Users cannot connect to shares or sync Exchange via company wifi

Similar Messages

• Sharing only users cannot connect to Lion Server

  Dear all,
  I stumbled across a funny problem, that I tried to resolve all day. I just wanted to add a sharing only user for my girlfriends new MacBook that she could use to connect to a shared Time Machine Volume.
  If I add a new standard user, this user can connect to my server via finder (connect as...) and see the shared drives. If the same user tries to connect to the Time Machine Backup Volume via the settings dialog, it receives an error message (OSStatus-error 5).
  If I add a sharing only user, this user cannot connect via finder or Time Machine (same error). The clients console states the following error message:
  /System/Library/CoreServices/NetAuthAgent.app/Contents/MacOS/NetAuthAgent[2471]      AFP error -5018 mapped to EIO
  Does anybody have an Idea?

  That is my point.  Yes, Apple still lets you add users via users and groups in system preferences but that is not how you should be adding users.  I've seen nothing but trouble when that option is used to add users and I believe that the Lion server docs say to not use that.  If you are using lion server why not use it the way it was meant to be.  Just create a account in OD and only give her access to the Time Machine Service and none of the others.

• Users cannot connect over SMB 10.10.1 server.app 4.0 and 4.0.3

  Hello,
  I have an issue where users cannot connect to a server for files sharing over SMB.
  Info:
  All users on 10.10.1
  2 Servers on 10.10.1
  Server.app 4.0.3 but issue was also present using 4.0
  SMB connection works when connecting to the OD Master
  SMB does not work when connecting to the OD Replica ServerBut AFP works fine when connecting to the OD Replica Server.
  I have destroyed and re-added the OD replica but that did not seem to help
  This is what I see in the logs each time I try to connect(logs have been cleaned to remove client details:
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: label: default
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: dbname: od:/Local/Default
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: mkey_file: /var/db/krb5kdc/m-key
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: acl_file: /var/db/krb5kdc/kadmind.acl
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: netr probe 0
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:12 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:13 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:13 server.pretendco.com kdc[4802]: Got a canonicalize request for a LKDC realm from local-ipc
  Jan  9 14:37:13 server.pretendco.com kdc[4802]: Asked for LKDC, but there is none
  Jan  9 14:37:13 server.pretendco.com sandboxd[395] ([4802]): kdc(4802) deny file-read-data /private/etc/krb5.conf
  Jan  9 14:37:22 server.pretendco.com kdc[4802]: Got a canonicalize request for a LKDC realm from local-ipc
  Jan  9 14:37:22 server.pretendco.com kdc[4802]: Asked for LKDC, but there is none
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: od failed with 2 proto=ntlmv2
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: user=SERVER2\\username
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: kdc failed with 36150275 proto=unknown
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: guest failed with -1561745590 proto=ntlmv2
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init request
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: init return domain: SERVER2 server: SERVER2 indomain was: <NULL>
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: uid=0
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: od failed with 2 proto=ntlmv2
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: user=SERVER2\\codywood
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: kdc failed with 36150275 proto=unknown
  Jan  9 14:37:23 server.pretendco.com digest-service[9961]: digest-request: guest failed with -1561745590 proto=ntlmv2
  I suspect the problem is to do with Kerberos and in relation to this server being an OD Replica.
  I would really appreciate anyone's insight into this.
  Thanks
  Morgs

  I have the same problem although I upgraded from Lion Server to Mountain Lion Server. The error appears to go hand in hand with this error.
  userInit: CFPreferences: user home directory for user kCFPreferencesCurrentUser at /Network/Servers/fullyqualifieddomainname/Users/user is unavailable. User domains will be volatile.
  I've read a number of things to try. A lot of people point to DNS being a problem, but I'm confident this is correct in my environment.

• User cannot connect to backend system with user J2EE_ADMIN.

  I am using Rapid Installer to initiate the second part of the installtion "ERP 6.0 EhP 3 – Self-Service Scenarios and Automatic Roles".  When I get to the J2EE User section to enter the parameters, the user is defaulted to "Administrator" and I enter my password.  I click next and get this message "User cannot connect to backend system with user J2EE_ADMIN."  Any ideas?

  If this is a double stack installation, you need to enter J2EE_ADMIN as user, NOT administrator.
  Markus

• TS1368 iPhone says "cannot connect to iTunes" I am hooked up to wifi and I keep getting this error... Any ideas?

  iPhone says "cannot connect to iTunes" I am hooked up to wifi and I keep getting this error... Any ideas?

  Hi ...
  Try this support article >  Can't connect to the iTunes Store

• I just purchased an Ipod touch and have been following the download instructions, but it says cannot connect to server.  I have an unsecured wifi in my house.  What am I doing wrong?

  I purchased an Ipod touch today and have benn following the install instructions and have rung into a bit of a snag.  It keeps saing it cannot connect to the server.  I have unsecured wifi in my house.  I don't understand?  Help.

  By following the install instructions I presume that this means that you have installed the latest iTunes on your PC and have connected the iPod Touch to your PC with the USB connection cable that came with the iPod?
  You mention WiFi, does this mean that your PC is connected to the internet through WiFi?
  Check to see if you have anti-virus or firewall software running on your PC. If so, temporarily disable it while setting up your iPod. Also check to see if a firewall is setup in your router.

• TS1398 i have an ipod touch and for some reason cannot connect to itunes store. I have full wifi and can get on my safari and was able to update my apps before. I can still get apps but when i try to update it says cannot connect to itunes store. Some1 he

  i have an ipod touch and for some reason cannot connect to itunes store. I have full wifi and can get on my safari and was able to update my apps before. I can still get apps but when i try to update it says cannot connect to itunes store. Some1 help!

  See these previous dicussions:
  App Store Updates (but only Updates)...: Apple Support Communities
  Apps suddenly don't update: Apple Support Communities

• Upgraded to 10.9 and OS X Server 3.0.1, users cannot connect to home shares

  Hello.  I recenlty upgraded from Lion Server to Mavericks and Server OS X and users are now unable to access their home shares.  When one attempts to afp to the server after connecting to my uni's VPN, the login box simply shakes and no connection is made.
  Running Mac Mini with 10.9 and OS X Server 3.0.1 with home shares located on a Pegasus RAID array that worked fine under Lion Server.  The upgrade seemed to go smoothly, as all accounts were intact and the settings were identical to the functional Lion Server settings.  I have combed these forums trying to find a response that actually works for me, but was unable to locate a match that resulted in a working solution.
  Here is a sample log when attempting to login:
  Dec 16 13:08:50 xx.xx.xx.private kdc[109]: Got a canonicalize request for a LKDC realm from local-ipc
  Dec 16 13:08:50 xx.xx.xx.private kdc[109]: LKDC referral to the real LKDC realm name
  Dec 16 13:08:52 xx.xx.xx.private kdc[109]: AS-REQ xx@LKDC:SHA1.313DA2EA0C5E8BCD1311C69A6930240237DDC372 from local-ipc for krbtgt/LKDC:SHA1.313DA2EA0C5E8BCD1311C69A6930240237DDC372@LKDC:SHA1.313DA2EA0C5 E8BCD1311C69A6930240237DDC372
  Dec 16 13:08:52 xx.xx.xx.private kdc[109]: UNKNOWN -- xx@LKDC:SHA1.313DA2EA0C5E8BCD1311C69A6930240237DDC372: no such entry found in hdb
  Dec 16 13:08:57 xx.xx.xx.private kdc[109]: AS-REQ [email protected] from 127.0.0.1:51721 for krbtgt/[email protected]
  Dec 16 13:08:57 --- last message repeated 1 time ---
  Dec 16 13:08:57 xx.xx.xx.private kdc[109]: Client ([email protected]) from 127.0.0.1:51721 has no common enctypes with KDC to use for the session key
  When I first upgraded, I was able to connect via PC but not Mac (10.9) clients, so I tried creating a new account to attempt to ferret out the problem.  When I created a new account in the Server.app connecting to an existing home share, I was still unable to connect to it remotely--Server.app threw the "Cannot authenticate connection..." error and closed.  I then attempted to create a new user and new home share directory in Workgroup Manager and received an error stating the home directory could not be created (I forgot the actual verbiage, but I will replicate and post if needed).  I tried simply adding the folder to the home shares folder, but I was still unable to connect via afp or smb.
  Any suggestions are greatly appreciated, as I need to resolve this issue ASAP.  Please let me know if any other information would be useful to diagnosing this issue.
  Thanks!

  I have the same problem although I upgraded from Lion Server to Mountain Lion Server. The error appears to go hand in hand with this error.
  userInit: CFPreferences: user home directory for user kCFPreferencesCurrentUser at /Network/Servers/fullyqualifieddomainname/Users/user is unavailable. User domains will be volatile.
  I've read a number of things to try. A lot of people point to DNS being a problem, but I'm confident this is correct in my environment.

• User cannot connect to exchange server

  I have rounded up all of the usual suspects and am at a loss here. A user has been running in offline mode for a while. The ability to uncheck offline mode is greyed out. Pinged my Exchange server by name to see if resolves from this PC. It does. Renamed
  .ost so a new one would be generated. No help. I removed the Outlook profile in Control Panel>mail and tried to create a new one. I get the cannot connect to Exchange error. I tried to log in as him on my PC and have the same results. I do not see any issues
  with his account on my Exchange server. Any ideas to check on next? Never had one do this before.
  Brian Gilmore Lead IT Technician Don-Nan Pump & Supply

  This type of error generally occurs when user had disabled Encryption of data between Microsoft
  Office Outlook and Microsoft Exchange profile , and default configuration of Exchange requires RPC encryption from Outlook client , which is not available, so this error is displayed.
  To solve this issue you may try any of these solutions below:
  1. Disable the encryption requirement on all CAS servers.
  2. Try to manually update your Outlook profile with RPC encryption.
  3.
  Expand Group Policy settings to update existing Outlook profiles with RPC encryption
  Hope this will work for you !!!

• Cannot connect to share

  I have a user that cannot connect to a network share. I get error 80004005 when I type \\server into the address bar. Client is Windows 7, connecting to a SBS2003 box.
  If I use net view server, it shows all the shares. If I use net use k: \\server\data, I get system error 53.
  The server is also an Exchange server - that works perfectly.
  File and Print sharing is enabled in the network adapter. Firewall was disabled - same problem. This is the only computer with the problem, all other computers work perfectly. If I log that user to another PC, no issues so it's not the account.

  1. Is the user computer member of domain? Be avare of user name syntax domain\username.
  2. Use FQDN or IP. Using IP circumvent DNS resolution. If FQDN is used, then local computer should know local DNS server.
  3. Error 53 is netbios one
  http://technet.microsoft.com/en-us/library/cc940100.aspx
  4. If you want to dig deeper, use netork monitor (for example Wireshark).
  Regards
  Milos

• Linux non-oracle user cannot connect to database using TNS

  LS,
  I've installed Oracle 11gR2 on a linux box (name="ilmserver") running CentOS 5.4 (based on RHEL).
  Created user "oracle" and groups "oinstall" and "dba".
  Installation under user "oracle" went fine, and logged in as "oracle" user I can - naturally - access the database easily (via SQL+, or using SQL Developer it works via Basic, TNS, and Advanced (=jdbc)).
  I have a second user on the linux box called "informatica", on which I have installed Informatica ILM 5.3.2, which uses the Oracle database as its repository.
  The "informatica" user has been granted the same groups as the "oracle" user, i.e. "oinstall" and "dba".
  I have severe problems accessing the Oracle database as the "informatica" user.
  Using SQL Developer I can access the database using the "Basic" method, but not TNS.
  But guess what: for ILM to work to its fullest extent I need to implement an environment variable called TNS_ADMIN.
  I have implemented it, it sits in bash_profile and as such works fine:
  +[informatica@ilmserver ~]$ echo $TNS_ADMIN+
  +/home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin+
  But as for being able to access it:
  +[informatica@ilmserver ~]$ cat $TNS_ADMIN/tnsnames.ora+
  cat: /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora: Permission denied
  Somehow I thought that granting "oinstall" group to "informatica" user would take care of this. Obviously it doesn't. I also granted "dba" group to "informatica", to no avail apparently.
  This is then - I assume - also the reason that when I want to connect using TNS from within SQL Developer, the dropdown list is empty (because it's not able to read TNSNAMES.ORA).
  Does anyone know how to resolve this issue?
  Thanks heaps!
  Cheers, Patrick

  Just ran all+ commands for oracle user:
  *[oracle@ilmserver ~]$ id*
  uid=502(oracle) gid=504(oinstall) groups=503(dba),504(oinstall),505(asmdba),506(asmadmin) context=user_u:system_r:unconfined_t
  *[oracle@ilmserver ~]$ env | sort*
  COLORTERM=gnome-terminal
  CVS_RSH=ssh
  DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-m8BEsoxTeM,guid=7c9a73a7390af7742e606e004e571934
  DESKTOP_SESSION=default
  DESKTOP_STARTUP_ID=
  DISPLAY=:0.0
  G_BROKEN_FILENAMES=1
  GDMSESSION=default
  GDM_XSERVER_LOCATION=local
  GNOME_DESKTOP_SESSION_ID=Default
  GNOME_KEYRING_SOCKET=/tmp/keyring-TQlAPU/socket
  GTK_RC_FILES=/etc/gtk/gtkrc:/home/oracle/.gtkrc-1.2-gnome2
  HISTSIZE=1000
  HOME=/home/oracle
  HOSTNAME=ilmserver
  INPUTRC=/etc/inputrc
  JAVA_HOME=/usr/java/jdk1.7.0
  LANG=en_US.UTF-8
  LESSOPEN=|/usr/bin/lesspipe.sh %s
  LOGNAME=oracle
  LS_COLORS=no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
  MAIL=/var/spool/mail/oracle
  ORACLE_BASE=/home/oracle/app/oracle
  ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1
  ORACLE_HOSTNAME=ilmserver
  ORACLE_SID=orcl
  PATH=/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/home/oracle/bin:/usr/java/jdk1.7.0/bin:/usr/sbin:/sbin:/home/oracle/app/oracle/product/11.2.0/dbhome_1/bin
  PWD=/home/oracle
  SESSION_MANAGER=local/ilmserver:/tmp/.ICE-unix/14477
  SHELL=/bin/bash
  SHLVL=2
  SSH_AGENT_PID=14513
  SSH_ASKPASS=/usr/libexec/openssh/gnome-ssh-askpass
  SSH_AUTH_SOCK=/tmp/ssh-INwup14477/agent.14477
  TERM=xterm
  TNS_ADMIN=/home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin
  USERNAME=oracle
  USER=oracle
  _=/usr/bin/env
  WINDOWID=24117329
  XAUTHORITY=/tmp/.gdm9ITN0V
  XMODIFIERS=@im=none
  *[oracle@ilmserver ~]$ ls -l /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora*
  -rw-r----- 1 oracle oinstall 879 Aug 24 21:39 /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/*
  drwxr-xr-x 3 oracle oinstall 4096 Aug 24 21:39 /home/oracle/app/oracle/product/11.2.0/dbhome_1/network/admin/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/product/11.2.0/dbhome_1/*
  drwxr-xr-x 74 oracle oinstall 4096 Aug 23 19:00 /home/oracle/app/oracle/product/11.2.0/dbhome_1/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/product/11.2.0/*
  drwxr-xr-x 3 oracle oinstall 4096 Aug 23 18:21 /home/oracle/app/oracle/product/11.2.0/
  [*oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/product/*
  drwxr-xr-x 3 oracle oinstall 4096 Aug 23 18:21 /home/oracle/app/oracle/product/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/oracle/*
  drwxr-xr-x 10 oracle oinstall 4096 Aug 24 17:29 /home/oracle/app/oracle/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/app/*
  drwxr-xr-x 4 oracle oinstall 4096 Aug 23 18:21 /home/oracle/app/
  *[oracle@ilmserver ~]$ ls -ld /home/oracle/*
  drwx------ 22 oracle oinstall 4096 Aug 25 20:55 /home/oracle/
  Naturally the "oracle" user has full access to its own directories.
  A thought just occurred to me. I assume that theoretically it's possible to grant read privilige to informatica user on all these directories... would that do the trick?
  But even if so, makes me wonder whether that is "best practice".
  Also, I cannot imagine I'm the first person to encounter this scenario, and therefore there must be some standard approach to enable this.
  Any suggestions/thoughts?
  As for the TNSNAMES.ORA suggestion, I guess that is possible. Makes administration of TNSNAMES a bit more cumbersome though, as in, 2 files to maintain... risk of getting out of sync when making 'quick and dirty' changes without thinking things through too much (which shouldn't happen... but sometimes does anyway).
  I'd prefer a solution where "informatica" has genuine access to TNSNAMES.ORA.
  Thanks, Patrick
  ps the bold bits with env.var LS_COLORS are unintentional, but don't know how to turn that off

• New User cannot access OWA after migrate from Exchange 2007 to Exchange 2013

  Dear all,
  I recently migrate the Exchange server from Exchange 2007 on Windows Server 2003 to Exchange 2013 on Windows 2012 R2. I can open the mailbox moved from Exchange 2007 without any problem. However when I created a new user in Exchange 2013, the user cannot
  login the OWA, the browser will throw out following screen. Can anyone help me in this case. Thanks a lot!

  Hi Winnie,
  Thank for your reply. Below is the result, please note there has four exchange servers, HKAD and HKEX are the existing Exchange 2007 server. HKCAS1 and HKCAS2 are the new Exchange Server 2013 - both of xchange server 2013 are using owa.ksi.com.hk
  as the external URL.  
  Identity                      : HKAD\owa (Default Web Site)
  InternalAuthenticationMethods : {Basic, Fba}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : True
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  https://hkad.ksi.com.hk/owa
  ExternalUrl                   :
  Identity                      : HKAD\Exchange (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           :
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  ExternalUrl                   :
  Identity                      : HKAD\Public (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           :
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  ExternalUrl                   :
  Identity                      : HKAD\Exchweb (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           :
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  ExternalUrl                   :
  Identity                      : HKAD\Exadmin (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           :
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  ExternalUrl                   :
  Identity                      : HKEX\owa (Default Web Site)
  InternalAuthenticationMethods : {Basic, Fba}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : True
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  https://hkex.ksi.com.hk/owa
  ExternalUrl                   :
  Identity                      : HKEX\Exchange (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           :
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  ExternalUrl                   :
  Identity                      : HKEX\Exadmin (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           :
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  ExternalUrl                   :
  Identity                      : HKEX\Public (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           :
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  ExternalUrl                   :
  Identity                      : HKEX\Exchweb (Default Web Site)
  InternalAuthenticationMethods : {Basic, Ntlm, WindowsIntegrated}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : False
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           :
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  ExternalUrl                   :
  Identity                      : HKCAS2\owa (Default Web Site)
  InternalAuthenticationMethods : {Basic, Fba}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : True
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  https://hkcas2.ksi.com.hk/owa
  ExternalUrl                   :
  https://owa.ksi.com.hk/owa
  Identity                      : HKCAS1\owa (Default Web Site)
  InternalAuthenticationMethods : {Basic, Fba}
  BasicAuthentication           : True
  WindowsAuthentication         : False
  DigestAuthentication          : False
  FormsAuthentication           : True
  LiveIdAuthentication          : False
  AdfsAuthentication            : False
  OAuthAuthentication           : False
  ExternalAuthenticationMethods : {Fba}
  Url                           : {}
  SetPhotoURL                   :
  Exchange2003Url               :
  FailbackUrl                   :
  InternalUrl                   :
  https://hkcas1.ksi.com.hk/owa
  ExternalUrl                   :
  https://owa.ksi.com.hk/owa

• Windows SMB users cannot connect to 10.5.4 server

  Hi all,
  Have a server running 10.5.4 bound to AD and running an OD to provide management of the Macs. Pretty standard setup and haven't had any problems elsewhere with the same deployment. However we're having a problem with XP users connecting to SMB shares. Mac users can connect over AFP or SMB fine, XP users are getting a "Network path could not be found" error. What's more the errors in the SMB log on the server aren't too descriptive. We're getting a few broken pipe errors, but no indication of what's causing that. XP machines don't appear to be getting to the authentication stage.
  Server is an Xserve with a Promise RAID, shares are on a 4TB partition, bound to AD (OD not running Kerberos). SMB setup seems to be correctly aware of the AD.
  Anyone any ideas?
  Thanks

  Is your SMB a Standalone or Domain Member?
  I have a similar problem and noticed that if I change SMB from "Domain Member" to Standalone Windows users can connect. Now every so often Leopard Server will change SMB back to a Domain Member (automatically).
  I have the Server bound to AD. AFP works for the Macs no matter what. Mac Users authenticate to AD and mount the share. However if they try to use SMB, it fails for the Macs as well if SMB is a Domain Member.
  I would like to stop Leopard from not reverting back or fix the "domain member" problem.
  The fact that I can connect while it's a Standalone suggests, to me, that it's not a permissions problem. As well the failure carries to the Mac side means it's not a Windows issue.

• External users cannot connect to RDS Farm (Azure).

  Hi Experts,
  I hope someone is able to help me with this. I have search high and low, but have not found a solution.
  Here we go:
  I have setup a RDS Farm in Microsoft Azur, consisting of the following servers:
  KRPDC01 (Domain Controler / Active Directory / DNS Server)
  KRPSH01 (Remote Session Host #1)
  KRPSH02 (Remote Session Host #2)
  KRPCB01 (Connection Broker)
  I have installed the respective Remote session roles on the above server and added my group of users to the "Remote Desktop Users" group on each Session Host server.  
  At first glance it seems to work. I seem to be able to connect to the farm with the first user. But most of the times, when a second users tries to connect to the same farm, then login hangs for a time, and the connection is refused with this message:
  "Remote Desktop cannot connect to the remote computer for one of the following reasons:
  1) Remote Access to the server is not enabled
  2) The Remote Computer is turned off
  3) The Remote Computer is not available on the network
  Make sure that the remote computer is turned on and connected to the network, and that remote access is enabled."
  Sometimes not even the first user can connect to the farm at all with the same error message.
  I have looked into the logs on the connection broker, and something interesting shows up.
  It seems that whenever the connection broker wants to redirect a users connection request to a different server than the one that recieved the connection request, then the connection fails. If however the connection broker grants the connection to the same
  server as the request is comming from, then the user is logged in.
  Here are the log entries when the connection fails:
  "RD Connection Broker received connection request for user xxx\testuser. 
  Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.KRPCLOUD 
  Initial Application = NULL 
  Call came from Redirector Server = KRPSH01.xxx.net 
  Redirector is configured as Farm member"
  Followed by:
  "RD Connection Broker successfully processed the connection request for user xxx\testuser. Redirection info: 
  Target Name = KRPSH02 
  Target IP Address = 10.4.3.7 
  Target Netbios = KRPSH02 
  Target FQDN = KRPSH02.xxx.net 
  Disconnected Session Found = 0x0"
  The a few minutes later this entry is found in the log:
  "Remote Desktop Connection Broker Client failed to redirect the user xxx\testuser
  Error: NULL"
  These are the log entries when the connection is successfull:
  "RD Connection Broker received connection request for user xxx\testuser 
  Hints in the RDP file (TSV URL) = tsv://MS Terminal Services Plugin.1.KRPCLOUD 
  Initial Application = NULL 
  Call came from Redirector Server = KRPSH02.xxx.net 
  Redirector is configured as Farm member"
  Followed by:
  "RD Connection Broker successfully processed the connection request for user xxx\testuser. Redirection info: 
  Target Name = KRPSH02 
  Target IP Address = 10.4.3.7 
  Target Netbios = KRPSH02 
  Target FQDN = KRPSH02.xxx.net 
  Disconnected Session Found = 0x0"
  And then:
  "Session for user KASSERAPPORTEN\krptest successfully added to RD Connection Broker's database. 
  Target Name = KRPSH02.kasserapporten.net 
  Session ID = 2 
  Farm Name = KRPCLOUD"
  And:
  "This connection request has resulted in a successful session logon (User successfully logged on to the end point). Remote Desktop Connection Broker will stop monitoring this connection request."
  If I connect to one of the other servers on the network - the KRPDC01 - and from there connects to the RDS Farm (internally) then there is no problem recieving the connections. Also connections where the broker has to redirect the connection to a differing
  Session Host is completed without problems.
  I have noticed than when successfully connection from internally where the connection is redirected by the connection broker, then I actually recieved 2 certificate warnings. One first from the Session Host that have recieved the connection request, and the
  shortly after from the second Session Host (when the connection broker is redirecting the connection) and then the connection is established.
  When connection from the outside, I never get the second certificate warning.
  In Azure I have setup indpoint for Remote Desktop - TCP/3389 on both Session Host servers and on the Connection broker.
  As mentioned I am at a total loss, and I hope someone out there is able to help me solve this issue.
  Thanks in advance :-)
  Regards,
  Daniél 

  Hi,
  Seems this issue is related with Windows Azure Virtual Machine, I will move it to Windows Azure Virtual Machine Forum for a better help.
  Thank you for your understanding!
  Best Regards
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Domain users cannot connect to the network folders when logged in via rds remote apps

  Hi,
  recently I setup an RDS farm for remote apps on server 2012 r2.
  all users can connect to the apps published. no problems there.
  but when users connect via rds they cannot connect to the networkfolders and cannot store the resultance of there work (docx and xlsx files)
  all users are normally connected to the networkfolders using a small login batch file handing down the unc path needed. when I log in as domain admin, also using a login batch, connections are setup correctly. It seems to me to be an security issue on the
  rds session host.
  how to alter this?
  greetz, Fons
  Fons system and network engineer Balie Amsterdam

  Hi,
  Thank you for posting in Windows Server Forum.
  We use WMI to communicate with the RDSH server. Various issues can cause WMI to deny access or return error codes. Here's a few things you can try:
  1.  Check if the "TS Web Access Computers" security group on the RDSH server has incorrect permissions in DCOM and/or WMI:
     For checking DCOM security settings:
     1. Start the Component Services MMC snapin
     2. Navigate to Component Services -> Computers -> My Computer
     3. Right-click on My Computer and select properties
     4. Go to the COM Security tab
     5. Under Access Permissions, click the Edit Limits button
     6. Ensure that TS Web Access Computers is in the list, with all of the permissions set to “allow”.
     7. Under Launch and Activation Permissions, click the Edit Limits button
     8. Ensure that TS Web Access Computers is in the list, with all of the permissions set to “allow”.
     For checking WMI security settings:
     1. Start the WMI Control MMC snapin
     2. Right-click the WMI Control node and select properties
     3. Go to the Security tab
     4. Navigate to Root->CIMV2->TerminalServices
     5. With TerminalServices selected, click the Security button
     6. Ensure that TS Web Access Computers is in the list with Execute Methods, Enable Account, and Remote Enable set to "allow"
  2.  Verify the RD Session Host server's firewall allows WMI calls.
  3. Verify that the RD Connection Broker hasn't lost its trust relationship with the domain.
  4. See if non-RDS related WMI calls can be successfully made to the RDSH server. This can help differentiate between a general WMI issue and an issue calling the RDS WMI provider.
  (Quoted from following thread.)
  RemoteApp Source not working from RDWeb
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/173d4546-e12f-47c1-ac66-8b4f69826892/remoteapp-source-not-working-from-rdweb?forum=winserverTS
  Hope it helps!
  Thanks.
  Dharmesh Solanki