Set-Acl fails in V3

I have a script that was working in V2 but fails in V3 when calling Set-Acl:
Set-Acl : Cannot set the ACL because the method that it needs to invoke, SetSecurityDescriptor, does not exist
Is there a different way to set file permissions in V3?

Hi,
Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
If you have any feedback on our support, please click
here
Cataleya Li
TechNet Community Support

Similar Messages

  • Set-acl and remove-ntfs both fail from PowerShell yet i can do it from the GUI

    I have put together a script that searches all of our folders then searches the folders for groups that should have access and do not and groups that should not have access and do.
    Finding only the folders that need NTFS permissions changed works great.  Adding the groups that need added works great but removing groups is not working.  Below is a section of my script with the section not working underlined.  You can
    see i have tried 2 approaches.  
    If i use the Remove-NTFSAccess command (which i really prefer) I get no errors and you would think all worked until you check.
    If i use set-acl about half give me a error  "Set-Acl : The process does not possess the 'SeSecurityPrivilege' privilege which is required for this operation" but it does not remove the Domain admins for any of the
    folders including the ones that give no error.
    I have privileges to do it.  I can go to a folder and remove the group from the NTFS permissions in the GUI with no issue. 
    Thanks!
    "Add Nseries Admins"
    $workingdir = (Get-Content "$env:TEMP\Add nseries admins.txt")
    $mynum=[int]$workingdir.Count
    foreach ($path in $workingdir) {
    $mynum
    $mynum = $mynum - 1
    $path
    Add-NTFSAccess -Path "$path" -Account "SCHOOLS\Nseries Admins" -AccessRights FullControl -AccessType Allow -AppliesTo ThisFolderSubfoldersAndFiles
    "Romeve Domain admins"
    $workingdir = (Get-Content "$env:TEMP\Remove domain admins.txt")
    $mynum=[int]$workingdir.Count
    foreach ($path in $workingdir) {
    $mynum
    $mynum = $mynum - 1
    $path
    # Add-NTFSAccess -Path "$path" -Account "SCHOOLS\Nseries Admins" -AccessRights FullControl -AccessType Allow -AppliesTo ThisFolderSubfoldersAndFiles
    # Remove-NTFSAccess -Path "$path" -Account "SCHOOLS\Domain Admins" -AccessRights Read -AccessType Allow -AppliesTo ThisFolderOnly
    $acl=get-acl "$path"
    $accessrule = New-Object system.security.AccessControl.FileSystemAccessRule("SCHOOLS\Domain Admins","Read",,,"Allow")
    $acl.RemoveAccessRuleAll($accessrule)
    Set-Acl -Path "$path" -AclObject $acl

    I just ran that a couple of times.  No errors as long as the subfolders are not protected in a way the blocks the admin.  I will try and find a folder that causes this exact scenario.
    Is it possible that this was fixed in V4?
    ¯\_(ツ)_/¯
    The SACL being overwritten isn't fixed. There's a Connect bug
    here. Set-Acl basically does this before trying to call SetAccessControl():
    $path = "$env:Temp\temp_item_name"
    $acl = Get-Acl $path
    # Get the binary form:
    $binaryForm = $acl.GetSecurityDescriptorBinaryForm()
    # Create a new SD object:
    $newacl = New-Object $acl.GetType()
    # Take the old binary form and use it for the new SD object,
    # but tell it it's for all sections, including the SACL:
    $newacl.SetSecurityDescriptorBinaryForm($binaryForm, "All")
    Next, it tries to call SetAccessControl() inside of a try{} block. If it detects a PrivilegeNotHeld exception, it will try to redo the section above without setting the Owner, Group, and SACL (if certain conditions are met). I can't get the second call to
    error the way Lishron did, but that doesn't mean there's no scenario where that can't happen.
    By the way, here's an example of trying to call SetAccessControl() with the modified SD object from above:
    $FileSystemItem = Get-Item $path
    $FileSystemItem.SetAccessControl($newacl) # <-- Fails if you're not an admin; overwrites SACL if you are
    $FileSystemItem.SetAccessControl($acl) # <-- Succeeds (unless you're trying to change the owner)

  • Set-Acl permission failed

    I am trying to set the permissions on a folder using the below code, However i get this error :-
    Cannot find an overload for "FileSystemAccessRule" and the argument count: "6".
    Functin kozos_Permission($Server)
    $FolderLocation = "C:\inetpub\ftproot\kozos"
    $GroupToBeAdded = "$Server\administrators"
    $acl = Get-Acl -Path $FolderLocation
    $User = [System.Security.Principal.NTAccount]$GroupToBeAdded
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($User, "FullControl","ContainerInherit", "ObjectInherit", "None", "Allow")
    $acl.AddAccessRule($AccessRule)
    set-acl -Path $FolderLocation -AclObject $acl
    kozos_Permission localhost

    Try it like this:
    $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($User, "FullControl","ContainerInherit,ObjectInherit", "None", "Allow")
    The ObjectInherit and ContainerInherit are part of the same attribute, not separate.
    I hope this post has helped!

  • Can't set ACL for JSPs

    Hi,
              we are trying to set define ACL for weblogic security for JSP
              and could't manage to do it. In the online documentation there
              are examples for servlets but not for html or jsp files.
              How have to be defined the ACLs for jsp and html files ?
              Thanks in advance.
              GRIDSYSTEMS Bartolome Real Planells
              

    See http://www.weblogic.com/docs51/admindocs/properties.html#urlacl for
              details on setting ACLs on URLs...
              Bartolome Real Planells wrote:
              > Hi,
              >
              > we are trying to set define ACL for weblogic security for JSP
              > and could't manage to do it. In the online documentation there
              > are examples for servlets but not for html or jsp files.
              >
              > How have to be defined the ACLs for jsp and html files ?
              >
              > Thanks in advance.
              >
              > -------------------------------------------------------------------
              > GRIDSYSTEMS Bartolome Real Planells
              

  • MBP, 1-user, 2-logins (work vs personal), trouble setting ACL's

    I'm fairly accustomed to setting ACL's and permissions (not overly confident with chmod) but the challenge I've had is establishing standard ACL/permissions for directories that I want to share between each of my logins but still lock out anyone else from even reading it.
    _Here's what I've done:_
    Under "Macintosh HD:Users:Shared:" I have a folder titled "Personal" which I share between my personal login and my work login. I've set the ACL's of that folder as follows:
    (personal login) Read & Write
    (work login) Read & Write
    everyone No Access
    I have access without issue at this point but even though I propagated permissions to all enclosed items, any new items are restricted. Is there a way to set the default ACL on new items to reflect that of the permissions of the parent folder rather than that of the user?
    I'm not a fan of keeping the "everyone" to even "Read" or "Write only (Drop Box)".
    Any suggestions would be really appreciated! Thanks!

    It appears that ACLs set from the "Get Info" box do not set the inheritance options, even when applied to "enclosed items", which seems to be a one shot deal. For example, when a new rule is created in "Get Info" to allow a different user to "read & write", with 'ls -led /path/to/folder' I see:<pre style="overflow:auto; padding: 5px; width: 500px ; font-size: 10px; border:1"> 0: user:username allow list,addfile,search,add_subdirectory,deletechild,readattr,writeattr,readextattr,writeextattr,readsecurity</pre>
    In this case, rule "0:" can be ammended to include the "inherit" options using:<pre style="overflow:auto; padding: 5px; width: 500px ; font-size: 10px; border:1">chmod =a# 0 "username allow list,addfile,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeex tattr,readsecurity,file_inherit,directoryinherit" /path/to/folder</pre>The "username" and "/path/to/folder" are placeholders, of course.
    While ACLs can allow for files to inherit the ACLs from the parent, the catch is that the items have to be created new within the folder with the ACL. An existing file or folder moved into the shared folder won't inherit ACLs, whereas an existing folder copied directly into the shared folder will.

  • CSSCAN for database character set conversion failing with ORA-01578

    Hi ,
    CSSCAN for database character set conversion failing with ORA-01578: ORACLE data block corrupted (file # 84, block # 23930). please help me out in this regard.
    Thanks,
    Sravan.

    Hi Anand,
    Thanks for your update. The segment is a table not an index in my case. And i got this error while running CSSCAN on Apps database for character set conversion to UTF8 from WE8ISO8859P1. Please find the snapshot below for your reference.
    SQL> select segment_name, segment_type, owner from dba_extents where file_id = 84 and 23930 between block_id and block_id + blocks - 1;
    SEGMENT_NAME
    SEGMENT_TYPE OWNER
    EDW_LOOKUP_M
    TABLE POA
    SQL> ANALYZE TABLE POA.EDW_LOOKUP_M VALIDATE STRUCTURE CASCADE;
    ANALYZE TABLE POA.EDW_LOOKUP_M VALIDATE STRUCTURE CASCADE
    ERROR at line 1:
    ORA-01578: ORACLE data block corrupted (file # 84, block # 23930)
    ORA-01110: data file 84: '/d911/oracle/dbcondata/poad01.dbf'
    Thanks,
    Sravan.

  • Set-Acl removing inherited permissions

    Hi,
    I am trying to set permissions on a remote share.  However, using Set-Acl removes the inherited permissions from the share.
    i.e. F:\SHARE inherits permissions from F:\
    Using Set-Acl in any way, removes the permissions inherited from F:\.
    i.e. (Get-Acl \\SERVER\SHARE) | Set-Acl \\SERVER\SHARE
    After running that command, the inherited permissions from F:\ will no longer be applied to F:\SHARE
    Ideas?
    Another thread suggested this was a UAC issue.  UAC is turned off on both the computer running Set-Acl, and the computer with the share.  UAC was turned off by changing the value of EnableLUA  from 1 to 0 in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system".

    This is because setting the ACL on the root of a share using the UNC path disables inheritance for that folder. It has nothing to do with UAC and is by design. Try doing it in explorer and you'll get a warning stating just that.
    EDIT: To set the permissions remotely in this particular case, you'll need to be an administrator on the remote machine. This allows you to connect via \\SERVER\F$, where you are then free to set permissions on the \\SERVER\F$\SHARE folder without disabling
    inheritance.
    Best Regards,
    Carl S
    All code is provided as-is with no guarantees. Always try it out in a test environment before applying it in a production environment.

  • Error performing request Unknown error Setting deactivation Failed

    Hi
    I've received this error twice, I don't remember going to make/receive a call at the time despite what the error eludes to.
    Error performing request
    Unknown Error
    Setting Deactivation Failed
    Calling Line ID Restriction
    Has anyone else had this problem?

    I have an WildcardActivated (legitimate Apple unlocked) iPhone 4 with iOS 5.1.1. , I had the 5.0.1 and that didnt happen but with the 5.1.1 its happening, the same issue of u, I have the total, all the bars, but sometimes when im going to call it gives me the exact error, u can check my post, https://discussions.apple.com/thread/4268016 HELP PLZ

  • Cannot use Set-Acl properly despite being file owner and being a member of Administrators Group.

    Hi,
    sorry if this question is already answered but i didn´t find a solution to this ...
    Situation:
    - Running powershell with administrator privileges.
    - I am the owner of file to be modified.
    - Full Control privileges holded by TrustedInstaller.
    - Administrators have no modify privilege to change the file.
    - i can modify acl of that file by GUI
    - I cannot modify acl using Set-Acl snapin.
    This is the executed command:
    Get-Acl C:\inetpub\custerr\en-US\401.htm  |Set-Acl C:\inetpub\custerr\en-US\500-100.asp
    and this the result:
    Set-Acl : Attempted to perform an unauthorized operation.
    At line:1 char:44
    + Get-Acl C:\inetpub\custerr\en-US\401.htm  |Set-Acl C:\inetpub\custerr\en-US\500- ...
    +                                            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : PermissionDenied: (C:\inetpub\custerr\en-US\500-100.asp:String) [Set-Acl], UnauthorizedAccessException
        + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
    I dont want to use external modules. This will be a part of a script to fully automate iis installation on windows 2012 and 2008..
    Thanks in advance guys.

    I get the same thing.  I found this post that should help you:
    http://social.technet.microsoft.com/Forums/scriptcenter/en-US/87679d43-04d5-4894-b35b-f37a6f5558cb/solved-how-to-take-ownership-and-change-permissions-for-blocked-files-and-folders-in-powershell
    Scroll down to one of the last posts, a long one by barnabya, I tested it and it works.  Note that you do not have to execute the bits at the very end to take ownership of the file if the account you're using is already the owner, but you DO need to
    run all three bits to establish SeBackupPrivilege, SeRestorePrivilege, and SeTakeOwnershipPrivilege before running the get-acl | set-acl command.
    I hope this post has helped!

  • Setting locale failed

    It seems as though I don't have any locale set. I'm quite new to all of this and don't really get it.
    $ unp
    perl: warning: Setting locale failed.
    perl: warning: Please check that your locale settings:
    LANGUAGE = (unset),
    LC_ALL = (unset),
    LC_COLLATE = "C",
    LANG = "en_US.utf8"
    are supported and installed on your system.
    perl: warning: Falling back to the standard locale ("C").
    rc.conf:
    LOCALE="en_US.utf8"
    HARDWARECLOCK="localtime"
    USEDIRECTISA="no"
    TIMEZONE="Europe/Stockholm"
    KEYMAP="us"
    CONSOLEFONT=
    CONSOLEMAP=
    USECOLOR="yes"
    MOD_AUTOLOAD="yes"
    MODULES=(tg3 iwl3945 snd-mixer-oss snd-pcm-oss snd-hwdep snd-page-alloc snd-pcm snd-timer snd snd-hda-intel soundcore)
    USELVM="no"
    HOSTNAME="stalin"
    eth0="eth0 192.168.0.2 netmask 255.255.255.0 broadcast 192.168.0.255"
    INTERFACES=(eth0)
    gateway="default gw 192.168.0.1"
    ROUTES=(!gateway)
    DAEMONS=(syslog-ng network netfs crond hal openntpd wicd alsa mpd slim)
    locale.gen:
    en_US.UTF-8 UTF-8
    en_US ISO-8859-1
    sv_SE.UTF-8 UTF-8
    sv_SE ISO-8859-1

    $ locale
    locale: Cannot set LC_CTYPE to default locale: No such file or directory
    locale: Cannot set LC_MESSAGES to default locale: No such file or directory
    locale: Cannot set LC_ALL to default locale: No such file or directory
    LANG=en_US.utf8
    LC_CTYPE="en_US.utf8"
    LC_NUMERIC="en_US.utf8"
    LC_TIME="en_US.utf8"
    LC_COLLATE=C
    LC_MONETARY="en_US.utf8"
    LC_MESSAGES="en_US.utf8"
    LC_PAPER="en_US.utf8"
    LC_NAME="en_US.utf8"
    LC_ADDRESS="en_US.utf8"
    LC_TELEPHONE="en_US.utf8"
    LC_MEASUREMENT="en_US.utf8"
    LC_IDENTIFICATION="en_US.utf8"
    LC_ALL=

  • How to set ACLs on Remote MAC server Volumes..

    Hi,
    I have Mac OS X server v 10.5 Leopard. Initially I have enabled the ACLs using fsaclctl on the MAC server volume. When this volume gets mounted(through afp) on some other MAC client(MAC OS X 10.4 Tiger), the ACL status is shown as disabled. And it not allowing to set the ACLs on the remote volume from the client side.
    I have used the following command to enable ACLs from Client.
    sudo fsaclctl -p /Volumes/<server Volume> -e
    This failed as "not supported".
    Anyone knows how to set the ACLs on the remote MAC server volumes? Basically I want to see ACL working on Remote MAC server volumes.

    Hi
    +". . . remote MAC server volumes . . ."+
    Are you saying you are trying to enable ACLs on volumes shared by another OSX Server when volumes are mounted on the server in question?
    Or are saying you can't see if ACLs on mounted volumes when issuing ls -lae for example?
    You might want to read:
    http://discussions.apple.com/thread.jspa?messageID=648307&#648307
    http://discussions.apple.com/thread.jspa?messageID=1535247
    and
    http://discussions.apple.com/message.jspa?messageID=8456140#8456140
    http://discussions.apple.com/message.jspa?messageID=8340573#8340573
    http://discussions.apple.com/message.jspa?messageID=7777878#7777878
    Tony

  • Setting ACLs in iPlanet DSAME

    I have WLS 6.1.sp2 talking to iPlanet identity server (aka DSAME)through an agent.
    What is LDAP tree location and attributes I should use to set up ACLs?
    -- Regards, Mike

    Hi Mike,
    Sorry for the delay getting back to you. Thanks for the more
    thorough description. To answer your original question, I don't
    have a clue how to configure the Sun LDAP server for ACLs
    (authorization). I went to the link you provided to check out
    the documentation for the Policy Agent and they don't seem to
    mention configuring the LDAP server for ACL's either.
    From what I read about the policy agent it looks like it may
    use the role descriptions from the J2EE deployment descriptors
    to do authorization checking. Unfortunately, I do not have any
    experience with the policy agent. I suggest that you try to
    contact Sun to get more information. If you need more assistance
    from BEA I recommend that you open a case with BEA support so
    that an engineer can devote the time necessary to more thoroughly
    look into the issue for you. Sorry.
    Regards,
    Tom Hegadorn
    Sr. Developer Relations Engineer
    BEA Support
    "mike" <[email protected]> wrote:
    >
    "Tom Hegadorn" <[email protected]> wrote:
    Hi Mike,
    It sounds like you're using the iPlanet LDAP server as the
    backing store for an LDAP realm in WebLogic 6.1.Not exactly. We have iPlanet 5.1 DSAME, which is LDAP server frontended
    by "identity
    server". Identity server can do many things, including definition of
    roles, policies,
    etc. Then there is such a thing called Sun ONE Identity Server Policy
    Agent for
    WebLogic 6.1 SP2 (http://docs.sun.com/source/816-6690-10/index.html).
    It is SUN's
    implementation of Realm interface. So theoreticaly it should work the
    same way
    as any other implementation of realm.
    As far as I'm aware, the ACLs used by an alternate security
    realm would be those in the WebLogic file realm. Please see
    the following documentation links for details.
    http://e-docs.bea.com/wls/docs61/security/concepts.html#1035144
    http://e-docs.bea.com/wls/docs61/adminguide/cnfgsec.html#1071872
    When you use an LDAP realm, the caching realm delegates
    authentication requests to the LDAP realm but authorization
    requests still go to the weblogic file realm to check against
    the ACLs configured there. I believe the only exception to this
    is with a custom RDBMS realm which supports the configuration
    of ACL entries in the database. I really do hope that you are not correct (sorry). RDBMS realm is just
    an implementation
    of Relam interface, right? And WLS accesses cashing realm on top of it.
    So if
    I configure a cashing realm on top of DSAME realm WLS will ask it both
    authentication
    and authorization questions, btu if authentication fails it will ask
    file realm
    once more. The first link you've sent says: "For example, you may be
    using an
    alternate security realm that supports only authentication operations."
    I read
    this that you can use realm that allows authorization. Am I wrong?
    I hope this helps. Please let me know if there is some other
    information on your end that I'm missing. For example, if you've
    implemented your own caching realm or something. Thanks.No, we did not implement any realms and we hope not to. In a company
    with 6 developers
    on a tight schedule we can't afford implementing stuff like that. But
    the actual
    realm class implementation is provided by SUN in the agent package, and
    agent
    is configured to work as a custom realm.
    Regards,
    Tom Hegadorn
    Sr. Developer Relations Engineer
    BEA SupportThanks for your help. I hope I clarified my issue better now. Unfortunately
    SUN
    does not have such a nice forum where I can ask questions... But I am
    trying to
    get info from them as well ;)
    "mike" <[email protected]> wrote:
    I have WLS 6.1.sp2 talking to iPlanet identity server (aka DSAME)through
    an agent.
    What is LDAP tree location and attributes I should use to set up ACLs?
    -- Regards, Mike

  • Updating 2013 SP1 to CU8 Error - Set-SharedConfigDC Fails

    I have two 2012 servers running Exchange 2013 SP1. They are both multi-role servers and are members of a DAG and are also load-balanced behind a Citrix Netscaler. I was ready to begin moving my mailboxes from 2010 to 2013 when I ran into a problem. In order
    to try and resolve this problem, I attempted to update to CU8.
    (After a successful mailbox move, I am unable to open my own mailbox in Outlook (2013 or 2010). I receive an error that "the set of folders cannot be opened". I am, however, able to view my mailbox from another migrated mailbox which has "full
    access" to it. After some unsuccessful attempts to figure it out, I decide that I should probably update Exchange to the latest before I start messing with other things. Bad mistake.)
    The CU8 setup fails in the Set-SharedConfigDC step with the error "No Minimal Required Number of Suitable Directory Servers Found in Forest".
    I've read that I need IPv6 enabled. It had previously been "unchecked" in the NIC settings of the Exchange and DC servers. I've enabled it on the Exchange server and two of the DCs one of which is a GC. No luck. I've also added the "Exchange
    Servers" and "Exchange Subsystem" groups to the AD "Administrators" group which was another suggestion I received.
    The DCs are in a different subnet from the Exchange server.  I am running at domain functional level of 2003.
    And just to reiterate: I had successfully installed Exchange 2013 SP1 with IPv6 "unchecked" on all Exchange and DC servers before the CU8 update failed.
    -edit- Here's the relevant section of the log:
    [04/01/2015 09:50:52.0841] [2] Active Directory session settings for 'Set-SharedConfigDC' are: View Entire Forest: 'True', Configuration Domain Controller: 'AC-DC1.mydomain.network', Preferred Global Catalog: 'AC-DC1.mydomain.network', Preferred Domain Controllers: '{ AC-DC1.mydomain.network }'
    [04/01/2015 09:50:52.0841] [2] User specified parameters: -DomainController:'AC-DC1.mydomain.network' -ErrorVariable:'setSharedCDCErrors' -ErrorAction:'SilentlyContinue'
    [04/01/2015 09:50:52.0841] [2] Beginning processing Set-SharedConfigDC
    [04/01/2015 09:51:47.0056] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
    [04/01/2015 09:51:47.0056] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites.
    [04/01/2015 09:51:47.0056] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
    [04/01/2015 09:51:47.0056] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites.
    [04/01/2015 09:51:47.0071] [2] Ending processing Set-SharedConfigDC
    [04/01/2015 09:51:47.0071] [2] Beginning processing Write-ExchangeSetupLog
    [04/01/2015 09:51:47.0071] [2] An error ocurred while setting shared config DC. Error: The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
    [04/01/2015 09:51:47.0071] [2] Ending processing Write-ExchangeSetupLog
    [04/01/2015 09:51:47.0087] [2] Beginning processing Write-ExchangeSetupLog
    [04/01/2015 09:51:47.0087] [2] Waiting 30 seconds before attempting again.
    [04/01/2015 09:51:47.0087] [2] Ending processing Write-ExchangeSetupLog
    [04/01/2015 09:52:17.0100] [2] Active Directory session settings for 'Set-SharedConfigDC' are: View Entire Forest: 'True', Configuration Domain Controller: 'AC-DC1.mydomain.network', Preferred Global Catalog: 'AC-DC1.mydomain.network', Preferred Domain Controllers: '{ AC-DC1.mydomain.network }'
    [04/01/2015 09:52:17.0100] [2] User specified parameters: -DomainController:'AC-DC1.mydomain.network' -ErrorVariable:'setSharedCDCErrors' -ErrorAction:'SilentlyContinue'
    [04/01/2015 09:52:17.0100] [2] Beginning processing Set-SharedConfigDC
    [04/01/2015 09:53:11.0367] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
    [04/01/2015 09:53:11.0367] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites.
    [04/01/2015 09:53:11.0367] [2] The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
    [04/01/2015 09:53:11.0367] [2] No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites.
    [04/01/2015 09:53:11.0367] [2] Ending processing Set-SharedConfigDC
    [04/01/2015 09:53:11.0382] [2] Beginning processing Write-ExchangeSetupLog
    [04/01/2015 09:53:11.0382] [2] An error ocurred while setting shared config DC. Error: The call to Microsoft Exchange Active Directory Topology service on server 'TopologyClientTcpEndpoint (localhost)' returned an error. Error details No Minimal Required Number of Suitable Directory Servers Found in Forest mydomain.network Site Default-First-Site-Name and connected Sites..
    [04/01/2015 09:53:11.0382] [2] Ending processing Write-ExchangeSetupLog
    [04/01/2015 09:53:11.0382] [2] Beginning processing Write-ExchangeSetupLog
    [04/01/2015 09:53:11.0382] [2] Waiting 30 seconds before attempting again.
    [04/01/2015 09:53:11.0398] [2] Ending processing Write-ExchangeSetupLog
    [04/01/2015 09:53:41.0412] [2] Beginning processing Write-ExchangeSetupLog
    [04/01/2015 09:53:41.0412] [2] [ERROR] Unable to set shared config DC.
    [04/01/2015 09:53:41.0412] [2] [ERROR] Unable to set shared config DC.
    [04/01/2015 09:53:41.0412] [2] Ending processing Write-ExchangeSetupLog
    [04/01/2015 09:53:41.0428] [1] The following 1 error(s) occurred during task execution:
    [04/01/2015 09:53:41.0428] [1] 0. ErrorRecord: Unable to set shared config DC.
    [04/01/2015 09:53:41.0428] [1] 0. ErrorRecord: System.Exception: Unable to set shared config DC.
    at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
    at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
    at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)
    [04/01/2015 09:53:41.0428] [1] [ERROR] The following error was generated when "$error.Clear();
    $maxWait = New-TimeSpan -Minutes 8
    $timeout = Get-Date;
    $timeout = $timeout.Add($maxWait);
    $currTime = Get-Date;
    $successfullySetConfigDC = $false;
    while($currTime -le $timeout)
    $setSharedCDCErrors = @();
    try
    Set-SharedConfigDC -DomainController $RoleDomainController -ErrorVariable setSharedCDCErrors -ErrorAction SilentlyContinue;
    $successfullySetConfigDC = ($setSharedCDCErrors.Count -eq 0);
    if($successfullySetConfigDC)
    break;
    Write-ExchangeSetupLog -Info ("An error ocurred while setting shared config DC. Error: " + $setSharedCDCErrors[0]);
    catch
    Write-ExchangeSetupLog -Info ("An exception ocurred while setting shared config DC. Exception: " + $_.Exception.Message);
    Write-ExchangeSetupLog -Info ("Waiting 30 seconds before attempting again.");
    Start-Sleep -Seconds 30;
    $currTime = Get-Date;
    if( -not $successfullySetConfigDC)
    Write-ExchangeSetupLog -Error "Unable to set shared config DC.";
    " was run: "System.Exception: Unable to set shared config DC.
    at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target, Boolean reThrow, String helpUrl)
    at Microsoft.Exchange.Configuration.Tasks.Task.WriteError(Exception exception, ErrorCategory category, Object target)
    at Microsoft.Exchange.Management.Deployment.WriteExchangeSetupLog.InternalProcessRecord()
    at Microsoft.Exchange.Configuration.Tasks.Task.<ProcessRecord>b__b()
    at Microsoft.Exchange.Configuration.Tasks.Task.InvokeRetryableFunc(String funcName, Action func, Boolean terminatePipelineIfFailed)".
    [04/01/2015 09:53:41.0428] [1] [ERROR] Unable to set shared config DC.
    [04/01/2015 09:53:41.0428] [1] [ERROR-REFERENCE] Id=AllADRolesCommonServiceControl___ee47ab1c06fb47919398e2e95ed99c6c Component=EXCHANGE14:\Current\Release\Shared\Datacenter\Setup
    [04/01/2015 09:53:41.0428] [1] Setup is stopping now because of one or more critical errors.
    [04/01/2015 09:53:41.0428] [1] Finished executing component tasks.
    [04/01/2015 09:53:41.0522] [1] Ending processing Install-BridgeheadRole
    [04/01/2015 10:25:25.0150] [0] CurrentResult setupbase.maincore:396: 0
    [04/01/2015 10:25:25.0150] [0] End of Setup
    [04/01/2015 10:25:25.0150] [0] **********************************************

    That might have done it!  I've marked your response as the answer although I do have some follow-up questions below.
    I added MinSuitableServer = "1" under the line MinPercentageOfHealthyDC = "50" in the file "microsoft.exchange.directory.topologyservice.exe.config" in the CU8 setup folders. The setup still failed so I then edited the same file
    in the existing Exchange directory and then rebooted. Setup then finished.
    I still have my other Exchange server to do. I will make the same NIC changes and the same config file changes before attempting to run setup. I assume I should move the active DAG copy to the server that finally updated before proceeding but should I be wary
    since the exchange servers are now on different versions?
    Is there any explanation as to why this might have happened? I just can't understand why the initial setup succeeded back in January while this CU failed...

  • 9.2.0.3 patch set installation fails on Solaris 8

    i've installed Oracle9iR2 (64-bit) client on a Solaris 8 system and i'm now having problems installing the 9.2.0.3 patch set. during the installation process i get the following error message from OUI:
    Error in invoking target install of makefile
    $ORACLE_HOME/network/lib/ins_net_client.mk
    i checked the installation log and then $ORACLE_HOME/install/make.log. make.log reports that the failing command is:
    /usr/ccs/bin/make -f ins_net_client.mk install ORACLE_HOME=/opt/oracle9i/u01/app/oracle/product/9.2.0
    this command fails when trying to link trcroute. the link command seems to have incorrect paths as it seems to expect to find crt?.o files from $ORACLE_HOME/lib/WS6U1 while they are located in $ORACLE_HOME/lib/WS6U2/lib/v9. i modified $ORACLE_HOME/network/lib/env_network.mk (CCVER, COMPOBJ) so that crt?.o can be found.
    after this change the same link command fails with this message:
    ld: fatal: file $ORACLE_HOME/network/lib/s0nur.o:
    wrong ELF class: ELFCLASS32
    ld: fatal: File processing errors. No output written to trcroute
    *** Error code 1
    make: Fatal error: Command failed for target `trcroute'
    i checked the object files in network/lib and they all seem to be ELF 32-bit.
    does someone know what's causing these problems with the installation and how to fix it?
    best regards,
    aspa

    that's what i started to suspect as well. it's quite likely that the patch is for 32-bit installations. i'll try it with the 64-bit patch. thanks.

  • Why the set operation failed in ".TMIB" tpcall

    I want to change the state of client. So I write the follow lines to complete it,
    but it failed, the error code is:tperrno=11,tperrtext=TPESVCFAIL - application
    level service failure. Please help me how can I change the state of client.
    Fchg32(SndBuf, TA_OPERATION, 0, "SET", 0);
    Fchg32(SndBuf, TA_CLASS, 0, "T_CLIENT", 0);
    Fchg32(SndBuf, TA_STATE, 0, "DEAd", 0);
    for (i=0; i<l; i++)
    memset(clientid, 0, sizeof(clientid));
    memset(state,0,sizeof(state));
    p = Ffind32(in,TA_CLIENTID,i,NULL);
    Fchg32(SndBuf, TA_CLIENTID, 0, p, 0);
    ret = tpcall(".TMIB", (char *)SndBuf, 0, (char **)&RcvBuf,
    &rcvlen, (long)0);

    sorry, please check:
    http://newsgroups.bea.com/cgi-bin/dnewsweb?cmd=article&group=tuxedo.general&item=4581&utag=
    Thanks.
    "fly231" <[email protected]> wrote:
    >
    I want to change the state of client. So I write the follow lines to
    complete it,
    but it failed, the error code is:tperrno=11,tperrtext=TPESVCFAIL - application
    level service failure. Please help me how can I change the state of client.
    Fchg32(SndBuf, TA_OPERATION, 0, "SET", 0);
    Fchg32(SndBuf, TA_CLASS, 0, "T_CLIENT", 0);
    Fchg32(SndBuf, TA_STATE, 0, "DEAd", 0);
    for (i=0; i<l; i++)
    memset(clientid, 0, sizeof(clientid));
    memset(state,0,sizeof(state));
    p = Ffind32(in,TA_CLIENTID,i,NULL);
    Fchg32(SndBuf, TA_CLIENTID, 0, p, 0);
    ret = tpcall(".TMIB", (char *)SndBuf, 0, (char **)&RcvBuf,
    &rcvlen, (long)0);

Maybe you are looking for