Set-Acl fails in V3
I have a script that was working in V2 but fails in V3 when calling Set-Acl:
Set-Acl : Cannot set the ACL because the method that it needs to invoke, SetSecurityDescriptor, does not exist
Is there a different way to set file permissions in V3?
Hi,
Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
If you have any feedback on our support, please click
here
Cataleya Li
TechNet Community Support
Similar Messages
-
Set-acl and remove-ntfs both fail from PowerShell yet i can do it from the GUI
I have put together a script that searches all of our folders then searches the folders for groups that should have access and do not and groups that should not have access and do.
Finding only the folders that need NTFS permissions changed works great. Adding the groups that need added works great but removing groups is not working. Below is a section of my script with the section not working underlined. You can
see i have tried 2 approaches.
If i use the Remove-NTFSAccess command (which i really prefer) I get no errors and you would think all worked until you check.
If i use set-acl about half give me a error "Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation" but it does not remove the Domain admins for any of the
folders including the ones that give no error.
I have privileges to do it. I can go to a folder and remove the group from the NTFS permissions in the GUI with no issue.
Thanks!
"Add Nseries Admins"
$workingdir = (Get-Content "$env:TEMP\Add nseries admins.txt")
$mynum=[int]$workingdir.Count
foreach ($path in $workingdir) {
$mynum
$mynum = $mynum - 1
$path
Add-NTFSAccess -Path "$path" -Account "SCHOOLS\Nseries Admins" -AccessRights FullControl -AccessType Allow -AppliesTo ThisFolderSubfoldersAndFiles
"Romeve Domain admins"
$workingdir = (Get-Content "$env:TEMP\Remove domain admins.txt")
$mynum=[int]$workingdir.Count
foreach ($path in $workingdir) {
$mynum
$mynum = $mynum - 1
$path
# Add-NTFSAccess -Path "$path" -Account "SCHOOLS\Nseries Admins" -AccessRights FullControl -AccessType Allow -AppliesTo ThisFolderSubfoldersAndFiles
# Remove-NTFSAccess -Path "$path" -Account "SCHOOLS\Domain Admins" -AccessRights Read -AccessType Allow -AppliesTo ThisFolderOnly
$acl=get-acl "$path"
$accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("SCHOOLS\Domain Admins","Read",,,"Allow")
$acl.RemoveAccessRuleAll($accessrule)
Set-Acl -Path "$path" -AclObject $aclI just ran that a couple of times. No errors as long as the subfolders are not protected in a way the blocks the admin. I will try and find a folder that causes this exact scenario.
Is it possible that this was fixed in V4?
¯\_(ツ)_/¯
The SACL being overwritten isn't fixed. There's a Connect bug
here. Set-Acl basically does this before trying to call SetAccessControl():
$path = "$env:Temp\temp_item_name"
$acl = Get-Acl $path
# Get the binary form:
$binaryForm = $acl.GetSecurityDescriptorBinaryForm()
# Create a new SD object:
$newacl = New-Object $acl.GetType()
# Take the old binary form and use it for the new SD object,
# but tell it it's for all sections, including the SACL:
$newacl.SetSecurityDescriptorBinaryForm($binaryForm, "All")
Next, it tries to call SetAccessControl() inside of a try{} block. If it detects a PrivilegeNotHeld exception, it will try to redo the section above without setting the Owner, Group, and SACL (if certain conditions are met). I can't get the second call to
error the way Lishron did, but that doesn't mean there's no scenario where that can't happen.
By the way, here's an example of trying to call SetAccessControl() with the modified SD object from above:
$FileSystemItem = Get-Item $path
$FileSystemItem.SetAccessControl($newacl) # <-- Fails if you're not an admin; overwrites SACL if you are
$FileSystemItem.SetAccessControl($acl) # <-- Succeeds (unless you're trying to change the owner) -
I am trying to set the permissions on a folder using the below code, However i get this error :-
Cannot find an overload for "FileSystemAccessRule" and the argument count: "6".
Functin kozos_Permission($Server)
$FolderLocation = "C:\inetpub\ftproot\kozos"
$GroupToBeAdded = "$Server\administrators"
$acl = Get-Acl -Path $FolderLocation
$User = [System.Security.Principal.NTAccount]$GroupToBeAdded
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($User, "FullControl","ContainerInherit", "ObjectInherit", "None", "Allow")
$acl.AddAccessRule($AccessRule)
set-acl -Path $FolderLocation -AclObject $acl
kozos_Permission localhostTry it like this:
$AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($User, "FullControl","ContainerInherit,ObjectInherit", "None", "Allow")
The ObjectInherit and ContainerInherit are part of the same attribute, not separate.
I hope this post has helped! -
Hi,
we are trying to set define ACL for weblogic security for JSP
and could't manage to do it. In the online documentation there
are examples for servlets but not for html or jsp files.
How have to be defined the ACLs for jsp and html files ?
Thanks in advance.
GRIDSYSTEMS Bartolome Real Planells
See http://www.weblogic.com/docs51/admindocs/properties.html#urlacl for
details on setting ACLs on URLs...
Bartolome Real Planells wrote:
> Hi,
>
> we are trying to set define ACL for weblogic security for JSP
> and could't manage to do it. In the online documentation there
> are examples for servlets but not for html or jsp files.
>
> How have to be defined the ACLs for jsp and html files ?
>
> Thanks in advance.
>
> -------------------------------------------------------------------
> GRIDSYSTEMS Bartolome Real Planells
-
MBP, 1-user, 2-logins (work vs personal), trouble setting ACL's
I'm fairly accustomed to setting ACL's and permissions (not overly confident with chmod) but the challenge I've had is establishing standard ACL/permissions for directories that I want to share between each of my logins but still lock out anyone else from even reading it.
_Here's what I've done:_
Under "Macintosh HD:Users:Shared:" I have a folder titled "Personal" which I share between my personal login and my work login. I've set the ACL's of that folder as follows:
(personal login) Read & Write
(work login) Read & Write
everyone No Access
I have access without issue at this point but even though I propagated permissions to all enclosed items, any new items are restricted. Is there a way to set the default ACL on new items to reflect that of the permissions of the parent folder rather than that of the user?
I'm not a fan of keeping the "everyone" to even "Read" or "Write only (Drop Box)".
Any suggestions would be really appreciated! Thanks!It appears that ACLs set from the "Get Info" box do not set the inheritance options, even when applied to "enclosed items", which seems to be a one shot deal. For example, when a new rule is created in "Get Info" to allow a different user to "read & write", with 'ls -led /path/to/folder' I see:<pre style="overflow:auto; padding: 5px; width: 500px ; font-size: 10px; border:1"> 0: user:username allow list,addfile,search,add_subdirectory,deletechild,readattr,writeattr,readextattr,writeextattr,readsecurity</pre>
In this case, rule "0:" can be ammended to include the "inherit" options using:<pre style="overflow:auto; padding: 5px; width: 500px ; font-size: 10px; border:1">chmod =a# 0 "username allow list,addfile,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeex tattr,readsecurity,file_inherit,directoryinherit" /path/to/folder</pre>The "username" and "/path/to/folder" are placeholders, of course.
While ACLs can allow for files to inherit the ACLs from the parent, the catch is that the items have to be created new within the folder with the ACL. An existing file or folder moved into the shared folder won't inherit ACLs, whereas an existing folder copied directly into the shared folder will. -
CSSCAN for database character set conversion failing with ORA-01578
Hi ,
CSSCAN for database character set conversion failing with ORA-01578: ORACLE data block corrupted (file # 84, block # 23930). please help me out in this regard.
Thanks,
Sravan.Hi Anand,
Thanks for your update. The segment is a table not an index in my case. And i got this error while running CSSCAN on Apps database for character set conversion to UTF8 from WE8ISO8859P1. Please find the snapshot below for your reference.
SQL> select segment_name, segment_type, owner from dba_extents where file_id = 84 and 23930 between block_id and block_id + blocks - 1;
SEGMENT_NAME
SEGMENT_TYPE OWNER
EDW_LOOKUP_M
TABLE POA
SQL> ANALYZE TABLE POA.EDW_LOOKUP_M VALIDATE STRUCTURE CASCADE;
ANALYZE TABLE POA.EDW_LOOKUP_M VALIDATE STRUCTURE CASCADE
ERROR at line 1:
ORA-01578: ORACLE data block corrupted (file # 84, block # 23930)
ORA-01110: data file 84: '/d911/oracle/dbcondata/poad01.dbf'
Thanks,
Sravan. -
Set-Acl removing inherited permissions
Hi,
I am trying to set permissions on a remote share. However, using Set-Acl removes the inherited permissions from the share.
i.e. F:\SHARE inherits permissions from F:\
Using Set-Acl in any way, removes the permissions inherited from F:\.
i.e. (Get-Acl \\SERVER\SHARE) | Set-Acl \\SERVER\SHARE
After running that command, the inherited permissions from F:\ will no longer be applied to F:\SHARE
Ideas?
Another thread suggested this was a UAC issue. UAC is turned off on both the computer running Set-Acl, and the computer with the share. UAC was turned off by changing the value of EnableLUA from 1 to 0 in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system".This is because setting the ACL on the root of a share using the UNC path disables inheritance for that folder. It has nothing to do with UAC and is by design. Try doing it in explorer and you'll get a warning stating just that.
EDIT: To set the permissions remotely in this particular case, you'll need to be an administrator on the remote machine. This allows you to connect via \\SERVER\F$, where you are then free to set permissions on the \\SERVER\F$\SHARE folder without disabling
inheritance.
Best Regards,
Carl S
All code is provided as-is with no guarantees. Always try it out in a test environment before applying it in a production environment. -
Error performing request Unknown error Setting deactivation Failed
Hi
I've received this error twice, I don't remember going to make/receive a call at the time despite what the error eludes to.
Error performing request
Unknown Error
Setting Deactivation Failed
Calling Line ID Restriction
Has anyone else had this problem?I have an WildcardActivated (legitimate Apple unlocked) iPhone 4 with iOS 5.1.1. , I had the 5.0.1 and that didnt happen but with the 5.1.1 its happening, the same issue of u, I have the total, all the bars, but sometimes when im going to call it gives me the exact error, u can check my post, https://discussions.apple.com/thread/4268016 HELP PLZ
-
Hi,
sorry if this question is already answered but i didn´t find a solution to this ...
Situation:
- Running powershell with administrator privileges.
- I am the owner of file to be modified.
- Full Control privileges holded by TrustedInstaller.
- Administrators have no modify privilege to change the file.
- i can modify acl of that file by GUI
- I cannot modify acl using Set-Acl snapin.
This is the executed command:
Get-Acl C:\inetpub\custerr\en-US\401.htm |Set-Acl C:\inetpub\custerr\en-US\500-100.asp
and this the result:
Set-Acl : Attempted to perform an unauthorized operation.
At line:1 char:44
+ Get-Acl C:\inetpub\custerr\en-US\401.htm |Set-Acl C:\inetpub\custerr\en-US\500- ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : PermissionDenied: (C:\inetpub\custerr\en-US\500-100.asp:String) [Set-Acl], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
I dont want to use external modules. This will be a part of a script to fully automate iis installation on windows 2012 and 2008..
Thanks in advance guys.I get the same thing. I found this post that should help you:
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/87679d43-04d5-4894-b35b-f37a6f5558cb/solved-how-to-take-ownership-and-change-permissions-for-blocked-files-and-folders-in-powershell
Scroll down to one of the last posts, a long one by barnabya, I tested it and it works. Note that you do not have to execute the bits at the very end to take ownership of the file if the account you're using is already the owner, but you DO need to
run all three bits to establish SeBackupPrivilege, SeRestorePrivilege, and SeTakeOwnershipPrivilege before running the get-acl | set-acl command.
I hope this post has helped! -
It seems as though I don't have any locale set. I'm quite new to all of this and don't really get it.
$ unp
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LC_COLLATE = "C",
LANG = "en_US.utf8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
rc.conf:
LOCALE="en_US.utf8"
HARDWARECLOCK="localtime"
USEDIRECTISA="no"
TIMEZONE="Europe/Stockholm"
KEYMAP="us"
CONSOLEFONT=
CONSOLEMAP=
USECOLOR="yes"
MOD_AUTOLOAD="yes"
MODULES=(tg3 iwl3945 snd-mixer-oss snd-pcm-oss snd-hwdep snd-page-alloc snd-pcm snd-timer snd snd-hda-intel soundcore)
USELVM="no"
HOSTNAME="stalin"
eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
INTERFACES=(eth0)
gateway="default gw 192.168.0.1"
ROUTES=(!gateway)
DAEMONS=(syslog-ng network netfs crond hal openntpd wicd alsa mpd slim)
locale.gen:
en_US.UTF-8 UTF-8
en_US ISO-8859-1
sv_SE.UTF-8 UTF-8
sv_SE ISO-8859-1$ locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
LANG=en_US.utf8
LC_CTYPE="en_US.utf8"
LC_NUMERIC="en_US.utf8"
LC_TIME="en_US.utf8"
LC_COLLATE=C
LC_MONETARY="en_US.utf8"
LC_MESSAGES="en_US.utf8"
LC_PAPER="en_US.utf8"
LC_NAME="en_US.utf8"
LC_ADDRESS="en_US.utf8"
LC_TELEPHONE="en_US.utf8"
LC_MEASUREMENT="en_US.utf8"
LC_IDENTIFICATION="en_US.utf8"
LC_ALL= -
How to set ACLs on Remote MAC server Volumes..
Hi,
I have Mac OS X server v 10.5 Leopard. Initially I have enabled the ACLs using fsaclctl on the MAC server volume. When this volume gets mounted(through afp) on some other MAC client(MAC OS X 10.4 Tiger), the ACL status is shown as disabled. And it not allowing to set the ACLs on the remote volume from the client side.
I have used the following command to enable ACLs from Client.
sudo fsaclctl -p /Volumes/<server Volume> -e
This failed as "not supported".
Anyone knows how to set the ACLs on the remote MAC server volumes? Basically I want to see ACL working on Remote MAC server volumes.Hi
+". . . remote MAC server volumes . . ."+
Are you saying you are trying to enable ACLs on volumes shared by another OSX Server when volumes are mounted on the server in question?
Or are saying you can't see if ACLs on mounted volumes when issuing ls -lae for example?
You might want to read:
http://discussions.apple.com/thread.jspa?messageID=648307򞑳
http://discussions.apple.com/thread.jspa?messageID=1535247
and
http://discussions.apple.com/message.jspa?messageID=8456140#8456140
http://discussions.apple.com/message.jspa?messageID=8340573#8340573
http://discussions.apple.com/message.jspa?messageID=7777878#7777878
Tony -
I have WLS 6.1.sp2 talking to iPlanet identity server (aka DSAME)through an agent.
What is LDAP tree location and attributes I should use to set up ACLs?
-- Regards, MikeHi Mike,
Sorry for the delay getting back to you. Thanks for the more
thorough description. To answer your original question, I don't
have a clue how to configure the Sun LDAP server for ACLs
(authorization). I went to the link you provided to check out
the documentation for the Policy Agent and they don't seem to
mention configuring the LDAP server for ACL's either.
From what I read about the policy agent it looks like it may
use the role descriptions from the J2EE deployment descriptors
to do authorization checking. Unfortunately, I do not have any
experience with the policy agent. I suggest that you try to
contact Sun to get more information. If you need more assistance
from BEA I recommend that you open a case with BEA support so
that an engineer can devote the time necessary to more thoroughly
look into the issue for you. Sorry.
Regards,
Tom Hegadorn
Sr. Developer Relations Engineer
BEA Support
"mike" <[email protected]> wrote:
>
"Tom Hegadorn" <[email protected]> wrote:
Hi Mike,
It sounds like you're using the iPlanet LDAP server as the
backing store for an LDAP realm in WebLogic 6.1.Not exactly. We have iPlanet 5.1 DSAME, which is LDAP server frontended
by "identity
server". Identity server can do many things, including definition of
roles, policies,
etc. Then there is such a thing called Sun ONE Identity Server Policy
Agent for
WebLogic 6.1 SP2 (http://docs.sun.com/source/816-6690-10/index.html).
It is SUN's
implementation of Realm interface. So theoreticaly it should work the
same way
as any other implementation of realm.
As far as I'm aware, the ACLs used by an alternate security
realm would be those in the WebLogic file realm. Please see
the following documentation links for details.
http://e-docs.bea.com/wls/docs61/security/concepts.html#1035144
http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1071872
When you use an LDAP realm, the caching realm delegates
authentication requests to the LDAP realm but authorization
requests still go to the weblogic file realm to check against
the ACLs configured there. I believe the only exception to this
is with a custom RDBMS realm which supports the configuration
of ACL entries in the database. I really do hope that you are not correct (sorry). RDBMS realm is just
an implementation
of Relam interface, right? And WLS accesses cashing realm on top of it.
So if
I configure a cashing realm on top of DSAME realm WLS will ask it both
authentication
and authorization questions, btu if authentication fails it will ask
file realm
once more. The first link you've sent says: "For example, you may be
using an
alternate security realm that supports only authentication operations."
I read
this that you can use realm that allows authorization. Am I wrong?
I hope this helps. Please let me know if there is some other
information on your end that I'm missing. For example, if you've
implemented your own caching realm or something. Thanks.No, we did not implement any realms and we hope not to. In a company
with 6 developers
on a tight schedule we can't afford implementing stuff like that. But
the actual
realm class implementation is provided by SUN in the agent package, and
agent
is configured to work as a custom realm.
Regards,
Tom Hegadorn
Sr. Developer Relations Engineer
BEA SupportThanks for your help. I hope I clarified my issue better now. Unfortunately
SUN
does not have such a nice forum where I can ask questions... But I am
trying to
get info from them as well ;)
"mike" <[email protected]> wrote:
I have WLS 6.1.sp2 talking to iPlanet identity server (aka DSAME)through
an agent.
What is LDAP tree location and attributes I should use to set up ACLs?
-- Regards, Mike -
Updating 2013 SP1 to CU8 Error - Set-SharedConfigDC Fails
I have two 2012 servers running Exchange 2013 SP1. They are both multi-role servers and are members of a DAG and are also load-balanced behind a Citrix Netscaler. I was ready to begin moving my mailboxes from 2010 to 2013 when I ran into a problem. In order
to try and resolve this problem, I attempted to update to CU8.
(After a successful mailbox move, I am unable to open my own mailbox in Outlook (2013 or 2010). I receive an error that "the set of folders cannot be opened". I am, however, able to view my mailbox from another migrated mailbox which has "full
access" to it. After some unsuccessful attempts to figure it out, I decide that I should probably update Exchange to the latest before I start messing with other things. Bad mistake.)
The CU8 setup fails in the Set-SharedConfigDC step with the error "No Minimal Required Number of Suitable Directory Servers Found in Forest".
I've read that I need IPv6 enabled. It had previously been "unchecked" in the NIC settings of the Exchange and DC servers. I've enabled it on the Exchange server and two of the DCs one of which is a GC. No luck. I've also added the "Exchange
Servers" and "Exchange Subsystem" groups to the AD "Administrators" group which was another suggestion I received.
The DCs are in a different subnet from the Exchange server. I am running at domain functional level of 2003.
And just to reiterate: I had successfully installed Exchange 2013 SP1 with IPv6 "unchecked" on all Exchange and DC servers before the CU8 update failed.
-edit- Here's the relevant section of the log:
[04/01/2015 09:50:52.0841] [2] Active Directory session settings for 'Set-SharedConfigDC' are: View Entire Forest: 'True', Configuration Domain Controller: 'AC-DC1.mydomain.network', Preferred Global Catalog: 'AC-DC1.mydomain.network', Preferred Domain Controllers: '{ AC-DC1.mydomain.network }'
[04/01/2015 09:50:52.0841] [2] User specified parameters: -DomainController:'AC-DC1.mydomain.network' -ErrorVariable:'setSharedCDCErrors' -ErrorAction:'SilentlyContinue'
[04/01/2015 09:50:52.0841] [2] Beginning processing Set-SharedConfigDC
[04/01/2015 09:51:47.0056] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
[04/01/2015 09:51:47.0056] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites.
[04/01/2015 09:51:47.0056] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
[04/01/2015 09:51:47.0056] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites.
[04/01/2015 09:51:47.0071] [2] Ending processing Set-SharedConfigDC
[04/01/2015 09:51:47.0071] [2] Beginning processing Write-ExchangeSetupLog
[04/01/2015 09:51:47.0071] [2] An error ocurred while setting shared config DC. Error: The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
[04/01/2015 09:51:47.0071] [2] Ending processing Write-ExchangeSetupLog
[04/01/2015 09:51:47.0087] [2] Beginning processing Write-ExchangeSetupLog
[04/01/2015 09:51:47.0087] [2] Waiting 30 seconds before attempting again.
[04/01/2015 09:51:47.0087] [2] Ending processing Write-ExchangeSetupLog
[04/01/2015 09:52:17.0100] [2] Active Directory session settings for 'Set-SharedConfigDC' are: View Entire Forest: 'True', Configuration Domain Controller: 'AC-DC1.mydomain.network', Preferred Global Catalog: 'AC-DC1.mydomain.network', Preferred Domain Controllers: '{ AC-DC1.mydomain.network }'
[04/01/2015 09:52:17.0100] [2] User specified parameters: -DomainController:'AC-DC1.mydomain.network' -ErrorVariable:'setSharedCDCErrors' -ErrorAction:'SilentlyContinue'
[04/01/2015 09:52:17.0100] [2] Beginning processing Set-SharedConfigDC
[04/01/2015 09:53:11.0367] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
[04/01/2015 09:53:11.0367] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites.
[04/01/2015 09:53:11.0367] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
[04/01/2015 09:53:11.0367] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites.
[04/01/2015 09:53:11.0367] [2] Ending processing Set-SharedConfigDC
[04/01/2015 09:53:11.0382] [2] Beginning processing Write-ExchangeSetupLog
[04/01/2015 09:53:11.0382] [2] An error ocurred while setting shared config DC. Error: The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
[04/01/2015 09:53:11.0382] [2] Ending processing Write-ExchangeSetupLog
[04/01/2015 09:53:11.0382] [2] Beginning processing Write-ExchangeSetupLog
[04/01/2015 09:53:11.0382] [2] Waiting 30 seconds before attempting again.
[04/01/2015 09:53:11.0398] [2] Ending processing Write-ExchangeSetupLog
[04/01/2015 09:53:41.0412] [2] Beginning processing Write-ExchangeSetupLog
[04/01/2015 09:53:41.0412] [2] [ERROR] Unable to set shared config DC.
[04/01/2015 09:53:41.0412] [2] [ERROR] Unable to set shared config DC.
[04/01/2015 09:53:41.0412] [2] Ending processing Write-ExchangeSetupLog
[04/01/2015 09:53:41.0428] [1] The following 1 error(s) occurred during task execution:
[04/01/2015 09:53:41.0428] [1] 0. ErrorRecord: Unable to set shared config DC.
[04/01/2015 09:53:41.0428] [1] 0. ErrorRecord: System.Exception: Unable to set shared config DC.
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
[04/01/2015 09:53:41.0428] [1] [ERROR] The following error was generated when "$error.Clear();
$maxWait = New-TimeSpan -Minutes 8
$timeout = Get-Date;
$timeout = $timeout.Add($maxWait);
$currTime = Get-Date;
$successfullySetConfigDC = $false;
while($currTime -le $timeout)
$setSharedCDCErrors = @();
try
Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
$successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
if($successfullySetConfigDC)
break;
Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
catch
Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
Start-Sleep -Seconds 30;
$currTime = Get-Date;
if( -not $successfullySetConfigDC)
Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
" was run: "System.Exception: Unable to set shared config DC.
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
[04/01/2015 09:53:41.0428] [1] [ERROR] Unable to set shared config DC.
[04/01/2015 09:53:41.0428] [1] [ERROR-REFERENCE] Id=AllADRolesCommonServiceControl___ee47ab1c06fb47919398e2e95ed99c6c Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
[04/01/2015 09:53:41.0428] [1] Setup is stopping now because of one or more critical errors.
[04/01/2015 09:53:41.0428] [1] Finished executing component tasks.
[04/01/2015 09:53:41.0522] [1] Ending processing Install-BridgeheadRole
[04/01/2015 10:25:25.0150] [0] CurrentResult setupbase.maincore:396: 0
[04/01/2015 10:25:25.0150] [0] End of Setup
[04/01/2015 10:25:25.0150] [0] **********************************************That might have done it! I've marked your response as the answer although I do have some follow-up questions below.
I added MinSuitableServer = "1" under the line MinPercentageOfHealthyDC = "50" in the file "microsoft.exchange.directory.topologyservice.exe.config" in the CU8 setup folders. The setup still failed so I then edited the same file
in the existing Exchange directory and then rebooted. Setup then finished.
I still have my other Exchange server to do. I will make the same NIC changes and the same config file changes before attempting to run setup. I assume I should move the active DAG copy to the server that finally updated before proceeding but should I be wary
since the exchange servers are now on different versions?
Is there any explanation as to why this might have happened? I just can't understand why the initial setup succeeded back in January while this CU failed... -
9.2.0.3 patch set installation fails on Solaris 8
i've installed Oracle9iR2 (64-bit) client on a Solaris 8 system and i'm now having problems installing the 9.2.0.3 patch set. during the installation process i get the following error message from OUI:
Error in invoking target install of makefile
$ORACLE_HOME/network/lib/ins_net_client.mk
i checked the installation log and then $ORACLE_HOME/install/make.log. make.log reports that the failing command is:
/usr/ccs/bin/make -f ins_net_client.mk install ORACLE_HOME=/opt/oracle9i/u01/app/oracle/product/9.2.0
this command fails when trying to link trcroute. the link command seems to have incorrect paths as it seems to expect to find crt?.o files from $ORACLE_HOME/lib/WS6U1 while they are located in $ORACLE_HOME/lib/WS6U2/lib/v9. i modified $ORACLE_HOME/network/lib/env_network.mk (CCVER, COMPOBJ) so that crt?.o can be found.
after this change the same link command fails with this message:
ld: fatal: file $ORACLE_HOME/network/lib/s0nur.o:
wrong ELF class: ELFCLASS32
ld: fatal: File processing errors. No output written to trcroute
*** Error code 1
make: Fatal error: Command failed for target `trcroute'
i checked the object files in network/lib and they all seem to be ELF 32-bit.
does someone know what's causing these problems with the installation and how to fix it?
best regards,
aspathat's what i started to suspect as well. it's quite likely that the patch is for 32-bit installations. i'll try it with the 64-bit patch. thanks.
-
Why the set operation failed in ".TMIB" tpcall
I want to change the state of client. So I write the follow lines to complete it,
but it failed, the error code is:tperrno=11,tperrtext=TPESVCFAIL - application
level service failure. Please help me how can I change the state of client.
Fchg32(SndBuf, TA_OPERATION, 0, "SET", 0);
Fchg32(SndBuf, TA_CLASS, 0, "T_CLIENT", 0);
Fchg32(SndBuf, TA_STATE, 0, "DEAd", 0);
for (i=0; i<l; i++)
memset(clientid, 0, sizeof(clientid));
memset(state,0,sizeof(state));
p = Ffind32(in,TA_CLIENTID,i,NULL);
Fchg32(SndBuf, TA_CLIENTID, 0, p, 0);
ret = tpcall(".TMIB", (char *)SndBuf, 0, (char **)&RcvBuf,
&rcvlen, (long)0);sorry, please check:
http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=tuxedo.general&item=4581&utag=
Thanks.
"fly231" <[email protected]> wrote:
>
I want to change the state of client. So I write the follow lines to
complete it,
but it failed, the error code is:tperrno=11,tperrtext=TPESVCFAIL - application
level service failure. Please help me how can I change the state of client.
Fchg32(SndBuf, TA_OPERATION, 0, "SET", 0);
Fchg32(SndBuf, TA_CLASS, 0, "T_CLIENT", 0);
Fchg32(SndBuf, TA_STATE, 0, "DEAd", 0);
for (i=0; i<l; i++)
memset(clientid, 0, sizeof(clientid));
memset(state,0,sizeof(state));
p = Ffind32(in,TA_CLIENTID,i,NULL);
Fchg32(SndBuf, TA_CLIENTID, 0, p, 0);
ret = tpcall(".TMIB", (char *)SndBuf, 0, (char **)&RcvBuf,
&rcvlen, (long)0);
Maybe you are looking for
-
VPN Site-to-Site or VPN Client Server with Cisco IP Phone 8941 and 8945
Hi everyone, I decide to deploy a CUCM (BE6K platform), SX20, and IP Phone 8941/8945 on Head Office and Cisco SX10 and IP Phone 8941/8945 for branch offices (actually 9 branch offices). The connection will use internet connection for HO and each bran
-
ERROR UJT015 when doing restoring via UJBR
I got error message when trying to restore a BPC appset from PRODUCTION BI to Quality BI. error message is UJT015 in classs CX_UJT_BACKUP_RESTORE_ERROR Error occured while creating Application PROFITABILITY via Admin API Message no. UJT015 my backup
-
Poll Interval, Msecs To wait before modification checks & Queue Name in CC
Hi All, I have 3 inter-related interfaces which is having 3 File Sender Communication channels as below charasteristics; All 3 ccs are running on a common Queue Name inorder to cater the business scenario; so PI should consume the files in the same s
-
When installing policy agent I get an error: "No X11 DISPLAY variable was set". I've tried running it with the -nodisplay option and have tried setting -Djava.awt.headless=true in the setup script to no avail. Any help would be greatly appreciated.
-
okay, so i put my ipod in DFU mode to restore it. well now it is in the middle of restoring ipod software and the bar hasnt moved. what do i do?