Secondary Domain Controller Not Authenticating Domain Users
Hi.
I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
DC USA
Installation & replication of AD went fine
India domain users login is damn slow.
When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
Please find the dcdiag results below and any help much appreciated
Performing initial setup:
Trying to find home server...
Home Server = server2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: INDIA\server2
Starting test: Connectivity
......................... server2 passed test Connectivity
Doing primary tests
Testing server: INDIA\server2
Starting test: Advertising
Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
server2.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... server2 failed test Advertising
Starting test: FrsEvent
......................... server2 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after th
replication problems may cause Group Policy problems.
......................... server2 failed test DFSREvent
Starting test: SysVolCheck
......................... server2 passed test SysVolCheck
Starting test: KccEvent
......................... server2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... server2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... server2 passed test MachineAccount
Starting test: NCSecDesc
......................... server2 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\server2\netlogon)
[server2] An net use or LsaPolicy operation failed with error 67,
......................... server2 failed test NetLogons
Starting test: ObjectsReplicated
......................... server2 passed test ObjectsReplicated
Starting test: Replications
......................... server2 passed test Replications
Starting test: RidManager
......................... server2 passed test RidManager
Starting test: Services
......................... server2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0xA004001B
Time Generated: 02/22/2015 17:10:30
Event String: Intel(R) 82574L Gigabit Network Connection
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/22/2015 17:11:24
Event String: The WinRM service is not listening for WS-Manageme
An error event occurred. EventID: 0x0000271A
Time Generated: 02/22/2015 17:11:24
Event String:
The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
A warning event occurred. EventID: 0xA004001B
Time Generated: 02/22/2015 17:12:41
Event String: Intel(R) 82574L Gigabit Network Connection
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/22/2015 17:19:36
Event String:
Name resolution for the name mycompany.com timed out after none
A warning event occurred. EventID: 0x00001796
Time Generated: 02/22/2015 17:28:54
Event String:
Microsoft Windows Server has detected that NTLM authentication i
his server. This event occurs once per boot of the server on the first time
A warning event occurred. EventID: 0x000727A5
Time Generated: 02/22/2015 17:33:35
Event String: The WinRM service is not listening for WS-Manageme
A warning event occurred. EventID: 0x00001796
Time Generated: 02/22/2015 17:35:54
Event String:
Microsoft Windows Server has detected that NTLM authentication i
his server. This event occurs once per boot of the server on the first time
......................... server2 failed test SystemLog
Starting test: VerifyReferences
......................... server2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValida
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValida
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidat
Running partition tests on : tst
Starting test: CheckSDRefDom
......................... tst passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... tst passed test CrossRefValidation
Running enterprise tests on : tst.mycompany.com
Starting test: LocatorCheck
......................... tst.mycompany.com passed test LocatorChec
Starting test: Intersite
......................... tst.mycompany.com passed test Intersite
Hi.
I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
DC USA
Installation & replication of AD went fine
India domain users login is damn slow.
When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your
site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers?
Similar Messages
-
Import not authenticating portal user
I am using Portal 10.1.4 and am trying to import a portal from another Portal 10.1.4 instance. I have retrieved the import/export script from the web interface from the source system (in Navigator when selecting Export for the relevant Page Group).
However, no matter what portal user and portal password I put on the command line, I am getting an authentication error:
D:\>export107.bat -mode IMPORT -d export107.dump -c ORCL -s PORTAL -p <schema password> -company MyCompany -pu portal -pp <portalpassword>
Verifying the environment variables...
Verifying the Oracle Client version...
IMPORT Mode Selected
Verifying the portal schema passed...
Verifying the availability of transport set...
Verifying the status of transport set...
Calling Oracle exp or imp utility based on the mode of operation....
PL/SQL procedure successfully completed.
Checking for privileges...
Checking for version compatibility...
Setting the Context...
Error: Authentication failed for portal
Cannot proceed with Import
I have checked that the portal user is in the OID and that they have a portal profile (using the Portal Admin web interface).
How do I properly set up a user which can be used in the import script? (i.e. the pu and pp command parameters)?
ThanksThe problem turned out to be an incorrect value for the company parameter. I think this is what was suggested above - and it works. Just use the default value for company when executing the import script
-
Itunes is not authenticating my User Name when I try to remove Parental Control
Why is iTunes store unable to "Authenticate" my User Name when I try to unlock the Parental Control? This started after I downloaded the latest version 10.5
See Here > http://support.apple.com/kb/HT1808
This will not necessarily work if the Device has been Modified. -
hi, THIS IS NOT MSI PRODUCT,BUT I NEED YOUR HELP ,AND IDEA
my intel SE440BX ide 2 cannot detect my cd-rom,and i try to read from windows(windows 98SE)device manager the secondary ide controller not detect,but at cMOS the both of ide was enable ,the CDROM is working ,pls help me.
IF can't use ,do your know the configure the creative Sound blaster 16(CT2910)the IDE port,can your show the methoddoes the cd-rom detect on bootup when you set the secondary master/slave to auto-detect?
When you say that the secondary ide not detect in windows, do you mean that you only get a primary ide controller? Try going into the Main IDE controller properties (can't remember what it's called in 98), and make sure that both ide channels are enabled, this is done in device manager, it's in the same section as the primary/secondary ide controller's are. -
Secondary domain controller not able to connect from work stations.
We are using primary and secondary domain controllers. In which the secondary domain controller act as a replication server. actually the problem occurs while accessing the secondary domain controller from work stations I get the following error:
"The trust relationship between this workstation and the primary domain failed".
Any one please give as a solution.
Thank you.Hi,
Most simple resolution would be unjoin/disjoin the computer from the domain and rejoin the computer account back to the domain.
There might be multiple reasons for this kind of behavior.
Here are a few of them:
Single SID has been assigned to multiple computers.
If the Secure Channel is Broken between Domain controller and workstations
If there are no SPN or DNS Host Name mentioned in the computer account attributes
Outdated NIC Drivers.
According your description, the second one may be the cause of your problem.
When a Computer account is joined to the domain, Secure Channel password is stored with computer account in domain controller. By default this password will change every 30 days (This is an automatic process, no manual intervention is required).
Upon starting the computer, Netlogon attempts to discover a DC for the domain in which its machine account exists. After locating the appropriate DC, the machine account password from the workstation is authenticated against the password on the DC.
If there are problems with system time, DNS configuration or other settings, secure channel’s password between Workstation and DCs may not synchronize with each other.
A common cause of broken secure channel [machine account password] is that the secure channel password held by the domain member does not match that held by the AD. Often, this is caused by performing a Windows System Restore (or reverting
to previous backup or snapshot) on the member machine, causing an old (previous) machine account password to be presented to the AD.
Follow below link which explains typical symptoms when Secure channel broken,
Typical Symptoms when secure channel is broken
http://blogs.technet.com/b/asiasupp/archive/2007/01/18/typical-symptoms-when-secure-channel-is-broken.aspx
For detailed information, please refer to the link below,
Troubleshooting AD: Trust Relationship between Workstation and Primary Domain failed
http://social.technet.microsoft.com/wiki/contents/articles/9157.troubleshooting-ad-trust-relationship-between-workstation-and-primary-domain-failed.aspx
Hope this helps.
Steven Lee
TechNet Community Support -
Server 2012 Secondary Domain Controller not picking up AD nor DNS responsibilities
I had a single Domain Controller providing AD, DNS and DHCP. I went through the steps to add a Secondary Domain Controller. All the AD and DNS info shows up in the Secondary Server, however, when my original Domain Controller is turned
off, the second Domain Controller is not taking over for AD and DNS.Hi Bayousmurf,
Good that you made some progress. However, can you please provide us the information on how you acheived transfering FSMO role to another DC since you had some issue earlier?
Your initial intention was to demote the original DC. Please follow the below link for the steps to demote the DC.
http://technet.microsoft.com/en-in/library/jj574104.aspx
Still if I power off the original DC the new one isn't taking up DNS. Still looking into the DNS...
Can you please elaborate what exactly you are looking for? When you power off original DC, you don't see DNS in new DC? Is your DNS active directory integrated? If not please follow the below procedure to make it as a AD integrated. Once done, then, power
off original DC and look in new DC to see if DNS shows up.
http://www.tomshardware.com/faq/id-1954324/configure-active-directory-integrated-dns-zone-windows-server-2012-dns-server.html
Thanks,
Umesh.S.K -
DC on VM Restored after crash - Does Not allow PCs to Join Domain, or Domain Users to Log in
We currently had a RAID array crash and rebuilt our main server which housed VMs for our Web and DC.
The main server was restored from a bare-metal backup from 6 months prior to the latest backup of the VMs (not sure if pertinent)
Since the Restore, Domain computers cannot access file shares on the main server or VMs - "unspecified network error
0x80004005
Removed the main server from the Domain to re-join it due to some issues with logging in (even with a Domain Admin account) - Found that any PC removed from the domain was no longer able
to rejoin - Receive (Network path was not found error)
Domain Users cannot log in to their computers - Error reads "The trust relationship between this computer and the domain has been lost" - Domain Admin accounts can log in without
problem.
Have been working on it for two weeks and tried most of the things that I have found in others questions for related
DCDIAG results (run on DC VM) - More errors appear if run on the Server (Locator DcGetDcName(GC_Server_Required) call failed, error 1722 (same for PDC, TIME, GOOD_TIME, and KDC)
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
......................... DC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DC1 failed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
......................... DC1 passed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
......................... DC1 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x80040022
Time Generated: 01/15/2015 19:32:28
Event String:
The driver disabled the write cache on device \Device\Harddisk0\DR0.
A warning event occurred. EventID: 0x000003F6
Time Generated: 01/15/2015 19:32:52
Event String:
Name resolution for the name DC1.Home.xxx.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0xC00038D6
Time Generated: 01/15/2015 19:33:25
Event String:
The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.
A warning event occurred. EventID: 0x00000420
Time Generated: 01/15/2015 19:33:29
Event String:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration.
Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
A warning event occurred. EventID: 0x00002724
Time Generated: 01/15/2015 19:33:33
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x000727AA
Time Generated: 01/15/2015 19:36:34
Event String:
The WinRM service failed to create the following SPNs: WSMAN/DC1.Home.xxx.com; WSMAN/DC1.
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller (if the specified
domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller
(if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 01/15/2015 19:59:52
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.Home.xxx.com.' failed. These records are used by other computers to locate this server as a domain controller
(if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00000420
Time Generated: 01/15/2015 20:20:21
Event String:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration.
Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
A warning event occurred. EventID: 0x00002724
Time Generated: 01/15/2015 20:20:25
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
......................... DC1 failed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Home
Starting test: CheckSDRefDom
......................... Home passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Home passed test CrossRefValidation
Running enterprise tests on : Home.xxx.com
Starting test: LocatorCheck
......................... Home.xxx.com passed test LocatorCheck
Starting test: Intersite
......................... Home.xxx.com passed test Intersite
All PCs can ping the DC, and get name resolution. Checked IPs, DNS on both WS and DC (DC points to its own IP address with no other DNS), Forwarders for DNS appear to be working,
as normal DNS name resolution and internet access works on all PCs. Have tried disabling NIC card and installing another NIC. All searches keep pointing back at the same things that I have tried. I feel like I am missing something stupid.
Please helpThe backup you used is too old. That is why your clients are experiencing trust relationship failures: the computer passwords are no longer matching so they are failing to connect to AD. You need to disjoin and join them again.
I understand that this is the only DC you have so please make sure that the DC is not multihomed, that it points to its private IP address as primary DNS server and 127.0.0.1 as secondary one. Also, you might need to rebuild your SYSVOL folder if you keep
getting the SYSVOL errors: https://support.microsoft.com/kb/315457?wa=wsignin1.0
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
530 5.7.1 Client was not authenticated - Exchange 2013 to external domains
Hi all,
I have an Exchange server 2013 on windows 2012 R2 and do all the configuration for sending and receiving the mail according to the document provided by Microsoft.
But whenever I am trying to send mails from external domains to my exchange server domain I got the following error:
530 5.7.1 Client was not authenticated
Same thing I am getting If I am sending mail through outlook from my Exchange domains to external domain.
But if I am selecting the
<label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">Anonymous
users in the security option of Default Frontend XXXX, I am able to send the mails through outlook.</label>
<label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">But I don't
want to use this option as it will enable to send the mails without validating the Exchange server user name and password.</label>
SO can anyone please suggest some solutions to resolve this as using Anonymous users fro sending and receiving mails is not secure.
Regards
Pankaj Raman.
<label for="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers" id="ResultPanePlaceHolder_ReceiveConnector_Security_contentContainer_chkPermissionGroupAnonymousUsers_label">
</label>I have a java code for sending mails using the SMTP address of the servers. For sending a mail it required a valid user name and password. For all other SMTP servers if I have used invalid user name and password then I am getting the 530
5.7.1 Client was not authenticated error, but
if I am using my SMTP address and invalid user name and password then also I am able to send the mails.
So I just want to know what I have to configure in the exchange 2013 server so that it will validate the user name and password.
Regards
Pankaj Raman.
Hi Pankaj,
Thank you for your question.
Was invalid user name and password included in Java code?
Did outlook send emails?
If this issue happen on Java code instead of outlook?
In fact, Exchange server didn’t validate user account and password, user account and password will be validated on domain controller,
I suggest we create a new dedicated receive connector and enable “anonymous” permission for java code
If there are any questions regarding this issue, please be free to let me know.
Best Regard,
Jim
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Jim Xu
TechNet Community Support -
Domain Users are not able to log in to Domain Computers - Administrators are able to do so
I have Primary Domain Controller and Secondary one, The users can log in to both as I have changed the locally Policy to allow Domain users to log in.
But I am having problem with users who can not log in to computers joined the domain. I noticed that ONLY Administrators allowed to log in locally in the Policy and if want to add users, i will not be able to do so as Adding Users or Group is Disabled.
Advise is appreciated.Hi,
Please follow the below steps for checking whether either "Allow Logon Locally" or "Deny Logon Locally" is enabled in the default policy,
1. Go to start -> run -> tupe GPMC.MSC, to open Group Policy Management Console.
2. In the Group Policy Management Console,right click and edit the default policy and navigate to the node "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment".
3. In the "User Rights Assignment" node, check whether the options "Deny log on locally" or "Allow Logon Locally" are
defined and groups added to those options to confirm the logon problem of domain users.
NOTE: Also check the local policy, as you have mentioned "I have Primary Domain
Controller and Secondary one, The users can log in to both as I have changed the locally Policy to allow Domain users to log in."
Regards,
Gopi
www.jijitechnologies.com -
Hi ,
I have 2 physical servers srvr1 and srvr2 running windows server 2012 Standard , with 32RAM and 800GB for each , srvr1 is Domain controller , and I need to make secondary as backup in case the first one fail .
my question is what is the best option
install secondary domain on Srvr2 or on the hyper instance of srvr2 and why
thanks in advancedthanks for the reply ...
srvr2 is physical server and not hypervisor , i used it as applications server . so I was wondering what is the best practice user the hyper v role or the server itself
thanks
I recommend to always use dedicated servers for the DC role, so I would then suggest running it as a virtual machine.
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog -
I am getting 2 errors through the event viewer that prevents TFS 2013 authentication for local domain users, also this error started appearing after having TFS upgraded to [ 12.0.30723.0 (Tfs2013.Update3) ].
1st Error (from administrative events):
The Execute method of job definition Microsoft.SharePoint.Administration.SPUsageImportJobDefinition (ID a51a0244-765d-433b-8502-0bb0540ad1fd) threw an exception. More information is included below.
Access to the path 'C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\LOGS' is denied.
Tried so far:-
- changed the path to another folder from "Diagnostic Logging" in another drive, but still getting the same error.
2nd Error (from application server):
DistributedCOM error
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{000C101C-0000-0000-C000-000000000046}
and APPID
{000C101C-0000-0000-C000-000000000046}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Which I already got fixed using the following steps on a thread I opened before (but still getting the same error).
https://social.technet.microsoft.com/Forums/windows/en-US/3896e35c-b99a-4d30-b662-f92d337c8d6f/windows-servers-components-services-and-regedit-permissions-are-grayed-out-for-my-admin-account?forum=winservergen
Other Fixes I tried
- Found on another topic that it is not sharepoint that is causing the problem, but it is the generated ASP.NET web pages used for testing is causing the memory to fill up due to cashing on RAM, the fix suggested to change IIS cashing from RAM to HD to prevent
loading up using w3wp.exe from processes.
Concern
- by checking other topics for people having the same problem, it was mentioned that this error appeared after the lastest TFS update, is there is a fix for it ?Hi Kpdn,
Thanks for your post.
All your participation and support are very important to build such harmonious/ pleasant / learning environment for MSDN community.
We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
Click
HERE to participate the survey. -
An user as part of the domain users tries to open an office file from a document library but he got an authentication prompt asking him to authenticate. Domain users has only access to this library and not to the whole site. This uses to work in SharePoint
2007 without any problem but not in SharePoint 2013, we didn't have a workflow on SP2007.
Domain users has read access to only this document library in the site, but he shouldn't get an authentication prompt since he is part of the domain users and he is not trying to modify the document, he can open the document but gets two prompts, he can't
also see the list using explorer view since nothings appears using the explorer view.
Now, when opening the file, we can see..Updating Workflow Status, but we don't have any workflow working on this site or library, event any feature related to workflow.
If we go to the event viewer in the server, we find this information,
I also checked this thread but I couldn't find this scenario.
https://social.technet.microsoft.com/Forums/sharepoint/en-US/91bc770b-bb70-4885-a4ad-a243edb88753/event-id-8026-workflow-soap-getworkflowdataforitem-failed-doc-library-no-workflow?forum=sharepointgeneralprevious
I also created another list with the same permissions and using other office files but got the same behavior.
Now, we have migrated this site from SP2007 to SP2013.
Any ideas?OK, I am going to throw out a lot of ideas here so hopefully they get you closer to a diagnosis. Hang on :)
Does it happen to work for some users but not others? If so, try logging in on the "good" computer with the "bad" username. This will tell you if the problem is related to the end-user's system. Also, once the user downloads a document
successfully can they open and work on it in Word? Also, does the document library have any custom content types associated with it or does it just use 'Document'?
I notice that there are other folks on the web that have run into this same problem and the similarity seems to be that they are either on SharePoint 2007 or have upgraded from 2007. Did this doc library start out as a 2007 library?
What you might want to do is this: Make a site collection from scratch in 2013 (or find one that you know was created in 2013). Choose team site (or whatever you want) for the root web and set up the security the same way you have it on the malfunctioning
library. Now, use windows explorer to copy and paste some of the documents to the new location. Be sure you recreate any needed content types. Now test it from the troubled user's computer.
I'm thinking there may be something that is different about the library since it was migrated through various versions and updates since 2007. I've sometimes found that there can be problems (especially with user profiles but that's a different story) with
things that go through this evolution. -
7210 doesn't authenticate to secondary domain controller
We've been testing a 7210 configured to authenticate to a domain controller's MS active directory. Our testing indicates that when our primary domain controller is off line that the 7210 does not attempt to authenticate to the secondary domain controller. I would have expected it to behave like any other device set to authenticate on our domain and to use the secondary controller if the primary domain controller becomes unavailable.
Has anyone else noticed this behaviour and more importantly is there a way to configure the 7210 to ensure it will use the secondary if need be?
Cheers.For others who may come across this we ended up putting a support call in to Sun. The answer from Sun is:
"... have been informed that this is by design to occur like this. Many people don't believe it should so there is an
RFE raised and development is occurring to resolve this under an internal bug."
regards
Stephen Meatheringham -
Sudden failed authentications for user@domain
Hello,
We are running 6 ACS 4.1 servers on Windows 2003 Servers. These servers are not the same as the Domain Controllers.
Since many years, we have devices sending their username in the format domain\user and some other use user@domain. Everything was working well in our 6 ACS servers.
Suddenly, this morning, as 06:00:25, on one single server, all the request using user@domain were reported as failed with the follwowing message in the ACS logs: "External DB user invalid or bad password".
We first thought that the DC near the ACS server was the cause of the issue, but we observe that all the other ACS servers could process these user@domain AAA queries without problem. We then rebooted the ACS server and when it went back up, everything was running again like a charm.
We could not find what happened at 06:00:25. There is no Windows Scheduled Tasks at that time, and there is no ACS DB Replication or Backup running at that time neither.
Can someone help us troubleshooting that issue that affected only one single server in an unexpected way ?
Thanks a lot,
David MayorHello Anisha,
I understand that with new installation, such post tasks are required. However, our installation is running in such a state for more than 2 or 3 years. And it is only over the past week that such problem happens twice.
We have also observed one more thing: You know that the main problem started few seconds after 6 AM, in both days when it happened. We observed that between 00:02 (midnight + about 2 minutes) and 01:05 AM, the same problems happens also ! But, at 01:05 AM, the problem automatically goes away without any intervention. However, when it happens again at 6 AM, we have to restart the server, because otherwise it would not automatically recover.
Didn't you find anything else than "error Windows authentication FAILED (error 1326L)" on the full log ?
Thanks a lot,
With my very best regards,
David Mayor -
Office 2013 applications will not run as a domain users
I have a windows 7 64-bit pc with 2013 office home and and business installed. When trying to access Office as a domain user the programs will not run. Is there a fix for this other than making the users local admins?
Hi,
Which version of Office 2013 did you deployed, Windows Installer-based version or the Click-to-Run version?
Did you install the Office product with local administrator account? I notice that the users must be local administrators on their computers to install Office:
http://technet.microsoft.com/en-us/library/ee624360.aspx
If we add the local admin right to the user, can the Office programs be launched? If so, repair the Office programs and then remove the local admin right. See if it can work.
Best regards,
Rex Zhang
TechNet Community Support
Maybe you are looking for
-
Hi, I am trying to do a Histogram in Numbers using the formula: = INDEX( FREQUENCY (....;....) ....). However, I am using the Dutch version where the command "FREQUENCY" doesn't exist. The litteral translation would be "FREQUENTIE" but there is nothi
-
Firewire External Enclosure very hot.
I am wondering if anyone else has a Serial ATA Seagate 200gb 7200rpm hard drive in a Firewire 800 external enclosure. Mine runs very hot in comparison to my IDE hard drives in the same OWC brand Firewire 800 enclosures. If this is abnormal I would li
-
Since I made the error of updating to the latest (at the time) iTunes a year ago..I haven't updated it since due to the horrors that happen after the initial update. So what's wrong with 7.4 that I need to avoid? I am on 7.3.054..and it works fine sa
-
How to reverse the AuC Specific Line Item?
Hi Gurus, I am facing one issue while doing the AuC Reverse. Through T.Code -AIST i had reverse the AuC line item. but i want to reverse the specific line item.E.g. if there are 10 AuC Assets ( No. 1,2,3.....10)for the same date and want to reverse
-
CD cover art gone when exporting mp3
Hi. My girlfriend's home computer doesn't have an internet connection so I used my iMac to import several of her CDs to iTunes, placing all the songs on a special playlist. Then I went ahead and burned an mp3 CD. When I import the mp3 files to her iT