Requirements to set up replication between domains

Similar Messages

• How to set up SSO between e-portal employee node & ebill customer node?

  We have a requirement to set up SSO between e-portal employee node & ebill customer node.
  I am told that sso is possible only between 2 employee nodes.
  Please advise.

  Not sure I understand which part is failing.
  Is it the C program calling your packaged function? Or does the error occur in the PL/SQL code, in which case you should be able to pinpoint where it's wrong?
  A few comments :
  1) Using DOM to build XML out of relational data? What for? Use SQL/XML functions.
  2) Giving sample data is usually great, but it's not useful here since we can't run your code. We're missing the base tables.
  3) This is wrong :
  vStrSqlQuery := 'SELECT * FROM ' || vTblName                     || ' WHERE record_update_tms <= TO_DATE(''' || TO_CHAR(vLastPubTms, 'MM/DD/YYYY HH24:MI:SS') || ''', ''MM/DD/YYYY HH24:MI:SS'') ' ;
  A bind variable should be used here for the date.
  4) This is wrong :
  elmt_value := xmldom.createTextNode (doc, l_clob(1));
  createTextNode does not support CLOB so it will fail as soon as the CLOB you're trying to pass exceeds 32k.
  Maybe that's the problem you're referring to?
  5) This is most wrong :
       l_clob(1):=REPLACE(l_clob(1),'&lt;?xml version=&quot;1.0&quot;?&gt;', NULL); 
       l_clob(1):=REPLACE(l_clob(1),'&lt;', '<'); 
       l_clob(1):=REPLACE(l_clob(1),'&gt;', '>'); 
  I understand what you're trying to do but it's not the correct way.
  You're trying to convert a text() node representing XML in escaped form back to XML content.
  The problem is that there are other things to take care of besides just '&lt;' and '&gt;'.
  If you want to insert an XML node into an existing document, treat that as an XML node, not as a string.
  Anyway,
  Anyone that can help me to find out the required magic number
  That would be a bad idea. Fix what needs to be fixed.
  And please clearly state which part is failing : the C program or the PL/SQL code?
  I'd vote for PL/SQL, as pointed out in [4].

• Help with setting up active directory domain controller/DNS - need this for Clustering

  Disclaimer: I am new to Active Directory, so please dont rule out the obvious things I may have overlooked.
  I need to set up Active Directory Domain controller on at least one server so I can run clustering. I set up the domain controller and ran Cluster validation and that failed - unable to reach writable domain controller.
  When I look at my server manager AD DS complain about DNS:
  NASE-2012-234    4015    Error    Microsoft-Windows-DNS-Server-Service    DNS Server    1/14/2014 12:54:06 AM
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  When I click on DNS this is the error:
  The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
  Output of DCDiag -v is below.
  PS C:\Users\Administrator> dcdiag -v
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     * Verifying that the local machine NASE-2012-234, is a Directory Server.
     Home Server = NASE-2012-234
     * Connecting to directory service on server NASE-2012-234.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=
  ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=lab,DC=nas
  e,DC=com
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=lab,DC=nase,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntD
  SDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=NASE-2012-234,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
  N=Configuration,DC=lab,DC=nase,DC=com
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 1 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           The host c0c507c4-fb9b-49a6-9a01-ef79d7960c94._msdcs.lab.nasecom could not be resolved to an IP address.
           Check the DNS server, DHCP, server name, etc.
           Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
           ......................... NASE-2012-234 failed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\NASE-2012-234
        Skipping all tests, because server NASE-2012-234 is not responding to directory service requests.
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Test omitted by user request: DNS
        Test omitted by user request: DNS
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : lab
        Starting test: CheckSDRefDom
           ......................... lab passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... lab passed test CrossRefValidation
     Running enterprise tests on : lab.nasecom
        Test omitted by user request: DNS
        Test omitted by user request: DNS
        Starting test: LocatorCheck
           GC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           PDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           Preferred Time Server Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           KDC Name: \\NASE-2012-234.lab.nasecom
           Locator Flags: 0xe000f3fd
           ......................... lab.nase.com passed test LocatorCheck
        Starting test: Intersite
           Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
           provided.
           ......................... lab.nasecom passed test Intersite
  PS C:\Users\Administrator>

  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverDS is the forum for Directory Services questions.  You might want to post your question there.
  .:|:.:|:. tim

• Required FSMO Roles to Bring up Domain Controller

  I have an unusual situation.  Our network team is moving to a new vendor for our WAN circuits and this change which has left our network split. I have 10 domain controllers which can't talk to the other seven domain controllers. This situation
  will last about another 2 months.
  I have been asked to bring up an RODC domain controller in a location which can't connect to the DC which hosts the FSMO roles, but has communication with seven domain controllers.
  Is this possible?  What FSMO roles are required to bring up a DC?
  Thanks
  LRL

  In a worse case scenario, replication may fail between domain controllers when a WAN link is re-established:
  http://pmeijden.wordpress.com/2011/01/12/domain-replication-has-exceeded-the-tombstone-lifetime/
  "This can also happen when your network isn’t working properly or when replication error’s have occurred for to long without anyone noticing them. In large environments it’s possible that a complete site has been disconnected due to unavailable WAN
  connections. [...]
  The reason why the domain controllers will not continue the replication is because they are protected for so called Lingering Objects. For example, one or more objects that are deleted from Active Directory on all other domain controllers might remain on
  the disconnected domain controller. Such objects are called Lingering Objects. Because the domain controller is offline during the entire time that the tombstone is alive, the domain controller never receives replication of the tombstone and therefor doesn’t
  know that the object has been deleted."
  If your tombstone lifetime is still 60 days (the original default), that is about 2 months.
  You can check like this:
  http://technet.microsoft.com/en-us/library/cc784932(v=ws.10).aspx
  If it is 180 days (new default - I won't go into the details of how and when this changed), you may avoid the worse case scenario. But you still might have problems.
  Two months... how much time has already passed?
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

• DFSR replicaion problem between domain controllers

  I have 2 domain controllers running server 2012 and recently noticed a lot of errors about replication between 2 of them 
  i demoted child controller and promoted it again for DC and issue still occurs
  so far i noticed that when browsing network and looking for shares on main DC i can see SYSVOL folder there 
  but it is missing on the other one - it is present in c \ windows but not visible in shares \
  also domain folder is empty on the child DC 
  when i run dfsrmngr and run the diagnostic it doesn't show errors in status also it says that it is enabled 
  also when trying to manualy create pair of folders to replicate the contents it says at one of the steps it is already used ....what would be the best
  thing to do at this point o have replication issue solved ?
  MAciunio

  C:\Users\Administrator.CON>dfsrdiag dumpadcfg
  LDAP Bind : DC-SERVER2.CON.com
  SitesDn : cn=sites,cn=configuration,dc=CON,dc=com
  ServicesDn : cn=services,cn=configuration,dc=CON,dc=com
  SystemDn : cn=system,DC=CON,DC=com
  DefaultNcDn : DC=CON,DC=com
  ComputersDn : cn=computers,DC=CON,DC=com
  DomainCtlDn : ou=domain controllers,DC=CON,DC=com
  SchemaDn : CN=Schema,CN=Configuration,DC=CON,DC=com
  COMPUTER: DC-SERVER1
  DN : cn=dc-server1,ou=domain controllers,dc=CON,dc=com
  GUID : 3009B7C3-3316-411E-B4ED-ECEF72114C02
  DNS : dc-server1.CON.com
  Server BL : cn=dc-server1,cn=servers,cn=default-first-site-name,cn=sites,c
  n=configuration,dc=CON,dc=com
  Server Ref : (null)
  USN Changed : 586839
  When Created : Saturday, March 15, 2014 9:24:43 PM
  When Changed : Saturday, July 26, 2014 9:16:42 AM
  LOCAL SETTINGS: DFSR-LOCALSETTINGS
  DN : cn=dfsr-localsettings,cn=dc-server1,ou=domain controllers,dc
  =CON,dc=com
  GUID : 3CD85D1B-177B-4CA4-BC15-2B9A87850553
  Version : 1.0.0.0
  USN Changed : 584264
  When Created : Saturday, July 26, 2014 2:15:23 AM
  When Changed : Saturday, July 26, 2014 2:25:26 AM
  SUBSCRIBER: DOMAIN SYSTEM VOLUME
  DN : cn=domain system volume,cn=dfsr-localsettings,cn=dc-server
  1,ou=domain controllers,dc=CON,dc=com
  GUID : 9B8DD38C-26D4-4E78-BC61-6F344C7938B0
  Member Ref : cn=dc-server1,cn=topology,cn=domain system volume,cn=dfsr-
  globalsettings,cn=system,dc=CON,dc=com
  USN Changed : 584238
  When Created : Saturday, July 26, 2014 2:15:23 AM
  When Changed : Saturday, July 26, 2014 2:25:03 AM
  SUBSCRIPTION: SYSVOL SUBSCRIPTION
  DN : cn=sysvol subscription,cn=domain system volume,cn=dfsr-l
  ocalsettings,cn=dc-server1,ou=domain controllers,dc=CON,dc=com
  GUID : 0BC184CA-A02E-40BB-B257-DA32FF86F88A
  ContentSetGuid: 342393C4-C03F-44B1-BE9A-8DFE1F906595
  Root Path : c:\windows\sysvol\domain
  Root Size : (null) (MB)
  Staging Path : c:\windows\sysvol\staging areas\CON.com
  Staging Size : (null) (MB)
  Conflict Path : (null)
  Conflict Size : (null) (MB)
  USN Changed : 591605
  When Created : Saturday, July 26, 2014 2:15:23 AM
  When Changed : Saturday, July 26, 2014 9:41:57 PM
  GLOBAL SETTINGS: DFSR-GLOBALSETTINGS
  DN : cn=dfsr-globalsettings,cn=system,dc=CON,dc=com
  GUID : 5708E418-6D80-45BD-AFC1-9135DEE1211A
  USN Changed : 8313
  When Created : Saturday, March 23, 2013 8:17:18 PM
  When Changed : Sunday, March 9, 2014 5:06:58 AM
  REPLICATION GROUP: DOMAIN SYSTEM VOLUME
  DN : cn=domain system volume,cn=dfsr-globalsettings,cn=system,dc=
  CON,dc=com
  GUID : 31EFC46F-6D74-48FB-BA52-D6750206975B
  Type : 1 (SYSVOL)
  USN Changed : 8314
  When Created : Saturday, March 23, 2013 8:17:19 PM
  When Changed : Sunday, March 9, 2014 5:06:58 AM
  CONTENT: CONTENT
  DN : cn=content,cn=domain system volume,cn=dfsr-globalsettings,
  cn=system,dc=CON,dc=com
  GUID : 0DBFFC24-7793-48B4-B21E-49BAD434B8D6
  USN Changed : 8315
  When Created : Saturday, March 23, 2013 8:17:19 PM
  When Changed : Sunday, March 9, 2014 5:06:58 AM
  CONTENT SET: SYSVOL SHARE
  DN : cn=sysvol share,cn=content,cn=domain system volume,cn=df
  sr-globalsettings,cn=system,dc=CON,dc=com
  GUID : 342393C4-C03F-44B1-BE9A-8DFE1F906595
  File Filter : ~*,*.TMP,*.BAK
  Compression Excl : (null)
  Dir Filter : DO_NOT_REMOVE_NtFrs_PreInstall_Directory,NtFrs_PreExisti
  ng___See_EventLog
  USN Changed : 8316
  When Created : Saturday, March 23, 2013 8:17:19 PM
  When Changed : Sunday, March 9, 2014 5:06:58 AM
  TOPOLOGY: TOPOLOGY
  DN : cn=topology,cn=domain system volume,cn=dfsr-globalsettings
  ,cn=system,dc=CON,dc=com
  GUID : 637AAE04-0A35-43BA-B6A2-1292049A6617
  USN Changed : 8317
  When Created : Saturday, March 23, 2013 8:17:19 PM
  When Changed : Sunday, March 9, 2014 5:06:58 AM
  MEMBER: DC-SERVER1
  DN : cn=dc-server1,cn=topology,cn=domain system volume,cn=dfs
  r-globalsettings,cn=system,dc=CON,dc=com
  GUID : EBCFB268-8F7C-4C90-A49F-1018595A3D2C
  Server Ref : cn=ntds settings,cn=dc-server1,cn=servers,cn=default-fir
  st-site-name,cn=sites,cn=configuration,dc=CON,dc=com
  Computer Ref : cn=dc-server1,ou=domain controllers,dc=CON,dc=com
  Keywords : (null)
  Computer DNS : dc-server1.CON.com
  USN Changed : 584236
  When Created : Saturday, July 26, 2014 2:15:23 AM
  When Changed : Saturday, July 26, 2014 2:25:03 AM
  CXTION: 2452641E-B5E9-4ABD-AA3F-38367137DFD1
  DN : cn=2452641e-b5e9-4abd-aa3f-38367137dfd1,cn=ntds settin
  gs,cn=dc-server1,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration
  ,dc=CON,dc=com
  GUID : 240A03AF-2CD0-4FBC-A56D-16BB90FE585A
  Inbound : true
  Partner DN : cn=dc-server2,cn=topology,cn=domain system volume,cn=d
  fsr-globalsettings,cn=system,dc=CON,dc=com
  USN Changed : 584199
  When Created : Saturday, July 26, 2014 2:19:27 AM
  When Changed : Saturday, July 26, 2014 2:25:02 AM
  CXTION: 2A851034-2EF0-435F-A915-78380D4980EB
  DN : cn=2a851034-2ef0-435f-a915-78380d4980eb,cn=ntds settin
  gs,cn=dc-server2,cn=servers,cn=default-first-site-name,cn=sites,cn=configuration
  ,dc=CON,dc=com
  GUID : A439D7E8-199F-42C3-854E-339559B5382B
  Inbound : false
  Partner DN : cn=dc-server2,cn=topology,cn=domain system volume,cn=d
  fsr-globalsettings,cn=system,dc=CON,dc=com
  USN Changed : 584228
  When Created : Saturday, July 26, 2014 2:10:02 AM
  When Changed : Saturday, July 26, 2014 2:25:02 AM
  MEMBER: DC-SERVER2
  DN : cn=dc-server2,cn=topology,cn=domain system volume,cn=dfs
  r-globalsettings,cn=system,dc=CON,dc=com
  GUID : B8A9BA79-D85E-4DE3-8199-827F356EA9F7
  Server Ref : cn=ntds settings,cn=dc-server2,cn=servers,cn=default-fir
  st-site-name,cn=sites,cn=configuration,dc=CON,dc=com
  Computer Ref : cn=dc-server2,ou=domain controllers,dc=CON,dc=com
  Keywords : (null)
  Computer DNS : dc-server2.CON.com
  USN Changed : 12334
  When Created : Sunday, March 9, 2014 5:10:25 AM
  When Changed : Sunday, March 9, 2014 5:10:25 AM
  Operation Succeeded
  MAciunio

• Will removal of Enterprice CA break AD replication between sites?

  Hello.
  I have a AD environment that have a CA on a failing Domain Controller. This server is scheduled for decommission, and are running a CA for the Domain. This server has issued certificates to the domain controllers from the Domain Controllers template. 
  I have no other use for this CA other than for Domain Replication. Based on this I want to remove the CA role completely from the domain.
  If I follow this procedure:
  http://support.microsoft.com/kb/889250
  Will the domain replication break or still be in operation?
  Regards
  Tommy Rasmussen

  If you require certificates for AD e-mail replication I would not recommend this procedure as all certificates would be revoked following this checklist (step 1). If you decommission a PKI but want its certificates to remain valid you would not revoke the
  certificates but only create the long-lived CRL (steps 2 and 3). And you would need to make sure that new DCs get new certificates.
  Are you really using AD *e-mail* replication? I am just asking because I often DC certificates are deployed automatically but not actually really used. Certificates are not required for default AD replication.
  Assuming that certificates are required now (and will be required in the future) I would recommend instead:
  Option 1 - new PKI before retiring the old one.
  Configure a replacement PKI, make sure that the DC replication template is published at this CA, make all DCs get renewed certificates from the new CA, then decommission the old one.
  On principle, the existing CA could also be migrated to a new server with another name, but handling the CDP and AIA URLs gets a bit messy if the default names have been used when setting up this CA (as these point to the existing server or an LDAP object
  that has the same name as the existing server). So if the CA is only used for issuing DC certificates, I would rather create a new one.
  Option 2 - new PKI after retiring the old one.
  This would be an option if you don't plan to add new DCs soon:
  Make sure all DCs have valid certificates issued by the existing PKI. Issue the long-lived CRL but don't revoke the certificates. Uninstall the CA service - the objects required to validate certificates will remain in AD. Details may depend on customizations
  of the CDP and AIA URLs. If you used the default settings you might have also an HTTP URL pointing to the CA server itself - so the DNS record would need to point to a replacement server holding the CRL and CRT files.
  This would work as long as you don't need new certificates - thus as long as the existing ones are still valid and you don't join new DCs to the domain. So you should perhaps setup another CA in the next months.
  Elke

• Configure replication between directory server 5.1 and 5.2

  we have two directory servers running on different machine 5.1 and new 5.2. All database have been successfully backup and restore from 5.1 to new 5.2. In this scenario, we would like to setup 5.1 and new 5.2 D.S as multi-master replication.
  As described in the sun Documentation, we have copy few ldif file from new 5.2 to 5.1 so that both schema are up to date.
  The new instance of 5.2 is running fine. However, on the other hand, 5.1 has a problem to start the server as show in the following below.
  # ./start-slapd
  [31/May/2005:14:07:43 +0800] dse - The entry cn=schema in file /usr/iplanet/servers/slapd-ifpdev02/config/schema/50ns-admin.ldif is invalid, error code 21 (Invalid syntax) - object class nsAdminServer: Unknown required attribute type "nsServerID"
  [31/May/2005:14:07:43 +0800] dse - Please edit the file to correct the reported problems and then restart the server.
  Any help from you guys are greatly appreciated.

  I recommened that you read the Release Notes of DS5.2, there are some notes on Replication between 5.1 and 5.2.
  ===
  In Directory Server 5.2, the schema file 11rfc2307.ldif has been altered to conform to rfc2307. If replication is enabled between 5.2 servers and 5.1 servers, the rfc2307 schema MUST be corrected on the 5.1 servers, or replication will not work correctly.
  Workaround
  To ensure correct replication between Directory Server 5.2 and Directory Server 5.1, perform the following tasks:
  * For zip installations, remove the 10rfc2307.ldif file from the 5.1 schema directory and copy the 5.2 11rfc2307.ldif file to the 5.1 schema directory. (5.1 Directory Server Solaris packages already include this change.)
  * Copy the following files from the 5.2 schema directory into the 5.1 schema directory, overwriting the 5.1 copies of these files:
  11rfc2307.ldif, 50ns-msg.ldif, 30ns-common.ldif, 50ns-directory.ldif, 50ns-mail.ldif, 50ns-mlm.ldif, 50ns-admin.ldif, 50ns-certificate.ldif, 50ns-netshare.ldif, 50ns-legacy.ldif, and 20subscriber.ldif.
  * Restart the Directory Server 5.1 server.
  * In the Directory Server 5.2 server, set the nsslapd-schema-repl-useronly attribute under cn=config to on.
  * Configure replication on both servers.
  * Initialize the replicas.
  ===
  Also search for "migrate" or "repl" or "5.1" in Release Notes and read the relevant information.
  http://docs.sun.com/source/817-7611/index.html
  Another guide is "Installation and Migration Guide"
  http://docs.sun.com/app/docs/doc/817-7608
  HTH.
  Gary

• Office 2013 and SharePoint 2013 server properties - The required term set is not available.

  Hi,
  After creating new document from ribbon with the new document function on any template the managed metadata based server properties cannot be selected and properties boxes are grayed out. Mouse over displays "The Required term set is not available".
  Works fine when using it form resource (SharePoint) domain both with user domain and resource domain accounts.
  There is a two-way trust btw domains.
  SPNs are done for AppPools.
  AppPool accounts have delegations and are set to impersonate with GPO.
  SharePoint Web Application is on kerberos authentication.
  There is no difference when sites are using user or resource domain AppPool accounts.
  The WFE and SQL Server have computer delegations.
  Server env: Windows Server 2008 R2 with all updates, SQL Server 2008 R2 with all updates, on-prem SharePoint Server 2013 with no CU.
  User env: Windows 7 ENT, IE10 and Office 2013 with all updates.
  There is no internet connection and internet connection is not possible. The internet connection is cheated with two DNS A record setting for
  www.msftncsi.com and dns.msftncsi.com. Also registry changes "ActiveDnsProbeContent" ip- address for Win7 is done via GPO to private IP. This is done because otherwise check-in/check-out does not work.
  Last things on IIS log are:
  2014-01-24 10:38:36 192.168.n.n PROPFIND /TestDoc - 5445 0#.w|userdomain\test3-user 192.168.51.51 Microsoft+Office+Word+2013+(15.0.4551)+Windows+NT+6.1 207 0 0 639
  2014-01-24 10:38:37 192.168.n.m OPTIONS / - 5445 0#.w|userdomain\test3-user 192.168.51.51 Microsoft+Office+Word+2013+(15.0.4551)+Windows+NT+6.1 200 0 0 842
  2014-01-24 10:38:54 ::1 POST /_vti_bin/sharedaccess.asmx - 5445 - ::1 Microsoft+Office+Word+2013+(15.0.4551)+Windows+NT+6.1 200 0 0 15
  2014-01-24 10:39:25 ::1 POST /_vti_bin/sharedaccess.asmx - 5445 - ::1 Microsoft+Office+Word+2013+(15.0.4551)+Windows+NT+6.1 200 0 0 0
  2014-01-24 10:39:56 ::1 POST /_vti_bin/sharedaccess.asmx - 5445 - ::1 Microsoft+Office+Word+2013+(15.0.4551)+Windows+NT+6.1 200 0 0 15
  2014-01-24 10:40:27 ::1 POST /_vti_bin/sharedaccess.asmx - 5445 - ::1 Microsoft+Office+Word+2013+(15.0.4551)+Windows+NT+6.1 200 0 0 15
  What I missed.
  Br,
  -timo-

  Same problem here!. Giving the computer network access allows the control to be populated. Then I disabled and restarted and it seems to be ok....

• Steps involved in setting up communication between CRM and R3 / ECC

  Hi all,
  Can you please tell what are the steps involved in setting up communication between CRM and R3 or ECC.
  I know that initially logical systems, RFC connections and other technical settings need to be done by Basis consultants.
  From a functional consultants viewpoint, what all config settings need to be done so that data transfer between the systems can take place?
  Thanks in advance.

  Hi,
  There are a series of steps that are to be done...
  These include creating sites and subscription in CRM, setting up filters, and number ranges....
  All these are in the connectivity guide C71 and replication guide B09.
  Refer C71 first and then B09. These would suffice.
  You can get these both in the follwoing reference:
  http://help.sap.com/bp_crmv340/CRM_DE/index.htm
  If you dont get, then gimme your email id, i shall forward these docs to you.
  Kindly reward with points in case helpful
  Sharif.

• How to set execution preferences between Data Objects

  Hi Experts,
  I have  2 data Objects(one Bidrectional and another Upload Only) in my SWCV and according to my requirement i have to execute first DO(Bidirectional) before execution of Second DO(Upload Only).
  Is there any way so that i can set execution  preferences between these two DOs.
  Regards,
  Abhishek

  Hi Liji,
  Execution preference is more related to the "Semantic Compression" capability of the application/framework than the "backward compatiblity" with 04/04s.
  Whenever the semantic compression is enabled, sync order has to be present for the set of data object to ensure the correct order of the data going to the server.
  As all the backward compatible applications are "Semantic compression enabled" this option is mandatory for those applications.
  But non-backward compatible applications might also want to use "semantic compression" feature to reduce the traffic over the network. In this case, those applications will also need this feature. Hence this feature of settting the sync order is available for all the SWCVs.
  Regards,
  Ramanath.

• Multi master replication between 5.2 and 6.3.1

  I have a setup in which I have a master running version 5.2 and about 15 consumers ( slaves) all of which have been upgraded to 6.3.1 . I now want to create a multi master topology by promoting one of these consumers to be a master and still keep the 5.2 in use as we have a bunch of other applications that depend on the 5.2 instance. Our master has two suffixes. The master server is also the CA cert authority for all the consumers . After reading the docs I narrowed down the procedure to be
  1. Promote one of the 6.3.1 consumers to hub and then to master using the dsconf promote-repl commands. The problem here is that I am not sure how I can create a single consumer that can slave both the suffixes. We currently have them being slaved to different consumers.
  Also do I need to stop the existing replication between the 5.2 master and the would be 6.3.1 master to promote to hub and master.
  2. Set the replication manager manually or using dsconf set-server-prop on the new 6.3.1 master .
  3. Create a new replication agreement from 5.2 to 6.3.1 master without initializing. (using java console)
  4. Create new replication agreement from 6.3.1 to 5.2 (using command line)
  5. Create new repl agreements between the new 6.3.1 master and all the other consumers. For this do I need to first disable all the agreements between 5.2 and 6.3 or can I create new agreements without disabling the old ones?
  6. Initialize 6.3.1 from the 5.2 master.
  My biggest concern at this point is surrounding the ssl certs and the existing trusts the consumers have with the 5.2 master. Currently my 5.2 server acts as the CA authority for our certificate management with the ldap slaves. How can I migrate this functionality to the new server and also will this affect how the slaves communicate to the new master server ?
  Thanks in advance.

  Thanks Marco and Chris for the replies.
  I was able to get around the message by first manually initialzing the new slave using an ldif of the ou from the master , using dscc to change the default replication manager account to connect and finally editing the dse.ldif to enter the correct crypt hash for the new repl manager password. After these steps I was able to successfully set up replication to the second ou and also promote it to hub and master ( I had to repeat the steps after promotion of the slave to master as somehow it reset replication manager settings when I did that).
  So right now, I have a 5.2 master with two ou's replicating to about 15 consumers.
  I promoted one of these to be a second master (from consumer to hub to master). Replication is setup from 5.2 to 6.3 master but not the other way round.
  I am a little bit nervous setting up replication the other way round as this is our production environment and do want to end up blowing up my production instance. The steps I plan on taking are , from the new master server
  1. dsconf create-repl-agmt -p 389 dc=xxxxx,dc=com <5.2-master>:389
  2. dsconf set-repl-agmt-prop -p 389 dc=xxxxx,dc=com <5.2-master>:389 auth-pwd-file:<passwd_file.txt>
  I am assuming I can do all of this while the instances are up. Also in the above, does create-repl-agmt just create the agreement or does it also initalize the consumer with the data ? I want to ensure I do not initialize my 5.2 master with my 6.3 data.
  Thanks again

• Migrate servers between domains

  Hello
  We need to plan an AD domain migration to an already existing domain - i.e. not a new domain - for dozens of servers hosting different roles and am looking for some general pointers for what we should be aware of.
  We cannot use ADMT (for internal political reasons) and cannot use external tools, e.g. Quest (for cost reasons)
  The roles on the servers include:
  Domain controllers, IIS, SQL, CRM, VMWare Virtual Center - plus other bespoke applications.
  I know there will NOT be a "one size fits all" process for every server (or even every application) but was hoping someone could provide general information for the apps mentioned above.
  e.g. should we not even consider moving the server(s) between domains but rather build a new server and reinstall the application ?  If rebuilding a server is NOT an option for any reason, CAN we move the application server(s) to the
  other domain without issues ?
  I realise this is a very complex set of tasks but, as I said, just looking for some general information to give us a starting point.
  Thanks

  >>>CAN we move the application server(s) to the other domain without issues ?
  It depends on your authentication and permission model.  Where are the users and groups?  ACL on these servers from a different domain?
  Please provide more information.  
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Database replication between 2ACSs (V4.0 & V4.1)

  Hi All,
  1. ACS in production in the N/W:
  Release 4.0(1) Build 44
  2.Installed recently another ACS serer for backup purposes and currently as no Data :Release 4.1(1) Build 23
  Now...
  a. Will it be possible to (auto)replicate between these two vesrions.
  b.Will some one provide steps/links to configure replication and any required configuration changes to make sure (1) is primary & (2) backup [incase primary fails)
  Thanks in advance.
  MS

  Cisco does not recommend to do replication between different versions of ACS.
  I have also seen dissimilar versions to cause problems like database corruption, though it might work in some case.
  To be on safer side keep both ACS on same version and only then replicate.
  Following link can help you configure replication:
  http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacs4nt/acs41/user/scadv.htm#wp756476
  For configuring Backup ACS incase primary fails you need to configure backup server on the AAA client (router,switch) because only AAA client will forward the request to secondary server in case primary fails.
  ~Rohit

• Bug: _global vars between domains

  Hey
  I submitted a bug report on _global variables, and i just
  wanted to hear your opinions.
  Scenario 1
  1. MovieA loads MovieB from SAME domain
  2 Both MovieA and MovieB contain a _global variable
  Comclusion/Result:
  Both MovieA and Movie B adapts the _global variables
  Scenario 2
  1. MovieA loads MovieB from DIFFERENT domain
  2. Both MovieA and MovieB uses
  System.security.allowDomain("*")
  3. Both MovieA and MovieB contains a _global variable
  Comclusion/Result:
  Both MovieA and MovieB CAN NOT access/read eachothers _global
  variable.
  The help file says:
  quote:
  The Flash Player version 7 and later security sandbox
  enforces restrictions when accessing global variables from SWF
  files loaded from separate security domains For more
  information, see Understanding Security.
  I clearly read that as , you should be able to control the
  usage between domains , (just like any other scripting operating
  with domain policy )
  It fails nomatter what, even with
  System.security.allowDomain("*") AND crossdomain.xml policy file.

  Looking to this Oracle Doc >> http://docs.oracle.com/cd/E24329_01/web.1211/e24375/basics.htm#BRDGE128
  "Typical tasks required to manage a messaging bridge using the Administration Console include
  Creating a trusted security relationship. See "Configuring Domains for Inter-Domain Transactions" in Programming JTA for Oracle WebLogic Server"
  And, clicking the link to Configuring Domains for Inter-Domain Transactions, there's two types of communications:
  Inter-domain—The transaction communication is between servers participating in transactions that are not in the same domain.
  Intra-domain—The transaction communication is between servers participating in transactions within the same domain
  Check the rest of the doc to know how to configure each type, and apply the one that matches your case..
  Hope it helps
  Regards,
  Mohab

• Mails between domains

  Hi,
  We have a scenerio where we are to use different domains for every new env we create. So using Collabsuite, is it possible to mail from [email protected] to [email protected] ?
  I have created xyz in the domain env1 and abc in domain env2, but when I use web client to mail from one to another, the mail is simply lost !
  Any pointers as to where/how I can trace this if it is possible to mail between domains.
  Thanks
  Arvind

  That's not a problem, just verify the domains and set the domain purpose as Exchange Online. As those will be in the same Exchange organization, there is no need to configure anything else in order to be able to share calendar or contact information between
  users.