Too many AD security groups for ACS 4.1

Similar Messages

• F110 -Too many payment mediums created for this payment group

  Hello Gurus,
  Am getting below error after executing payment run F110.
  BFIBL02160               Too many payment mediums created for this payment group
  BFIBL02616               End of log for payment run 20140409 / DPA04 , PE1 / 500
  We are not able to see the Payment advice note in the spool request.
  Can you please share your ideas to resolve the issue
  Thanks in advacne

  HI,
  Please let us know for account like vendor , customer  you running the payment advice.
  check if the customer ,vendor document  is posted or not.
  which customer, vendor number you had maintained in the f110 .
  check that before you run it.
  else.. create new document  and start run the payment.
  for single document fi you try  more than once it will give the above error.
  and also the check the program and variant as well.
  let me know any corrections.
  thanks.

• DMEE error (Error Log -  Too many payment mediums created for this payment group)

  Hi Experts,
  Please see the below error while generating the DMEE file.
  Error Log -  Too many payment mediums created for this payment group
  Error is - Too many payment mediums created for this payment group
  Please explain how to resolve this error.Send detail documentation how to rectify this error
  Regards
  Sreedhar

  Hi Nimish Agarwal,
  With reference to the error faced i.e. BFIBL02160 "too many payment
  mediums created for this payment group", please review the information
  provided in the long text of this error in detail.
  Please ensure that the orders are not carried out several times.
  Alternatively you can apply the optional usable message 166 (same
  class: BFIBL02), so that you can prevent creating duplicates in future.
  Please customize this message as an error so as to prevent the system
  from creating duplicate files. You can customize this message in OBA5.
  The message BFIBL02 160 always occurs, if you create more than one
  file for the same payment run, in order to warn you not to send the
  same file twice to the bank.
  The SAPFPAYM program does not create 2 files at once. But if you
  run this program more than once for the same payment run, more than
  one file is created. From the second run on you receive the error
  message BFIBL02 160. You can easily test it, by creating a new
  payment proposal and creating a new file with this proposal and
  SAPFPAYM. The first time you run this program you will not receive
  the message.
  Hope this clarifies.
  Kind Regards,
  Fernando Evangelista

• Error Log -  Too many payment mediums created for this payment group

  Hi Experts,
  When I am doing payment to customers through T-code F110, I am able to clear the open item. But when we are executing the Payment medium - DME Administration, generate the Payment Advice and when we see the print preview of the Payment Advice in spool request, System is showing the following errors,
  "BFIBL02160               Too many payment mediums created for this payment group"
  "BFIBL02616               End of log for payment run 20120123 / NAA02 , NSD / 200"
  "This is line 1/column 45 on page 1"
  Message no. SP01R116
  Kindly help how to rectify the same
  Thanks in advance
  Regards,
  Nimish Agarwal

  Hi Nimish Agarwal,
  With reference to the error faced i.e. BFIBL02160 "too many payment
  mediums created for this payment group", please review the information
  provided in the long text of this error in detail.
  Please ensure that the orders are not carried out several times.
  Alternatively you can apply the optional usable message 166 (same
  class: BFIBL02), so that you can prevent creating duplicates in future.
  Please customize this message as an error so as to prevent the system
  from creating duplicate files. You can customize this message in OBA5.
  The message BFIBL02 160 always occurs, if you create more than one
  file for the same payment run, in order to warn you not to send the
  same file twice to the bank.
  The SAPFPAYM program does not create 2 files at once. But if you
  run this program more than once for the same payment run, more than
  one file is created. From the second run on you receive the error
  message BFIBL02 160. You can easily test it, by creating a new
  payment proposal and creating a new file with this proposal and
  SAPFPAYM. The first time you run this program you will not receive
  the message.
  Hope this clarifies.
  Kind Regards,
  Fernando Evangelista

• Security Groups for the alerts in SharePoint 2013?

  By default Microsoft has blocked to add Security Groups for the alerts in SharePoint 2013. It can be enabled but need to change the SharePoint System page setting with the help
  of below link:
  http://thesharepointfarm.com/2013/10/setting-sharepoint-alerts-on-active-directory-security-groups/
  So my query is if I change the page setting then in future if any SharePoint updates/ hotfixes deploy in system so will it cause a problem??

  I would wait as this is not a supported workaround (although it does work).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Creating a security group for S/Mime cert auto-enrolment

  We currently have auto-enrolment rights for an Exchange User cert granted to Domain Users. In our environment this is generating more than 50,000 failed requests each week by service accounts which don't have an email address.
  I would like to create a security group of users with an email address, and grant enrolment rights on the CA to that group.
  I have tried the following script to create such a group, however it's way too slow to be of any use (ours is a large enterprise):
  add-module activedirectoryGet-ADGroup -filter {name -eq "SMime Users"} | ForEach-Object {dsget group -members $_.distinguishedname | dsmod group $_.distinguishedname -rmmbr}Get-ADUser -filter {emailaddress -like "*"} | ForEach-Object {Add-ADGroupMember "SMime Users" -Members $_.SamAccountName}
  Any ideas on a way to bulk add users with an email address to a group? Or another way to achieve the same result?

  On Thu, 6 Feb 2014 19:20:37 +0000, Alen Williams wrote:
  We currently have auto-enrolment rights for an Exchange User cert granted to Domain Users. In our environment this is generating more than 50,000 failed requests each week by service accounts which don't have an email address.
  I would like to create a security group of users with an email address, and grant enrolment rights on the CA to that group.
  I have tried the following script to create such a group, however it's way too slow to be of any use (ours is a large enterprise):
  add-module activedirectoryGet-ADGroup -filter {name -eq "SMime Users"} | ForEach-Object {dsget group -members $_.distinguishedname | dsmod group $_.distinguishedname -rmmbr}Get-ADUser -filter {emailaddress -like "*"} | ForEach-Object {Add-ADGroupMember "SMime Users" -Members $_.SamAccountName}
  Any ideas on a way to bulk add users with an email address to a group? Or another way to achieve the same result?
  Although this group is going to be used for certificate enrollment this
  really isn't the right forum for your question. You should repost to either
  an Active Directory forum or to one dedicated to scripting or Powershell.
  Paul Adare - FIM CM MVP
  urbi et IP -- axelm in <mode=pope>

• Security Group for SharePoint 2013 Online Enterprise 3

  I need to copy all the user account names from one SharePoint Security group to a different SharePoint Security group in the same single tenant.
  I can not figure out how to do this.
  Thanks.
  Dawn

  Call your local Microsoft office (any office may due, but info from your local office will be more accurate), and ask for the
  Account Manager for SMB (small to medium businesses) in the
  education sector.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Tablespace with too many extents are evil for performance

  I think the tablespace with too many extents are not bad for performance after introduction of LMT tablespace?? May be true with DMT tablespace(earlier versions). This is just observation after reading the LMT vs DMT tablespaces.
  Experts - Please comment on your thoughts.

  Indeed, I work in an environment where there is over 50 databases to be administered and so we have lots of DBAs interacting with each other.
  I'm stunned by this myth of "reorganization". Most of the DBAs move tables + rebuild indexes regularly generating huge redo  on a monthly basis. Also provoking indexes to do all the splits again generating even more redo. They claim "it helps performance a lot" however not one is able to quantify and quite justify it other than "less extents less I/O, good". Even when I bring up the existence of shrink they say "do not like it, prefer the classic move". People really have a way of holding on to their good ol' practices of Oracle 8i.
  For full table scans (which should never be done on a OLTP scenario) this extent issue would be relevant IF data on the table is the victim of large deles and Oracle hasn't re-used that space yet. If your multiblock reads is a multiple of your extent size, than there won't be any overhead of I/O call, no matter the number of your extents. For OLTP this is not relevant because Oracle will access the table via ROWID.
  I rarely have ever seen an index benefit from a rebuild significantly. In my experience what people often understand as "index fragmentation" is often just an unoptimized execution plan due to cardinality issues where oracle ends up fetching a large percentage of the table via single reads on that index.

• How to associate more than one security group for UCM documents?

  When checking in a document we are only able to associate one security group to documents. In our case, a particular document can be seen by more than one group e.g a document can be seen bu both finance and marketing groups.
  How can we associate more than one group for documents?
  Our requirement is related to search. We want to display the documents to the end user based on the security group that is associated with the document. We are planning to use IDM and have all the groups/roles that are possible in the end site (also delivered by same ldap) available in UCM so that when checking in the documents we can associate desired groups who can see these documents.
  Regards,
  Pratap

  One thing before all, is that I suggest that you think through your security model before implementing it in UCM. You should ask yourself questions like :
  - Is security really based on department ?
  - Why two departments need to have access to the same category of document ?
  - Is it really security that I need or classification ? Is it a problem if Accouting have access to Finance or you just don't want Marketing documents in a finance related search ?
  - Maybe what you want is that finance guys to have access to marketing document.
  Without a clear business security model, it's hard to find a UCM security model as it is impossible to associate 2 security groups to one document.

• SCCM 2007 database query for AD security group for machines

  dear,
  I am had created security DL in AD for machine to deploy software  and trying to link in SCCM 2007 with collection but could not
  i have tried query base following below link but its does not help
  http://www.windows-noob.com/forums/index.php?/topic/892-deploy-software-through-ad-groups-linked-to-collections-in-sccm/
  type all query but could not find in table (SystemGroupName).
  [email protected]

  Go to properties of you collection and add a new membership rule to add the security group
  SCCM use discovery methods to get information from AD. Make sure AD system discovery and AD security group discovery are enabled for the SCCM site. Once you add machines to the security group, you need to wait till the next discovery cycle is completed.
  The discovery cycle runs on a schedule set by SCCM administrator.

• Use AD Security Groups for SharePoint database permissions

  In our SharePoint environment we have around 30 content databases. Each of these content databases need a few application pool accounts added to there permissions for various service applications etc. Currently all the accounts are added individually,
  but this can be a little error prone. Is there a reason why we could just pop all the required accounts in an AD security group and add that database permissions in SQL?

  You could do that, but your service accounts shouldn't be accessing the databases directly, instead routing through the SharePoint API, which then permissions would be taken care of by SharePoint accounts (or if you have custom Service Applications, the
  service app pool account).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Too many TPC sockets opened for a single IP

  Hi there,
  I am running a ColdFusion server on a VPS to HostMySite.com and lately we are having strange problems with it. Every few minutes the server is not responding even if we restart the services - IIS and ColdFusion - and even the whole system.
  HMS guys investigated the problem and they discovered that every connection to the server is openening multiple sockets for a single IP address (every single visitor).
  Here is the full message from HMS technician, do you have any previous experience related to this?
  I've been doing some advanced monitoring and troubleshooting of your VPS over the last 24 hours.
  It is important to understand that the issue you're actually experiencing is related to TCP sockets.  Every connection to your server opens a socket and sometimes multiple sockets for an individual IP (visitor).
  I opened the site http://www.viaromania.eu/ and instantly there were 7 connections established from our IP address.
  C:\Documents and Settings\hmsadmin>netstat -ano | find "209.41.163.23"
  TCP    76.12.37.79:80        209.41.163.23:9563     ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:21164    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:26819    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:36833    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:37624    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:39566    ESTABLISHED     4
  TCP    76.12.37.79:3389      209.41.163.23:2577     ESTABLISHED     141388
  After just browsing around a few pages on the site you can see how my connections are expanding.
  C:\Documents and Settings\hmsadmin>netstat -ano | find "209.41.163.23"
  TCP    76.12.37.79:80        209.41.163.23:2852     ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:2900     ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:11014    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:11178    TIME_WAIT       0
  TCP    76.12.37.79:80        209.41.163.23:14107    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:14248    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:17177    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:17606    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:17930    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:23460    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:24594    TIME_WAIT       0
  TCP    76.12.37.79:80        209.41.163.23:25191    TIME_WAIT       0
  TCP    76.12.37.79:80        209.41.163.23:25507    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:32301    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:33591    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:37338    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:38404    TIME_WAIT       0
  TCP    76.12.37.79:80        209.41.163.23:45140    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:49734    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:53755    ESTABLISHED     4
  TCP    76.12.37.79:80        209.41.163.23:55735    TIME_WAIT       0
  TCP    76.12.37.79:3389      209.41.163.23:2577     ESTABLISHED     141388
  Over the last 2 days there are 205 coldfusion-out logs and they are all full of the same error:
  java.net.SocketException: Software caused connection abort: socket write error
  Normally when we see this we'll make a few registry adjustments that allow for more socket connections and a shorter time to live on existing socket connections.  However in your case all of the registry adjustments have already been set.
  MaxUserPort 65534
  TcpNumConnections 200 connections
  TcpTimedWaitDelay 30 seconds
  I adjusted the TcpNumConnections to 500, see if this alleviates the issue.  Note that allowing 500 Tcp Connections is not necessarily a good idea as this amount of traffic could theoretically bring down your server.
  I created a scheduled task that executes every 60 seconds in which it counts the connections on port 80 and writes it to the file netstat.txt on the desktop.
  After logging for the last 24 hours it has gone over the 500 TCP connections 19 times all between 2:21pm and 2:40pm
  2:21 PM 1367
  2:22 PM 1423
  2:24 PM 1684
  2:25 PM 1466
  2:26 PM 1867so
  2:27 PM 1250
  2:28 PM 854
  2:29 PM 796
  2:30 PM 799
  2:31 PM 794
  2:32 PM 816
  2:33 PM 730
  2:34 PM 662
  2:35 PM 524
  2:36 PM 531
  2:37 PM 539
  2:38 PM 551
  2:39 PM 551
  2:40 PM 522
  So this is pretty good news.  This means your site over the last 24 hours only had 19 minutes of issues due to TCP connections.
  Please, post your messages if you know why so many sockets are opened for every single IP and if this is a normal behaviour.
  Greetings,
  Adrian.

  Hi Jochen and thank you for your answer.
  We are using "cazare.cfm" for all the screens listing hotels and guest houses from a specific location. For instance:
  http://www.viaromania.eu/cazare.cfm/Bucuresti/2-Cazare_hoteluri_pensiuni_Bucuresti.html - accommodation in Bucharest
  http://www.viaromania.eu/cazare.cfm/Brasov/1-Cazare_hoteluri_pensiuni_Brasov.html - accommodation in Brasov
  And so on...
  I don't know if this is bad or not, but our code is using heavely <cfinclude> tag so we can keep files easy to debug and avoiding big .CFM files. I don't remember reading somewhere that <cfinclude> can cause any dealays in page loading or any server performance... maybe you can tell me if this is a bad thing or not.
  After reading your post I tried to use chaced .CSS files so instead of "general.CSS" file included in the header I am using now http://www.viaromania.eu/includes/css/general.CFM and this file content is like this:
  <cfset dtExpires = (Now() + 1) />
  <cfset strExpires = GetHTTPTimeString( dtExpires ) />
  <cfheader name="expires" value="#strExpires#" />
  <cfcontent type="text/css" />
  <cfoutput>
  ... css content here
  </cfoutput>
  I tried to do a similar change to "common.JS" file but so far with no luck. If you know any tutorial or something about chaching .JS files please send me the link. Anyhow, I think our problem is somehow related to the session variables. I noticed that for every single visitor we have, CF is creating 4 session variables: CFID, CFTOKEN + other 2 (I miss their name now). So for 1,000 visitors you have minimum 4,000 session variables created. Then I did this: enabled Use J2EE session variables option in CF Admin and get rid of CFID and CFTOKEN session. I am using now SESSIONID to identify my visitors. So, basically instead of having 4,000 sessions I have now only half of them.
  After chaching the .CSS and enabled J2EE session variables the server started to work better. I don't know if there is just a happy coincidence or those steps were necessary but the server is ok now.
  Please let me know what do you think and what else can I do in order to improve server performance. Any idea how to chache .JS files?
  Adrian.

• Using domain security groups in exchange security groups for Office 365

  Hi
  Is there a way to use O365 domain security groups in O365 exchange security groups. This can be done between O365 domain security groups and O365 SharePoint groups.
  BR // Ille

  Sorry I missed your reply.
  I don't believe there is a way to do this yet, security groups used within exchange need to be mail-enabled security groups, these can't then be edited from the office365 portal, just the Exchange administrative centre portal.
  It looks like you currently still need to keep these separate.
  If you use DirSync and sync from your own domain then it is possible, since you manage the groups from your AD rather than Offfice365, but currently just in o365 there doesn't appear to be a way to do this.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn:

• Remove permissions for a security group for all files and folders in a folder and all subfolders?

  I found a script that adds rights to files and folders.
  We need to grant administrators rights to a set of folders for a specific project.
  ChangePermissions.ps1
  # CACLS rights are usually
  # F = FullControl
  # C = Change
  # R = Readonly
  # W = Write
  $StartingDir=
  "C:\Users"
  $Principal="Administrators"
  $Permission="F"
  $Verify=Read-Host `n "You are about to change permissions
  on all" `
  "files starting at"$StartingDir.ToUpper() `n "for security"`
  "principal"$Principal.ToUpper() `
  "with new right of"$Permission.ToUpper()"."`n `
  "Do you want to continue? [Y,N]"
  if ($Verify -eq "Y") {
  foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
  #display filename and old permissions
  write-Host -foregroundcolor Yellow $file.FullName
  #uncomment if you want to see old permissions
  #CACLS $file.FullName
  #ADD new permission with CACLS
  CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL
  #display new permissions
  Write-Host -foregroundcolor Green "New Permissions"
  CACLS $file.FullName
  When the project is over, we need to undo the changes and remove administrators permissions from the same group of folders.
  How do we change the script to remove administrators group members instead of adding?

  I'm not sure I understand how to use that example script to undo the changes in the script I posted..
  Is there  a way to just change a few lines in the first script so that it removes instead of adding the administrators group?
  This line appears to be the line that adds permissions:
  #ADD new permission with CACLS
  CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL
  What would be the syntax to remove the  permissions
  $Principal="Administrators"
  $Permission="F"
   from files and folders in $StartingDir= "C:\Users"
  and everything below it?

• Re too many layers in word for mac

  Hi all,
  I use word and have done for 15 years. I am very fond of what is is capable of. usually.
  However when it comes to designing charts which have multiple images and text boxes and shapes and layers it is not great.
  I have tried grouping and messed around in publishing mode to rearrange layers but the whirly cog of doom starts spinning and its tedious and unreliable.
  Now i know the macbook has oodles of ram so its definitely just  a word issue.
  so either it isnt really designed for doing lots of layers or at least its isnt coping well.
  So do i bite the bullet and buy photoshop? or is there some similar package that will create 16 boxes and let me edit text and then layer pictures in jpeg form and allow me to resize and move em all about without feeling like im about to crash the program?
  I do weekly alot of work in word and am used to the fonts, insert menus etc . incidentally I tried Pages but it wasnt any better at handling lots of boxes and didnt seem to be pixel accurate when copying and pasting.
  what do you guys/girls use out there in design world. Open to suggestions. im downloading a trial of photoshop essentials but im not sure it will do lots of boxes and allow text etc.
  or do i painstakingly print to pdf and re insert. quite daunting as i intend making 50 or so of these charts for a project im organising and it will take forever.
  Learning curve must be easier with the right tools?
  Niall

  Steve,
  Please re-post your MS Word for Mac question in Microsoft's Office for Mac product forums. That is where the Word for Mac guru's hang out.