Why site database server for Central Admin site not accessible?
Hello everyone,
I've this issue where; when connecting a primary site to existing central administration site; setup prerequisite checker
continue to notify it cannot establish connection to SQL server having central administration site database. The SQL server
having central site database is installed locally on the server central administration site is hosted on. Both servers
(central administration site server, the new server to host child primary site required to join that central administration
site) having following configuration:
A. Central Administration site server, with site database server installed locally:
Name: HQCAS
OS: WS 2008 R2 SP1, fully patched.
SQL Server: SQL Server 2008 R2 with SP2. Correct required SQL server collation set supported by CM2012.
SQL Server named instance: CASDB
Local firewall ports opened: 1433, 4022 (via inbound rules created in group policy, same GPO applies to primary site
server)
SQL Server broker service Enabled: True.
TCP/IP: All dynamic ports left blank to support static port 1433.Static port 1433 configured for all IPs.
IP Address: 10.1.1.250/8
Local SAM: Both server computer accounts added to local 'Administrators' group on both servers.
Domain service account: svcCASDB
SPNs registered: 2x, one for HQCAS hostname on instance CASDB on port 1433, second for FQDN for HQCAS on instance
CASDB on port 1433.
SQL Server Logins: Security group containing both computer accounts for HQCAS & STPRS. Both account having sysadmin SQL
server role assigned.
SQL Server browser service running.
B. Primary site server, with SQL server installed locally: to join HQCAS CM2012 hierarchy:
Name: STPRS
OS: WS 2008 R2 SP1, fully patched.
SQL Server: SQL Server 2008 R2 with SP2. Correct required SQL server collation set supported by CM2012.
SQL Server named instance: CM12PRIMARY
Local firewall ports opened: 1433, 4022 (via inbound rules created in group policy, same GPO applies to central
administration site server)
SQL Server broker service Enabled: True.
TCP/IP: All dynamic ports left blank to support static port 1433.Static port 1433 configured for all IPs.
IP Address: 172.168.1.250/16
Local SAM: Both server computer accounts added to local 'Administrators' group on both servers.
Domain service account: svcCASDB
SPNs registered: 2x, one for STPRS hostname on instance CM12PRIMARY on port 1433, second for FQDN for STPRS on
instance CM12PRIMARY on port 1433.
SQL Server Logins: Security group containing both computer accounts for HQCAS & STPRS. Both account having sysadmin SQL
server role assigned.
SQL Server browser service running.
Tests performed:
Telnet to/from both HQCAS/STPRS on ports 1433, 4022 establishes connection. Please help
Hello friends,
My finding it finally is....there wasn't any configuration issue as I mentioned above.
I'm using an evaluation edition of SQL Server 2008 R2; it just allows default instance (MSSQLSERVER) to be used, not a named instance.
The confirming test for this was...I re-installed SQL Server with all the same settings except changing from a named instance to default; once I finished applying service pack 3. I could initiate WSUS 3.0 SP2 x64 setup and point it to use this SQL server.
WSUS setup completed without any errors. This was not happening when named instance was all configured properly. It was just not accessible from outside.
Well this is what my finding is. For lab environment of CM2012 it suffices the need.
Regards,
Shahzad.
Similar Messages
-
How can we position 5 Database Server for a centralized Database ?
1) We are providing a e governance solution for an organization,where we are providing a centralized database,Client have provided 5 Database server for the same.how can we position the Database Server? there are 5000 Concurrent users and 25000 users,SAN
Storage for approx. 60 TB,Database size of 2 TB and growth of 1 TB every year
2) How many instance can we have for above said Case?
3) How much RAM Required ?Thanks for sharing information!!
DB size is going to be too huge, you need to check for data archival option along with proper compression option.
As per requirement, you need good server setup like; CPU: 4 cpu, 12 cores and RAM will be good to start with 256 GB.
When you say 5 db server, is that it means 5 physical server not db instances rt?
If that is the case then you can go for SQL Server 2014 to use that in memory options along with so many good support for temppdb, query optimization due to cardinality changes, SSD support etc.
Intances will be:
INS1, 2 : main instance and archival instance, using first two servers out of 5 servers.
INS3: DR server, if it will not be active all the time and then we can easily check for 1/4 load on DR server so you can configure AlwaysOn to check INS1 and DR instance to get all HA DR part too.
In case of INS4, INS5 can be used for reporting purpose being configured as other replication to act as local DR too.
Hopefully I have covered all the available objects you have.
Santosh Singh -
SQL Server Analysis Services not showing in Services on Server on Central Admin
Hi All
We have a Sharepoint 2013 farm set up (2xApp, 2xWeb, 1xSQL) and we have a number of excel powerpivot workbooks deployed and refreshing.
This was all working fine, until recently when our Excel 2013 Tabular workbooks stopped refreshing manually. This had worked fine in the past, but now is giving the following error:
"An error occurred during an attempt to establish a connection to the external data source"
The first thing I wanted to check was that the "SQL Server Analysis Services" was started in Services on Server within Central Admin. However when i navigated to check this, I noticed that the service was no longer listed at all.
I checked the Analysis services for Powerpivot is running on the server and it is registered within Data Models on Excel services.
There was recently some Windows updates that were applied to the servers, but i'm pretty confident that the refresh was working after these, however i cant rule out 100%.
Hoping for any advice on what I can check/do here?
Thanks!When i try to run that tool i actually get a strange error (we are running Enterprise Edition):
"PowerPivot for SharePoint 2013 Configuration is missing prerequisites: SharePoint 2013 Enterprise Edition is required.
For more information go to http://go.microsoft.com/fwlink/?LinkId=247828.
Please address the validation failures and try again."
Yes it looks like on the server hosting PowerPivot analysis server that a number of windows updates got applied. However
none look to be specifically about for SQL, and the 2 cumulative ones are for IE and Active X for Windows Server. -
Purpose of a database server for Business Objects XI 3.1
Hello Team,
I am quite new Business Objects and right now I am using Business Objects Enterprise XI 3.1.
when installing BO XI 3.1, I was prompted to select the database server to be created. I chose MySQL.
Now, I am curious to know the pupose/involvement of a database server for BO. I understand that the database is being managed/used by CMS and it has four main functions:
Maintains security (users)
Manages objects (folders, reports, and program objects)
Manages servers (services)
Manages auditing (system auditor).
Is there any better explanation to the database and its purpose?
what does the database schema/user holds (any database objects,tables,etc..,)?
Does repository and database schema the same?
Are all the report objects, users and universe being stored in the database schema?
Thanks in advance for the reply.
Regards,
Kathirthe database server for BO XI 3.1 is needed to store the repository for the system which in another meaning the structure of the system itself.
yes the repository is the same as the schema, but schema is a database concept.
all the objects (universes, reports,,,,,,, etc) are stored in the FileStore of Business Obejcts system, but the structure of how those object are stored is exist into the repository database.
good luck
Amr -
Why plugin/addon concept for Runtime Shared Libraries not implemented in Flex?
Hi All,
I am posting my refined query here in continuation to my post Fundamental and crucial drawback with Flex in Flex India Community as my last refined query was left unanswered though I feel there is a definite sense of purpose to it.
Why plugin/addon concept for Runtime Shared Libraries not implemented in Flex?
Here is why I feel it should be implemented in Flex.
Though Runtime Shared Libraries SWF file can be cached in the client browser and just need to be loaded only once when the user access a Flex application for the first time,
"40-60% of daily visitors to your site come in with an empty cache. Making your page fast for these first time visitors is key to a better user experience."
Qouting from 'Best Practices for Speeding Up Your Web Site' as described in Tenni Theurer's blog post Browser Cache Usage - Exposed!
While still retaining the cacheability of RSL's for compatibility reasons, flex should give the flexibility and thereby enhance performance by offering RSL's as a plugin/addon.
Looking for your comments and insigts on the same.
Thanks,
Ram Manoj Kongara.I finally skimmed through the links you posted. The terms plugin and addon
are not in either of the articles so I'm unclear what you are suggesting.
The topic seems to be about application performance. The Flash Player
supports a cross-domain cache of actionscript libraries separate from the
browser cache. Each official release of Flex contains a set of these
libraries. As new Flash Player versions or new Flex versions are released,
and users visit sites utilizing those new versions, the browser picks up the
latest Flash Player and the Flash Player picks up the latest Flex libraries.
These days, it only takes a few months for a new Flash Player to achieve
major saturation in browsers although it still takes a bit longer for Flex
libraries to achieve saturation.
Adobe will soon be hosting these libraries so if you build your application
to leverage these libraries, you will find that the total download from your
server will be minimized, limited to only your application code and assets,
although you might want to serve the libraries in case they are not already
in the cache if you see high latency to the Adobe servers on a cache miss.
The SWF or SWFs you do serve off your servers should be optimized through
normal good application development practices. Flex provides features such
as deferred instantiation in its ViewStack and Accordion containers to defer
the creation of objects until viewed. Flex has a ModuleManager to allow you
to not download parts of your application until they are needed. A
model-view or MVC architecture will make it easier to create modular
boundaries within your application and leverage these features.
If I have not addressed your concerns please describe your issue in more
detail.
Alex Harui
Flex SDK Team
Adobe System, Inc.
http://blogs.adobe.com/aharui -
In the previous version of Firefox one could choose to save tabs so that when Firefox opened, all the tabs from the previous sessions appeared. This was done in Settings > Options > General > Startup. In the menu for the "When Firefox Starts" one had the option for "Windows and tabs that where opened last time you accessed the net." in Firefox 5.0, this menu is gray and not clickable. Help, please?
''Why are the options for "When Firefox starts" NOT clickable in Firefox 5?"
Possibly you are not saving your "browsing history" which is what the session history is tied into.
'''Not saving History''' -- check your settings for '''Tools > options > Privacy'''', make sure you are not clearing more than just cache in "Settings for Clearing History"
* http://img232.imageshack.us/img232/4928/clearcachew.png
* clearing your history at end of session, cache is the only one you would want to clear at end of session, if you don't want to lose things
There are several things that are related to private browsing and not saving History
* Private Browsing Ctrl+Shift+P
* You selected "Never remember history" in first drop-down of Tools > Options Privacy and all of the check marks disappear (See picture above)
* "Permanent private browsing mode" was check-marked under "Use custom settings for history" in the first drop-down of Tools > options > Privacy (see picture above) -
YP server for domain Pinaped Home not found
I get this message ad infinitum in the console.
11/25/07 15:39:24 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
11/25/07 15:39:34 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
11/25/07 15:39:44 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
11/25/07 15:39:54 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
11/25/07 15:40:04 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
11/25/07 15:40:14 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
11/25/07 15:40:24 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
11/25/07 15:40:34 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
11/25/07 15:40:44 com.apple.DirectoryServices[18] YP server for domain Pinaped Home not responding, still trying
This is the name of my local network, but what is a YP server? Can anyone tell me that? Thank you?I had the same issue during configuration (Bootstrap Domain Configuration stuck on 0%). Searched Oracle Metalink # 862174.1 (below) and did exactly same and worked like champ
+>>Installing Oracle Identity Management on DHCP Hosts+
If you plan to install Oracle Identity Management components on a DHCP server, you must ensure the Installer can resolve host names. This may require editing the /etc/hosts file on UNIX systems, and installing a loopback adapter on Windows systems. The following information provides general examples, you should alter these examples to make them specific to your environment.
On UNIX systems:
Configure the host to resolve host names to the loopback IP address by modifying the /etc/hosts file to contain the following entries. Replace the variables with the appropriate host and domain names:
+127.0.0.1 hostname.domainname hostname+
+127.0.0.1 localhost.localdomain localhost+
Confirm the host name resolves to the loopback IP address by executing the following command:
ping hostname.domainname -
People picker works in Central Admin but not other site collections
Hello
I am having a sudden problem with adding users to permissions for document libraries. It appears to only affect the main site collection. The people picker displays some users that are already in site collection when you start typing letters of the name
of the user. However at some point in the typing the message appears "sorry we're having trouble reaching the server." The problem does not occur in Central Admin when adding permissions. Using Fiddler there is an error when I get the message "sorry..."
"500, HTTP, SERVERNAME, /_vti_bin/client.svc/ProcessQuery." Also when I go to the library and select "shared with" I get error "Unexpected response from server. The status code of response is '500'. The status text of response
is 'System.ServiceModel.ServiceActivationException'." I believe they are connected. Any help is appreciated.Hi Jeffrey,
Please try to verify “HTTP Activation” feature per the article below:
http://blog.karstein-consulting.com/2014/02/18/sharepoint-2013-people-picker-error-sorry-were-having-trouble-reaching-the-server/
Are you using custom FBA provider for web application other than CA site which might be causing misconfiguration in web.config?
Could you please provide more complete related error message from ULS log for troubleshooting?
Regards,
Rebecca Tu
TechNet Community Support
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
[email protected] -
Site not accessible from the Load balanced web front end server - sharepoint 2010
I have a production environment with 2 WFE's(sp-wfe1 & sp-wfe2), 2 APP's and 2 SQL clustered VM's.
2 WFE's are load balanced using hardware load balancer.
An A-Record(PORTAL) is created in DNS for the virtual IP of the load balancer which points to the 2 WFE's.
A web application is created on the WFE's on port 80.
alternative access mapping is configured and the load balanced record "http://PORTAL" is used under the default zone.
Under IIS I have edited the bindings for the sharepoint site at port 80 and added the HOSTNAME as PORTAL.
Result: The site is accessible from outside the server and works fine.
ISSUE: The site is not accessible within the WFE's(sp-wfe1 & sp-wfe2).
When I browse the site from the WFE's server it ask for the credentials and when I enter the credentials and click OK it ask the credentials again and again and in the end displays a blank page.
Kindly help me in this issue because I am clueless and couldn't find anything helpful on the internet.
Regards,
Mudassar
MADDY-DEV Forum answers from Microsoft ForumLoop back check.
http://www.harbar.net/archive/2009/07/02/disableloopbackcheck-amp-sharepoint-what-every-admin-and-developer-should-know.aspx -
Can't download Oracle 9i Database Server for SUN Solaris 32 bit platform
I was not able to download Oracle 9.2.0 DB Server for Sun Solaris 32 bit platform from OTN site this morning. Could someone please take a look at it?
Thanks,
Wen DavisAt this time, Oracle is offering only the 64- bit and we do not
have additional information if in the future 32-bit will be
offered.
Best Regards,
OTN Team -
Config database entry in central admin to be changed
Hi,
I have a sharepoint 2013 setup which was pointing to a database server(call it DBOLD). DBOLD was shut down due to some issue and we got a new DB server (call it DBNEW). As per the info i have the DBOLD was shut down and config wizard was run to connect to
the DBNEW The SP2013 setup is currently pointing to DBNEW and sharepoint is working fine.(The new content databases are getting created in the DBNEW instance).
The issue is when i login to central admin and go to manage servers in farm, the database it is pointing to still shows it as DBOLD(screenshot attached).
I need to update this to show it as DBNEW.Hi Jason,
this is what i get.....
PS C:\Users\admin> Get-SPDatabase -ServerInstance "DBOLD"
Name Id Type
StateServiceDB a9339959-9e89-4b51-94a4-603f49797286 Microsoft.Offi...
ReportingService_SP20... 7da6f22f-5501-4cd1-9ec3-0b64248bf3d1 Microsoft.Repo...
Social DB 4cf36d8f-1c88-4647-98b1-1c974cd2a21b Microsoft.Offi...
SharePoint_Config 1d776d65-8ead-45b1-ae4f-aae04aaefceb Configuration ...
ReportingService_SP20... 2e41cd4f-9fb4-4767-b8fb-44fbb86358ff Microsoft.Repo...
PerformancePoint Serv... a8f2037a-f6ab-4c52-828c-fd5bd3a0511b Microsoft.Perf...
SharePoint_AdminConte... cc4e649a-9dec-438a-8519-3dcb68f28b65 Content Database
WSS_Content a46f1c73-61ac-421f-97a7-6e711623555d Content Database
WSS_Content_India 21724140-0d8f-4fa7-ad2d-23b6aa083fb1 Content Database
ReportingService_SP2013 fe96707c-16cb-4bac-b9ec-8c6101b24524 Microsoft.Repo...
Profile DB 02a8a8ce-ba69-49d7-a06b-fd50a22ec977 Microsoft.Offi...
WSS_Logging fbb4672c-afc0-4a5e-a26b-33479ca5c32b Microsoft.Shar...
Sync DB 7bbde333-797b-4d25-bd83-5209c7c668a3 Microsoft.Offi...
PS C:\Users\admin> Get-SPDatabase -ServerInstance DBNEW\DBNEW
Name Id ServiceInstanceName
ReportingService_SP... 37e9049c-4d59-4f50-b2be-1aaefe044f77 DBNEW\DBNEW
NormalizedDataSource : DBNEW\DBNEW
Server : SPServer Name=DBNEW
ServiceInstance : SPDatabaseServiceInstance Name=DBNEW
FailoverServer :
FailoverServiceInstance :
DatabaseConnectionString : Data Source=DBNEW\DBNEW;Initial
Catalog=Secure_Store_Service_DB;Integrated
Security=True;Enlist=False;Pooling=True;Min
Pool Size=0;Max Pool Size=100;Connect
Timeout=15
LegacyDatabaseConnectionString : Server=DBNEW\DBNEW;Database=Secure_Sto
re_Service_DB;Trusted_Connection=yes;App=Micro
soft SharePoint Foundation;Timeout=15
Username :
Password :
Exists : True
Snapshots : {}
IsReadOnly : False
IncludeInVssBackup : True
MultiSubnetFailover : False
IsSqlAzure : False
DiskSizeRequired : 5242880
CanSelectForBackup : True
CanSelectForRestore : True
CanRenameOnRestore : True
SchemaVersionXml : <SchemaVersions><SchemaVersion
Current="15.0.2.0" Target="15.0.2.0" Sequence=
"Microsoft.Office.SecureStoreService.Server.Up
grade.SecureStoreDatabaseSequence"/><SchemaVer
sion Current="15.0.4454.1000"
Target="15.0.4454.1000" Sequence="Microsoft.Of
fice.SecureStoreService.Server.SecureStoreServ
iceDatabase"/><SchemaVersions>
CanUpgrade : True
IsBackwardsCompatible : True
NeedsUpgradeIncludeChildren : False
NeedsUpgrade : False
UpgradeContext : Microsoft.SharePoint.Upgrade.SPUpgradeContext
Name : Secure_Store_Service_DB
TypeName : Microsoft.Office.SecureStoreService.Server.Sec
ureStoreServiceDatabase
DisplayName : Secure_Store_Service_DB
Id : ba504817-2c99-4a3f-9d48-c19da1c474cd
Status : Online
Parent : SPDatabaseServiceInstance Name=DBNEW
Version : 648100
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
Type : Microsoft.Office.SecureStoreService.Server.Sec
ureStoreServiceDatabase
NormalizedDataSource : DBNEW\DBNEW
Server : SPServer Name=DBNEW
ServiceInstance : SPDatabaseServiceInstance Name=DBNEW
FailoverServer :
FailoverServiceInstance :
DatabaseConnectionString : Data Source=DBNEW\DBNEW;Initial
Catalog=BDC_Service_DB;Integrated
Security=True;Enlist=False;Pooling=True;Min
Pool Size=0;Max Pool Size=100;Connect
Timeout=15
LegacyDatabaseConnectionString : Server=DBNEW\DBNEW;Database=BDC_Servic
e_DB;Trusted_Connection=yes;App=Microsoft
SharePoint Foundation;Timeout=15
Username :
Password :
Exists : True
Snapshots : {}
IsReadOnly : False
IncludeInVssBackup : True
MultiSubnetFailover : False
IsSqlAzure : False
DiskSizeRequired : 5242880
CanSelectForBackup : True
CanSelectForRestore : True
CanRenameOnRestore : True
SchemaVersionXml : <SchemaVersions><SchemaVersion
Current="15.0.3.0" Target="15.0.3.0" Sequence=
"Microsoft.SharePoint.BusinessData.Upgrade.Bus
inessDataCatalogDatabaseSequence"/><SchemaVers
ion Current="15.0.4535.1000"
Target="15.0.4535.1000" Sequence="Microsoft.Sh
arePoint.BusinessData.SharedService.BdcService
Database"/><SchemaVersions>
CanUpgrade : True
IsBackwardsCompatible : True
NeedsUpgradeIncludeChildren : False
NeedsUpgrade : False
UpgradeContext : Microsoft.SharePoint.Upgrade.SPUpgradeContext
Name : BDC_Service_DB
TypeName : Microsoft.SharePoint.BusinessData.SharedServic
e.BdcServiceDatabase
DisplayName : BDC_Service_DB
Id : d1028a24-f7c2-40b0-b349-4445a5fe970d
Status : Online
Parent : SPDatabaseServiceInstance Name=DBNEW
Version : 320785
Properties : {}
Farm : SPFarm Name=SharePoint_Config
UpgradedPersistedProperties : {}
Type : Microsoft.SharePoint.BusinessData.SharedServic
e.BdcServiceDatabase
ReportingService_SP... 78e3d819-93bd-44e2-86bb-f5fc86026a71 DBNEW\DBNEW
ReportingService_SP... aaa4ea6a-2b12-4f7d-9fa6-f1f1ad125647 DBNEW\DBNEW -
What to share on SAP Hanna database server for application instance
Hello
I wander what do I have to share on my SAP Hanna database server (installed via SAP_HANA_Server_Installation_Guide_en.pdf). for an application server installation.
Here it seems we have a little bit different situation than with a classical database. We have
we do not have "sapmnt". Should we create it and mount it on application server. I guess /usr/sap/trans should also be created.
Is there something more?
Let say db instance is DB1
Thank you in advance
JanHello Jan,
which kind of application server do you want to install on top of HANA?
I think what the figure shows is a distributed DB system.
BR,
Phoebe -
Why does wireless work for one laptop and not the other?
I have two laptops:
1) MacBook: 10.4.8, Airport Exteme (Firmware 1.0.46)
2) G4: 10.3.9, Airport Extreme (405.1 (3.90.0.p18)
I have the two machines sitting right next to each other in my apartment. Machine #1 has full wireless signal strength. Machine #2 barely has any wireless signal. Neither is running Interference Robustness. Any ideas why one would work and the other would not, or suggestions as to how to debug this problem?
I have tried stopping and restarting the Airport Extreme card on machine #2. I have also tried power cycling machine #2. This does not fix the problem.
A little more history: for a long time I was having problems with machine #2 dropping the wireless connection. As part of trying to work around these problems I turned on Interference Robustness on machine #2. This fixed the dropping signal problem, but left me with weak signal strength. I shut off Interference Robustnes but ever since then the signal has still been weak on machine #2.
Mac Mini Duo 1.66 GHz, 2 GB Mac OS X (10.4.6)The base station uses a single channel which all clients must use to connect.
Have you checked the antenna connection into the card? Many people are surprised about how far the wire is actually supposed to be pushed into the card. Compare the connection with the photos in KB 108039, Properly attaching the antenna on an AirPort Extreme Card. -
Problem statement
When I mount a Windows NFS service file share using UUUA and set the Owner and Group, and set the SetGID bit on the parent folder in a hierarchy. New Files and folders inside and underneath the parent folder do not inherit the Owner and Group permissions
of the parent.
I am given to understand from this Microsoft KnowledgeBase article (http://support.microsoft.com/kb/951716/en-gb) the problem is due to the Windows implmentation of NFS Services not supporting the Solaris SystemV or BSD grpid "Semantics"
However the article says the same functionality can acheived by using ACE Inheritance in conjunction with changing the Registry setting for "KeepInheritance" to enable Inheritance propagation of the Permissions by the Windows NFS Services.
1. The Precise location of the "KeepInheritance" DWORD key appears to have "moved" in Windows Server 2012 from a Services path to a Software path, is this documented somewhere? And after enabling it, (or creating it in the previous
location) the feature seems non-functional. Is there a method to file a Bug with Microsoft for this Feature?
2. All of the references on demonstrating how to set an ACE to achieve the same result "currently" either lead to broken links on Microsoft technical websites, or are not explicit they are vague or circumreferential. There are no plain Examples.
Can an Example be provided?
3. Is UUUA compatible with the method of setting ACE to acheive this result, or must the Linux client mount be "Mapped" using an Authentication source. And could that be with the new Flat File passwd and group files in c:\windows\system32\drivers\etc
and is there an Example available.
Scenario:
Windows Server 2012 Standard
File Server (Role)
+- Server for NFS (Role) << -- installed
General --
Folder path: F:\Shares\raid-6-array
Remote path: fs4:/raid-6-array
Protocol: NFS
Authentication --
No server authentication
+- No server authentication (AUTH_SYS)
++- Enable unmapped user access
+++- Allow unmapped user access by UID/GID
Share Permissions --
Name: linux_nfs_client.host.edu
Permissions: Read/Write
Root Access: Allowed
Encoding: ANSI
NTFS Permissions --
Type: Allow
Principal: BUILTIN\Administrators
Access: Full Control
Applies to: This folder only
Type: Allow
Principal: NT AUTHORITY\SYSTEM
Access: Full Control
Applies to: This folder only
-- John Willis, Facebook: John-Willis, Skype: john.willis7416I'm making some "major" progress on this problem.
1. Apparently the "semantics" issue to honor SGID or grpid in NFS on the server side or the client side has been debated for some time. It also existed as of 2009 between Solaris nfs server and Linux nfs clients. The Linux community defaulted to declaring
it a "Server" side issue to avoid "Race" conditions between simultaneous access users and the local file system daemons. The client would have to "check" for the SGID and reformulate its CREATE request to specify the Secondary group it would have to "notice"
by which time it could have changed on the server. SUN declined to fix it.. even though there were reports it did not behave the same between nfs3 vs nfs4 daemons.. which might be because nfs4 servers have local ACL or ACE entries to process.. and a new local/nfs
"inheritance" scheme to worry about honoring.. that could place it in conflict with remote access.. and push the responsibility "outwards" to the nfs client.. introducing a race condition, necessitating "locking" semantics.
This article covers that discovery and no resolution - http://thr3ads.net/zfs-discuss/2009/10/569334-CR6894234-improved-sgid-directory-compatibility-with-non-Solaris-NFS-clients
2. A much Older Microsoft Knowledge Based article had explicit examples of using Windows ACEs and Inheritance to "mitigate" the issue.. basically the nfs client "cannot" update an ACE to make it "Inheritable" [-but-] a Windows side Admin or Windows User
[-can-] update or promote an existing ACE to "Inheritable"
Here are the pertinent statements -
"In Windows Services for UNIX 2.3, you can use the KeepInheritance registry value to set inheritable ACEs and to make sure that these ACEs apply to newly created files and folders on NFS shares."
"Note About the Permissions That Are Set by NFS Clients
The KeepInheritance option only applies ACEs that have inheritance enabled. Any permissions that are set by an NFS client will
only apply to that file or folder, so the resulting ACEs created by an NFS client will
not have inheritance set."
"So
If you want a folder's permissions to be inherited to new subfolders and files, you must set its permissions from the Windows NFS server because the permissions that are set by NFS clients only apply to the folder itself."
http://support.microsoft.com/default.aspx?scid=kb;en-us;321049
3. I have set up a Windows 2008r2 NFS server and mounted it with a Redhat Enteprise Linux 5 release 10 x86_64 server [Oct 31, 2013] and so far this does appear to be the case.
4. In order to mount and then switch user to a non-root user to create subdirectories and files, I had to mount the NFS share (after enabling Anonymous AUTH_SYS mapping) this is not a good thing, but it was because I have been using UUUA - Unmapped Unix
User Access Mapping, which makes no attempt to "map" a Unix UID/GID set by the NFS client to a Windows User account.
To verify the Inheritance of additional ACEs on new subdirectories and files created by a non-root Unix user, on the Windows NFS server I used the right click properties, security tab context menu, then Advanced to list all the ACEs and looked at the far
Column reflecting if it applied to [This folder only, or This folder and Subdirectories, or This folder and subdirectories and files]
5. All new Subdirectories and files createdby the non-root user had a [Non-Inheritance] ACE created for them.
6. I turned a [Non-Inheritance] ACE into an [Inheritance] ACE by selecting it then clicking [Edit] and using the Drop down to select [This folder, subdirs and files] then I went back to the NFS client and created more subdirs and files. Then back to the
Windows NFS server and checked the new subdirs and folders and they did Inherit the Windows NFS server ACE! - However the UID/GID of the subdirs and folders remained unchanged, they did not reflect the new "Effective" ownership or group membership.
7. I "believe" because I was using UUUA and working "behind" the UID/GID presentation layer for the NFS client, it did not update that presentation layer. It might do that "if" I were using a Mapping mechanism and mapped UID/GID to Windows User SIDs and
Group SIDs. Windows 2008r2 no longer has a "simple" Mapping server, it does not accept flat text files and requires a Schema extension to Active Directory just to MAP a windows account to a UID/GID.. a lot of overhead. Windows Server 2012 accepts flat text
files like /etc/passwd and /etc/group to perform this function and is next on my list of things to see if that will update the UID/GID based on the Windows ACE entries. Since the Local ACE take precedence "over" Inherited ACEs there could be a problem. The
Inheritance appears to be intended [only] to retain Administrative rights over user created subdirs and files by adding an additional ACE at the time of creation.
8. I did verify from the NFS client side in Linux that "Even though" the UID/GID seem to reflect the local non-root user should not have the ability to traverse or create new files, the "phantom" NFS Server ACEs are in place and do permit the function..
reconciling the "view" with "reality" appears problematic, unless the User Mapping will update "effective" rights and ownership in the "view"
-- John Willis, Facebook: John-Willis, Skype: john.willis7416 -
HTTP Server for Windows 64 bit not on the companion CD
Hi,
I cannot find the HTTP Server for Windows 64 bit on the companion CD. Any idea where I can get it from? For the 32bit version the HTTP Server is on the Companion CD.
Thanks in advance,
FlorinIf i am correct reason should be : Oracle Application Server 10g will run as a 32-bit application
Following platforms have the same media in either case:
Microsoft Windows 32-bit and EM64T/AMD64
(Not Itanium-64, which is separate and referred to as "Windows 64-bit")
Linux x86 and Linux x86-64
Solaris Sparc 32-bit and Solaris Sparc 64-bit
As the Oracle Application Server 10g will be run as a 32-bit application. See the Installation Guide or readme files for any specific steps on these 64-bit platforms.
Refer the Note.433061.1 - How to Obtain Application Server 10g Media, Patchsets, and Patches
Maybe you are looking for
-
Errors when trying to set up testing server in CS3
Hi, Ive tried to find the answer to this by googling, but cant sort it out. Ive been setting up php/apache/mysql in windows vista - dwcs3. Please bear in mind that I am very wet behind the ears with all this , at the moment. Ive been working out of D
-
I am planning on buying a movie on my iPad Mini. I was curious.. if I buy a movie on my iPad can I watch it on my AppleTv without using airplay?
-
How to get required data in Reference (XBLNR)
As a result of posting customer partial payment there is a new document posted with a new amount that is left to be paid, however this new document doesnu2019t derive Invoice number / Reference from the original document. The invoice number is copied
-
I keep getting the same error message 1
Please help. how do I fix my ipod from error message 1?
-
Everything I type goes into location bar
at the moment, literally everything I type goes into the location bar first, even if the cursor is visible somewhere else. For example if I try to type a facebook message, it goes into the location box first. It only started doing this recently