Service principal names of user are not unique; check the active directory
Hello Experts,
My company had set up this service principal account to use with Kerberos and I am trying to configure the authentication template using SPNEGO wizzard. The format of the service account is not the same as SAP recommened (J2EE-SID-DOMAIN) but something like abc_de_portal. After trying to use that account with the wizzard I am getting this error "Service principal names of user abc_de_portal are not unique; check the active directory configuration." I am not sure what else in the AD attributes is causing the problem. Please let me know if you have ran into similar issue and how did you corrected. Points will be rewarded of course.
Thank you so much for any help that I can get.
Hello Duy,
SPN of the service user for kerberos has to be unique as you would have made out from the message . There seems to be
someother user having the SPN as yours.
You would have to find the other AD user with the same SPN as yours and then de register that with
setspn u2013d <SPN> Username
Then this error should not come up after that .
There was a tool called Ldifde which you can use for this. We have our AD team do this for us. Would be better if you ask them to carry this out.
Rgds
Similar Messages
-
Service principal names of user j2ee- SID are not unique
Hi everyone,
I am trying to configure the SPNego, following the guide below Configuring and troubleshooting SPNego -- Part 1
but I'm getting an error that I have not been solved
then pictures of the developments so far:
[step 1|http://imageshack.us/photo/my-images/807/59238690.jpg/]
[Step 2|http://imageshack.us/photo/my-images/804/55731867.jpg/]
[Step 3|http://imageshack.us/photo/my-images/27/73007146.jpg/]
Test following and has not worked
http://help.sap.com/saphelp_em70/helpdata/en/45/59b55b943909cae10000000a114a6b/content.htm
thanks
ManuelHi, Manuel!
Check these threads for solution:
Service principal names of user are not unique; check the active directory
Service Principal Names of Users j2ee-MDS-tcsm3 not in unique-Check ADC
Regards, Mikhail. -
Event ID 91 Could not connect to the Active Directory. Active Directory Certificate Services
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event ID: 91
Task Category: None
Level: Error
Keywords: Classic
User: SYSTEM
Computer: DC1.chickbuns.com
Description:
Could not connect to the Active Directory. Active Directory Certificate Services will retry when processing requires Active Directory access.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-CertificationAuthority" Guid="{6A71D062-9AFE-4F35-AD08-52134F85DFB9}" EventSourceName="CertSvc" />
<EventID Qualifiers="49754">91</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-01-07T19:34:00.000000000Z" />
<EventRecordID>819</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>DC1.chickbuns.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData Name="MSG_E_DS_RETRY">
</EventData>
</Event>
:\Users\Administrator>dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
Warning: DC1 is not advertising as a time server.
......................... DC1 failed test Advertising
Starting test: FrsEvent
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
......................... DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DC1 passed test ObjectsReplicated
Starting test: Replications
......................... DC1 passed test Replications
Starting test: RidManager
......................... DC1 passed test RidManager
Starting test: Services
......................... DC1 passed test Services
Starting test: SystemLog
......................... DC1 passed test SystemLog
Starting test: VerifyReferences
......................... DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : chickbuns
Starting test: CheckSDRefDom
......................... chickbuns passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... chickbuns passed test CrossRefValidation
Running enterprise tests on : chickbuns.com
Starting test: LocatorCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... chickbuns.com failed test LocatorCheck
Starting test: Intersite
......................... chickbuns.com passed test Intersite.My test lab one sinle domain controller server 2008 R2 Sp1 and member exchange server is using,the event error 91 is generated as per the technet article http://technet.microsoft.com/en-us/library/cc774525(v=ws.10).aspx the domain
computer and domain users in public key services container is not listed ..
C:\Users\Administrator>netdom /query fsmo
Schema master DC1.chickbuns.com
Domain naming master DC1.chickbuns.com
PDC DC1.chickbuns.com
RID pool manager DC1.chickbuns.com
Infrastructure master DC1.chickbuns.com
The command completed successfully.
Command Line: "dcdiag.exe
/V /D /C /E"
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DC1, is a Directory Server.
Home Server = DC1
* Connecting to directory service on server DC1.
DC1.currentTime = 20140110072353.0Z
DC1.highestCommittedUSN = 131148
DC1.isSynchronized = 1
DC1.isGlobalCatalogReady = 1
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=chickbuns,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=chickbuns,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
DC1.currentTime = 20140110072353.0Z
DC1.highestCommittedUSN = 131148
DC1.isSynchronized = 1
DC1.isGlobalCatalogReady = 1
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
===============================================Printing out pDsInfo
GLOBAL:
ulNumServers=1
pszRootDomain=chickbuns.com
pszNC=
pszRootDomainFQDN=DC=chickbuns,DC=com
pszConfigNc=CN=Configuration,DC=chickbuns,DC=com
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
fAdam=0
iSiteOptions=0
dwTombstoneLifeTimeDays=180
dwForestBehaviorVersion=3
HomeServer=0, DC1
SERVER: pServer[0].pszName=DC1
pServer[0].pszGuidDNSName (binding str)=771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
pServer[0].pszDNSName=DC1.chickbuns.com
pServer[0].pszLdapPort=(null)
pServer[0].pszSslPort=(null)
pServer[0].pszDn=CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pServer[0].pszComputerAccountDn=CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com
pServer[0].uuidObjectGuid=771aab3d-96cd-4fb1-90cd-0899fa6b6207
pServer[0].uuidInvocationId=771aab3d-96cd-4fb1-90cd-0899fa6b6207
pServer[0].iSite=0 (Default-First-Site-Name)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=ea9513a0 01cf0dd4
pServer[0].ftRemoteConnectTime=ea2bca80 01cf0dd4
pServer[0].ppszMaster/FullReplicaNCs:
ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=chickbuns,DC=com
ppszMaster/FullReplicaNCs[4]=DC=chickbuns,DC=com
SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pSites[0].pszISTG=CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
pSites[0].iSiteOption=0
pSites[0].cServers=1
NC: pNCs[0].pszName=ForestDnsZones
pNCs[0].pszDn=DC=ForestDnsZones,DC=chickbuns,DC=com
pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=5fc582f9-b435-49a1-aa54-41769fc24206,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.chickbuns.com
pNCs[0].aCrInfo[0].iSourceServer=0
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].cReplicas=-1
pNCs[0].aCrInfo[0].aszReplicas=
NC: pNCs[1].pszName=DomainDnsZones
pNCs[1].pszDn=DC=DomainDnsZones,DC=chickbuns,DC=com
pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=9e1c2cb8-b90b-4e9f-90dd-9903f935e4af,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.chickbuns.com
pNCs[1].aCrInfo[0].iSourceServer=0
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].cReplicas=-1
pNCs[1].aCrInfo[0].aszReplicas=
NC: pNCs[2].pszName=Schema
pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=chickbuns,DC=com
pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[2].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[2].aCrInfo[0].iSourceServer=0
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].cReplicas=-1
pNCs[2].aCrInfo[0].aszReplicas=
NC: pNCs[3].pszName=Configuration
pNCs[3].pszDn=CN=Configuration,DC=chickbuns,DC=com
pNCs[3].aCrInfo[0].dwFlags=0x00000201
pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[3].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[3].aCrInfo[0].iSourceServer=0
pNCs[3].aCrInfo[0].pszSourceServer=(null)
pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[3].aCrInfo[0].bEnabled=TRUE
pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[3].aCrInfo[0].pszNetBiosName=(null)
pNCs[3].aCrInfo[0].cReplicas=-1
pNCs[3].aCrInfo[0].aszReplicas=
NC: pNCs[4].pszName=chickbuns
pNCs[4].pszDn=DC=chickbuns,DC=com
pNCs[4].aCrInfo[0].dwFlags=0x00000201
pNCs[4].aCrInfo[0].pszDn=CN=CHICKBUNS,CN=Partitions,CN=Configuration,DC=chickbuns,DC=com
pNCs[4].aCrInfo[0].pszDnsRoot=chickbuns.com
pNCs[4].aCrInfo[0].iSourceServer=0
pNCs[4].aCrInfo[0].pszSourceServer=(null)
pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[4].aCrInfo[0].bEnabled=TRUE
pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[4].aCrInfo[0].pszNetBiosName=(null)
pNCs[4].aCrInfo[0].cReplicas=-1
pNCs[4].aCrInfo[0].aszReplicas=
5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, chickbuns,
1 TARGETS: DC1,
=============================================Done Printing pDsInfo
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Failure Analysis: DC1 ... OK.
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC DC1 for domain chickbuns.com in site Default-First-Site-Name
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.chickbuns.com/chickbuns.com
* SPN found :LDAP/DC1.chickbuns.com
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.chickbuns.com/CHICKBUNS
* SPN found :LDAP/771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/771aab3d-96cd-4fb1-90cd-0899fa6b6207/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com
* SPN found :HOST/DC1
* SPN found :HOST/DC1.chickbuns.com/CHICKBUNS
* SPN found :GC/DC1.chickbuns.com/chickbuns.com
[DC1] No security related replication errors were found on this DC!
To target the connection to a specific source DC use /ReplSource:<DC>.
......................... DC1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... DC1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
......................... DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.chickbuns.com/chickbuns.com
* SPN found :LDAP/DC1.chickbuns.com
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.chickbuns.com/CHICKBUNS
* SPN found :LDAP/771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/771aab3d-96cd-4fb1-90cd-0899fa6b6207/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com/chickbuns.com
* SPN found :HOST/DC1.chickbuns.com
* SPN found :HOST/DC1
* SPN found :HOST/DC1.chickbuns.com/CHICKBUNS
* SPN found :GC/DC1.chickbuns.com/chickbuns.com
......................... DC1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC1.
* Security Permissions Check for
DC=ForestDnsZones,DC=chickbuns,DC=com
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=chickbuns,DC=com
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=chickbuns,DC=com
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=chickbuns,DC=com
(Configuration,Version 3)
* Security Permissions Check for
DC=chickbuns,DC=com
(Domain,Version 3)
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC1\netlogon
Verified share \\DC1\sysvol
......................... DC1 passed test NetLogons
Starting test: ObjectsReplicated
DC1 is in domain DC=chickbuns,DC=com
Checking for CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com in domain DC=chickbuns,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com in domain CN=Configuration,DC=chickbuns,DC=com on 1 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... DC1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=chickbuns,DC=com has 1 cursors.
DC=DomainDnsZones,DC=chickbuns,DC=com has 1 cursors.
CN=Schema,CN=Configuration,DC=chickbuns,DC=com has 1 cursors.
CN=Configuration,DC=chickbuns,DC=com has 1 cursors.
DC=chickbuns,DC=com has 1 cursors.
* Replication Latency Check
......................... DC1 passed test Replications
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=chickbuns,DC=com
* Available RID Pool for the Domain is 1600 to 1073741823
fSMORoleOwner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
* DC1.chickbuns.com is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1103
......................... DC1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... DC1 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=chickbuns,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... DC1 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com and backlink on
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=chickbuns,DC=com
and backlink on
CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chickbuns,DC=com
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=chickbuns,DC=com
and backlink on CN=DC1,OU=Domain Controllers,DC=chickbuns,DC=com are
correct.
......................... DC1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... DC1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC1 passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : chickbuns
Starting test: CheckSDRefDom
......................... chickbuns passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... chickbuns passed test CrossRefValidation
Running enterprise tests on : chickbuns.com
Starting test: DNS
Test results for domain controllers:
DC: DC1.chickbuns.com
Domain: chickbuns.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Enterprise (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:DE:7F:EB
IP Address is static
IP address: 192.168.1.30
DNS servers:
192.168.1.30 (dc1.chickbuns.com.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.1.1 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: chickbuns.com.
Delegated domain name: _msdcs.chickbuns.com.
DNS server: dc1.chickbuns.com. IP:192.168.1.30 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone chickbuns.com
Test record dcdiag-test-record deleted successfully in zone chickbuns.com
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.1.30:
771aab3d-96cd-4fb1-90cd-0899fa6b6207._msdcs.chickbuns.com
Matching A record found at DNS server 192.168.1.30:
DC1.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.48c41195-2630-4461-aaef-ec2a63cd8bf3.domains._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._udp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kpasswd._tcp.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_kerberos._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.gc._msdcs.chickbuns.com
Matching A record found at DNS server 192.168.1.30:
gc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_gc._tcp.Default-First-Site-Name._sites.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.chickbuns.com
Matching SRV record found at DNS server 192.168.1.30:
_ldap._tcp.pdc._msdcs.chickbuns.com
Total query time:0 min. 3 sec.. Total RPC connection
time:0 min. 0 sec.
Total WMI connection time:0 min. 6 sec. Total Netuse connection
time:0 min. 0 sec.
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.1 (<name unavailable>)
All tests passed on this DNS server
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 5 sec.
DNS server: 192.168.1.30 (dc1.chickbuns.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.chickbuns.com. is operational on IP 192.168.1.30
Total query time:0 min. 3 sec., Total WMI connection
time:0 min. 0 sec.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: chickbuns.com
DC1 PASS PASS PASS PASS PASS PASS n/a
Total Time taken to test all the DCs:0 min. 9 sec.
......................... chickbuns.com passed test DNS
Starting test: LocatorCheck
GC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
PDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
KDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
......................... chickbuns.com passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
PDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
KDC Name: \\DC1.chickbuns.com
Locator Flags: 0xe00033fd
......................... chickbuns.com passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... chickbuns.com passed test Intersite -
Event properties – Event 91, Level Error, Event ID 91, Date and time 5/10/2012 11:29:48AM, Service CertificationAuthority
General:
Could not connect to the Active Directory.
Active Directory Certificate Services will retry when processing requires Active Directory access.
We have a Windows 2008 Server Enterprise with AD . I would like to enable the service "Certificate Services" that
allow me to enable radius to authenticate users wireless with the active directory.Hi,
Can you please check this forum or someone from Microsoft, as we have post here dating back from October that are not being answered.
Everything for us is exactly the same as szucsati and Racom
NMNM,
Please give us an answer on this as the link provided is absolutely useless.
Thank you. -
Few users are not showing up in Corporate directory
We have few users at a repote site who are not showing up in Corporate directory. they have UDP profile and they are logged in . i ahve compared the configration with other user of the same site who is showing up in corporate directory and config seems fine
the User is LDAP integrated in CUCM and not a local user
the corporate directory is activated as default parameter for entire cluster
Please help if we have any further things to be checked ?There was a similar issue a couple weeks ago here
https://supportforums.cisco.com/discussion/12343101/how-refresh-corporate-directory-cucm-91
Did you check if the users are not listed if you are registered at the subscriber?
this was the solution in that mentioned post:
"worked with cisco we found that the issue only occurs when the phones are registered to the subscriber server...when the phone is registered to the publisher, the directory shows the current information. this indicates and issue with the database replication between the 2 servers.
the databases have been reset and are replication is resyncing...this will take a couple of hours..."
Eike -
Enabled users are not seen in the rtc database
Hi,
I have installed Lync 2013 into our environment and I am having an issue where users enabled for Lync are not able to log into the client, receiving the error:
"You didn't get signed in. It might be your sign-in address or logon credentials, so try those again. If that doesn't work, contact your support team."
We have an EE FE pool and all the AD prep and server install sections completed successfully.
When a user is enabled via the Control Panel or using Enable-CsUser, all the relevant attributes within AD are populated and visible in AD and the Get-CsUser command. However, running dbanalyze with /report:user returns the following error:
###50010:ReportUserData: [email protected] is not found in this database.
Also, running dbanalyze with /report:diag returns:
No contacts found in the database.
I have checked SQL profiler and can see similar issues to this post -
http://jamesosw.wordpress.com/2013/08/04/cant-sign-in-to-lync/ with the same errors in SQL Profiler and OCS Logger Tool, but we only have one domain, so this fix doesn't work and isn't relevant anyway.
Is there anyone who could shine a light on this problem?
Thanks,
JamesRun
Update-CsUserDatabase and after 5 minutes Can we get the output of Get-csuserpoolinfo -identity "domain\username"
Please remember, if you see a post that helped you please click ;Vote As Helpful" and if it answered your question please click "Mark As Answer" Regards Edwin Anthony Joseph -
Domain Users are not able to log in to Domain Computers - Administrators are able to do so
I have Primary Domain Controller and Secondary one, The users can log in to both as I have changed the locally Policy to allow Domain users to log in.
But I am having problem with users who can not log in to computers joined the domain. I noticed that ONLY Administrators allowed to log in locally in the Policy and if want to add users, i will not be able to do so as Adding Users or Group is Disabled.
Advise is appreciated.Hi,
Please follow the below steps for checking whether either "Allow Logon Locally" or "Deny Logon Locally" is enabled in the default policy,
1. Go to start -> run -> tupe GPMC.MSC, to open Group Policy Management Console.
2. In the Group Policy Management Console,right click and edit the default policy and navigate to the node "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment".
3. In the "User Rights Assignment" node, check whether the options "Deny log on locally" or "Allow Logon Locally" are
defined and groups added to those options to confirm the logon problem of domain users.
NOTE: Also check the local policy, as you have mentioned "I have Primary Domain
Controller and Secondary one, The users can log in to both as I have changed the locally Policy to allow Domain users to log in."
Regards,
Gopi
www.jijitechnologies.com -
SCCM report to show last logged on user and the Active Directory department attribute of that user.
I need to create an SCCM report to show last logged on user on all machines and the Active Directory department attribute of that last logged on user.
You problem is here.
right
join v_R_User USR on USR.ResourceID
= CS.ResourceID
USR.ResourceID != CS.ResourceID, you need to map the username to the user logon to the PC. By using the user’s department information you will
end up with unreliable results.
Anyways you need to make these changes to your query.
left
join v_R_User USR on USR.Unique_User_Name0
= CS.UserName0
http://www.enhansoft.com/ -
One day, my ipad and iphone pick up my emails (.mac account) from icloud just fine. the next day, I recieved error messages that say my user name and password are not accurate. I removed the icloud program on both devices and added it back on to both devices and get the same message. I logged into icloud from my Mac and while I can log in, it times out when I select email and wont load the email there either. Any Suggestons?
I am having the same problem; it started about 24-36 hours ago.
I know my ID/PW combo are correct because I can access all other aspects of iCloud except mail.
iPhone -- returns incorrect ID / Password
iPad -- Same
Mail.app on Mac -- returns incorrect password error
icloud.com -- allows me to log in and use all functions accept mail. When I try to use mail it stays on a white screen for about 60 seconds then returns a dialogue box that indicates a server error.
I contacted Apple and they placed my iCloud account into something called "Troubleshooting" mode. They generated a new strong password and sent it on to "Engineering."
I suspect there are a small number ofo users like you who are affected with the same problem I am. Too small a number for it to be reported as an outtage. I suggest you call Apple and open a case to have your mail investigaged.
Hope this helps... -
Shared Services Users are not Visiable in Planning Application
Hi All,
We are using Hyperion 11.1.3 version
Problem: We Created Users in Shared Services but those users are not visible in Planning
can you suggest me
VijayHi John,
After giving all the Planning provisions to users, they are not visiable while assigining access to Dimensions Members,
I selected Account Dimension Lower member and clicked on Assing Access button on the top, it opened a popup window where I could not see any users in it....
can you suggest me what should I do???
Vijay -
I need a Microsoft document that says "sqlservr.exe" can register setspn (Service Principal Name)
On all of my SQL Server instances, I can find SQL server error logs that have the same 3 entries below, so while I already know it can, I need a Microsoft document that says "sqlservr.exe" can so I can convince the network guys to grant the service
account for SQL "Write servicePrincipalName: Allow" in AD.
63 2014-06-26 20:24:02.980 Server The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/DFW-MSSQLDW.PathologyPartners.intranet:1433
] for the SQL Server service. Windows return code: 0x2098, state: 20. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication
is required by authentication policies and if the SPN has not been manually registered.
61 2014-06-26 20:24:02.970 Server The SQL Server Network Interface library could not register the Service Principal Name (SPN) [ MSSQLSvc/DFW-MSSQLDW.PathologyPartners.intranet:DW
] for the SQL Server service. Windows return code: 0x2098, state: 20. Failure to register a SPN might cause integrated authentication to use NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication
is required by authentication policies and if the SPN has not been manually registered.
38 2014-06-26 20:24:02.840 Server SQL Server is attempting to register a Service Principal Name (SPN) for the SQL Server service. Kerberos authentication will not
be possible until a SPN is registered for the SQL Server service. This is an informational message. No user action is required.
Duane LawrenceRefer the below article
http://blogs.msdn.com/b/psssql/archive/2010/03/09/what-spn-do-i-use-and-how-does-it-get-there.aspx
Automatic SPN Registration
When an instance of the SQL Server Database Engine starts, SQL Server tries to register the SPN for the SQL Server service. When the instance is stopped, SQL Server tries to unregister the SPN. For a TCP/IP connection the SPN is registered in the format MSSQLSvc/<FQDN>:<tcpport>.Both
named instances and the default instance are registered as MSSQLSvc, relying on the <tcpport> value to differentiate the instances.
--Prashanth -
2012R2 DC - AD LDS Service Principal Names - Duplicates
Hello
After installing the first domain controller with 2012R2, we see the following error in the directory service log on the new 2102R2 domain controller:
The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP12345:50000
CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP12345:50000
CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL
CN=APP12345,OU=App1,OU=Servers,DC=DOMAIN12345,DC=LOCAL Winerror: 8647
See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
it seems to be related to the SPN for: AD LDS
http://technet.microsoft.com/pt-br/subscriptions/cc816802
http://technet.microsoft.com/en-us/library/dn535779.aspx
The error only occure for member servers where AD LDS are installed. (application dependency)
replication status is ok.
Any ideas on how this error should be handled/corrected?
Erlendok, how would you interpret this?
this is just a few of the events, domain and username have been modified.
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 14.08.2014 21:34:57
Event ID: 2974
Task Category: Global Catalog
Level: Error
Keywords: Classic
User: DOMAIN\72933a1234
Computer: DC2.DOMAIN.LOCAL
Description:
The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP72933:50000
CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP72933:50000
CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647
See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="49152">2974</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>18</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-08-14T19:34:57.364335500Z" />
<EventRecordID>400</EventRecordID>
<Correlation />
<Execution ProcessID="608" ThreadID="2276" />
<Channel>Directory Service</Channel>
<Computer>DC2.DOMAIN.LOCAL</Computer>
<Security UserID="S-1-5-21-329068152-484763869-839522115-16499" />
</System>
<EventData>
<Data>servicePrincipalName</Data>
<Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP72933:50000
CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP72933:50000
CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP72933,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
<Data>8647</Data>
</EventData>
</Event>
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 14.08.2014 21:28:38
Event ID: 2974
Task Category: Global Catalog
Level: Error
Keywords: Classic
User: DOMAIN\71520a1234
Computer: DC2.DOMAIN.LOCAL
Description:
The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71520:50000
CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71520:50000
CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647
See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="49152">2974</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>18</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-08-14T19:28:38.889497700Z" />
<EventRecordID>399</EventRecordID>
<Correlation />
<Execution ProcessID="608" ThreadID="6792" />
<Channel>Directory Service</Channel>
<Computer>DC2.DOMAIN.LOCAL</Computer>
<Security UserID="S-1-5-21-329068152-484763869-839522115-20445" />
</System>
<EventData>
<Data>servicePrincipalName</Data>
<Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71520:50000
CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP71520:50000
CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP71520,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
<Data>8647</Data>
</EventData>
</Event>
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 14.08.2014 21:24:56
Event ID: 2974
Task Category: Global Catalog
Level: Error
Keywords: Classic
User: DOMAIN\73843a1234
Computer: DC2.DOMAIN.LOCAL
Description:
The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP73843:50000
CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP73843:50000
CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647
See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="49152">2974</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>18</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-08-14T19:24:56.574149300Z" />
<EventRecordID>398</EventRecordID>
<Correlation />
<Execution ProcessID="608" ThreadID="4564" />
<Channel>Directory Service</Channel>
<Computer>DC2.DOMAIN.LOCAL</Computer>
<Security UserID="S-1-5-21-329068152-484763869-839522115-20469" />
</System>
<EventData>
<Data>servicePrincipalName</Data>
<Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP73843:50000
CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP73843:50000
CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP73843,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
<Data>8647</Data>
</EventData>
</Event>
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 14.08.2014 21:18:14
Event ID: 2974
Task Category: Global Catalog
Level: Error
Keywords: Classic
User: DOMAIN\29648a1234
Computer: DC2.DOMAIN.LOCAL
Description:
The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29648:50000
CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29648:50000
CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647
See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="49152">2974</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>18</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-08-14T19:18:14.332922200Z" />
<EventRecordID>397</EventRecordID>
<Correlation />
<Execution ProcessID="608" ThreadID="4164" />
<Channel>Directory Service</Channel>
<Computer>DC2.DOMAIN.LOCAL</Computer>
<Security UserID="S-1-5-21-329068152-484763869-839522115-17716" />
</System>
<EventData>
<Data>servicePrincipalName</Data>
<Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29648:50000
CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29648:50000
CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP29648,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
<Data>8647</Data>
</EventData>
</Event>
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 14.08.2014 21:03:07
Event ID: 2974
Task Category: Global Catalog
Level: Error
Keywords: Classic
User: DOMAIN\22659a1234
Computer: DC2.DOMAIN.LOCAL
Description:
The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP22659:50000
CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP22659:50000
CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647
See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="49152">2974</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>18</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-08-14T19:03:07.894010100Z" />
<EventRecordID>396</EventRecordID>
<Correlation />
<Execution ProcessID="608" ThreadID="7072" />
<Channel>Directory Service</Channel>
<Computer>DC2.DOMAIN.LOCAL</Computer>
<Security UserID="S-1-5-21-329068152-484763869-839522115-17717" />
</System>
<EventData>
<Data>servicePrincipalName</Data>
<Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP22659:50000
CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP22659:50000
CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP22659,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
<Data>8647</Data>
</EventData>
</Event>
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 14.08.2014 20:44:33
Event ID: 2974
Task Category: Global Catalog
Level: Error
Keywords: Classic
User: DOMAIN\29615a1234
Computer: DC2.DOMAIN.LOCAL
Description:
The attribute value provided is not unique in the forest or partition. Attribute: servicePrincipalName Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29615R2:50000
CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29615R2:50000
CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL Winerror: 8647
See http://go.microsoft.com/fwlink/?LinkID=279782 for more details on this policy.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="49152">2974</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>18</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2014-08-14T18:44:33.662067700Z" />
<EventRecordID>395</EventRecordID>
<Correlation />
<Execution ProcessID="608" ThreadID="6388" />
<Channel>Directory Service</Channel>
<Computer>DC2.DOMAIN.LOCAL</Computer>
<Security UserID="S-1-5-21-329068152-484763869-839522115-3553" />
</System>
<EventData>
<Data>servicePrincipalName</Data>
<Data>Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29615R2:50000
CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
Value=E3514235-4B06-11D1-AB04-00C04FC2DCD2-ADAM/APP29615R2:50000
CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL
CN=APP29615R2,OU=Application,OU=Servers,DC=DOMAIN,DC=LOCAL</Data>
<Data>8647</Data>
</EventData>
</Event>
example of spn for one server:
any ideas? -
T/F: iPhone users are not required to pay $15/month extra for Good Technology
I have a personal Droid RAZR M. You may wonder why I am posting in the iPhone forum but you are about to find out.
I have access to corporate e-mail via Good Technology. When I got this service set up at the same time I acquired the phone, I was required to upgrade from a $30/month 2GB plan to a $45/month 2GB plan just to have this access ("needed for access to company servers"). That was a surprise but I got over it. However, since then, I have come to learn the following:
1. It appears that other than VZW, no other carriers are charging users extra for access to Good Technology.
2. Based on a colleague's information from a Good Technology support engineer and a office mate who is using a VZW iPhone, VZW iPhone users are *not* *required* to move to an Enterprise plan aren't paying an extra $15/month. If one searches the Internet, I am not the only one asking about this.
If you are using a Verizon Wireless iPhone and have Good Technology on your phone, would you let me know if were *required* to upgrade your data plan and pay extra just for using Good Technology?
Thanks,
TechvetI need to check some information at work about this, since they have some guidance on how their employees can connect to their corporate email with android and iphone devices.
-
Multibyte users are not able to authenticate using Default Authenticator
Hi,
We are facing an issue with multi-byte user authentication. All chinese and french users are not able to authenticate.
When we try to authenticate with réseau/welcome1, where réseau is a user created in embedded LDAP, authentication fails.
Security log generated is-
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <com.bea.common.security.internal.service.CallbackHandlerWrapper.handle got username from callbacks[0], UserName=rseau>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <LDAP Atn Login username: rseau>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <getConnection return conn:LDAPConnection { ldapVersion:2 bindDN:""}>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <authenticate user:rseau>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=base_domain", "(&(uid=rseau)(objectclass=person))", base DN & below)>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <getDNForUser search("ou=people,ou=myrealm,dc=base_domain", "(&(uid=rseau)(objectclass=person))", base DN & below)>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <returnConnection conn:LDAPConnection { ldapVersion:2 bindDN:""}>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <[Security:090302]Authentication Failed: User rseau denied>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <LDAP Atn Abort>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <com.bea.common.security.internal.service.LoginModuleWrapper.commit delegated, returning false>
####<06-Jan-2009 22:47:49 o'clock PST> <Debug> <SecurityAtn> <jjpeng-lab1> <AdminServer> <[ACTIVE] ExecuteThread: '11' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1231310869374> <BEA-000000> <weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.authenticate authenticate failed for user rseau>
We are using WebLogic Server 10.3 Default Authenticator as Authentication Provider.
I found few change requests related to multi-byte from the link: http://edocs.bea.com/wls/docs103/issues/known_resolved.html
Am I missing some configuration? Has anyone else tried authenticate multibyte username?
Thanks,
AnujCan you provide more information on the use case?
1. Is this using Basic or Form authentication?
2. If the user logs on from a web-based client, do you get the same failure with Internet Explorer as with other browsers?
3. On which operating system is the WebLogic AdminServer running?
With WebLogic Server 10.3, I am able to authenticate with multi-byte (French and Japanese) usernames. (My environment: form auth, Firefox 3.0.5, WLS runs on Linux RHEL 4.0.) -
Shared Services Console - User is not authorized for the action
Hi,
I have installed Essbase 11.11.3 and configured on Linux. I started EPM and then the Shared Services Console. I created a new group Poweruser and assigned a new user to it. I provisioned the group withall the rights of the admin. This all works.
When I log on with the new user on the Shared Service Console and go to Essbase Studio Server and click on the Essbase Studio Server application it gives me the message:
User is not authorized for the action
This is the same message as I get under the user admin. Can anyone tell me what I can possibly do to make it work.
The service for EAS is started properly. The one thing that is not configured is HBR.
PatrickHi,
What are you trying to achieve, provision a user for essbase studio ?
EAS is a separate product from Studio.
Cheers
John
http://john-goodwin.blogspot.com/
Maybe you are looking for
-
Is it possible to create a playlist and share it with another itunes user?
Is it possible to create a playlist and share it with another itunes user?
-
I have restored my I phone 5c to an I phone 4s how do I get it back to 5c
I have hit restore in iTunes when setting up my new I phone 5c and restored it with my old I phone 4s how do I get it back to 5c settings
-
Web Dynpro - transform into PDF format
Hi all, I would need your help. Now I am participating at a Web Dynpro project and one task is to realize PDF transformation and printing of Web Dynpro forms. That means we would place a button on the form called "Transform to PDF". If a user push th
-
Layout and ap div in Dreamweaver CC
where is the layout panel and where is the draw ap div button in Dreamweaver cc? i hope it's hidden but not been taken away help please
-
I'm making a retry counter for the logins and I'm using the j_security_check from Tomcat. I made a little class that must check if there is a session object. if not create one and put the value 1 in it, for the first try. If there is a session object