonitor(DefaultCacheServer.java:55)
       at com.tangosol.net.DefaultCacheServer.main(DefaultCacheServer.java:197)
  Caused by: (Wrapped: error creating class "com.tangosol.io.pof.ConfigurablePofContext") java.lang.IllegalStateException: Missing PofSerializer configuration (Config=pgs-pof-config.xml, Type-Id=801, Class-Name=com.tangosol.coherence.rest.internal.Get)
       at com.tangosol.io.ConfigurableSerializerFactory.createSerializer(ConfigurableSerializerFactory.java:46)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.instantiateSerializer(Service.CDB:1)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.ensureSerializer(Service.CDB:32)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.Service.ensureSerializer(Service.CDB:4)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.Grid.onEnter(Grid.CDB:25)
       at com.tangosol.coherence.component.util.daemon.queueProcessor.service.grid.PartitionedService.onEnter(PartitionedService.CDB:19)
       at com.tangosol.coherence.component.util.Daemon.run(Daemon.CDB:14)
       at java.lang.Thread.run(Thread.java:679)
  Caused by: java.lang.IllegalStateException: Missing PofSerializer configuration (Config=pgs-pof-config.xml, Type-Id=801, Class-Name=com.tangosol.coherence.rest.internal.Get)
       at com.tangosol.io.pof.ConfigurablePofContext.report(ConfigurablePofContext.java:1283)
       at com.tangosol.io.pof.ConfigurablePofContext.createPofConfig(ConfigurablePofContext.java:1013)
       at com.tangosol.io.pof.ConfigurablePofContext.initialize(ConfigurablePofContext.java:797)
       at com.tangosol.io.pof.ConfigurablePofContext.setContextClassLoader(ConfigurablePofContext.java:322)
       at com.tangosol.io.ConfigurableSerializerFactory.createSerializer(ConfigurableSerializerFactory.java:42)
       ... 7 more
  Thanks for your help.

• Windows Update files: Security permissions has "unknown user"

  Ok, this is weird. I have 30 files added in a November Windows update with a compile date or add-to date of 11/21/14. If I look at one of the files. MsSpellCheckingFacility.exe.  I can see it is a legit file.
  https://www.virustotal.com/en/file/e9dcf987838e9a70fca4e1b1dda217bd1e309cd4f6bac47402120f76aac6edc7/analysis/
  However, the security permissions on the file are strange.  The user TrustedInstaller is the owner.  Now that seems to be typical when the file is a Microsoft updated file.  However, the file also has a user added that is unknown.
  user ? S-1-14-21
  Umm, why is this?  Its 30 files like this all REAL Microsoft files....all apparently part of the update.  All scanned against virustotal as being revised about that date/time.  Did Microsoft release an Update Build with files as a part
  of that build that had Microsoft users still attached to them?

  Hi!
  This machine is joined to a domain? This SID with parameter "-21-" indicates a domain. If so, it is needed to verify on local polices if any user had permission on domain workstations enforced by network Administration.
  But when researching by SID "S-1-14-21" we have no
  reference, as parameter "-14-" is not commonly used.
  From articles bellow, we can find how SID works and the well known SIDs:
  http://msdn.microsoft.com/en-us/library/dd302645.aspx
  http://technet.microsoft.com/en-us/library/dn743661.aspx
  As this is not a known SID, I suggest you to try to use the script on link bellow to determine who is the user account:
  http://blogs.technet.com/b/heyscriptingguy/archive/2004/12/03/how-can-i-determine-the-sid-for-a-user-account.aspx
  The problem can be a user account that had already deleted (this is why SID is not resolved to a name) or a problem on WMI component that is not able to resolve SID.
  If not successfull with article above, please post a screenshot on file permission in order to help you further.
  Cheers!
  Alan Martins

• Unknown user in permissions

  Why do the permissions for my Public Folder include an 'unknown' user?  I cannot delete or change the permissions for this user.

  I've reviewed some of the other threads.  Seems like this problem doesn't 'have' to be fixed.  I had never noticed it before, because I was never using the "public" folder and the 'drop box' feature.  I got concerned mainly because when I did open this folder for the first time, I discovered a file (jpg) that was not mine and rather creepy. I thought perhaps the 'unknown' user was part of the problem (hacker), but since the folder had open access for the 'everyone' group as well that's probably how the file was put on my computer.

• Unknown User Permissions - Erase and Install Backup Plan

  Hi everyone,
  I upgraded from Tiger and therefore have the unknown user permissions problems. I'd like to erase and install my system and am writing to verify the following:
  If I copy my data (with the funny permissions) to a Powerbook in Firewire Disk Mode, reinstall Leopard on my new iMac, then copy the data back from the Powerbook in disk target mode, will the permissions be fixed?
  Thank you, Tom Bertram.

  Thomas,
  If you are talking about the "unknown" group problem seen in the permissions portion of Get Info, be aware that Apple is in the process of putting out a Knowledge Base article to address this and it may be wise to be patient a little longer.
  The user accounts inherited from Tiger belong to a "group" that has a missing piece of information -- a group name that Leopard wants. The installer should have dealt with this but it didn't. Anyway, a couple of simple Terminal commands can fix this for each such account. Once the Group description is proper, there will no longer be any need to change the group membership of your files.
  Unfortunately the first couple tries Apple made of describing how to do this appear to be in error. See the following thread:
  http://discussions.apple.com/thread.jspa?threadID=1280472&tstart=0
  The correct commands should be posted by Apple shortly and then you can resolve this without having to do a whole re-install.
  --Bob

• Unknown user appears in get info permissions list

  unknown user appears in get info permissions list of a lot of folders. I cant remove the user, change the permission level of that user. Is there a way of getting over this problem?
  Here is a screenshot of the unknown user...
  http://i228.photobucket.com/albums/ee151/cosmac2007/Picture5.png

  pzeitler, i tried your fix. it worked but only partly. i had to go to an admin account and do the sudo because my non-admin account that was affected does not allow me to sudo from it. so i do it from admin account and it seems i add my non-admin user to all admin files\folders with full permissions and no admin account user. so i open the home folder in get info, add admin user and set permission, apply recursively to all inside it. How ever, i couldnt remove the non-admin user from admin user folder permissions.
  now i go to non-admin user account and find that unknown grp is gone for all except three folders (public/sites/downloads). i also checked a third, non-admin user and it seems unaffected by all the operations that i have performed. but it has the unknown grp in it.
  I guess i have to wait for apple to fix it rather than mess up the system myself.

• Search account got - Insufficient sql database permissions for user. EXECUTE permission was denied on the object proc_Gettimerrunningjobs

  Dear all,
  I am troubleshooting a critical error showed up on Event log.  It said:
  Insufficient sql database permissions for user 'Name:domain\wss_search ....... EXECUTE permission was denied on the object 'proc_GetTimerRunningJobs', database 'SharePoint_Config', schema 'dbo'
  domain\wss_search is the default content access account. According to
  http://technet.microsoft.com/en-us/library/cc678863.aspx I should not grant it the Farm Administrators permission.
  In the Search Center I am able to search out documents as expected so I think the search service is fine.   However I have no clue why this account is trying to access 'proc_GetTimerRunningJobs'.
  Mark

  Hi Mark,
  This issue was caused by the search account’s permission. For resolving your issue, please do as the followings:
  Expand your SharePoint Configuration database 'SharePoint_Config' and navigate to ‘proc_GetTimerRunningJobs’ under Programmability ->Stored Procedures
  Right-click proc_GetTimerRunningJobs and choose Properties
  Click on Permission on the left launch
  Select the Search button and browse for ‘WSS_Content_Application_Pools’
  Provide ‘Execute’ permissions for ‘WSS_Content_Application_Pools’
  Click OK
  Here are some similar posts for you to take a look at:
  http://adammcewen.wordpress.com/2013/03/01/execute-permission-denied-on-sharepoint-config-db/
  http://technet.microsoft.com/en-us/library/ee513067(v=office.14).aspx
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support

• Error: sql.SQLError: [-4008] (at 1) Unknown user name/password combination

  Hello Experts,
  After a Test refresh for SCM system, we restored Livecache. The database has been changed and starts using database manager, during registration (Register LCApps) it gives the following error:
  Logical Command: DBMRFC
  Parameter: exec_lcinit register
  Name and Server     : LCQ - dusepierp12
  DBMRFC Function     : DBM_EXECUTE
  Command             : exec_lcinit register
  Error               : DBM Error
  Return Code         :     -24964
  Error Message       : ERR_EXECUTE: error in program execution#
  0,sap\lcinit LCQ  register -uDBM , -uDBA , -uSQL ,
  liveCache LCQ (register)
  The liveCache state is ONLINE
  DBMServer 7.6.04   Build 009-123-182-193
  Creating liveCache application procedures
  ERROR : liveCache LCQ not registered (see "s:\sapdb\data\wrk\LCQ\lcinit.log").
  START *****************************
  liveCache LCQ (register)
  Thu 07/30/2009
  10:26 PM
  installation path = S:\sapdb\LCQ\db
  OK
  DBMServer 7.6.04   Build 009-123-182-193
  Creating liveCache application procedures
  ERR
  -24964,ERR_EXECUTE: error in program execution
  1,""S:\sapdb\LCQ\db\bin\x_python" "S:\sapdb\LCQ\db\env\lapps.py" -R "S:\sapdb\LCQ\db" -d LCQ -u DBADMIN,*"
  Traceback----
  Error----
  sql.SQLError: [-4008] (at 1) Unknown user name/password combination
  Traceback (most recent call last):
    File "S:\sapdb\LCQ\db\env\lapps.py", line 38, in ?
      connectAndInstall (install, install.__doc__)
    File "S:\sapdb\LCQ\db\env\installib.py", line 398, in connectAndInstall
      session = connect (options)
    File "S:\sapdb\LCQ\db\env\installib.py", line 350, in connect
      alterUserNotExclusive(options)
    File "S:\sapdb\LCQ\db\env\installib.py", line 338, in alterUserNotExclusive
      session.release()
  AttributeError: 'NoneType' object has no attribute 'release'
  ERROR : liveCache LCQ not registered
  Thu 07/30/2009
  10:26 PM
  END ******************************
  Many Thanks,
  TIA,
  Nisch

  Nischal Mahakal wrote:>
  > Hello Experts,
  >
  > After a Test refresh for SCM system, we restored Livecache. The database has been changed and starts using database manager, during registration (Register LCApps) it gives the following error:
  > -24964,ERR_EXECUTE: error in program execution
  > 1,""S:\sapdb\LCQ\db\bin\x_python" "S:\sapdb\LCQ\db\env\lapps.py" -R "S:\sapdb\LCQ\db" -d LCQ -u DBADMIN,*"
  > -
  Traceback----
  Hi there,
  looks like you entered "DBADMIN" when you created the liveCache instance in DBMGUI as the DBM Operator.
  For SAP installations, this user is always named "CONTROL".
  So, drop the instance again, recreate it with "CONTROL" and re-do the recovery of the liveCache backup.
  regards,
  Lars

• Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17...

  Hi,
  I have a customized SharePoint page that takes user input data, validate some of the data, then writes the data to a SharePoint list. If an exception occurs, it will write the error to the ULS.
  All was working well in the test environments.
  However, recently we noticed that in the QA environment, when it's trying to write to ULS, it causes another issue:
  Insufficient SQL database permissions for user 'Name: NT AUTHORITY\IUSR SID: S-1-5-17 ImpersonationLevel: Impersonation' in database 'SP_F1_Config' on SQL Server instance 'SQL01'. Additional error information from SQL Server is included below. The EXECUTE
  permission was denied on the object 'proc_putObjectTVP', database 'SP_F1_Config', schema 'dbo'.
  I've traced through the code and found that it fails on the line:
      SPDiagnosticsServiceBase.GetLocal<LoggerError>();
  where LoggerError is the logger class inheritng SPDiagnosticsServiceBase
  I have also googled around today, but the most positive solution provided
  on this page was to manually modify SQL object permission, which I believe we should not do, and would not be supported by Microsoft.
  So the questions are:
  Why is AUTHORITY\IUSER used for SPDiagnosticsServiceBase.GetLocal()? Should that account actually be allowed to access SharePoint databases? (This is an intranet environment and using claim based/Windows authentication, no no anonymous access would be allowed
  anyway).
  I've checked the Application Pool account permissions in SQL, comparing the environment that works and the one that doesn't work, and the permissions/roles/schemas look identical on server and database level. Where else can I check?
  On the environment that works, I logged on as SharePoint administrator, created a new SharePoint Visual Web Part solution in Visual Studio, just to test writing to ULS. Then I press F5 in Visual Studio to debug it. It also has the same problem.
  It just seems like somehow the user's identity (or whatever the identity SharePoint required) was not passed to SPDiagnosticsServiceBase.
  Any suggestions, or even better, solutions would be really really much appreciated!

  Hi，
  Thanks for your sharing, it will be userful to the people who stuck with the same issue.
  Best regards
  Patrick Liang
  TechNet Community Support

• 'Unknown user' problem in Guest account

  Hello.
  Remember the unknown user problem in the Finder that plagued everyone that upgraded from Tiger? Thanks to someone on these boards' AppleScript, I managed to fix that for my account eventually and get it changed to staff for every file and folder.
  However, I just checked out my Guest account in Leopard, and when I do a Get Info on the home folder, the public folder and the sites folder, the unknown user still appears.
  What do I need to do to fix this?
  Would reinstalling Leopard sort it out by the way? I don't want to do it because it would create countless hassles, but is there a way of reinstalling Leopard that lets me keep my own home folder and applications while killing all the permissions problems?

  Does it properly refuse authentication ? Or does the login page stop appearing or something ?
  There was a bug with the webauth dying under heavy load, regardless of number of identical accounts used.
  One good way for you to check would be, when problem occurs, to create a second backup guest user and see if that would start working. If it doesn't, the account is not the problem.
  I'm not aware of any maximum of usage of the same account.
  Which 4.2 exactly are you running ?

• Unknown user name or bad password issue while creating AD accounts

  Hi All,
  While creating accounts on AD through IdM, I am getting below error. Sometimes I don't see this error while sometimes I do. What could be the actual reason ?
  com.waveset.util.WavesetException: Error opening object 'LDAP://cn=ut9778ug,ou=Employee USA,ou=Users,ou=CorpHQ,dc=corpz,dc=utcz,dc=com': ADsOpenObject(): 0X8007052E: , , Logon failure: unknown user name or bad password.
  Please help me out.
  Thanks,

  Hi,
  I just faced the same problem while provisionning account on AD through Sun Identity Manager Gateway. (I'm in Oracle Waveset 8 patch 6)
  When I test configuration on the configuration page of my AD resource, everything was ok, but when i tried to create / update account on AD, i had the same error. (when i forced a bad password for example, the test configuration was in error, so i know that was ok)
  I resolved the problem using IP address in "LDAP Server Name" instead of url or host name. I don't understand because 'ping' on url and test configuration on resource were ok.
  I hope it will be usefull for you
  Nicolas

• [Forum FAQ] Using PowerShell to assign permissions on Active Directory objects

  As we all know, the
  ActiveDirectoryAccessRule class is used to represent an access control entry (ACE) in the discretionary access control list (DACL) of an Active Directory Domain Services object.
  To set the permissions on Active Directory objects, the relevant classes and their enumerations are listed as below:
  System.DirectoryServices.ActiveDirectoryAccessRule class:
  http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectoryaccessrule(v=vs.110).aspx
  System.DirectoryServices.ActiveDirectoryRights
  class:
  http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectoryrights(v=vs.110).aspx
  System.Security.AccessControl.AccessControlType class:
  http://msdn.microsoft.com/en-us/library/w4ds5h86(v=vs.110).aspx
  System.DirectoryServices.ActiveDirectorySecurityInheritance class:
  http://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectorysecurityinheritance(v=vs.110).aspx
  In this article, we introduce three ways to get and set the ACE on an Active Directory object. In general,
  we use Active Directory Service Interfaces (ADSI) or
  Active Directory module cmdlets
  with the Get-Acl and Set-Acl cmdlets to assign simple permissions on Active Directory objects. In addition, we can use the extended rights and GUID settings to execute
  more complex permission settings.
  Method 1: Using ADSI
    1. Get current permissions of an organization unit (OU)
  We can use the PowerShell script below to get current permissions of an organization unit and you just need to define the name of the OU.
  $Name = "OU=xxx,DC=com"
  $ADObject = [ADSI]"LDAP://$Name"
  $aclObject = $ADObject.psbase.ObjectSecurity
  $aclList = $aclObject.GetAccessRules($true,$true,[System.Security.Principal.SecurityIdentifier])
  $output=@()
  foreach($acl in $aclList)
  $objSID = New-Object System.Security.Principal.SecurityIdentifier($acl.IdentityReference)
       $info = @{
  'ActiveDirectoryRights' = $acl.ActiveDirectoryRights;
  'InheritanceType' = $acl.InheritanceType;
  'ObjectType' = $acl.ObjectType;
  'InheritedObjectType' = $acl.InheritedObjectType;
  'ObjectFlags' = $acl.ObjectFlags;
  'AccessControlType' = $acl.AccessControlType;
  'IdentityReference' = $acl.IdentityReference;
  'NTAccount' = $objSID.Translate( [System.Security.Principal.NTAccount] );
  'IsInherited' = $acl.IsInherited;
  'InheritanceFlags' = $acl.InheritanceFlags;
  'PropagationFlags' = $acl.PropagationFlags;
  $obj = New-Object -TypeName PSObject -Property $info
  $output+=$obj}
  $output
  In the figure below, you can see the results of running the script above:
  Figure 1．
  2. Assign a computer object with Full Control permission on an OU
  We can use the script below to delegate Full Control permission to the computer objects within an OU:
  $SysManObj = [ADSI]("LDAP://OU=test….,DC=com") #get the OU object
  $computer = get-adcomputer "COMPUTERNAME" #get the computer object which will be assigned with Full Control permission within an OU
  $sid = [System.Security.Principal.SecurityIdentifier] $computer.SID
  $identity = [System.Security.Principal.IdentityReference] $SID
  $adRights = [System.DirectoryServices.ActiveDirectoryRights] "GenericAll"
  $type = [System.Security.AccessControl.AccessControlType] "Allow"
  $inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
  $ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$inheritanceType #set permission
  $SysManObj.psbase.ObjectSecurity.AddAccessRule($ACE)
  $SysManObj.psbase.commitchanges()
  After running the script above, you can check the computer object in Active Directory Users and Computers (ADUC) and it is under the Security tab in OU Properties.
  Method 2: Using Active Directory module with the Get-Acl and Set-Acl cmdlets
  You can use the script below to get and assign Full Control permission to a computer object on an OU:
  $acl = get-acl "ad:OU=xxx,DC=com"
  $acl.access #to get access right of the OU
  $computer = get-adcomputer "COMPUTERNAME"
  $sid = [System.Security.Principal.SecurityIdentifier] $computer.SID
  # Create a new access control entry to allow access to the OU
  $identity = [System.Security.Principal.IdentityReference] $SID
  $adRights = [System.DirectoryServices.ActiveDirectoryRights] "GenericAll"
  $type = [System.Security.AccessControl.AccessControlType] "Allow"
  $inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
  $ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$inheritanceType
  # Add the ACE to the ACL, then set the ACL to save the changes
  $acl.AddAccessRule($ace)
  Set-acl -aclobject $acl "ad:OU=xxx,DC=com"
  Method 3: Using GUID setting
  The scripts above can only help us to complete simple tasks, however, we may want to execute more complex permission settings. In this scenario, we can use GUID settings to achieve
  that.
  The specific ACEs allow an administrator to delegate Active Directory specific rights (i.e. extended rights) or read/write access to a property set (i.e. a named collection of attributes) by
  setting ObjectType field in an object specific ACE to the
  rightsGuid of the extended right or property set. The delegation can also be created to target child objects of a specific class by setting the
  InheritedObjectType field to the schemaIDGuid of the class.
  We choose to use this pattern: ActiveDirectoryAccessRule(IdentityReference, ActiveDirectoryRights, AccessControlType, Guid, ActiveDirectorySecurityInheritance, Guid)
  You can use the script below to
  assign the group object with the permission to change user password on all user objects within an OU.
  $acl = get-acl "ad:OU=xxx,DC=com"
  $group = Get-ADgroup xxx
  $sid = new-object System.Security.Principal.SecurityIdentifier $group.SID
  # The following object specific ACE is to grant Group permission to change user password on all user objects under OU
  $objectguid = new-object Guid 
  00299570-246d-11d0-a768-00aa006e0529 # is the rightsGuid for the extended right User-Force-Change-Password (“Reset Password”) 
  class
  $inheritedobjectguid = new-object Guid 
  bf967aba-0de6-11d0-a285-00aa003049e2 # is the schemaIDGuid for the user
  $identity = [System.Security.Principal.IdentityReference] $SID
  $adRights = [System.DirectoryServices.ActiveDirectoryRights] "ExtendedRight"
  $type = [System.Security.AccessControl.AccessControlType]
  "Allow"
  $inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "Descendents"
  $ace = new-object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$objectGuid,$inheritanceType,$inheritedobjectguid
  $acl.AddAccessRule($ace)
  Set-acl -aclobject $acl "ad:OU=xxx,DC=com"
  The figure below shows the result of running the script above:
  Figure 2．
  In addition, if you want to assign other permissions, you can change the GUID values in the script above. The common GUID values are listed as below:
  $guidChangePassword     
  = new-object Guid ab721a53-1e2f-11d0-9819-00aa0040529b
  $guidLockoutTime        
  = new-object Guid 28630ebf-41d5-11d1-a9c1-0000f80367c1
  $guidPwdLastSet         
  = new-object Guid bf967a0a-0de6-11d0-a285-00aa003049e2
  $guidComputerObject     
  = new-object Guid bf967a86-0de6-11d0-a285-00aa003049e2
  $guidUserObject         
  = new-object Guid bf967aba-0de6-11d0-a285-00aa003049e2
  $guidLinkGroupPolicy    
  = new-object Guid f30e3bbe-9ff0-11d1-b603-0000f80367c1
  $guidGroupPolicyOptions 
  = new-object Guid f30e3bbf-9ff0-11d1-b603-0000f80367c1
  $guidResetPassword      
  = new-object Guid 00299570-246d-11d0-a768-00aa006e0529
  $guidGroupObject        
  = new-object Guid BF967A9C-0DE6-11D0-A285-00AA003049E2                                          
  $guidContactObject      
  = new-object Guid 5CB41ED0-0E4C-11D0-A286-00AA003049E2
  $guidOUObject           
  = new-object Guid BF967AA5-0DE6-11D0-A285-00AA003049E2
  $guidPrinterObject      
  = new-object Guid BF967AA8-0DE6-11D0-A285-00AA003049E2
  $guidWriteMembers   
      = new-object Guid bf9679c0-0de6-11d0-a285-00aa003049e2
  $guidNull               
  = new-object Guid 00000000-0000-0000-0000-000000000000
  $guidPublicInformation  
  = new-object Guid e48d0154-bcf8-11d1-8702-00c04fb96050
  $guidGeneralInformation 
  = new-object Guid 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
  $guidPersonalInformation = new-object Guid 77B5B886-944A-11d1-AEBD-0000F80367C1
  $guidGroupMembership    
  = new-object Guid bc0ac240-79a9-11d0-9020-00c04fc2d4cf
  More information:
  Add Object Specific ACEs using Active Directory Powershell
  http://blogs.msdn.com/b/adpowershell/archive/2009/10/13/add-object-specific-aces-using-active-directory-powershell.aspx
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  The ActiveDirectoryAccessRule has more than one constructor, but yes, you've interpreted the one that takes six arguments correctly.
  Those GUIDs are different (check just before the first dash). Creating that ACE will create an empty GUID for InheritedObjectType, though, because you're telling it to apply to the Object only ([System.DirectoryServices.ActiveDirectorySecurityInheritance]::None).
  Since the ACE will only apply to the object, there's no need to worry about what types of objects will inherit it.
  If you've got time, check out
  this module. It will let you view the security descriptors in a much friendlier format. Try both version 3.0 and the version 4.0 preview:
  Sample version 3.0:
  # This is going to be kind of slow, and it will take a few seconds the first time
  # you run it because it has to build the list of GUID <--> Property/Class/etc objects
  Get-ADGroup GroupY |
  Get-AccessControlEntry -ObjectAceType member -InheritedObjectAceType group -ActiveDirectoryRights WriteProperty
  # Same as the previous command, except limit it to access granted to GroupX
  Get-ADGroup GroupY |
  Get-AccessControlEntry -ObjectAceType member -InheritedObjectAceType group -ActiveDirectoryRights WriteProperty -Principal GroupX
  Here's version 4.0. It's way faster than 3.0, but it's missing the -ObjectAceType and -InheritedObjectAceType parameters on Get-AccessControlEntry (don't worry, when they come back they'll be better than in 3.0):
  Get-ADGroup GroupY |
  Get-AccessControlEntry
  Get-ADGroup GroupY |
  Get-AccessControlEntry -ActiveDirectoryRights WriteProperty
  Get-ADGroup GroupY |
  Get-AccessControlEntry -ActiveDirectoryRights WriteProperty -Principal GroupX
  # You can do a Where-Object filter until the parameters are added back to Get-AccessControlEntry:
  Get-ADGroup GroupY |
  Get-AccessControlEntry -ActiveDirectoryRights WriteProperty |
  where { $_.AccessMask -match "All Prop|member Prop" }
  Get-ADGroup GroupY |
  Get-AccessControlEntry -ActiveDirectoryRights WriteProperty |
  where { $_.ObjectAceType -in ($null, [guid]::Empty, "bf9679c0-0de6-11d0-a285-00aa003049e2") }
  Get-ADGroup GroupY |
  Get-AccessControlEntry -ActiveDirectoryRights WriteProperty |
  where { $_.AccessMask -match "All Prop|member Prop" -and $_.AppliesTo -match "group"}
  That's just for viewing. Version 3.0 can add and remove access, or you can use New-AccessControlEntry to replace your call to New-Object, and you can still use Get-Acl and Set-Acl. The benefit to New-AccessControlEntry is that you can do something like this:
  New-AccessControlEntry -Principal GroupX -ActiveDirectoryRights WriteProperty -ObjectAceType member -InheritedObjectAceType group #-AppliesTo Object