SGD cannot access Active Directory

Similar Messages

• Cannot add Active Directory Domain Services role on - DirectoryServices-DomainController . Status: -2147021879 (80070bc9)

  Hi everyone,
  I've been banging my head against this for a while and hope someone can help me.
   Running Windows Server 2008 R2 Standard with Service Pack 1.
  When I try to add the Active Directory Domain Services role to the server it gets to about 90% complete and then dies.
  The ServerManager.log shows the following information, I have run the System Readiness Tool - output below - with no errors found.
  At a loss on what to do next. The only other links I've found suggest rebuilding the server which I would really like to avoid...
  Help appreciated,
  John
  ServerManager.log (extract)
  ==========
  name : Active Directory Domain Services
  state : Changed
  rank : 1
  sync tech: CBS
  guest[1] : Active Directory Domain Controller
  guest[2] : Identity Management for UNIX
  ant. : empty
  pred. : empty
  provider : null
  name : Active Directory Domain Controller
  state : Changed
  rank : 4
  sync tech: CBS
  ant. : .NET Framework 3.5.1
  pred. : Active Directory Domain Services, .NET Framework 3.5.1
  provider : Provider
  8720: 2012-01-18 10:54:41.853 [Sync] Calling sync provider of Active Directory Domain Controller ...
  8720: 2012-01-18 10:54:41.853 [Provider] Sync:: guest: 'Active Directory Domain Controller', guest deleted?: False
  8720: 2012-01-18 10:54:41.853 [Provider] Begin installation of 'Active Directory Domain Controller'...
  8720: 2012-01-18 10:54:41.853 [Provider] Install: Guest: 'Active Directory Domain Controller', updateElement: 'DirectoryServices-DomainController'
  8720: 2012-01-18 10:54:41.853 [Provider] Installation queued for 'Active Directory Domain Controller'.
  8720: 2012-01-18 10:54:41.853 [CBS] installing 'DirectoryServices-DomainController ' ...
  8720: 2012-01-18 10:54:42.399 [CBS] ...parents that will be auto-installed: 'NetFx3 '
  8720: 2012-01-18 10:54:42.399 [CBS] ...default children to turn-off: 'WCF-HTTP-Activation '
  8720: 2012-01-18 10:54:42.415 [CBS] ...current state of 'DirectoryServices-DomainController': p: Staged, a: Staged, s: UninstallRequested
  8720: 2012-01-18 10:54:42.415 [CBS] ...setting state of 'DirectoryServices-DomainController' to 'InstallRequested'
  8720: 2012-01-18 10:54:42.430 [CBS] ...current state of 'NetFx3': p: Installed, a: Installed, s: InstallRequested
  8720: 2012-01-18 10:54:42.430 [CBS] ...skipping 'NetFx3' because it is already in the desired state.
  8720: 2012-01-18 10:54:42.430 [CBS] ...current state of default child 'WCF-HTTP-Activation': p: Installed, a: Installed, s: InstallRequested
  8720: 2012-01-18 10:54:42.430 [CBS] ...skipped child 'WCF-HTTP-Activation' because it is already installed
  8720: 2012-01-18 10:54:42.461 [CBS] ...'DirectoryServices-DomainController' : applicability: Applicable
  8720: 2012-01-18 10:54:42.461 [CBS] ...'NetFx3' : applicability: Applicable
  8720: 2012-01-18 10:54:42.539 [CbsUIHandler] Initiate:
  8720: 2012-01-18 10:54:42.539 [InstallationProgressPage] Installing...
  8720: 2012-01-18 10:54:42.758 [InstallationProgressPage] Verifying installation...
  8720: 2012-01-18 10:54:42.758 [InstallationProgressPage] Installing...
  8720: 2012-01-18 10:55:03.740 [CbsUIHandler] Error: -2147021879 :
  8720: 2012-01-18 10:55:03.740 [CbsUIHandler] Terminate:
  8720: 2012-01-18 10:55:03.787 [InstallationProgressPage] Verifying installation...
  8720: 2012-01-18 10:55:03.802 [CBS] ...done installing 'DirectoryServices-DomainController '. Status: -2147021879 (80070bc9)
  8720: 2012-01-18 10:55:03.818 [Provider] Skipped configuration of 'Active Directory Domain Controller' because install operation failed.
  8720: 2012-01-18 10:55:03.818 [Provider]
  [STAT] ---- CBS Session Consolidation -----
  [STAT] For
  'Active Directory Domain Controller'[STAT] installation(s) took '21.9535541' second(s) total.
  [STAT] Configuration(s) took '0.0007754' second(s) total.
  [STAT] Total time: '21.9543295' second(s).
  8720: 2012-01-18 10:55:03.818 [Provider] Error (Id=0) Sync Result - Success: False, RebootRequired: True, Id: 110
  8720: 2012-01-18 10:55:03.818 [Provider] Error (Id=0) Sync Message - OperationKind: Install, MessageType: Error, MessageCode: -2147021879, Message: <null>, AdditionalMessage: The requested operation failed. A system reboot is required to roll back changes made
  8720: 2012-01-18 10:55:03.818 [InstallationProgressPage] Sync operation completed
  8720: 2012-01-18 10:55:03.818 [InstallationProgressPage] Performing post install/uninstall discovery...
  8720: 2012-01-18 10:55:03.833 [Provider] C:\Windows\system32\ServerManager\Cache\CbsUpdateState.bin does not exist.
  8720: 2012-01-18 10:55:03.833 [CBS] IsCacheStillGood: False.
  8720: 2012-01-18 10:55:04.333 [CBS] >>>GetUpdateInfo--------------------------------------------------
  8720: 2012-01-18 10:55:34.784 [CBS] Error (Id=0) Function: 'ReadUpdateInfo()->Update_GetInstallState' failed: 80070bc9 (-2147021879)
  8720: 2012-01-18 10:55:34.784 [CBS] <<<GetUpdateInfo--------------------------------------------------
  8720: 2012-01-18 10:55:34.815 [DISCOVERY] hr: -2147021879 -> reboot required.
  8720: 2012-01-18 10:55:34.831 [InstallationProgressPage] About to load finish page...
  8720: 2012-01-18 10:55:34.831 [InstallationFinishPage] Loading finish page
  8720: 2012-01-18 10:55:34.831 [InstallationFinishPage] Finish page loaded
  CheckSUR.log
  =================================
  Checking System Update Readiness.
  Binary Version 6.1.7601.21645
  Package Version 13.0
  2012-01-18 10:33
  Checking Windows Servicing Packages
  Checking Package Manifests and Catalogs
  Checking Package Watchlist
  Checking Component Watchlist
  Checking Packages
  Checking Component Store
  Summary:
  Seconds executed: 220
  No errors detected

  Hi John,
  Thanks for posting.
  Performed some research and some results say that this problem can be caused by HD Write Caching.
  To disable Write Caching:
  1. Go to Device Manager.
  2.Click the plus sign (+) next to the Disk Drives branch to expand it.
  3.Right-click the drive on which you want to enable or disable disk write caching, and then click Properties.
  4.Click the Disk Properties tab.
  5.Click to select or clear the Write Cache Enabled check box as appropriate.
  6.Click OK.
  If no luck, Please check if any erros can be found in Event log, Dcpromoui.Log and Dcpromo.log
  The following articles maybe helpful to you:
  Known Issues for Installing and Removing AD DS
  http://technet.microsoft.com/en-us/library/cc754463(v=WS.10).aspx
  You cannot install Active Directory Domain Services
  http://support.microsoft.com/kb/975142
  Thanks
  ZHANG

• SCVMM 2008 R2 - "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS)."

  I know this question has been asked before, but never for R2, that I can tell, and the posted fixes aren't working. I have just installed SCVMM 2008 R2 on a Windows Server 2008 R2 server, using a remote SQL 2008 SP1 database. When I attempt to connect to SCVMM, I get the following error:
  "The SQL Server service account does not have permission to access Active Directory Domain Services (AD DS).
  Ensure that the SQL Server service is running under a domain account or a computer account that has permission to access AD DS. For more information, see "Some applications and APIs require access to authorization information on account objects" in the Microsoft Knowledge Base at http://go.microsoft.com/fwlink/?LinkId=121054.
  ID: 2607"
  What I've seen online is that this is usually becuase the domain account SCVMM is running as does not have the proper permissions on the SQL database. Here's what I've confirmed:
  1) My SCVMM service account is a local admin on the SCVMM server
  2) My SCVMM service account is a dbowner on the SCVMM database in SQL
  3) My SQL service account is a dbowner on the SCVMM database in SQL
  4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still "doesn't have access to AD DS," which is obviously untrue)
  5) Neither service account is locked out
  Has anyone run in to this? It says in Technet that remote SQL 2008 is supported, as long as the SQL management studio is installed to the SCVMM server, and I installed and patched before I began the SCVMM installation. I just don't know what else to try - I have no errors in event logs, no issues during the installation itself...
  Andrew Topp

  That answer was very unhelpful fr33m4n. The individual mentions that they've received the error that points to the KB article. I currently receive the same error -- there seems to be no resolution. I've run the Microsoft VBS script to add TAUG to the WAAG
  as suggested by 331951, and that made absolutely no difference.
  1) My SCVMM service account is a local admin on the SCVMM server
  2) My SCVMM service account is a dbowner on the SCVMM database in SQL
  3) My SQL service account is a dbowner on the SCVMM database in SQL
  4) My SQL service account is a domain user (even made it a domain admin, just in case, and it still
  "doesn't have access to AD DS," which is obviously untrue)
  The user is also a member of WAAG, the machines have delegated authority to each other. Is there any other solution?

• SGD 4.7 - Cannot enable Active Directory authentication

  I've followed the steps in the Admin Guide, and have a service object created.  Running tarantella service list --name service_name produces the following output (obfuscated):
  Name:  service_name
  Enabled: 1
  Url: ad://url_to_dc
  Base-domain: same as above
  Security-mode: kerberos
  Type: ad
  ...all of which looks correct.  I've added the recommended log filters.  Directory services (server/directoryservices/*) returns the following INFO message when attempting a logn:
  No Login authorities are available.
  The configured service objects will not be used.
  When I click the "Test" button in the service object property screen, the above log fills with what look like appropriate log messages and a Success result from the AD server, then the above message is displayed.  Running the tarantella config list | grep login command produced the following output:
  login-ad-base-domain:  same domain as above
  login-ad-default-domain: ""
  login-ldap-thirdparty-ens: 1
  login-lday-thirdparty-profile: 1
  login-thirdparty-ens: 0
  login-thirdparty-nonens: 0
  login-thirdparty-superusers:  sgd_trusted_user
  login-web-tokenvalidity: 180
  server-login: enabled
  Any ideas?

  Problems can be
  Incorrect domain
  Name resolutions fails: OSGD server must be able to resolve the global catalog server
  Timeserver: OSGD server must have the same time as the AD
  Wrong /etc/krb5.conf
  Global Catalog Server
  Check, if the domain has a global catalog server:
  nslookup -query=any _gc._tcp.DOMAIN_lowercase 
  Example for Domain TBSOL.DE 
  [root@tab-ol5u7-SGD1dev-adm tmp]# nslookup -query=any _gc._tcp.tbsol.de 
  Server:         192.168.99.1
  Address:        192.168.99.1#53
  Non-authoritative answer:
  _gc._tcp.tbsol.de       service = 0 100 3268 office-ad.tbsol.de.
  Authoritative answers can be found from:
  tbsol.de        nameserver = office-ad.tbsol.de.
  office-ad.tbsol.de      internet address = 172.16.1.14
  Kerberos Layer
  Simple Kerberos file
  [libdefaults] 
    default_realm = TBSOL.DE
    default_tkt_enctypes = rc4-hmac
    default_tgs_enctypes = rc4-hmac
  [realms]
     TBSOL.DE = {
       kdc = office-ad.tbsol.de
       admin_server = office-ad.tbsol.de
  [domain_realm]
     .tbsol.de = TBSOL.DE
     tbsol.de = TBSOL.DE
  Icon
  The format (tabs and spaces) of the Kerberos file is not relevant.
  (other experience: after correcting the format of the kerberos file, pwd change works !)
  Use kinit to test the Kerberos file.
  Tarantella needs a restart, if this file is changed.
  Icon
  The OSGD documentation mentions in "2.2.4.2 Active Directory Password Expiry" to set
  kpasswd_protocol = SET_CHANGE
  This was not needed in these tests.
  Login check via kinit
  kinit <userprincibalename>@DOMAIN_uppercase 
  Example of kinit 
  [root@tab-ol5u7-SGD1dev-adm tmp]# kinit [email protected]; echo $? 
  Password for [email protected]:
  kinit(v5): Preauthentication failed while getting initial credentials
  1
  [root@tab-ol5u7-SGD1dev-adm tmp]# kinit [email protected]; echo $?
  Password for [email protected]:
  0
  [root@tab-ol5u7-SGD1dev-adm tmp]#
  Check password change with KPASSWD
  [root@tab-ol5u7-SGD1dev-adm log]# kpasswd [email protected] 
  Password for [email protected]:
  Enter new password:
  Enter it again:
  Password changed.
  Check password change on AD request
  Mark user, that he has to change his password on the next login in the AD.
  [root@tab-ol5u7-SGD2dev-adm tmp]# kinit [email protected] 
  Password for [email protected]:
  Password expired.  You must change it now.
  Enter new password:
  Enter it again:
  [root@tab-ol5u7-SGD2dev-adm tmp]# kinit [email protected]
  C

• Cannot install Active Directory Domain Services on Server 2012 R2

  Hi all,
  I'm having some trouble installing the AD DS role onto my virtual server. I keep getting "The request to add or remove features on the specified server failed. The operation cannot be completed because the server that you specified requires a restart."
  After the install fails the DFS Namespace service stops and I cannot refresh the server manager. 
  This server is currently dishing out DHCP and also has VIPRE anti virus on it. 
  I did a ton of research on the problem but can not find anything specific to this issue.
  Any help would be greatly appreciated. Thanks!

  Hi Dave,
  I ran the DISM.EXE/Online/Cleanup-image/Restorehealth command and Windows did not find any corruption. 
  I then attempted to install active directory and was greeted with the same errors as I expressed in my first post. 
  I ran the DISM.EXE/Online/Cleanup-image/Restorehealth command again and windows found corruption and fixed the corruption. 
  I tried to install active directory again (was able to refresh the server manager at this point and did not need to reboot the server to attempt another install, maybe that is the corruption windows fixed?) but it failed.... with the same errors I always
  get. 
  The active directory install always freezes on 64% and then bombs out. 
  I shutdown the VM and rebooted... before the login screen Windows attempts to configure updates but fails. Could this be the cause?
  Thank you,
  -Matt

• Accessing ACTIVE DIRECTORY FROM JAVA CODE

  I am trying to access the Active DIrectory user through a java code.
  Kindly let me know the steps apart from creating the user in ADS to be followed so that the following java code may work.
  presently it is giving the following error.
  problem serching the directory
  //package com.axa;
  import java.util.Hashtable;
  import javax.naming.ldap.*;
  import javax.naming.directory.*;
  import javax.naming.*;
  public class AdHelper
       public static void main(String args[])
  System.out.println("1");
            Hashtable env = new Hashtable();
            String adminName = "CN=user,CN=Users,DC=BDC4AXA.CO.IN";
            String adminPassword = "user";
            String ldapURL = "ldap://10.1.242.51:636";
  System.out.println("2");
            env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
            env.put(Context.SECURITY_AUTHENTICATION,"simple");
            env.put(Context.SECURITY_PRINCIPAL,adminName);
            env.put(Context.SECURITY_CREDENTIALS,adminPassword);
            env.put(Context.PROVIDER_URL,ldapURL);
  System.out.println("3");
            try {
                 // Create the initial directory context
                 DirContext ctx = new InitialLdapContext(env,null);
  System.out.println("4");
                 SearchControls searchCtls = new SearchControls();
            System.out.println("5");
                 //Specify the attributes to return
                 String returnedAtts[]={"sn","givenName","mail"};
                 searchCtls.setReturningAttributes(returnedAtts);
                 //Specify the search scope
                 searchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
                 //specify the LDAP search filter
                 String searchFilter = "(&(objectClass=user)(mail=*))";
  System.out.println("6");
                 //Specify the Base for the search
                 String searchBase = "DC=ANTIPODES,DC=COM";
  System.out.println("7");
                 //initialize counter to total the results
                 int totalResults = 0;
                 // Search for objects using the filter
                 NamingEnumeration answer = ctx.search(searchBase, searchFilter, searchCtls);
  System.out.println("8");               //Loop through the search results
                 while (answer.hasMoreElements()) {
            SearchResult sr = (SearchResult)answer.next();
                 totalResults++;
  System.out.println("9");
                 System.out.println(">>>" + sr.getName());
                 Attributes attrs = sr.getAttributes();
                      if (attrs != null) {
                           try {
                           System.out.println(" surname: " + attrs.get("sn").get());
                           System.out.println(" firstname: " + attrs.get("givenName").get());
                           System.out.println(" mail: " + attrs.get("mail").get());
                           catch (NullPointerException e)     {
                           System.out.println("Errors listing attributes: " + e);
                 System.out.println("Total results: " + totalResults);
                 ctx.close();
                 catch (NamingException e) {
                 System.err.println("Problem searching directory: " + e);
            catch(Exception e)
                 System.out.println("Unhandled Exception: " + e);
  }

  This is what I have for my LDAP connection.
  public Hashtable<String, String> env = null;
       public LdapContext ldapContext = null;
       public Control[] connCtls = null;
       Context ctx;
       DirContext dirContext;
  public LDAPAuth(String ldapurl) {
            ldapurl = "ldap://" + serverIP + ":389";
            try {
                 env = new Hashtable<String, String>();
                 env.put(Context.INITIAL_CONTEXT_FACTORY,
                           "com.sun.jndi.ldap.LdapCtxFactory");
                 env.put(Context.SECURITY_AUTHENTICATION, "simple");
                 env.put(Context.PROVIDER_URL, ldapurl);
                 env.put(Context.SECURITY_PRINCIPAL, "cn=username,cn=users" + baseName);
                 env.put(Context.SECURITY_CREDENTIALS, "password" + baseName);
                 env.put(Context.SECURITY_PROTOCOL, "ssl");
                 ctx = new InitialContext(env);
            } catch (Exception e) {
                 System.out.println(" bind error: " + e);
                 e.printStackTrace();
            try {
                 ldapContext = new InitialLdapContext(env, connCtls);
            } catch (AuthenticationException e) {
                 System.out.println("Authentication exception " + e);
            } catch (NamingException e) {
                 System.out.println("Naming exception " + e);
       public Attributes fetch(String username) throws NamingException {
            DirContext ctx = new InitialDirContext(env);
            Attributes attributes = ctx.getAttributes(username);
            try {
                 System.out.println("fetching: " + username);
                 Object obj = ctx.lookup("cn=" + username
                           + baseName);
                 System.out.println("cn=" + username + baseName + "is bound to: " + obj);
                 //attributes = obj.getAttributes("");
                 for (NamingEnumeration<?> ae = attributes.getAll(); ae
                           .hasMoreElements();) {
                      Attribute attr = (Attribute) ae.next();
                      String attrId = attr.getID();
                      for (NamingEnumeration<?> vals = attr.getAll(); vals.hasMore();) {
                           String value = vals.next().toString();
                           System.out.println(attrId + ": " + value);
            } catch (NamingException e) {
                 System.out.println(" Problem looking up " + username + baseName + ". " + e);
            return attributes;
  Now, I'm sure it has something to do with how I'm passing in the username and the groups. But I want to have ANY user log in, not just this test. I may be a little confused on how this works, but if anyone could explain to me why what I am trying to do doesn't work, I would greatly appreciate it.
  Thanks in advance,
  Tetsuya.
  Edited by: tetsuyamasamune on Sep 8, 2008 3:55 PM

• Accessing Active-Directory through a Java Swing Desktop Appl

  I have a desktop application in which, I have an options window. In the window, I use a button to access the active directory(address-book) - when I click the button, the active directory window(the way the address book opens in microsoft-outlook) should open.
  I wish to know where can I find information to implement this requirement. It would be even better if there's a solution posted!

  Find how to do that from the command line. Perhaps there's an executable you can run or something like that. (Note that this is not a Java Programming question but something to do with your operating system.) Then use a ProcessBuilder to do that command-line thing.

• Cannot Retrieve Active Directory Groups

  Hi All
  I recently connected my ACS deployment to Active Directory 2003. However when I try to add the active directory groups for group mapping, i.e. navigating to Users and Identity Stores > External Identity Stores > Active Directory > Directory Groups Tab and click select.
  My GUI on IE just loops and does not display anything(it does not freeze). On Firefox I receive "The connection was reset" error.
  Any ideas?
  Thanks in Advance

  Do you have the proper AD permissions set for the AD account used to join ACS to the domain?
  Note: AD account required for domain access in ACS should have either of these:
  Add workstations to domain user right in corresponding domain.
  Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is created before joining ACS machine to the domain.
  Thank you for rating helpful posts!

• Windows 2008 Server - Cannot run Active Directory Users and Computers

  Hi,
  I am running Windows 2008 Server with latest windows updates installed. Directory Services Role also.
  I attempt to open Active Directory Users and Computers tool and I get a;
  Microsoft Visual C++ Runtime Library error;
  "The Application has requested the runtime to terminate it in a unusual way. Please contact the application's support team for more information"
  I click ok, then get the following debug info;
  Problem signature:
  Problem Event Name: APPCRASH
  Application Name: mmc.exe
  Application Version: 6.0.6001.18000
  Application Timestamp: 47919524
  Fault Module Name: msvcrt.dll
  Fault Module Version: 7.0.6001.18000
  Fault Module Timestamp: 4791ad6b
  Exception Code: 40000015
  Exception Offset: 0000000000029b06
  OS Version: 6.0.6001.2.1.0.272.7
  Locale ID: 3081
  Additional Information 1: 43aa
  Additional Information 2: cf3a46656318492c1997480001b6b0e0
  Additional Information 3: 3837
  Additional Information 4: 92f72e0d0589ff77cef51e0a413aeff6
  Read our privacy statement:
  http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409
  If someone could please assist, it would be very much appreciated.
  Regards
  B

   
  Hi,
  To solidly troubleshoot this kind of issue, we need to debug dump file. A suggestion would be to contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
  To obtain the phone numbers for specific technology request please take a look at the web site listed below:
  http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
  However, I am also glad to share my research.
  Some third party applications may lead to this error. Please check if you install other third party applications on Windows server 2008?
  Also, please follow the article below to perform necessary steps to see how it's going?
  FIX: You receive an "invalid page fault in module MSVCRT.DLL" error message after you install the run-time libraries from Visual C++ 6.0
  http://support.microsoft.com/kb/190536/en-us
  Hope this helps.
  Best wishes
  Morgan Che

• Accessing active directory with javascript client object model

  Hello All,
  my requirement is to get user profile "picture" from
  active directory of my org. to my sharepoint 2013 intranet site via
  java script client object model programming.
  I am successful in retrieving user details (including pics) from user profile services using SP.UserProfile.js but it will show only user who are added in SharePoint groups. But, I need all company users (10,000+ user's) data like name, dept, photo etc.
  If the solution is not feasible with JSOM, please provide any alternative.
  Pls. assist.
  Thanks, Chintan

  You can import profile from AD directly to sharepoint and use it
  Check below:
  http://blogs.technet.com/b/harmeetw/archive/2011/09/10/importing-thumbnail-photos-from-ad-active-directory-into-sharepoint-2010.aspx
  Once imported you need to run below:
  Update-SPProfilePhotoStore -CreateThumbnailsForImportedPhotos 1 -MySiteHostLocation
  http://<YourServerName>/my
  The cmdlet was introduced in this fix:
  http://support.microsoft.com/kb/2394320  (14.0.5128.5000)
  http://blogs.technet.com/b/lukeb/archive/2013/01/04/sharepoint-import-a-picture-from-ad-for-the-user-profile.aspx

• Cannot Access OpenLDAP Directory Server for Windows

  Hi All,
  Need urgent help for connecting to LDAP server which I installed on my Win 2000 Professional m/c. The LDAP installation was downloaded from the site www.ilex.fr/openldap. I successfully installed it. In the slapd.conf file, I have set the server suffice as dc=mycompany,dc=com and the rootdn is cn=Manager,dc-mycompany,dc=com. I have the following piece of code which tries to list the Java schema in the LDAP directory. The code was downloaded from sun's JNDI tutorial. The name of the Program is
  CreateJavaSchema and it is run by giving the following options:
  -l     List the Java schema in the directory
  -n<dn>      Use <dn> as the distinguished name for authentication
  -p<passwd>     Use <passwd> as the password for authentication
  -a<auth>     Use <auth> as the authentication mechanism. Default is "simple".
  I tried to run the program as java CreateJavaSchema -ncn=Manager,dc=mycompany,dc=com -psecret99
  where secret99 is the root password . However I get the following exception
  javax.naming.CommunicationException: localhost:389. Root exception is java.net.ConnectException: Connection refused: connect
  Can somone help me with this?
  Thanks

  The Code ..yes
  Here it is: .This code is availbale from JNDI tutorial. I run the program by specifying following command-line arguments.
  java ListJavaSchema -ncn=Manager,dc=mycompany,dc=com -psecret99.
  However I get the exception "javax.naming.CommunicationException: localhost:389. Root exception is java.net.ConnectException: Connection refused: connect"
  import javax.naming.*;
  import javax.naming.directory.*;
  import java.util.Hashtable;
  public class ListJavaSchema {
  protected static String dn, passwd, auth;
  protected static boolean netscapebug;
  // NS 4.1 has problems parsing an object class definition which contains
  // a MUST clause without parentheses. The workaround is to add a
  // superfluous value (objectClass) to each MUST clause.
  // It also doesn't like the Octet String syntax (use Binary instead)
  protected static boolean netscape41bug = false;
  // AD supports auxiliary classes in a peculiar way.
  protected static boolean activeDirectorySchemaBug = false;
  protected static boolean traceLdap = false;
  protected static final int LIST = 0;
  protected static final int UPDATE = 1;
  private static String[] allAttrs = {
       "javaSerializedObject",
       "javaFactoryLocation",
       "javaReferenceAddress",
       "javaFactory",
       "javaClassName",
       "javaClassNames",
       "javaDoc",
       "javaSerializedData",
       "javaCodebase",
       "javaFactory",
       "javaReferenceAddress"};
  private static String[] allOCs = {
       "javaObject",
       "javaNamingReference",
       "javaSerializedObject",
       "javaRemoteObject",
       "javaMarshalledObject",
       "javaContainer"};
  public static void main(String[] args) {
       new ListJavaSchema().run(args, allAttrs, allOCs);
  ListJavaSchema() {
  protected void run(String[] args, String[] attrIDs, String[] ocIDs) {
       int cmd = processCommandLine(args);
       try {
       DirContext ctx = signOn();
       System.out.println("Context: "+ctx);
       switch (cmd) {
       case UPDATE:
  //          updateSchema(ctx, attrIDs, ocIDs);
            break;
       default:
            showSchema(ctx, attrIDs, ocIDs);
       } catch (NamingException e) {
       e.printStackTrace();
  * Signs on to directory server using parameters supplied to program.
  * @return The initial context to the server.
  private DirContext signOn() throws NamingException {
       if (dn != null && auth == null) {
       auth = "simple";      // use simple for Netscape
       Hashtable env = new Hashtable();
       env.put(Context.INITIAL_CONTEXT_FACTORY,
       "com.sun.jndi.ldap.LdapCtxFactory");
       env.put(Context.REFERRAL, "follow");
       if (auth != null) {
       env.put(Context.SECURITY_AUTHENTICATION, auth);
       env.put(Context.SECURITY_PRINCIPAL, dn);
       env.put(Context.SECURITY_CREDENTIALS, passwd);
       // Workaround for Netscape schema bugs
       if (netscapebug) {
       env.put("com.sun.naming.netscape.schemaBugs", "true");
       // LDAP protocol tracing
       if (traceLdap) {
       env.put("com.sun.jndi.ldap.trace.ber", System.err);
  System.out.println("HashMap: "+env);
       return new InitialDirContext(env);
  void showSchema(DirContext ctx, String[] attrs, String[] ocs)
       throws NamingException {
       DirContext attrRoot =
       (DirContext)ctx.getSchema("").lookup("AttributeDefinition");
       printSchema(attrRoot, attrs);
       DirContext ocRoot =
       (DirContext)ctx.getSchema("").lookup("ClassDefinition");
       printSchema(ocRoot, ocs);
  private void printSchema(DirContext ctx, String[] ids) {
       for (int i = 0; i < ids.length; i++) {
       try {
            System.out.print(ids[i] + ": ");
            System.out.print(ctx.getAttributes(ids));
       } catch (NamingException e) {
       } finally {
            System.out.println();
  private int processCommandLine(String[] args) {
       String option;
       boolean schema = false;
       boolean list = false;
       for (int i = 0; i < args.length; i++) {
       option = args[i];
       if (option.startsWith("-h")) {
            printUsage(null);
       if (option.startsWith("-s")) {
            schema = true;
            netscapebug = option.equals("-sn");
            netscape41bug = option.equals("-sn41");
            activeDirectorySchemaBug = option.equals("-sad");
       } else if (option.startsWith("-l")) {
            list = true;
       } else if (option.startsWith("-a")) {
            auth = option.substring(2);
       } else if (option.startsWith("-n")) {
            dn = option.substring(2);
       } else if (option.startsWith("-p")) {
            passwd = option.substring(2);
       } else if (option.startsWith("-trace")) {
            traceLdap = true;
       } else {
            // invalid option
            printUsage("Invalid option");
       if (!schema) {
       return LIST;
       } else {
       return UPDATE;
  protected void printUsage(String msg) {
       printUsageAux(msg, "Java");
  protected void printUsageAux(String msg, String key) {
       if (msg != null) {
       System.out.println(msg);
  System.out.print("Usage: ");
  System.out.println("java [-Djava.naming.provider.url=<ldap_server_url>] \\");
  System.out.println(" Create" + key + "Schema [-h|-l|-s[n|n41|ad]] [-n<dn>] [-p<passwd>] [-a<auth>]");
  System.out.println();
  System.out.println(" -h\t\tPrint the usage message");
  System.out.println(" -l\t\tList the " + key + " schema in the directory");
  System.out.println(" -sn\tUpdate schema:");
  System.out.println(
  "\t\t -sn use workaround for Netscape Directory pre-4.1 schema bug");
  System.out.println(
  "\t\t -sn41 use workaround for Netscape Directory 4.1 schema bug");
  System.out.println(
  "\t\t -sad use workaround for Active Directory schema bug");
  System.out.println(" -n<dn>\tUse <dn> as the distinguished name for authentication");
  System.out.println(" -p<passwd>\tUse <passwd> as the password for authentication");
  System.out.println(" -a<auth>\tUse <auth> as the authentication mechanism");
  System.out.println("\t\t Default is 'simple' if dn specified; otherwise 'none'");
       System.exit(-1);

• Cannot access directory services

  cisco unified call manager 5.0(4) services like corporate directory and logout service,keep on hanging periodically,when this happens it also affects the logout service,any ideas ?

  Hi stingray34,
  This issue may occur if TCP/IP filtering is configured to permit only port 80 for TCP/IP traffic. Plese try the following steps to solve this issue:
  Port 389 is used for Lightweight Directory Access Protocol (LDAP) connections. This port is blocked if TCP/IP filtering is configured incorrectly. By default, TCP/IP filtering is configured with the
  Permit All setting. To verify and correct this setting:
  Right-click My Network Places on the domain controller on which you cannot start Active Directory Users and Computers, and then click
  Properties.
  Click Internet Protocol, and then click Properties.
  Click Advanced.
  Click Options.
  Click TCP/IP Filtering, and then click Properties.
  For the TCP/IP Port setting, click Permit All.
  Restart the computer. This opens all TCP ports, including port 389.
  Regards,
  Lany Zhang

• After installing WLS, oracle cannot access directory

  We have installed WLS many times on RHEL 5.6 and cannot determine why, but on occasionthe oracle user loses the ability to access /opt directory. The directory structure is listed as only question marks.
  [oracle@racparticipant opt]$ ll
  total 36
  ?--------- ? ? ? ? ? IrsamInstall
  drwxr-xr-x 12 root root 4096 Jan 5 13:14 likewise
  drwx------ 2 root root 16384 Jan 5 12:46 lost+found
  ?--------- ? ? ? ? ? oracle
  ?--------- ? ? ? ? ? oraInventory
  ?--------- ? ? ? ? ? sun
  drwxr-xr-x 7 root root 4096 Jan 5 13:12 Symantec
  Once this occurs, the oracle user cannot access this directory or its subdirectories. If I login as root, everything is fine.
  We have not found anything online regarding this or anything useful...
  Ideas?

  Form the "id" output showing "context=user_u:system_r:unconfined_t:SystemHigh" I can see you have SELinux enabled.
  Unfortunately I'm not very familiar with SELinux. The Oracle recommendation is usually to have it disabled, not supported, at least prior to 11gR2. You may have to modify the security context of the /opt directory using the chcon command to allow access (http://wiki.centos.org/HowTos/SELinux). Firewall and SELinux are enabled by default and more changes are most likely required for Weblogic to work.
  What happens if you disable SELinux or set it to permissive and try again? You can disable SELinux by editing /etc/selinux/config and change the SELINUX line to SELINUX=disabled. Then reboot the system and try again. Alternatively you can also use the kernel "enforcing=0" parameter or use "echo 0 >/selinux/enforce" to temporarily disable enforcement, but I guess disabling it in /etc/selinux/config is easier.
  Edited by: Dude on Jan 8, 2012 1:46 AM

• Receiver channel cannot access folder

  Hi all,
  my issue is about my ftp receiver channel. the channel cannot access a directory found in a server.
  i am able to access the directory from an ftp cleint but the channel always get a time out due to an invalid address.
  what is weird is that the channel is able to access the server but not the directory in the server.
  i checked other issues in the forum but most wer due to wrong directory names and slashes...
  can anyone please guide me?
  thanks.

  my issue is about my ftp receiver channel. the channel cannot access a directory found in a server.
  i am able to access the directory from an ftp cleint but the channel always get a time out due to an invalid address.
  what is weird is that the channel is able to access the server but not the directory in the server.
  Try the below:
  1. Goto Start ---> run --> drivers --> etc --> hosts --> ADD YOUR HOST NAME AND IP OF THE SERVER HERE
  2.Check the root for the folder to which the ftp has been given For eg: if the ftp is activated on the path C: driver\Inbox then in the communication channel just give the value \ and nothing else as it is directly accessing the folder and the path need not be given.
  This should help.
  Cheers
  Dhwani

• Dynamics CRM 2015 Install requires Active Directory on VM Windows 2012 R2 Server

  Hello,
  I'm trying to install Dynamics CRM 2015 on a standalone VM not connected to a domain (it's running under WIndows 8.1 Professional). The VM was configured using WIndows Server 2012 R2. I'm getting an error message shortly into the install process stating
  it needs to access Active Directory.
  How can I get around this issue - I just want to Install this CRM on the VM without getting into complicate network/AD issues.
  Can you please advise ?
  SO many thanks,
  John

  CRM requires AD no way around that so the most likely solution is to install it on that server or on a VM not connected to your other networks
  Jason Lattimer
  My Blog -  Follow me on Twitter -  LinkedIn