Source of Active Directory
I have googled but couldnt find anything useful. I am looking for any open source or source code for active directory implementation. If anyone here have any links or any suggestions will be greatly appreciated.
checkout with
http://docs.safehaus.org/display/PENROSE/Home
http://www.josso.org/
Similar Messages
-
ISE 1.2 Admin Access via Active Directory
Hi Experts,
Good Day!
I want to configure my ISE 1.2 to authenticate (for admin) against the active directory. I know it is possible but our AD doesn't have any groups named for admins.
Is it possible for the ISE 1.2 to configure a local user ID and check it to the AD for the password of the UserID?
Thanks for your great help.
niksNiks,
I just got done doing this. First of all you have to have the Active Directory setup as an external data source. Once you do that Click on Administration - - Admin Access.
For the Authentication Type ensure that Password Based is toggled and change your data source to Active Directory (or whatever you named it).
Then click in Administrators - - Admin Users. Click Add a user - - Create Admin User. Ensure to check the External box and you will notice the Password field goes away. Fill out the appropriate information and then assign them to an Admin Group.
Once you are done with that you can test that user by logging out of your ISE session. You will notice that when you try to log back in you will have a choice of the data sources used to authenticate the user. Change the selection to Active Directory and enter the AD user/password for the newly created account you should be good to go.
Make sure that you don't delete or disable your original admin account in this process. (Change the password if you like.) -
Hi Scripting Guy. I am a Server Administrator who is very familiar with Active Directory, but new to PowerShell. Like many SysAdmins, I often need to create multiple accounts (ranging from 3-200) and add them multiple groups (ranging
from 1 - 100). Previously I used VBS scripts in conjunction with an Excel .XLS file (not CSV file). Since VBS is essentially out the door and PowerShell is in - I am having to re-create everthing.
I have written a PowerShell script that bulk creates my users and adds them to their corresponding groups - however, this can only use a CSV file (NOT an XLS file). I understand that "CSV is much easier to use than Excel worksheets", but
most times I have three sets of nearly identical groups (for Dev, QA and Prod). Performing Search and Replace on the Excel template across all four Worksheets ensures the names used are consistent throughout the three environments.
I know each Excel Worksheet can be exported as a separate CSV file and then use the PowerShell scripts as is, but since I am not the only SysAdmin who will be using these it leads to "unnecessary time lost", not to mention the reality that even
though you clearly state "These tabs need to be exported using this naming standard" (to work with the PowerShell scripts) that is not the result.
I've been tasked to find a way to modify my existing PowerShell/CSV scripts to work with Excel spreadsheets/workbooks instead - with no success. I have run across many articles/forums/scirpts that let you update Excel or export AD data into an Excel
spreadsheet (even specifying the worksheet, column and row) - but nothing for what I am trying to do.
I can't imagine that I am the ONLY person who is in this situation/has this need. So, I am hoping you can help. How do I modify my existing scripts to reference "use this Excel spreadsheet, and this specific worksheet in the spreadsheet
prior to performing the New-ADUser/Add-ADGroupMember commands".
For reference, I am including Worksheet/Column names of my Excel Spreadsheet Template as well as the first part of my PowerShell script. M-A-N-Y T-H-A-N-K-S in advance.
Worksheet: Accounts
Columns: samAccountName, CN_DisplayName_Name, sn_LastName, givenName_FirstName, Password, Description, TargetOU
Worksheets: DevGroups / QAGroups / ProdGroups
Columns: GroupName, Members, MemberOf, Description, TargetOU
# Load PowerShell Active Directory module
Write-Host "Loading Active Directory PowerShell module." -foregroundcolor DarkCyan # -backgroundcolor Black
Import-Module ActiveDirectory
Write-Host " "
# Set parameter for location of CSV file (so source file only needs to be listed once).
$path = ".\CreateNewUsers-CSV.csv"
# Import CSV file as data source for remaining script.
$csv = Import-Csv -path $path | ForEach-Object {
# Add '@saccounty.net' suffix to samAccountName for UserPrincipalName
$userPrincinpal = $_."samAccountName" + "@saccounty.net"
# Create and configure new AD User Account based on information from the CSV source file.
Write-Host " "
Write-Host " "
Write-Host "Creating and configuring new user account from the CSV source file." -foregroundcolor Cyan # -backgroundcolor Black
New-ADUser -Name $_."cn_DisplayName_Name" `
-Path $_."TargetOU" `
-DisplayName $_."cn_DisplayName_Name" `
-GivenName $_."givenName_FirstName" `
-SurName $_."sn_LastName" `
-SamAccountName $_."samAccountName" `
-UserPrincipalName $userPrincinpal `Here is the same script as a function:
Function Get-ExcelSheet{
Param(
$fileName = 'C:\scripts\test.xls',
$sheetName = 'csv2'
$conn = New-Object System.Data.OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = $fileName;Extended Properties=Excel 8.0")
$cmd=$conn.CreateCommand()
$cmd.CommandText="Select * from [$sheetName$]"
$conn.open()
$cmd.ExecuteReader()
It is called like this:
Get-ExcelSheet -filename c:\temp\myfilename.xslx -sheetName mysheet
Do NOT change anything in the function and post the exact error. If you don't have Office installed correctly or are running 64 bits with a 32 bit session you will have to adjust your system.
¯\_(ツ)_/¯
HI JRV,
My apologies for not responding sooner - I was pulled off onto another project this week. I have included and called your Get-ExcelSheet function as best as I could...
# Load PowerShell Active Directory module
Write-Host "Loading Active Directory PowerShell module." -foregroundcolor DarkCyan # -backgroundcolor Black
Import-Module ActiveDirectory
Write-Host " "
# JRV This Function Loads the Excel Reader
Function Get-ExcelSheet{
Param(
$fileName = 'C:\scripts\test.xls',
$sheetName = 'csv2'
$conn = New-Object System.Data.OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source = $fileName;Extended Properties=Excel 8.0")
$cmd=$conn.CreateCommand()
$cmd.CommandText="Select * from [$sheetName$]"
$conn.open()
$cmd.ExecuteReader()
# Set parameter for location of CSV file (so source file only needs to be listed once) as well as Worksheet Names.
$sourceFile = ".\NewDocClass-XLS-Test.xlsx"
# Add '@saccounty.net' suffix to samAccountName for UserPrincipalName
$userPrincinpal = $_."samAccountName" + "@saccounty.net"
# Combine GivenName & SurName for DisplayName
$displayName = $_."sn_LastName" + ". " + $_."givenName_FirstName"
# JRV Call the Get-ExcelSheet function, providing FileName and SheetName values
# Pipe the data from source for remaining script.
Get-ExcelSheet -filename "E:\AD_Bulk_Update\NewDocClass-XLS-Test.xlsx" -sheetName "Create DocClass Accts" | ForEach-Object {
# Create and configure new AD User Account based on information from the CSV source file.
Write-Host " "
Write-Host " "
Write-Host "Creating and configuring new user account from the CSV source file." -foregroundcolor Cyan # -backgroundcolor Black
New-ADUser -Name ($_."sn_LastName" + ". " + $_."givenName_FirstName") `
-SamAccountName $_."samAccountName" `
-UserPrincipalName $userPrincinpal `
-Path $_."TargetOU" `
Below is the errors I get:
Exception calling "Open" with "0" argument(s): "The 'Microsoft.Jet.OLEDB.4.0'
provider is not registered on the local machine."
At E:\AD_Bulk_Update\Create-BulkADUsers-XLS.ps1:39 char:6
+ $conn.open()
+ ~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException
Exception calling "ExecuteReader" with "0" argument(s): "ExecuteReader
requires an open and available Connection. The connection's current state is
closed."
At E:\AD_Bulk_Update\Create-BulkADUsers-XLS.ps1:40 char:6
+ $cmd.ExecuteReader()
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : InvalidOperationException -
Error during Configuration of Active Directory Source
While attempting to save the configuration for my Active Directory Source I am receiving the following error messages thus preventing me from being able to save it.
[Error] The configuration is invalid. A configuration must have at least one Synchronization User List.
[Error] You have defined an Active Directory Source that is not included in any Synchronization User List.
[Error] The configuration is invalid. A configuration must have at least one Sun Java(TM) System Directory Source.Did you follow the steps to adding the Sources?
And after adding the sources did you create the SUL?
Try just saving the default settings that allow for the password synchronization. Don't add the acount creations and see if that helps.
Hope I could help, I got stuck there too when I tried it the first time.
Bobby -
ODBC data source link to active directory
Dears:
we have ready application using windows ODBC data source to link to active directory how we can do that in windows 7?This one may help with that.
http://msdn.microsoft.com/en-us/library/windows/desktop/ms681571(v=vs.85).aspx
Something here on Richard's site might also help.
http://www.rlmueller.net/products.htm
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
SSRS Active Directory Data Source LastLogonTimeStamp returns "System._ComObject"
I am working in Report Builder and I have created a Data Source Connection to my Active Directory. I want to get LastLogonTimeStamp from my AD computer objects but when i run the query i get "System._ComObject" instead of a date. All the other
fields return data.
here is my code:
SELECT ADsPath, cn ,objectCategory,name, lastLogonTimestamp
FROM 'LDAP://DC=domain,DC=org'
where objectCategory = 'Computer'
Eventually i would like a query that returns a count of Computer objects where LastLogonTimeStamp is older than 30 days.
I have researched this and found that the LastLogonTimeStamp is a IADsLargeInteger
Value and not an actual date. How can i display this as a date is SSRS Report BuilderHi Ryaed,
The lastLogon and lastLogonTimestamp LDAP timestamps attributes are returned in int64 format (also called Windows NT time format) and the timestamp is the number of 100-nanoseconds intervals (1 nanosecond = one billionth of a second) since Jan 1, 1601 UTC.
So, we cannot tell the exact date and time directly. To convert the Windows NT time format value to human readable date value, you can use the following query:
SELECT ADsPath, cn ,objectCategory,name, DATEADD(Minute,(lastLogonTimeStamp/ 600000000) + DATEDIFF(Minute,GetUTCDate(),GetDate()),CAST('1/1/1601' AS DATETIME2))
FROM 'LDAP://DC=domain,DC=org'
WHERE objectCategory = 'Computer'
Or you can also create a user defined function:
CREATE FUNCTION dbo.udf_Int8_to_DateTime(
@Int8 BIGINT
RETURNS DATETIME2
AS
BEGIN
RETURN (DATEADD(Minute,@Int8 / 600000000 + DATEDIFF(Minute,GetUTCDate(),GetDate()),CAST('1/1/1601' AS DATETIME2)))
END
Then, use the function in the query like below:
SELECT ADsPath, cn ,objectCategory,name, udf_Int8_to_DateTime(lastLogonTimestamp)
FROM 'LDAP://DC=domain,DC=org'
WHERE objectCategory = 'Computer'
Reference:
http://myitforum.com/cs2/blogs/jnelson/archive/2009/08/25/140938.aspx
Regards,
Mike Yin
TechNet Community Support -
Active Directory SSO Sharepoint with External sources
I hope someone can advise me. We use Active Directory (AD FS 2.0 SAML) for authorization/authentication for SSO. Our new library platform that is hosted by a 3rd party complies with CAS 3 (SAML is only supported with CAS 4) they have no plans
to update to CAS 4 anytime soon.
How can I achieve a SSO solution from our SharePoint for users to have seamless access to their respective libraries using the attributes in AD??where did you see this error ? is there anymore details.
i think the account you are using for Sync does not have Replicate Directory Changes permission in AD. follow below article and give Replicate directory changes permission.
http://technet.microsoft.com/en-us/library/hh296982(v=office.15).aspx
Thanks, Noddy -
Error while creating a user in Active Directory.
Hi Guys,
I am creating a custom connector for AD and Exchnage , I am able to create user in AD using my Java Code... but i am also getting below error, I want to finish the operation smoothly.... Please find below error logs.
13:51:15,635 ERROR [STDERR] Data AccessException:
13:51:15,636 ERROR [STDERR] com.thortech.xl.orb.dataaccess.tcDataAccessException: DB_READ_FAILEDDetail: SQL: select UD_AD_CHILD_GRP_NAME from UD_AD_CHILD where UD_AD_CHILD_KEY = Description: ORA-00936: missing expression
SQL State: 42000Vendor Code: 936Additional Debug Info:com.thortech.xl.orb.dataaccess.tcDataAccessException
at com.thortech.xl.dataaccess.tcDataAccessExceptionUtil.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.createException(Unknown Source)
at com.thortech.xl.dataaccess.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataobj.tcDataBase.readPartialStatement(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataaccess.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.dataobj.tcDataSet.executeQuery(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getChildTableFieldValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.getRunTimeValue(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.insertResponseMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostUpdate(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.update(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.updateSchItem(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeProcessAdapter(Unknown Source)
at com.thortech.xl.adapterfactory.events.tcAdpEvent.finalizeAdapter(Unknown Source)
at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpCREATEADUSER.implementation(adpCREATEADUSER.java:85)
at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcORC.insertNonConditionalMilestones(Unknown Source)
at com.thortech.xl.dataobj.tcORC.completeSystemValidationMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.completeCarrierBaseMilestone(Unknown Source)
at com.thortech.xl.dataobj.tcOrderItemInfo.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcUDProcess.eventPostInsert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
at com.thortech.xl.dataobj.tcTableDataObj.save(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beansimpl.tcFormInstanceOperationsBean.setProcessFormData(Unknown Source)
at com.thortech.xl.ejb.beans.tcFormInstanceOperationsSession.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
at org.jboss.ejb.Container.invoke(Container.java:960)
at sun.reflect.GeneratedMethodAccessor135.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
at $Proxy758.setProcessFormData(Unknown Source)
at Thor.API.Operations.tcFormInstanceOperationsClient.setProcessFormData(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
at $Proxy803.setProcessFormData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.handleVerifyProcessData(Unknown Source)
at com.thortech.xl.webclient.actions.DirectProvisionUserAction.goNext(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
at java.lang.Thread.run(Thread.java:619)
Thanks,
Hemantat com.thortech.xl.adapterGlue.ScheduleItemEvents.adpADDUSERTOADGROUP.implementation(adpADDUSERTOADGROUP.java:49)
This is definitely a Custom Adapter because OOTB Adapter name is adpADCSADDUSERTOGROUP and NOT adpADDUSERTOADGROUP
So, it is your custom code and in the code you are passing incorrect value of the Active Directory Child process form...
The correct name is UD_ADUSRC and the Group Name column name is UD_ADUSRC_GROUPNAME.
While you are passing UD_AD_CHILD as the child process form and UD_AD_CHILD_GRP_NAME as Group Name column name..
Use OOTB Adapter... Correct these discrepancies... Your addition of group will work
And since you are creating custom adapter, you need to be more careful and remain consistent throughout..
Then if you want to use UD_AD_CHILD_GRP_NAME, use it everywhere consistently... Pass only this value in the adapter...
And even in lookups, if any... Search everywhere... Keep things consistent... They will work... Because good news is that you are able to create user in AD via Java Code...
And if any post is even slightly helpful, it is a good habit to mark it with helpful or correct ... And also mark the entire question as answered so that other people also are benefited. -
How to install Small Business Server 2008 in an existing Active Directory domain
It is shown on this page:
http://support.microsoft.com/kb/884453, "How to install Small Business Server 2003 in an existing Active Directory domain".
Is it possible to do this with SBS2008 ?
If "YES", are there any published information about the procedure ?Yes, it is. Thank you very much.
But there is something that confuses me - I want to migrate from Win2003Std to SBS2008. And also, I want to keep the existing Win2003Std as a second DC for a long time.
But it is written in the shown article:
... After the migration is finished, you must remove the Source Server from the network within 21 days. ...
Is this rule mandatory for the scenarios where the Source Server is Std, not SBS ? As I know, I can have more than one DC(Win2003Std/Win2008Std) together with SBS2003. But what about SBS2008 ? -
Active Directory LDAP integration; can not see the XMLP_ groups/roles
We have configured XMLP 10.1.3.3 to use "LDAP" as the Security model. The LDAP server is Active Directory running under Windows Server 2003.
It is working to a certain extent:
Users can log on to the XML Publisher using login/password as defined in AD.
-When logged in as administrator, groups (roles) are visible in Admin/Roles and Permissions and can have assigned folders and data sources.
Problems/questions:
The required roles ("XMLP_ADMIN, etc) can not be seen in Admin/Roles and Permissions. Is this as expected or is it an error?
-When logging in as a user who is member of the group/role XMLP_ADMIN, I do not get any administrator privileges (I have not tested the other XMLP_* roles defined in AD yet). So all administration has to be done as the local superuser.
Is there any way to monitor the login process to try and see what goes wrong?
-Roald
-RoaldThe problem has been solved, it was self inflicted, typo in the config file:
<property name="LDAP_PROVIDER_USER_DN" value="Cn=Users;dc=company,dc=com"/>
(semicolon instead of comma after Users).
It is a little surprising that this typo lead to problems with group matching, though. It took some time before this part of the config got enough attention.
-Roald -
Hi,
we are using SAP Netweaver Enterprise Portal 7.0 (SP25) based on Windows 2008 R2/Oracle 11g.
When we setup the Portal, we used the UME of the ECC - ABAP.
The portal is used internally only.
Now we want to provide SSO.
User authenticate against Windows Active Directory (Windows 2003).
We thought SSO via spnego would be the best solution.
Any better alternates, we should use?
We are following the SAP documentation:
SAP-Bibliothek - Benutzerauthentifizierung und Single Sign-On
We still want to create users in ABAP and assign them the portal roles. LDAP access should only have read access, to verify the security token from Active Directory.
When we setup the portal from scratch using ABAP as its UME, in the system configuration, LDAP can't be selected/add as data source.
In case we understand the documentation correctly, we would now need to add LDAP via the configtool for read access.
What is not clear to us, when we active now LDAP via config tool, if we would now lose the ABAP connection.
Is there a tutorial for SSO Netweaver 7.0 EP, like for EP 7.3, available?
In 7.3 SSO is pretty simple to get it running, thanks to the many tutorials here and on the internet.
Thanks for your help.
Best regards
Carlos BehlauHi,
I was able to generate the key via ktab program.
But when I am enable SSO, nothing is happening when I try to log-on via SSO to the portal.
I installed WebDiag tool on the portal server and ran trace.
The users are located in domain: company.com of activate directory.
The Java AS are located in domain: sap.company.com of activate directory.
The sap.company.com domain acts as child of company.com.
When I check the WebDiag trace, I see for the SPNegoLoginModule - the entry "... no key (etype: 23) for realm sap.company.com available ..."
I would except company.com as realm key, as the keytabs have been generated on the domain controller of company.com.
Is it possible to get SSO with child domain running?
Based on the statement of the network folks, child and father domain having a trust.
Thanks for your help.
Best regards
Carlos -
Active Directory Web Services service terminated unexpectedly
Hi everyone:
I'm having a problem with the Active Directory Web Services service does not start. Attach the event ID:
Log System:
Log Name: System
Source: Service Control Manager
Date: 1/6/2015 6:55:19 PM
Event ID: 7034
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxx.dominio.com
Description:
The Active Directory Web Services service terminated unexpectedly. It has done this 35 time(s).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" />
<EventID Qualifiers="49152">7034</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2015-01-06T22:55:19.292471600Z" />
<EventRecordID>32583</EventRecordID>
<Correlation />
<Execution ProcessID="556" ThreadID="1388" />
<Channel>System</Channel>
<Computer>xxx.dominio.com</Computer>
<Security />
</System>
<EventData>
<Data Name="param1">Active Directory Web Services</Data>
<Data Name="param2">35</Data>
<Binary>41004400570053000000</Binary>
</EventData>
</Event>
Log Application:
Log Name: Application
Source: .NET Runtime
Date: 1/6/2015 6:55:13 PM
Event ID: 1026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: xxx.dominio.com
Description:
Application: Microsoft.ActiveDirectory.WebServices.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ServiceModel.CommunicationObjectFaultedException
Stack:
at System.ServiceModel.Channels.CommunicationObject.Close(System.TimeSpan)
at Microsoft.ActiveDirectory.WebServices.WindowsHostService.StartService(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name=".NET Runtime" />
<EventID Qualifiers="0">1026</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-06T22:55:13.000000000Z" />
<EventRecordID>1661713</EventRecordID>
<Channel>Application</Channel>
<Computer>xxx.dominio.com</Computer>
<Security />
</System>
<EventData>
<Data>Application: Microsoft.ActiveDirectory.WebServices.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ServiceModel.CommunicationObjectFaultedException
Stack:
at System.ServiceModel.Channels.CommunicationObject.Close(System.TimeSpan)
at Microsoft.ActiveDirectory.WebServices.WindowsHostService.StartService(System.Object)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
at System.Threading.ThreadHelper.ThreadStart(System.Object)
</Data>
</EventData>
</Event>
And
Log Name: Application
Source: Application Error
Date: 1/6/2015 6:55:13 PM
Event ID: 1000
Task Category: (100)
Level: Error
Keywords: Classic
User: N/A
Computer: xxx.dominio.com
Description:
Faulting application name: Microsoft.ActiveDirectory.WebServices.exe, version: 6.2.9200.16579, time stamp: 0x516356a2
Faulting module name: KERNELBASE.dll, version: 6.2.9200.16864, time stamp: 0x531d34d8
Exception code: 0xe0434352
Fault offset: 0x0000000000047b8c
Faulting process id: 0x4ac
Faulting application start time: 0x01d02a03d45e2d00
Faulting application path: C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report Id: 1273a0f1-95f7-11e4-93f7-3440b59e2092
Faulting package full name:
Faulting package-relative application ID:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Application Error" />
<EventID Qualifiers="0">1000</EventID>
<Level>2</Level>
<Task>100</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-01-06T22:55:13.000000000Z" />
<EventRecordID>1661714</EventRecordID>
<Channel>Application</Channel>
<Computer>xxx.dominio.com</Computer>
<Security />
</System>
<EventData>
<Data>Microsoft.ActiveDirectory.WebServices.exe</Data>
<Data>6.2.9200.16579</Data>
<Data>516356a2</Data>
<Data>KERNELBASE.dll</Data>
<Data>6.2.9200.16864</Data>
<Data>531d34d8</Data>
<Data>e0434352</Data>
<Data>0000000000047b8c</Data>
<Data>4ac</Data>
<Data>01d02a03d45e2d00</Data>
<Data>C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe</Data>
<Data>C:\Windows\system32\KERNELBASE.dll</Data>
<Data>1273a0f1-95f7-11e4-93f7-3440b59e2092</Data>
<Data>
</Data>
<Data>
</Data>
</EventData>
</Event>
I was working about this solution but nothing. "http://blogs.microsoft.co.il/yuval14/2012/06/08/how-to-resolve-error-message-the-active-directory-web-services-service-terminated-unexpectedly-event-id-4079-andor-7034/".
I changed the Microsoft.ActiveDirectory.WebServices.exe.config file, add two line " <add key=”DebugLevel” value=”Info” />
<add key=”DebugLogFile” value=”c:windowsdebugadws.log” />", Attach the log
ADWS Log - AppDomain Microsoft.ActiveDirectory.WebServices.exe with ID 1 - 01/06/2015 17:51:37 ((UTC-04:00) Georgetown, La Paz, Manaus, San Juan)
OS Version Microsoft Windows NT 6.2.9200.0 - CLR Version 4.0.30319.18449
ADWS: [1/6/2015 5:51:37 PM] [1] Main: entered
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeBackupPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeBackupPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeRestorePrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeRestorePrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeAssignPrimaryTokenPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeAssignPrimaryTokenPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeIncreaseQuotaPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeIncreaseQuotaPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeDebugPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeDebugPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeTcbPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeTcbPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: trying to remove priviledge SeShutdownPrivilege
Utils: [1/6/2015 5:51:37 PM] [1] RemovePriviledgeFromProcess: unable to remove SeShutdownPrivilege priviledge because it was absent
Utils: [1/6/2015 5:51:37 PM] [1] RemoveUnnecessaryPriviledges: all present unnecessary priviledges removed successfully
Program: [1/6/2015 5:51:37 PM] [1] Main: Starting Windows service host.
WindowsHostService: [1/6/2015 5:51:37 PM] [1] WindowsHostService constructed
WindowsHostService: [1/6/2015 5:51:37 PM] [4] OnStart: entering.
WindowsHostService: [1/6/2015 5:51:37 PM] [4] OnStart: ServiceStart thread started.
WindowsHostService: [1/6/2015 5:51:37 PM] [6] StartService: entering.
PerfCounters: [1/6/2015 5:51:37 PM] [6] InstallCountersIfNeeded: entered
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: entered
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: System\CurrentControlSet\Services\ADWS key is present
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: System\CurrentControlSet\Services\ADWS\Performance key is present
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: First Counter value is present
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersInstalled: perf counters are installed
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersCurrent: installed perf counter version: 6
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersCurrent: desired perf counter version: 6
PerfCounters: [1/6/2015 5:51:37 PM] [6] AreCountersCurrent: perf counter category ADWS is current
PerfCounters: [1/6/2015 5:51:37 PM] [6] InstallCountersIfNeeded: counters already installed and current, no work needed
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Create Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Delete Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Get Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Put Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Enumerate Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Pull Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Open Enumeration Contexts' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADGroupMember Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADPrincipalGroupMembership Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'SetPassword Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'ChangePassword Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADPrincipalAuthorizationGroup Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'TranslateName Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADDomainController Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADDomain Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'MoveADOperationMasterRole Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetADForest Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'ChangeOptionalFeature Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'GetVersion Operations Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Number of Directory Instances' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Possible Connections' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Allocated Connections' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Reserved Connections' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Non-reserved Connections In Use' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Reserved Connections In Use' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Open Web Service Sessions' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Active Web Service Sessions' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Web Service Sessions Created Per Second' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action LDAP Cache Maximum Possible Size' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action LDAP Cache Connection Creation Rate' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action LDAP Cache Connection Reuse Rate' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action DS RPC Cache Maximum Possible Size' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action DS RPC Cache Connection Creation Rate' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action DS RPC Cache Connection Reuse Rate' performance counter
AdwsPerfCounter: [1/6/2015 5:51:37 PM] [6] AdwsPerfCounter: constructed 'Custom Action Cache Size' performance counter
PerfCounters: [1/6/2015 5:51:37 PM] [6] Initialize: initializing performance counters
PerfCounters: [1/6/2015 5:51:37 PM] [6] Initialize: all performance counters initialized
ADWSHost: [1/6/2015 5:51:37 PM] [6] ADWSHost constructed
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] ProvisionCertificate: using host name for certificate name
Utils: [1/6/2015 5:51:37 PM] [6] GetComputerDnsName: computer name is xxx.dominio.com
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] ProvisionCertificate: using cert name xxx.dominio.com
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] ProvisionCertificate: loaded certificate
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] AddServiceThrottlingBehavior: MaxConcurrentCalls=32, MaxConcurrentSessions=500
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateServiceHost: including UserName endpoints
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateServiceHost: adding endpoints for Windows/
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateServiceHost: adding endpoints for UserName/
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxReceivedMessageSize=1048576, ReceiveTimeout=00:10:00
ADWSHostFactory: [1/6/2015 5:51:37 PM] [6] CreateAdwsTransportWithMessageCredentialBinding: MaxDepth=10, MaxArrayLength=16384, MaxStringContentLength=32768
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] StartConfigurationLoading: entered
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] StartConfigurationLoading: establishing watcher on C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe.Config
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: entered
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for InitialPoolConnections, using default value 5
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 10 for MaxPoolConnections
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 50 for MaxPercentageReservedConnections
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxReservedIdleTimeout, using default value 00:02:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxReservedTimeout, using default value 00:30:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 5 for MaxConnectionsPerUser
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxBindLifetime, using default value 00:15:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxServerDownRetry, using default value 10
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for SyntaxCacheEntryLifetime, using default value 01:00:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 00:30:00 for MaxEnumContextExpiration
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 00:02:00 for OperationTimeout
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 00:02:00 for MaxPullTimeout
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 5 for MaxEnumCtxsPerSession
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 100 for MaxEnumCtxsTotal
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for CertName, using default value NULL
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for MaxGroupOrMemberEntries, using default value 5000
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for CustomActionConnectionCount, using default value 10
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for CustomActionIdleConnectionTimeout, using default value 00:02:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: no value specified for InstanceRediscoveryInterval, using default value 00:01:00
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 32 for MaxConcurrentCalls
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value 500 for MaxConcurrentSessions
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value Info for DebugLevel
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] LoadConfigSettingsFromFile: using loaded value C:\temp\windowsdebugadws.log for DebugLogFile
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] ValidateSettingLimits: entered
ClassManager: [1/6/2015 5:51:37 PM] [6] Start: starting...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [3] ScavengerThread: thread starting
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [3] Scavenger: waking up at 00:00:40 interval
EnumerationContextCache: [1/6/2015 5:51:37 PM] [6] EnumerationContextCache: using timer inverval 00:00:30
InstanceMap: [1/6/2015 5:51:37 PM] [6] InstanceMap: using timer inverval 00:01:00
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadAll: beginning
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadNTDSInstance: entered
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadNTDSInstance: found NTDS Parameters key
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadNTDSInstance: trying to change state to DC
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddRemoveSessionPoolAndDictionaryEntry: trying to change state for identifier ldap:389
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddSessionPool: adding a session pool for NTDS
DirectoryDataAccessImplementation: [1/6/2015 5:51:37 PM] [6] InitializeInstance: entering, instance=NTDS, init=5, max=10
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] InitializeInstance: entering, instance=NTDS, init=5, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 0
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=1, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 1
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=2, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 2
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=3, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 3
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=4, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 4
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=NTDS
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=NTDS, new count=5, max=10
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddRemoveSessionPoolAndDictionaryEntry: state change successful (now hosts identifier ldap:389)
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadGCInstance: entered
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckForGlobalCatalog: entered
DirectoryUtilities: [1/6/2015 5:51:37 PM] [6] GetTimeRemaining: remaining time is 00:02:00
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckForGlobalCatalog: isGlobalCatalogReady: TRUE
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckForGlobalCatalog: NTDS Settings DN: CN=NTDS Settings,CN=XXX,CN=Servers,CN=Alpacoma,CN=Sites,CN=Configuration,DC=dominio,DC=com
DirectoryUtilities: [1/6/2015 5:51:37 PM] [6] GetTimeRemaining: remaining time is 00:02:00
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckForGlobalCatalog: options: 1
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadGCInstance: CheckForGlobalCatalog=True
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadGCInstance: trying to change state to Global Catalog
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddRemoveSessionPoolAndDictionaryEntry: trying to change state for identifier ldap:3268
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddSessionPool: adding a session pool for GC
DirectoryDataAccessImplementation: [1/6/2015 5:51:37 PM] [6] InitializeInstance: entering, instance=GC, init=5, max=10
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] InitializeInstance: entering, instance=GC, init=5, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 0
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=1, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 1
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=2, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 2
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=3, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 3
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=4, max=10
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ConnectionPool: trying to add connection 4
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: entering, instance=GC
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] ConnectionPoolEntry: connection created
ConnectionPool: [1/6/2015 5:51:37 PM] [6] AddConnectionIfPossible: grew pool, instance=GC, new count=5, max=10
InstanceMap: [1/6/2015 5:51:37 PM] [6] AddRemoveSessionPoolAndDictionaryEntry: state change successful (now hosts identifier ldap:3268)
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadADAMInstances: entered
InstanceMap: [1/6/2015 5:51:37 PM] [6] CheckAndLoadAll: caught unexpected exception System.IO.IOException: No more data is available.
at Microsoft.Win32.RegistryKey.Win32Error(Int32 errorCode, String str)
at Microsoft.Win32.RegistryKey.InternalGetSubKeyNames()
at Microsoft.ActiveDirectory.WebServices.InstanceMap.DiscoverInstancesFromRegistry(String regRootKey, String regKeyInstancePrefix, Boolean& instanceEncounteredErrorsOnThisRun, List`1 discoveredInstances, DirectoryType directoryType)
at Microsoft.ActiveDirectory.WebServices.InstanceMap.CheckAndLoadADAMInstances()
at Microsoft.ActiveDirectory.WebServices.InstanceMap.CheckAndLoadAll()
ADWSHost: [1/6/2015 5:51:37 PM] [6] OnClosed: entered
CustomActionCaches: [1/6/2015 5:51:37 PM] [6] StopCaches: disposing Custom Action connection caches
ClassManager: [1/6/2015 5:51:37 PM] [6] Stop: closing down...
EnumerationContextCache: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
QuotaTracker: [1/6/2015 5:51:37 PM] [6] Clear: clearing all usage
DirectoryActionImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
DirectoryDataAccessImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [3] ScavengerThread: woke up
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [3] ScavengerThread: received termination signal, exiting
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing pool
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing (instance=NTDS)...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ProhibitConnectionAcquisition: entering, instance=NTDS
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing pool
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing (instance=GC)...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] ProhibitConnectionAcquisition: entering, instance=GC
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
ConnectionPool: [1/6/2015 5:51:37 PM] [6] Dispose: disposing a ConnectionPoolEntry
ConnectionPoolEntry: [1/6/2015 5:51:37 PM] [6] Dispose: disposing...
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing utility connection NTDS
LdapSessionPoolImplementation: [1/6/2015 5:51:37 PM] [6] Dispose: disposing utility connection GC
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] StopConfigurationLoading: entered
ConfigurationSettings: [1/6/2015 5:51:37 PM] [6] Dispose: disposing
Some Idea, Tks for your help.
migrationsHere a dump file when I try to start the service, I hope can you help me.
Version=1
EventType=CLR20r3
EventTime=130652059133527283
ReportType=2
Consent=1
ReportIdentifier=4368792e-974e-11e4-93f7-3440b59e2092
IntegratorReportIdentifier=4368792d-974e-11e4-93f7-3440b59e2092
NsAppName=Microsoft.ActiveDirectory.WebServices.exe
Response.type=4
Sig[0].Name=Problem Signature 01
Sig[0].Value=V0KXCIQIJBOA2NW5DIQBFTEBV5SCPPFH
Sig[1].Name=Problem Signature 02
Sig[1].Value=6.2.9200.16579
Sig[2].Name=Problem Signature 03
Sig[2].Value=516356a2
Sig[3].Name=Problem Signature 04
Sig[3].Value=System.ServiceModel
Sig[4].Name=Problem Signature 05
Sig[4].Value=4.0.30319.34230
Sig[5].Name=Problem Signature 06
Sig[5].Value=53be5c02
Sig[6].Name=Problem Signature 07
Sig[6].Value=ca
Sig[7].Name=Problem Signature 08
Sig[7].Value=c4
Sig[8].Name=Problem Signature 09
Sig[8].Value=I0SHPZEWVQV4P1UJY40X15MQTHF34RR5
DynamicSig[1].Name=OS Version
DynamicSig[1].Value=6.2.9200.2.0.0.272.7
DynamicSig[2].Name=Locale ID
DynamicSig[2].Value=1033
DynamicSig[22].Name=Additional Information 1
DynamicSig[22].Value=5220
DynamicSig[23].Name=Additional Information 2
DynamicSig[23].Value=52200675db6baa97bf416b02ff886e01
DynamicSig[24].Name=Additional Information 3
DynamicSig[24].Value=0b14
DynamicSig[25].Name=Additional Information 4
DynamicSig[25].Value=0b146b7eb5ed6bd9871c898c60ee5051
UI[2]=C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
UI[5]=Check online for a solution (recommended)
UI[6]=Check for a solution later (recommended)
UI[7]=Close
UI[8]=Microsoft.ActiveDirectory.WebServices stopped working and was closed
UI[9]=A problem caused the application to stop working correctly. Windows will notify you if a solution is available.
UI[10]=&Close
LoadedModule[0]=C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll
LoadedModule[2]=C:\Windows\SYSTEM32\MSCOREE.DLL
LoadedModule[3]=C:\Windows\system32\KERNEL32.dll
LoadedModule[4]=C:\Windows\system32\KERNELBASE.dll
LoadedModule[5]=C:\Windows\SYSTEM32\dlphook.x64.dll
LoadedModule[6]=C:\Windows\SYSTEM32\VERSION.dll
LoadedModule[7]=C:\Windows\system32\PSAPI.DLL
LoadedModule[8]=C:\Windows\system32\ADVAPI32.dll
LoadedModule[9]=C:\Windows\system32\WS2_32.dll
LoadedModule[10]=C:\Windows\system32\msvcrt.dll
LoadedModule[11]=C:\Windows\SYSTEM32\sechost.dll
LoadedModule[12]=C:\Windows\system32\RPCRT4.dll
LoadedModule[13]=C:\Windows\system32\NSI.dll
LoadedModule[14]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscoreei.dll
LoadedModule[15]=C:\Windows\system32\SHLWAPI.dll
LoadedModule[16]=C:\Windows\system32\USER32.dll
LoadedModule[17]=C:\Windows\system32\GDI32.dll
LoadedModule[18]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
LoadedModule[19]=C:\Windows\SYSTEM32\MSVCR110_CLR0400.dll
LoadedModule[20]=C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\51fbf5aac9c6f1aef14557276f98ad28\mscorlib.ni.dll
LoadedModule[21]=C:\Windows\system32\ole32.dll
LoadedModule[22]=C:\Windows\SYSTEM32\combase.dll
LoadedModule[23]=C:\Windows\SYSTEM32\CRYPTBASE.dll
LoadedModule[24]=C:\Windows\SYSTEM32\bcryptPrimitives.dll
LoadedModule[25]=C:\Windows\SYSTEM32\CRYPTSP.dll
LoadedModule[26]=C:\Windows\system32\rsaenh.dll
LoadedModule[27]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clrjit.dll
LoadedModule[28]=C:\Windows\system32\OLEAUT32.dll
LoadedModule[29]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System\803e478b5cb2fe994c4f977853849956\System.ni.dll
LoadedModule[30]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\060758702287150a3b9ca51bfbd135e4\System.ServiceProcess.ni.dll
LoadedModule[31]=C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.Shared.dll
LoadedModule[32]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\af08c33d3e853168e58f0bb32118170b\System.Configuration.ni.dll
LoadedModule[33]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\5641065f716dfd6c76dd7bc6ab18c47a\System.Core.ni.dll
LoadedModule[34]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Xml\b3344890d2d919e93f506faabd08186a\System.Xml.ni.dll
LoadedModule[35]=C:\Windows\system32\urlmon.dll
LoadedModule[36]=C:\Windows\system32\iertutil.dll
LoadedModule[37]=C:\Windows\system32\WININET.dll
LoadedModule[38]=C:\Windows\system32\USERENV.dll
LoadedModule[39]=C:\Windows\system32\profapi.dll
LoadedModule[40]=C:\Windows\SYSTEM32\Secur32.dll
LoadedModule[41]=C:\Windows\SYSTEM32\SSPICLI.DLL
LoadedModule[42]=C:\Windows\system32\SHELL32.dll
LoadedModule[43]=C:\Windows\SYSTEM32\SHCORE.dll
LoadedModule[44]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dire5d62f0a2#\7ab37f1ca732666c1ab41d8e500942e0\System.DirectoryServices.Protocols.ni.dll
LoadedModule[45]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.ServiceModel\4e643cb8b12402db89eb2d5839872b78\System.ServiceModel.ni.dll
LoadedModule[46]=C:\Windows\assembly\NativeImages_v4.0.30319_64\SMDiagnostics\02b9ba874b1c07b6016aa9406745e96b\SMDiagnostics.ni.dll
LoadedModule[47]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Web.Services\f936aad8a951da6674d460db1855a3db\System.Web.Services.ni.dll
LoadedModule[48]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servd1dec626#\8944debbd3293f930c7e37b64aed0d77\System.ServiceModel.Internals.ni.dll
LoadedModule[49]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.IdentityModel\5844c97798b9e56b45cb0e5d3505ffd2\System.IdentityModel.ni.dll
LoadedModule[50]=C:\Windows\system32\crypt32.dll
LoadedModule[51]=C:\Windows\system32\MSASN1.dll
LoadedModule[52]=C:\Windows\SYSTEM32\DPAPI.dll
LoadedModule[53]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runteb92aa12#\3838e7c87e962eaec01572bff0396922\System.Runtime.Serialization.ni.dll
LoadedModule[54]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Servf73e6522#\38df17ed0feec9b27d7d33272eecc176\System.ServiceModel.Web.ni.dll
LoadedModule[55]=C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Dired13b18a9#\4ecba93b4eae5bb0c97205c4e4196702\System.DirectoryServices.ni.dll
LoadedModule[56]=C:\Windows\system32\wldap32.dll
LoadedModule[57]=C:\Windows\system32\mswsock.dll
LoadedModule[58]=C:\Windows\SYSTEM32\DNSAPI.dll
LoadedModule[59]=C:\Windows\System32\rasadhlp.dll
LoadedModule[60]=C:\Windows\System32\fwpuclnt.dll
LoadedModule[61]=C:\Windows\SYSTEM32\IPHLPAPI.DLL
LoadedModule[62]=C:\Windows\SYSTEM32\WINNSI.DLL
LoadedModule[63]=C:\Windows\SYSTEM32\DSPARSE.dll
LoadedModule[64]=C:\Windows\system32\kerberos.DLL
LoadedModule[65]=C:\Windows\SYSTEM32\cryptdll.dll
LoadedModule[66]=C:\Windows\SYSTEM32\bcrypt.dll
LoadedModule[67]=C:\Windows\Microsoft.NET\Framework64\v4.0.30319\diasymreader.dll
FriendlyEventName=Stopped working
ConsentKey=CLR20r3
AppName=Microsoft.ActiveDirectory.WebServices
AppPath=C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe
NsPartner=windows
NsGroup=windows8
Tks for your help.
migrations -
DNS and Active Directory error 4000 server 2008
Hello all,
My network skills aren't very good and I'm facing a dilemma. First off we have two Windows servers on the network. The newest is 2008 Standard (named Vader) and the other is 2000 (dells3). Obviously I'd like to get rid of the 2000, but the people in charge
of my budget haven't given me the option to do so and it's the only back up we have.
Earlier in the week we had lots of problems. One of our nas boxes locked everyone out who was mapped to it and it would only let me log in through the web portal. Two of our Macs our marketing department uses suddenly locked up and wouldn't let them back
in (both were part of the Active Directory). A second nas box won't let certain people map to it and for awhile I had issues logging into Vader itself.
I believe all of these problems are connected to some issues on Vader and possibly in conduction with dells3. In Server Manager under DNS I get error 4000 "The DNS server was unable to open Active Directory.
This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code."
Then under Active Directory Domain Services I get error 2042 "It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded
the tombstone lifetime. Replication has been stopped with this source."
Followed by more text I can post if needed.
Under File Services error 1202 "The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the
next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues."
And finally if I try to open Active Directory Domains and Trusts "The configuration information describing this enterprise is not available. The server is not operational."
I'm not sure where to start or what to post that might help. Any and all help is appreciated.
Edit: Also I can only add dells3 as the DNS on Vader in the DNS Manager if I try to add Vader to itself I get an error.It's the other way around. Overall, I'm advising ripping the 2008 server out of AD and adding it back . Let's look at this as a series of steps:
1.) You do a force demote of the 2008 server because it's tombstoned. This means the 2008 server is no longer a DC. You are doing a force because it doesn't have the ability to replicate. If it could replicate, we'd just do a graceful demotion
and be done with it.
2.) Once the 2008 server is demoted, we go to the 2000 server which holds the only good copy of AD. From that server we run a metadata cleanup using the ntdsutil utility. We use that utility to clean out references to the 2008 server which is
no longer a DC.
3.) Once you have a clean AD, you can then promote the 2008 server back into Active Directory. Make sure Vader is pointing to Dells3 as its primary DNS server before promoting or you'll run into issues.
Hopefully that clarifies things. -
Credential Roaming failed to write to the Active Directory. Error code 5 (Access is denied.)
Hi All,
I could see following error event in all client computers , Could you please some one help me on this ?
Log Name: Application
Source:
Microsoft-Windows-CertificateServicesClient-CredentialRoaming
Event ID: 1005
Level: Error
Description: Certificate Services Client: Credential Roaming failed to write to the Active Directory. Error code 5 (Access is denied.)
Regards, Srinivasu.MuchcherlaIf you are not using certificates and Credential Roaming for clients then simply ignore the error message.
If you are using certificates then you are getting access denied message when Credential Roaming is trying to write to your AD. More details about Credential Roaming here: http://blogs.technet.com/b/askds/archive/2009/01/06/certs-on-wheels-understanding-credential-roaming.aspx
http://blogs.technet.com/b/instan/archive/2009/05/26/considerations-for-implementing-credential-roaming.aspx
This is probably related to the fact that your schema version not 44 or higher: https://social.technet.microsoft.com/Forums/windowsserver/en-US/5b3a6e61-68c4-47d3-ae79-8296cb3be315/certificateservicesclientcredentialroaming-errors?forum=winserverGP
Active Directory
ObjectVersion
Windows 2000
13
Windows 2003
30
Windows 2003 R2
31
Windows 2008
44
Windows 2008 R2
47
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile -
This is for information to help others
KEYWORDS:
- Sharing EFS encrypted files over a personal lan wlan wifi ap network
- Access denied on create new file / new fold on encrypted EFS network file share remote mapped folder
- transfer encryption keys / certificates
- set trusted delegation for user + computer for EFS encrypted files via
Kerberos
- Windows Active Directory vs network file share
- Setting up WinDAV server on Windows 7 Pro / Ultimate
It has been a long painful road to discover this information.
I hope sharing it helps you.
Using EFS on Windows 7 pro / ultimate is easy and works great. See
here and
here
So too is opening + editing encrypted files over a peer-to-peer Windows 7 network.
HOWEVER, creating a new file / new folder over a peer-to-peer Windows 7 network
won't work (unless you follow below steps).
Typically, it is only discovered as an issue when a home user wants to use synchronisation software between their home computers which happens to have a few folders encrypted using windows EFS. I had this issue trying to use GoodSync.
Typically an "Access Denied" error messages is thrown when a \\clientpc tries to create new folder / new file in an encrypted folder on a remote file share \\fileserver.
Why such a EFS drama when a network is involved?
Assume a home peer-to-peer network with 2pc: \\fileserver and \\clientpc
When a \\clientpc tries to create a new file or new folder on a \\fileserver (remote computer) it fails. In a terribly simplified explanation it is because the process on \\fileserver that is answering the network requests is a process working for a user on
another machine (\\clientpc) and that \\fileserver process doesn't have access to an encryption certificate (as it isn't a user). Active Directory gets around this by using kerberos so the process can impersonate a \\fileserver user and then use their certificate
(on behalf of the clienpc's data request).
This behaviour is confusing, as a \\clientpc can open or edit an existing efs encrypted file or folder, just can't create a new file or folder. The reason editing + opening an encrypted file over a network file share is possible is because the encrypted
file / folder already has an encryption certificate, so it is clear which certificate is required to open/edit the file. Creating a new file/folder requires a certificate to be assigned and a process doesn't have a profile or certificates assigned.
Solutions
There are two main approaches to solve this:
1) SOLVE by setting up an Active Directory (efs files accessed through file shares)
EFS operations occur on the computer storing the files.
EFS files are decrypted then transmitted in plaintext to the client's computer
This makes use of kerberos to impersonate a local user (and use their certificate for encrypt + decrypt)
2) SOLVE by setting up WebDAV (efs files accessed through web folders)
EFS operations occur on the client's local computer
EFS files remain encrypted during transmission to the client's local computer where it is decrypted
This avoids active directory domains, roaming or remote user profiles and having to be trusted for delegation.
BUT it is a pain to set up, and most online WebDAV server setup sources are not for home peer-to-peer networks or contain details on how to setup WebDAV for EFS file provision
READ BELOW as this does
Create new encrypted file / folder on a network file share - via Active Directory
It is easily possible to sort this out on a domain based (corporate) active directory network. It is well documented. See
here. However, the problem is on a normal Windows 7 install (ie home peer-to-peer) to set up the server as part of an active directory domain is complicated, it is time consuming it is bulky, adds burden to operation of \\fileserver computer
and adds network complexity, and is generally a pain for a home user. Don't. Use a WebDAV.
Although this info is NOT for setting up EFS on an active directory domain [server],
for those interested here is the gist:
Use the Active Directory Users and Computers snap-in to configure delegation options for both users and computers. To trust a computer for delegation, open the computer’s Properties sheet and select Trusted for delegation. To allow a user
account to be delegated, open the user’s Properties sheet. On the Account tab, under Account Options, clear the The account is sensitive and cannot be delegated check box. Do not select The account is trusted for delegation. This property is not used with
EFS.
NB: decrypted data is transmitted over the network in plaintext so reduce risk by enabling IP Security to use Encapsulating Security Payload (ESP)—which will encrypt transmitted data,
Create new encrypted file / folder on a network file share - via WebDAV
For home users it is possible to make it all work.
Even better, the functionality is built into windows (pro + ultimate) so you don't need any external software and it doesn't cost anything. However, there are a few hotfixes you have to apply to make it work (see below).
Setting up a wifi AP (for those less technical):
a) START ... CMD
b) type (no quotes): "netsh wlan set hostednetwork mode=allow ssid=MyPersonalWifi key=12345 keyUsage=persistent"
c) type (no quotes): "netsh wlan start hostednetwork"
Set up a WebDAV server on Windows 7 Pro / Ultimate
-----ON THE FILESERVER------
1 click START and type "Turn Windows Features On or Off" and open the link
a) scroll down to "Internet Information Services" and expand it.
b) put a tick in: "Web Management Tools" \ "IIS Management Console"
c) put a tick in: "World Wide Web Services" \ "Common HTTP Features" \ "WebDAV Publishing"
d) put a tick in: "World Wide Web Services" \ "Security" \ "Basic Authentication"
e) put a tick in: "World Wide Web Services" \ "Security" \ "Windows Authentication"
f) click ok
g) run HOTFIX - ONLY if NOT running Windows 7 / windows 8
KB892211 here ONLY for XP + Server 2003 (made in 2005)
KB907306 here ONLY for Vista, XP, Server 2008, Server 2003 (made in 2007)
2 Click START and type "Internet Information Services (IIS) Manager"
3 in IIS, on the left under "connections" click your computer, then click "WebDAV Authoring Rules", then click "Open Feature"
a) on the right side, under Actions, click "Enable WebDAV"
4 in IIS, on the left under "connections" click your computer, then click "Authentication", then click "Open Feature"
a) on the "Anonymous Authentication" and click "Disable"
b) on the "Windows Authentication" and click "Enable"
NB: Some Win 7 will not connect to a webDAV user using Basic Authentication.
It can be by changing registry key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
BasicAuthLevel=2
c) on the "Windows Authentication" click "Advanced Settings"
set Extended Protection to "Required"
NB: Extended protection enhances the windows authentication with 2 security mechanisms to reduce "man in the middle" attacks
5 in IIS, on the left under "connections" click your computer, then click "Authorization Rules", then click "Open Feature"
a) on the right side, under Actions, click "Add Allow Rule"
b) set this to "all users". This will control who can view the "Default Site" through a web browser
NB: It is possible to specify a group (eg Administrators is popular) or a user account. However, if not set to "all users" this will require the specified group/user account to be used for logged in with on the
clientpc.
NB: Any user account specified here has to exist on the server. It has a bug in that it usernames specified here are not validated on input.
6 in IIS, on the left under "connections" click your computer, then click "Directory Browsing", then click "Open Feature"
a) on the right side, under Actions, click "Enable"
HOTFIX - double escaping
7 in IIS, on the left under "connections" click your computer, then click "Request Filtering", then click "Open Feature"
a) on the right side, under Actions, click "Edit Feature Settings"
b) tick the box "Allow double escaping"
*THIS IS VERY IMPORTANT* if your filenames or foldernames contain characters like "+" or "&"
These folders will appears blank with no subdirectories, or these files will not be readable unless this is ticked
This is safe btw. Unchecked (default) it filters out requests that might possibly be misinterpreted by buggy code (eg double decode or build url's via string-concat without proper encoding). But any bug would need to be in IIS basic
file serving and this has been rigorously tested by microsoft, so very unlikely. Its safe to "Allow double escaping".
8 in IIS, on the left under "connections" right click "Default Web Site", then click "Add Virtual Directory"
a) set the Alias to something sensible eg "D_Drive", set the physical path
b) it is essential you click "connect as" and set
this to a local user (on fileserver),
if left as "pass through authentication" a client won't be able to create a new file or folder in an encrypted efs folder (on fileserver)
NB: the user account selected here must have the required EFS certificates installed.
See
here and
here
NB: Sharing the root of a drive as an active directory (eg D:\ as "D_Drive") often can't be opened on clientpcs.
This is due to windows setting all drive roots as hidden "administrative shares". Grrr.
The work around is on the \\fileserver create an NTFS symbollic link
e.g. to share the entire contents of "D:\",
on fileserver browse to site path (iis default this to c:\inetpub\wwwroot)
in cmd in this folder create an NTFS symbolic link to "D:\"
so in cmd type "cd c:\inetpub\wwwroot"
then in cmd type "mklink /D D_Drive D:\"
NB: WebDAV will open this using a \\fileserver local user account, so double check local NTFS permissions for the local account (clients will login using)
NB: If clientpc can see files but gets error on opening them, on clientpc click START, type "Manage Network Passwords", delete any "windows credentials" for the fileserver being used, restart
clientpc
9 in IIS, on the left under "connections" click on "WebDAV Authoring Rules", then click "Open Feature"
a) click "Add authoring rules". Control access to this folder by selecting "all users" or "specified groups" or "specified users", then control whether they can read/write/source
b) if some exist review existing allow or deny.
Take care to not only review the "allow access to" settings
but also review "permissions" (read/write/source)
NB: this can be set here for all added virtual directories, or can be set under each virtual directory
10 Open your firewall software and/or your router. Make an exception for port 80 and 443
a) In Windows Firewall with Advanced Security click Inbound Rules, click New Rule
choose Port, enter "80, 443" (no speech marks), follow through to completion. Repeat for outbound.
NB: take care over your choice to untick "Public", this can cause issues if no gateway is specified on the network (ie computer-to-computer with no router). See "Other problems+fixes"
below, specifically "Cant find server due to network location"
b) Repeat firewall exceptions on each client computer you expect to access the webDAV web folders on
HOTFIX - MAJOR ISSUE - fix KB959439
11 To fully understand this read "WebDAV HOTFIX: RAW DATA TRANSFERS" below
a) On Windows 7 you need only change one tiny registry value:
- click START, type "regedit", open link
-browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MRxDAV\Parameters]
-on the EDIT menu click NEW, then click DWORD Value
-Type "DisableEFSOnWebDav" to name it (no speech marks)
-on the EDIT menu, click MODIFY, type 1, then click OK
-You MUST now restart this computer for the registry change to take effect.
b) On Windows Server 2008 / Vista / XP you'll FIRST need to
download Windows6.0-KB959439 here. Then do the above step.
NB microsoft will ask for your email. They don't care about licence key legality, it is more to keep you updated if they modify that hotfix
12 To test on local machine (eg \\fileserver) and deliberately bypass the firewall.
a) make sure WebClient Service is running
(click START, type "services" and open, scroll down to WebClient and check its status)
b) Open your internet software. Go to address "http://localhost:80" or "http://localhost:80"
It should show the default "IIS7" image.
If not, as firewall and port blocking are bypassed (using localhost) it must be a webDAV server setting. Check "Authorization Rules" are set to "Allow All Users"
c) for one of the "virtual directories" you added (8), add its "alias" onto "http://localhost/"
e.g. http://localhost/D_drive
If nothing is listed, check "Directory Browsing" is enabled
13 To test on local machine or a networked client and deliberately try and access through the firewall or port opening of your router.
a) make sure WebClient Service is running
(click START, type "services" and open, scroll down to WebClient and check its status)
b) open your internet software. Go to address "http://<computer>:80" or "http://<computer>:80".
eg if your server's computer name is "fileserver" go to "http://fileserver:80"
It should show the default "IIS7" image. If not, check firewall and port blocking.
Any issue ie if (12) works but (13) doesn't, will indicate a possible firewall issue or router port blocking issue.
c) for one of the "virtual directories" you added (8), add its "alias" onto "http://<computername>:80/"
eg if alias is "C_driver" and your server's computer name is "fileserver" go to "http://fileserver:80/C_drive"
A directory listing of files should appear.
--- ON EACH CLIENT ----
HOTFIX - improve upload + download speeds
14 Click START and type "Internet Options" and open the link
a) click the "Connections" tab at the top
b) click the "LAN Settings" button at the bottom right
c) untick "Automatically detect settings"
HOTFIX - remove 50mb file limit
15 On Windows 7 you need only change one tiny registry value:
a) click START, type "regedit", open link
b) browse to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WebClient\Parameters]
c) click on "FileSizeLimitInBytes"
d) on the EDIT menu, click MODIFY, type "ffffffff", then click OK (no quotes)
HOTFIX - remove prompt for user+pass on opening an office or pdf document via WebDAV
16 On each clientpc click START, type "Internet Options" and open it
a) click on "Security" (top) and then "Custom level" (bottom)
b) scroll right to the bottom and under "User Authentication" select "Automatic logon with current username and password"
SUCH an easy fix. SUCH an annoying problem on a clientpc
NB: this is only an issue if the file is opened through windows explorer. If opened through the "open" dialogue of the software itself, it doesn't happen. This is as a WebDAV mapped drive is consdered a "web folder" by windows
explorer.
TEST SETUP
17 On the client use the normal "map network drive"
e.g. server= "http://fileserver:80/C_drive", tick reconnect at logon
e.g. CMD: net use * "http://fileserver:80/C_drive"
If it doens't work check "WebDAV Authoring Rules" and check NTFS permissions for these folders. Check that on the filserver the elected impersonation user that the client is logging in with (clientpc
"manage network passwords") has NTFS permissions.
18 Test that EFS is now working over the network
a) On a clientpc, map network drive to http://fileserver/
b) navigate to a folder you know on the \\flieserver is encrypted with EFS
c) create a new folder, create a new file.
IF it throws an error, check carefully you mapped to the WebDAV and not file share
i.e. mapped to "http://fileserver" not "\\fileserver"
Check that on clientpc the required efs certificate is installed. Then check carefully on clientpc what user account you specified during the map drive process. Then check on the \\fileserver this
account exists and has the required EFS certificate installed for use. If necessary, on clientpc click START, type "Manage Network Passwords" and delete the windows credentials currently in the vault.
d) on clientpc (through a webDAV mapped folder) open an encrypted file, edit it, save it, close it. On the \\fileserver now check that file is readable and not gobble-de-goup
e) on clientpc copy an encrypted efs file into a folder (a webDAV mapped folder) you know is not encrypted on \\fileserver. Now check on the \\fileserver computer that the file is readable and not gobble-de-goup (ie the
clientpc decrypted it then copied it).
If this fails, it is likely one in IIS setting on fileserver one of the shared virtual directories is set to: "pass through authentication" when it should be set to "connect as"
If this is not readable check step (11) and that you restarted the \\fileserver computer.
19 Test that clients don't get the VERY annoying prompt when opening an Office or PDF doc
a) on clientpc in windows explorer browse to a mapped folder you know is encrypted and open an office file and then PDF.
If a prompt for user+pass then check hotfix (16)
20 Consider setting up a recycling bin for this mapped drive, so files are sent to recycling bin not permanently deleted
a) see the last comment at the very bottom of
this page:
Points to consider:
- NB: WebDAV runs on \\fileserver under a local user account, so double check local NTFS permissions for that local account and adjust file permissions accordingly. If the local account doesn't have permission, the webDAV / web folder share won't
either.
- CONSIDER: IP Security (IPSec) or Secure Sockets Layer (SSL) to protect files during transport.
MORE INFO: HOTFIX: RAW DATA TRANSFERS
More info on step (11) above.
Because files remain encrypted during the file transfer and are decrypted by EFS locally, both uploads to and downloads from Web folders are raw data transfers. This is an advantage as if data is intercepted it is useless. This is a massive disadvantage as
it can cause unexpected results. IT MUST BE FIXED or you could be in deep deep water!
Consider using \\clientpc to access a webfolder on \\fileserver and copying an encrypted EFS file (over the network) to a web folder on \\fileserver that is not encrypted.
Doing this locally would automatically decrypt the file first then copy the decrypted file to the non-encrypted folder.
Doing this over the network to a web folder will copy the raw data, ie skip the decryption stage and result in the encrypted EFS file being raw copied to the non-encrypted folder. When viewed locally this file will not be recognised as encrypted (no encryption
file flag, not green in windows explorer) but it will be un-readable as its contents are still encrypted. It is now not possible to locally read this file. It can only be viewed on the \\clientpc
There is a fix:
It is implimented above, see (11) above
Microsoft's support page on this is excellent and short. Read "problem description" of "this microsoft webpage"
Other problems + fixes
PROBLEM: Can't find server due to network location.
This one took me a long time to track down to "network location".
Win 7 uses network locations "Home" / "Work" / "Public".
If no gateway is specified in the IP address, the network is set to '"unidentified" and so receives "Public" settings.
This is a disaster for remote file share access as typically "network discovery" and "file sharing" are disabled under "Public"
FIX = either set IP address manually and specify a gateway
FIX = or force "unidentified" network locations to assume "home" or "work" settings -
read here or
here
FIX = or change the "Public" "advanced network settings" to turn on "network discovery" and "file sharing" and "Password Protected Sharing". This is safe as it will require a windows
login to gain file access.
PROBLEM: Deleting files on network drive permanently deletes them, there is no recycling bin
By changing the location of "My Contacts" or similar to the root directory of your mapped drive, it will be added to recycling bin locations
Read
here (i've posted a batch script to automatically make the required reg files)
I really hope this helps people. I hope the keywords + long title give it the best chance of being picked up in web searches.What probably happens is that processes are using those mounts. And that those processes are not killed before the mounts are unmounted. Is there anything that uses those mounts?
Maybe you are looking for
-
Is there a way to delete multiple emails at one time?
I did a search but didn't find anything on this. I just got the new 3G and when I setup one of my email accounts (not .mac) it downloaded 700 emails from that account even though about 600 had been previously deleted. Is there a way to select multipl
-
Drag and Drop - Transferable, how to pass a reference? (URGENT)
I've a tree that supports drag and drop correctly but every time I exchange a node position the old parent instance remaining on the tree is different from the one I was referencing with the dragged child before the drag occurred. I absolutely need t
-
Combine Two Crystal Report In One Report
Hi I made a two crystal report in that two report i used subreport I want to combine this two report. that is i have to make multilevel crystal report. when i Combine this two report the subreport which is contain in that two report is not import. so
-
ATV remotes down button doesn't work
I have three ATVs. The down button will not work when I try to use the remotes on any TV. My ATVs have been bricked as a result since I can't set up remote app to work on any of them.
-
Flash Builder Premium (update data base method error)
Hi, I've run into this error with Flash Premium when updating a data base. Evidently there is a glich in the auto generated code. I explain it in the second half of the video below. If you want the code you can download it from kshunter.wordpress.com