WebAuth issue, de-authenticating users randomly!

Similar Messages

• Redirect_uri issue when authenticating user with live account.

  Hello,
  i am working with a MVC application which is using OAuthWebSecurity to authenticate the user through live account, i am able to get access code and see the login page, but while getting access token i get the exception "The provided value for the 'redirect_uri'
  is not valid. The value must exactly match the redirect URI used to obtain the authorization code", i have checked couple of times the redirect_uri, it is same at the time of login request and at the time of getting access token, i dont get this exception
  for the first login, i get after the first login, following is the code where i get the exception.
     Exception asyncEx = null;
              LiveLoginResult liveAuthResult = null;
              LiveAuthClient client = new LiveAuthClient(ClientId, ClientSecret, "");
             //below i'm retrieving the url i have passed at request login. 
              string redirectUrl = (string)context.Items["DefaultRedirectUrl"];
             //i get the exception from out param asyncEx
              liveAuthResult = AsyncToSyncUtility.RunSync(() =>
                  return client.ExchangeAuthCodeAsync(context);
              }, out asyncEx);
  i don't know whether the problem is with the code or from live provider, can any one help me to resolve this redirect_uri issue..?

  Are you using the LiveSDK?  You may want to see if the access token request is formed correctly using the following format.
  POST https://login.live.com/oauth20_token.srf
  Content-type: application/x-www-form-urlencoded
  client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&client_secret=CLIENT_SECRET&code=AUTHORIZATION_CODE&grant_type=authorization_code
  It's difficult to tell how your code is actually building the request to send to the OAuth server.

• Cannot prevent authenticated users from creating a blog on "My Page"

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.
  Message was edited by: dstrollo.il

  Ran into this same issue.... Talked with a field engineer who confirmed the behavior. The question now is this a defect or "feature that does not work as as the audience desires". As I far can tell, the security setting for blogs in server admin does nothing at all. This has the potential to cause a few issues as you cannot limit who can have a blog.
  Message was edited by: jlindler

• 10.6.1 Server - cannot prevent authenticated users from creating a blog

  I have a brand new Snow Leopard (10.6.1) 2.26 Ghz quad core Xserve with 12Gb RAM that will be used for web collaboration services. I've currently set up Wiki and Blog services with a group membership to allow creating wikis/blogs. The reason for this is for staff development purposes with the plan to add people into the group as they are trained. The process to set it all up was very simple, however, I'm having an issue preventing authenticated users from creating a personal blog. Although I can prevent the creation of wiki's to members of a group easily, any authenticated user on the server can log into "My Page" and will be able to create a blog. I've gone to server admin>choose the server>choose the "access" icon and set the column "for selected services below" (blog) to "allow only users and groups below" (the group) and it still doesn't prevent them from making a blog page. In WGM for the group on the "Basic" tab, the "enable the following services for this group" has only the choice of "none" and therefore since the site isn't showing as a choice, the Wiki, Blog, Calendar and Mailing List is grayed out. I've seen another thread that states in 10.6 that option for setting the service acl in the group settings of WGM is unavailable. Does anyone know a fix for my problem of security access for a "My Page" blog or is it a possible bug in Snow Leopard? Right now my only workaround is to remove the users access and enable it as they are trained. This isn't an ideal fix, however, because we have some users who want to limit their wiki or blog to authenticated users only, not public access. Any help will be greatly appreciated.

  Thanks for the suggestion, but that would prevent all users from creating personal blogs. I was hoping to be able to have a group of users that can create a personal blog outside of the blog attached to a wiki.

• Issue with authentication of users of one domain while logging on to EPM/HFM(we have 3 domains in total)

  EPM Version - 11.1.2.3.500.7
  We have 3 domains and users are authenticated via the Active Directory, the users of all the domains are able to log on to EPM except one Domain.
  What may be the reason?
  The setup was running fine for the last x months and suddenly we see this issue.
  Did anyone encounter this kind of Issue? Any help ?
  1) The Error what the users get :
  EPMCSS: 00301: Failed to authenticate user. Invalid Credentials. Enter Valid Credentials
  2) Error Admin gets when he is trying to search the users in shared services Error what Admin gets :
  EPMCSS:00706: Failed to get users from user directory xx. Error getting connection from connection pool, Verify user Directory Configuration.
  Thanks
  RK.

  We encountered this issue when the User DN's password was changed or when the id was moved to a different folder within Active Directory.

• Ironport Web authentication drops randomly

  For the past 2 years I have had an issue on my network that
  continues to grow in frequency. Random users (at random t
  imes) lose authentication to the Ironport device. I can always
  tell when this happens since the browser bar will suddenly show a web add
  ress with random code but I do see Ironport in the
  code. Originally I would have to have the user perfor
  m a reboot in order to gain access again. I have since found that refreshing the c
  omputers ip address (ipconfig /renew) will
  re-establish authentication with the Ironport device. Or
  iginally, this problem only occurred on 2 users machines, but over time it now seems t
  o affect all my users. I have created a shortcut on the users desktops to run the
  ip refresh command for them as a temporary fix, but would like to know if anyone else has h
  ad this problem, if so how was it fixed?

  Are you using IP Surrogate or Cookie to keep track of authenticated user sessions? Investigate the timeout values of the authentication setting.

• Ironport s670 blocking users randomly. Os build 7.1.3-031

  I have migrated an old ironport wsa to new s670 appliance, the configuration is same.  It worked fine for about a month but now it is blocking legitimate users randomly.
  It is happening frequently and there is no pattern for this issue, it's totally random and non predictable. Suddenly it will block the user and after 5 minutes it starts working again. After few hours some other user will fave the issue.
  Is there anyone here who faced similar issue or anyone know about any bug in this OS version which can be fixed with version upgrade.
  Thanks

  I have experienced a very similar issue recently with a s370 appliance. Troubleshooting led to identifying an incorrect parameter in the authentication settings on the box. In our case the surrogate timeout had been set to 360 seconds. This seemed to lead to an increased load on our AD servers and after resetting it to 3600 seconds we have not seen one of these five minute outages since. We were experiencing them on a daily basis for a few days before we tried this. Cisco support did not confirm that this was an issue, though it seems like more than a coincidence that the outages started after changing that parameter.

• An issue with authentication and authorization on ISE 1.2

  Hi, I'm new to ISE.
  I have an issue with authentication and authorization.
  I have ISE 1.2 plus patch 6 installed on VMware.
  I have built-in Windows XP supplicant and 2960 cisco switch with IOS c2960-lanbasek9-mz.150-2.SE5.bin
  On supplicant I use EAP(PEAP) with EAP-MSCHAP v2.
  I created  authentication and authorization rules with Active Directory  as External Identity Source. Also I applied  authorization profile with DACL.I login on Windows XP machine under different Active Directory accounts. Everything works fine (authentication, authorization ), but only for several hours. After several hours passed , authentication and authorization stop working . I can see that ISE trying authenticate and authorize users, but ISE always use only one account for  authentication and authorization . Even if I login under different accounts ISE continue to use only one last account.
  I traied to reboot switch and PC,but it didn’t help. Only rebooting of ISE helps. After ISE rebooting, authentication and authorization start to work properly for several hours.
  I don’t understand is it a glitch or I misconfigured ISE or switch, supplicant?
  What  should I do to resolve this issue?
  Switch configuration:
   testISE#sh runn
  Building configuration...
  Current configuration : 7103 bytes
  ! Last configuration change at 12:20:15Tue Apr 15 2014
  ! NVRAM config last updated at 10:35:02  Tue Apr 15 2014
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname testISE
  boot-start-marker
  boot-end-marker
  no logging console
  logging monitor informational
  enable secret 5 ************
  enable password ********
  username radius-test password 0 ********
  username admin privilege 15 secret 5 ******************
  aaa new-model
  aaa authentication dot1x default group radius
  aaa authorization network default group radius
  aaa authorization auth-proxy default group radius
  aaa accounting update periodic 5
  aaa accounting dot1x default start-stop group radius
  aaa server radius dynamic-author
   client 172.16.0.90 server-key ********
  aaa session-id common
  clock timezone 4 0
  system mtu routing 1500
  authentication mac-move permit
  ip dhcp snooping vlan 1,22
  ip dhcp snooping
  ip domain-name elauloks
  ip device tracking probe use-svi
  ip device tracking
  epm logging
  crypto pki trustpoint TP-self-signed-1888913408
   enrollment selfsigned
   subject-name cn=IOS-Self-Signed-Certificate-1888913408
   revocation-check none
   rsakeypair TP-self-signed-1888913408
  crypto pki certificate chain TP-self-signed-1888913408
  dot1x system-auth-control
  spanning-tree mode pvst
  spanning-tree extend system-id
  vlan internal allocation policy ascending
  ip ssh version 2
  interface FastEthernet0/5
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/6
   switchport mode access
   ip access-group ACL-ALLOW in
   authentication event fail action next-method
   authentication event server dead action reinitialize vlan 1
   authentication event server alive action reinitialize
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication violation restrict
   mab
   dot1x pae authenticator
   dot1x timeout tx-period 10
   spanning-tree portfast
  interface FastEthernet0/7
  interface Vlan1
   ip address 172.16.0.204 255.255.240.0
   no ip route-cache
  ip default-gateway 172.16.0.1
  ip http server
  ip http secure-server
  ip access-list extended ACL-ALLOW
   deny   icmp any host 172.16.0.1
   permit ip any any
  ip radius source-interface Vlan1
  logging origin-id ip
  logging source-interface Vlan1
  logging host 172.16.0.90 transport udp port 20514
  snmp-server community public RO
  snmp-server community ciscoro RO
  snmp-server trap-source Vlan1
  snmp-server source-interface informs Vlan1
  snmp-server enable traps snmp linkdown linkup
  snmp-server enable traps mac-notification change move
  snmp-server host 172.16.0.90 ciscoro
  radius-server attribute 6 on-for-login-auth
  radius-server attribute 6 support-multiple
  radius-server attribute 8 include-in-access-req
  radius-server attribute 25 access-request include
  radius-server dead-criteria time 5 tries 3
  radius-server vsa send accounting
  radius-server vsa send authentication
  radius server ISE-Alex
   address ipv4 172.16.0.90 auth-port 1812 acct-port 1813
   automate-tester username radius-test idle-time 15
   key ******
  ntp server 172.16.0.1
  ntp server 172.16.0.5
  end

  Yes. Tried that (several times) didn't work.  5 people in my office, all with vers. 6.0.1 couldn't access their gmail accounts.  Kept getting error message that username and password invalid.  Finally solved the issue by using Microsoft Exchange and "m.google.com" as server and domain and that the trick.  Think there is an issue with imap.gmail.com and IOS 6.0.1.  I'm sure the 5 of us suddently experiencing this issue aren't the only ones.  Apple will figure it out.  Thanks.

• Workspace Credential Conflict between Logged-in User and the Authenticated User

  Hi there,
  I am running LiveCycle ES Update1 SP2 with Process Management component on WIN/JBoss/SQL Server 2005.
  I have been encountering user credential conflicts from time to time, but it has not been consistent and the problem manifested in various ways, such as:
  - problem when logging in with error "An error occurred retrieving tasks." on the login screen
  - user logs in successfully but is showing somebody else queue(s) with his/her own queue with no task in there
  - fails to claim task from group queue.
  The stacktrace from the server.log file I collected from a production system shows the exception below.
  Has anybody else encountered the similar problem?
  It looks to me that it doesn't log out cleanly and some kind of caching is done on the authenticated session and is not cleaned up properly on user logout.
  2009-07-10 15:05:13,955 ERROR [com.adobe.workspace.AssemblerUtility] ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
  2009-07-10 15:05:13,955 INFO  [STDOUT] [LCDS] [ERROR] Exception when invoking service 'remoting-service': flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
    incomingMessage: Flex Message (flex.messaging.messages.RemotingMessage)
      operation = submitWithData
      clientId = F3D2CDD0-330F-F00B-C710-5AF3F7CB4138
      destination = task-actions
      messageId = 7E385A6B-E4E6-3A81-CD6A-630DF4FAE5BB
      timestamp = 1247202313955
      timeToLive = 0
      body = null
      hdr(DSEndpoint) = workspace-polling-amf
      hdr(DSId) = F3C38977-171B-7BED-3B16-F3A5FE419479
    Exception: flex.messaging.MessageException: ALC-WKS-005-008: Security exception: the user specified in the fill parameters (oid=F0FA390C-AECC-BB19-F0D7-6CA13D6CBF83) did not match the authenticated user (oid=F25892EE-80CE-8C24-E40D-881F631AA8BE).
      at com.adobe.workspace.AssemblerUtility.createMessageException(AssemblerUtility.java:369)
      at com.adobe.workspace.AssemblerUtility.checkParameters(AssemblerUtility.java:561)
      at com.adobe.workspace.tasks.TaskActions.callSubmitService(TaskActions.java:788)
      at com.adobe.workspace.tasks.TaskActions.submitWithData(TaskActions.java:773)
      at sun.reflect.GeneratedMethodAccessor941.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at flex.messaging.services.remoting.adapters.JavaAdapter.invoke(JavaAdapter.java:421)
      at flex.messaging.services.RemotingService.serviceMessage(RemotingService.java:183)
      at flex.messaging.MessageBroker.routeMessageToService(MessageBroker.java:1495)
      at flex.messaging.endpoints.AbstractEndpoint.serviceMessage(AbstractEndpoint.java:882)
      at flex.messaging.endpoints.amf.MessageBrokerFilter.invoke(MessageBrokerFilter.java:121)
      at flex.messaging.endpoints.amf.LegacyFilter.invoke(LegacyFilter.java:158)
      at flex.messaging.endpoints.amf.SessionFilter.invoke(SessionFilter.java:44)
      at flex.messaging.endpoints.amf.BatchProcessFilter.invoke(BatchProcessFilter.java:67)
      at flex.messaging.endpoints.amf.SerializationFilter.invoke(SerializationFilter.java:146)
      at flex.messaging.endpoints.BaseHTTPEndpoint.service(BaseHTTPEndpoint.java:278)
      at flex.messaging.MessageBrokerServlet.service(MessageBrokerServlet.java:315)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:252)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at com.adobe.workspace.events.RemoteEventClientLifeCycle.doFilter(RemoteEventClientLifeCycle .java:138)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:202)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:159)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11P rotocol.java:744)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)
  Kendy

  I am having the same server issue and i cant get hold of SP3 to fix it. can anyone tell me how to fix this problem or provided a link where i can get SP3 from? Ive spent most of the day on the phone to Adobe Support and they have been unable to provide me with a link to the service pack.

• How to solve the issue "CUV check user equivalence failed" ?

  Folks,
  Hello. I am installing Oracle 11gR2 RAC using 2 VMs (rac1 and rac2) whose OS are Oracle Linux 5.6 in VMPlayer according to the website http://appsdbaworkshop.blogspot.com/2011/10/11gr2-rac-on-linux-56-using-vmware.html
  In order to install Grid Infrastructure, we need to run Cluster Utility Verification (CUV) at first by running the cammand below:
  [ora11g@rac1 grid]$ ./runcluvfy.sh stage -pre crsinst -n rac1,rac2 -verbose
  Its output:
  Performing pre-checks for cluster services setup
  Check: User equivalence for user “ora11g”
  Node Comment
  rac1 failed
  rac2 failed
  Result: PRVF-4007 : User equivalence check failed for user “ora11g”
  ERROR:
  User equivalence unavailable on all the specified nodes
  Verification cannot proceed
  Pre-check for cluster services setup was unsuccessful on all the nodes.
  As you see above, check user equivalence failed. I have run the 4 commands to fix this error as below:
  [ora11g@rac1 /]$ ssh-keygen
  Its output:
  Generating public/private rsa key pair.
  Enter file in which to save the key (/home/grid/.ssh/id_rsa):
  Enter passphrase (empty for no passphrase):
  Enter same passphrase again:
  Your identification has been saved in /home/grid/.ssh/id_rsa.
  Your public key has been saved in /home/grid/.ssh/id_rsa.pub.
  The key fingerprint is:
  0c:10:6c:3b:ae:21:63:64:f8:0d:0e:d8:f0:41:32:ff [email protected]
  [ora11g@rac1 .ssh]$ cat *pub >>authorized_keys
  [ora11g@rac1 .ssh]$ ssh rac1
  Its output:
  The authenticity of host ‘rac1 (127.0.0.1)’ can’t be established.
  RSA key fingerprint is 9d:ae:51:7c:72:81:07:37:31:92:f1:c8:90:bc:52:55.
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added ‘rac1′ (RSA) to the list of known hosts.
  Write failed: Broken pipe.
  [ora11g@rac1 .ssh]$ ssh rac1-priv
  Its output:
  The authenticity of host ‘rac1-priv (192.168.137.35)’ can’t be established.
  RSA key fingerprint is 9d:ae:51:7c:72:81:07:37:31:92:f1:c8:90:bc:52:55.
  Are you sure you want to continue connecting (yes/no)? yes
  Warning: Permanently added ‘rac1-priv,192.168.137.35′ (RSA) to the list of known hosts.
  Write failed: Broken pipe.
  After run the 4 commands above, I run the command below again:
  [ora11g@rac1 grid]$ ./runcluvfy.sh stage -pre crsinst -n rac1,rac2 -verbose
  Its output is the same:
  PRVF-4007 : User equivalence check failed for user “ora11g”
  ERROR:
  User equivalence unavailable on all the specified nodes
  Verification cannot proceed
  I think the problem is "Broken pipe" and ssh cannot write authorized_keys to the machines.
  My question is:
  Do any folk understand how to solve the issue CUV "check user equivalence failed" for 2 VMs ?
  Thanks.

  Folks,
  Hello. Thanks a lot for replying.
  I have installed Grid Infrastructure a few times. Each time, on step 7 of 9, the installer fixes and checks 2 machines correctly. The entire installation has 3 parts as below:
  1) Install Grid Infrastructure for a Cluster
  2) Execute Root Scripts for Install Grid Infrastructure for a Cluster (script is root.sh)
  3) Configure Oracle Grid Infrastructure for a Cluster that includes NCA, ASMCA, PICA and CVU.
  Each time, on step 8 of 9, the Installer installs Grid Infrastructure for a Cluster successfully that includes "Prepare, Copy files, Link binaries, Setup files and Perform remote operations".
  But when the Installer get to part 3 CVU, it fails and then the Database cannot be installed.
  Deinstall Grid is a very complicated process to do. Because of this reason, we need to run CVU at first to make sure everything is correct for 2 machines before install Grid.
  Even we ignore "user equivalence (ssh)", we don't know whether other items can be passed or not because CVU cannot proceed to check the machines.
  My question is:
  How to have the script "runcluvfy.sh" continue to check the machines while confronting "user equivalence failed" ?

• Authenticated Users & Users missing from Root

  Hello,
  Environment: MDT 2013, 2008 R2, Windows 7 x86.  MDT is located on Windows 7 x86 and is not integrated with SCCM or WDS.
  Process: Separate build, capture, and deployment task sequences.
  Problem:  After deployment the Authenticated Users and local Users are missing from the root (e.g., c:).  The only security permissions assigned to the root are SYSTEM, domain account, Local Administrator.
  This causes problems once joined to a domain due to the fact Authenticated Users have no permissions forcing a given user to have a temporary account.  So far, only a partial workaround is identified and is undesirable in the long-run.  The workaround
  is to manually add Authenticated Users as well as the Local Users to the root and delete the domain account but the system will only allow partial inheritance through the file structure.  Delete all entries for a particular user in the registry (e.g.,
  PolicyGUID, ProfileGUID, ProfileList).  Afterwards, log in to the machine with an account within the domain administrator group.
  Additional information shows the registry Profilelist entries for a user maintains partial access with a value of 204; this includes the user and a domain account within the administrator group.  The domain account present after deployment has a value
  of 0.  Two accounts have the expected value of 256 and they are the local and domain administrator account.
  Also, if the same image is deployed using the PE environment the accounts are as they should be.  The groups added are: Authenticated Users, Localmachine\Users, SYSTEM, Localmachine\Administrators.
  The questions are: why would the Authenticated Users and Local Users accounts be missing?  Why is the account used to deploy added?
  Help is very appreciated, and thank you.

  Hello, Nicholas the sysprep and capture is completed by a default template from MDT LTI sequence.  The answer file used is the default provided by MDT.  No attempt is made to capture from winpe because this simply negates the point of the MDT process. 
  However, applying the same image from winpe there are no permission issues and all the appropriate groups are assigned to the root.
  With returning to the office this fine morning, I ran icacls on a machine:
  C:\Users\Administrator>icacls c:\
  c:\ No mapping between account names and security IDs was done.
  (I)(OI)(CI)(F)
  BUILTIN\Administrators:(I)(OI)(CI)(F)
  NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
  Mandatory Label\High Mandatory Level:(OI)(NP)(IO)(NW)
  Successfully processed 1 files; Failed processing 0 files
  Thank you for the continued effort, Nicholas.  With the additional icacls information I will delve into the general error provided.

• Authenticated users blocked by rbl

  Hi,
  I have a user who is now having email sent via our server blocked by an rbl. The email being sent was to me, so we both have an account on the same server and no other mail server was involved.
  Is there a way to configure Postfix to accept all incoming email from authenticated users, bypassing the rbl list for authenticated users?
  Output of postconf -n below.
  Thanks
  Ron
  alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
  command_directory = /usr/sbin
  config_directory = /etc/postfix
  daemon_directory = /usr/libexec/postfix
  debugpeerlevel = 2
  enableserveroptions = yes
  html_directory = no
  inet_interfaces = all
  localrecipientmaps = proxy:unix:passwd.byname $alias_maps
  luser_relay =
  mail_owner = postfix
  mailboxsizelimit = 0
  mailbox_transport = cyrus
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  mapsrbldomains =
  messagesizelimit = 10485760
  mydomain = wagnercreativegroup.com
  mydomain_fallback = localhost
  myhostname = smtp.wagnercreativegroup.com
  mynetworks = 127.0.0.1/32,66.167.106.195/32,66.167.106.194
  mynetworks_style = host
  newaliases_path = /usr/bin/newaliases
  ownerrequestspecial = no
  queue_directory = /private/var/spool/postfix
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = postdrop
  smtpdclientrestrictions = permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
  smtpdpw_server_securityoptions = plain,login,cram-md5
  smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
  smtpdsasl_authenable = yes
  smtpduse_pwserver = yes
  unknownlocal_recipient_rejectcode = 550
  virtualaliasdomains = hash:/etc/postfix/virtual_domains
  virtualaliasmaps = hash:/etc/postfix/virtual,hash:/var/mailman/data/virtual-mailman
  virtualmailboxdomains = hash:/etc/postfix/virtualdomainsdummy
  virtual_transport = lmtp:unix:/var/imap/socket/lmtp
    Mac OS X (10.4.8)  

  Change:
  smtpdclientrestrictions = permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
  to:
  smtpdclientrestrictions = permitsaslauthenticated, permit_mynetworks rejectrblclient zen.spamhaus.org rejectrblclient combined.njabl.org rejectrblclient bl.spamcop.net permit
  Issue: sudo postfix reload
  Also, if you like, see my tutorial on "Frontline spam defense for Mac OS X Server", available here:
  http://osx.topicdesk.com/downloads/

• Issue with AD users restricted to certain machines.

  Hi all,
  So, we seem to have a bit of an issue with user accounts that are restricted to logging in to certain machines only. While the user is permitted to log in to the machine (Windows lets them), our ISE server denies the login and the trace looks like this:
  24430 Authenticating user against Active Directory
  24441 Account not permitted to log on using the current workstation
  22057 The advanced option that is configured for a failed authentication request is used
  22061 The 'Reject' advanced option is configured in case of a failed authentication request
  11823 EAP-MSCHAP authentication attempt failed
  12305 Prepared EAP-Request with another PEAP challenge
  11006 Returned RADIUS Access-Challenge
  5411 No response received during 120 seconds on last EAP message sent to the client
  Has anyone seen this?
  Version 1.1.1.268.
  Thanks!
  -Ryan

  Well, as soon as I posted this, the idea hit me.
  We added the two ISE servers' machine accounts in AD to the machines that this user is permitted to log in to, and it works like a charm now. Apparently when a user logs in, ISE passes through a generic machine name (of itself) to AD, and it wasn't matching the list of allowed machines.

• Authentication user name required

  I'm trying to set-up my HP one step? It keeps asking me for "authentication user name" and password. I have NO IDEA what or 'which' are they referring to!!!! 

  Hello IZZYT84,
  Welcome to the HP Forums.
  I see that we are having an issue when attempting to install the printer on a wireless connection.
  The following document will give you detailed instructions on Installing the Printer Software for a Wireless Network Connection.
  This document also has a link to take you to the Full Feature Software and Driver download.
  Please feel free to write me back if you have any other questions.
  Cheers, 
  Click the “Kudos Thumbs Up" at the bottom of this post to say “Thanks” for helping!
  Please click “Accept as Solution ” if you feel my post solved your issue, it will help others find the solution.
  W a t e r b o y 71
  I work on behalf of HP

• Creating Externally Authenticated users

  Greetings,
  We recently migrated our Security team from Windows XP to Windows 7. With this upgrade, they were forced to stop using the java Oracle 9i Enterprise Manager to manage security and database users. I was able to find the View->DBA tab in Oracle SQL Developer which allows for things like CREATE LIKE, CREATE, etc, but under the CREATE USER, I see nowhere where the tool allows for a user other than a normal database authenticated account. We have a few key databases where we must create externally authenticated users (EXTERNAL) and this just isn't an option. Is this functionality anywhere in the tool?
  Thanks
  Bradd

  We recently migrated our Security team from Windows XP to Windows 7. With this upgrade, they were forced to stop using the java Oracle 9i Enterprise Manager to manage security and database users. I was able to find the View->DBA tab in Oracle SQL Developer which allows for things like CREATE LIKE, CREATE, etc, but under the CREATE USER, I see nowhere where the tool allows for a user other than a normal database authenticated account. We have a few key databases where we must create externally authenticated users (EXTERNAL) and this just isn't an option. Is this functionality anywhere in the tool?
  I don't understand what you are trying to do.
  Post your full sql developer info and explain in detail what you mean; with an example if possible.
  You can create users in the DB the way you do with any tool: write the appropriate DDL for CREATE USER. For OS authentication you add the OS_AUTHENT_PREFIX to the user name.
  In sql developer create connections for those users using the connections dialog that you use for any other user. On that dialog there is a checkbox for OS authentication.
  See this article by Sue Harper and see if the example for local OS authentication she provides answers your question:
  http://www.oracle.com/technetwork/issue-archive/2008/08-may/o38sql-102034.html
  To configure local OS authentication for a new user, first find the value of the OS_AUTHENT_PREFIX database initialization parameter in your system's init.ora file. When you create this new user in the database, you must add this parameter value as a prefix to the OS username. The default value is OPS$, for backward compatibility with earlier database releases. (If the value is "", the OS username and the database username are the same, so you don't need to add a prefix to create the Oracle usernames.)
  Establish a basic connection with the HR schema as the SYSTEM user. Execute the following from the SQL worksheet, using your database's OS_AUTHENT_PREFIX prefix and substituting your own OS username for "sue":
  CREATE USER ops$sue IDENTIFIED EXTERNALLY;  GRANT Connect, resource to sue;     
  Now create a basic connection for this user from the New / Select Database Connection dialog box. Enter a connection name; select Basic for Connection Type ; fill in the Hostname and Port fields; select OS Authentication ; and provide a SID or Service name . Click Test and Connect as before.