SPSecurityTokenService slow for other domain users

Similar Messages

• Outlook 2013 people pane is not showing any items for internal domain users. External contacts works fine

  I have recently purchase a new PC which has Windows 8.1, and Outlook 2013, connected to an exchange 2010 SP3 RU4 server.
  In the People pane, the for External clients, then this box populates correctly, but for internal domain users, it shows "There are no items to show in this view"
  On my OLD PC using XP, and Outlook 2010, connected to the SAME account, then people pane shows correctly for all users.
  Any help appreciated
  regards
  Chris

  Hi Chris,
  I have checked in my Windows 8 and Outlook 2013 with Exchange 2010 SP3 RU4 environment. There are three folders listed under My Contact in my People pane:
  Contacts: The contacts which we added and saved
  manually before.
  Lync Contacts: The contacts we added in Lync.
  Suggested contacts folder: Automatically
  keeps track of everyone you send a message to, but isn’t in your Outlook contacts. Please note that it is different from Auto-Complete List.
  Therefore, I suppose that the meaning of “but for internal domain users, it shows ‘There are no items to show in this view’ ” is that there is no contacts in the
  Contacts folder. Is it right? If I misunderstand, please point it out. And we need to add and save users manually in this folder.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Reporting Services - Content Manager shows all reports for all domain users even without permissions

  I have installed
  reporting services 2008 in:  Site
  Settings option / Security only 3 users
  have added:
  BUILTIN \ Administrators                
  System Manager
  MYDOMAIN \ user1                         
  System Manager, System User
  MYDOMAIN \ user2                         
  System Manager, System User
  I have the same settings in the "start
  up" folder and inside the folder
  where are my reports, however if I authenticate
  any user with different domain
  to user1 and user2 can see all content
  of the report manager can even
  manage it.
  Help me, greetings
  Jenny

  however if I
  authenticate any user with
  different domain to user1 and user2 can see
  all content of the report manager can
  even manage it.
  Hello,
  Did you means that other domain user account (Other-Domain\user3) can access reports on the Report Manager without grant any permission? As per my understanding, it is not possible. SQL Server Reporting Services uses Windows Authentication
  defaultly to determine who can perform operations and access items on a report server.
  Based on your description, you grant the local Administrators group and two domain users with system-level role: System Administrator.  System-level role assignments grant access to global tasks and permissions that apply to a report
  server site, That's may cause the user can access and manage all contents on the Report Manager.
  If you want to set permissions for accessing conntents on Report Manager, you can just specify itme-level role assignments.For example, if you grant user with Browser role on a report, the user can view report and report properties, but cannot edit
  report properties.
  Reference:
  Lesson 1: Setting System-Level Permissions on a Report Server
  Lesson 2: Setting Item-Level Permissions on a Report Server
  Regards,
  Fanny Liu
  Fanny Liu
  TechNet Community Support

• Problem in sending email to other domain users

  Hi All,
  I am using javamail for sending emails and able to send to people within my exchange server domain. The problem is i am unable to send mail to other domain users like yahoo.com, hotmail.com..the error it is throwing out is *"Invalid Address"*
  Is there any spaecial API for this to work?
  Thanks,
  Kishore

  More details, please.
  Please read the JavaMail FAQ. Post the protocol trace if you can't figure it
  out yourself.

• Untrusted Connection Warnings for One Domain User

  I have one domain user that constantly gets "This connection is Untrusted" warnings and has to continually add the exemptions. On a couple of sites the adding of exemptions fail and then get the following under the technical details: "xxxxx uses an invalid security certificate. This certificate is not trusted because no issuer chain was provided. (Error code sec_error_unknown_issuer)" and is unable to go into that site. It only happens to the one domain user and other domain users do not have the same issue of constantly getting the warnings and having to add exemptions and are able to get into the same sites that the exemptions failed on for the affected user. The affected user can go to another computer on the network and not have any issues with the warnings and able to go to any of site. It appears to be the one computer with the affected user's profile. I've tried uninstalling and reinstalling Firefox, including deleting the Mozilla folder under the user's profile application data to no avail. Any ideas for a solution to this issue?

  This can also be a problem with the cert8.db file.
  Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
  You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
  *Click the link at the bottom of the error page: "I Understand the Risks"
  Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
  *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
  You can see more Details like intermediate certificates that are used in the Details pane.
  If <b>"I Understand the Risks"</b> is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
  *Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
  *Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.

• Outlook is running to slow for terminal server users

  All tried but no luck .thanks

  Outlook is running to slow for terminal server users and very slow updating inbox. Can anyone suggest how can i increase speed for the users ?
  Office 2013
  exchange 2010
  This topic first appeared in the Spiceworks Community

• Cannot log in on one particular PC as other domain user than specific

  Hello,
  We have next problem:
  On one specific PC I can log in as one specific domain user. However, I cannot log in to this PC as other domain user than specific. When I try to log in as other user it turns back to "Press Ctrl+Alt+Del to log in" screen so it doesn't go
  to user's desktop.
  Operating system is Windows 7 Enterprise.
  What could be issue in such case?

  Can you access resources like file shares with the user who can login?Has the PC been off for a long time? I just ask as the computer needs to talk to the domain controller at least once every 3 months, otherwise it looses it's domain membership and has
  to be removed and rejoined.

• WHat is the best way for other iphone users to share pictures with me?  I am doing a project which req. people to send me 100 pictures at a time that I'll be putting in my iphoto?

  WHat is the best way for other iphone users to share pictures with me?  I am doing a project which req. people to send me 100 pictures at a time that I'll be putting in my iphoto? thank you.

  ingridlisa,
  I'd suggest to ask them to create Shared PhotoStreams and to invite you to view the streams, see:
  iCloud: Using and troubleshooting Shared Photo Streams
  Regards
  Léonie
  Added:
  that I'll be putting in my iphoto?
  Will you be collecting the photos in iPhoto on your iPhone or on a Mac? On a Mac a Shared PhotoStream requires Mac OS X 10.8.2.

• Tried to reset an error that my Id is disabled.  Have.seen this to be a problem for other iPhone users.  Any advice on correcting or contacting Apple direct?  Thanks

  Tried to reset an error that my Id is disabled.  Have.seen this to be a problem for other iPhone users.  Any advice on correcting or contacting Apple direct?  Thanks

  Try contacting iTunes store support here: http://www.apple.com/emea/support/itunes/contact.html.

• Exchange 2013 sp1 smtp NTLM auth for child domain users

  i have exchange organization with exchange 2007 sp 3 & exchange 2013 sp1.
  there are  all users in Exchange 2013 server (mail flow is through Exchange 2013 server)
  i have single forest, 2 site (site1, site2), root domain root.local and 1 child domain ch.root.local
  DC  for child domain is located in site2 (dc.ch.root.local)
  multirole exchange 2013 server is installed in root domain.
  i am traing to configure smtp receive connector with NTLM auth and have one problem.
  when user in child domain try send email through this receive connector i see in log
  <,AUTH NTLM,
  >,334 <authentication response>,
  *,SMTPSubmit SMTPAcceptAnyRecipient BypassAntiSpam AcceptRoutingHeaders,Set Session Permissions
  *,CH\user1,authenticated
  *,,Setting up client proxy session failed with error: 535 5.7.3 Unable to proxy authenticated session because either the backend does not support it or failed to resolve the user
  *,,"Setting up client proxy session failed with error: 451 4.4.0 Primary target IP address responded with: ""535 5.7.3 Unable to proxy authenticated session because either
  the backend does not support it or failed to resolve the user."" Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 192.168.1.15:465"
  but authentication is succesfull for users from root domain.
  why do it can be?
  Thanks.

  thanks for link
  at smtp receive logs (Hub transport role) i've found the  next:
  Client Proxy EXMAIL2013,08D134DAF6CE1C51,49,192.168.1.15:465,
  *,NT AUTHORITY\SYSTEM,authenticated
  >,235 <authentication response>,
  <,XPROXY SID=08D130D354F520D1 IP=192.168.1.21 PORT=57085 DOMAIN=[192.168.1.21] CAPABILITIES=0 SECID=Uy0xxx...
  *,,Error while looking up SamAccountName chuser: The user name or password is incorrect.\r\n
  *,None,Set Session Permissions
  >,250 XProxy accepted but user identity could not be obtained,

• After joining computer to the windows doamin i cannot change password for Mac for the domain user

  After joining computer to the windows doamin i cannot change password for Mac for the domain user

  Hi,
  Did this problem occures after installed Windows 8.1 Update 1? Here is another thread that had similar problem. Also I don't think this problem relate with Domain. Please refer to the solution of the thread below for reference, If there is any
  progress, please let us know.
  http://social.technet.microsoft.com/Forums/en-US/08993680-b6f5-4e80-b031-d32fec97d682/not-able-to-right-click-on-tiles-after-81-update?forum=w8itproge
  Roger Lu
  TechNet Community Support

• [Solved] Need pointer for setting up an email server for other domains

  I am trying to setup a mail server that can handle multiple domains. Followed this tutorial [1]
  What I have:
  mailserver.domain.tld
  domain.tld
  domain2.tld
  I have set up postfix with dovecot through postfixadmin, have configured roundcube as my web email client. For the emails coming from and going to the @mailserver.domain.tld addresses work as I would expect them to.
  But what I am not grasping I guess is how do I add the domain.tld and domain2.tld domains so that the emails are @domain.tld but they are properly routed to be received on @mailserver.domain.tld
  I have been reading the wiki and the postfix virtual readme, but I feel like I am getting lost and confused on terms. Can someone point me back on path for what the proper next step is to be able to get the other domains to receive mail properly. Should it be done with a virtual email or domain or? I have tried both, but probably not properly and any time I send from @domain.tld the email headers do not say to send back to @mailserver.domain.tld .
  Thanks for your time and help.
  [1] https://wiki.archlinux.org/index.php/Si … ail_System
  Last edited by vwyodajl (2013-03-26 21:03:17)

  Did you add MX records for mailserver.domain.tld to your domains? That should basically all that is needed to get it working, assuming you configured the domains in postfixadmin already so your postfix feels responsible for them.

• Configuring SMTP in SAP for other Domain(GMAIL,YAHOO ETC)

  i have configured SMTP configuration in SAP........now the problem is mail is going from SAP to local domain,i want to send it to other domain also like yahoo,gmail etc.......plz help me by telling configuration in SAP

  hi
  good
  go through these links
  http://kb.hughesnet.com/al/12/2/1047.htm
  http://help.sap.com/saphelp_webas620/helpdata/en/af/73563c1e734f0fe10000000a114084/content.htm
  thanks
  mrutyun^

• TS4268 I can't receive text on my IPad except for other apple users

  I can't receive text on my IPad except from other apple users. My Iphone works fine, texting to Ipad, however I can't receive from others.

  SMS/MMS is a voice cell technology and not natively supported on any device not a cellphone. Messaging through iMessage is the only method included with the iPad. There are third-party apps that support SMS messaging available the iTunes Store, though I don't know how well any of them work or if indeed any can support receving SMS messages or can only send.
  Regards.

• Use one account or multiple for 10 domain users of Office 2013 Home & Business

  I have 10 seats of the retail version of Office Home & Business 2013 for use in a domain environment. Windows 7 Pro 64, Server 2008R2 environment. No exchange. Blank slate.
  Should I install all with the same account for ease of management, or setup a new MS Live account for each user? Can I do either, and what are the advantages to each?
  Thank you.

  Hi,
  Both are ok, but neither is really good.
  In your scenario, I suggest you use Office 365 to manage all these, which is more recommended:
  http://office.microsoft.com/en-001/business/compare-office-365-for-business-plans-FX102918419.aspx
  http://office.microsoft.com/en-001/business/compare-all-office-365-for-business-plans-FX104051403.aspx
  Regards,
  Melon Chen
  TechNet Community Support