Wireless Group Policy Problem - Half the policy applying
Hi
I'm at a loss for where to investigate this one so I'm hoping for some suggestions.
We have a single GPO to send out settings for wireless access to our network. On the wireless we have two SSIDs as below.
1. Staff SSID
My manager wanted to reduce the security issues with this as much as possible, so I've generated a GUID for the SSID name, set it not to broadcast the SSID and set the group policy to show the network as "<company
name> Staff". It uses WPA2-Enterprise with RADUIS authentication to silently pass the authentication credentials of the currently logged on user providing SSO.
2. Guests SSID
This uses a preshared WPA2 key and provides guests with internet access and is blocked from the local LAN.
The GPO is applied in such a way that company laptops are have the Staff SSID displayed in the available connection list, they're allowed to connect to it (as long as they're in the appropriate AD group for RADIUS authentication) but they are blocked from
connecting their laptops to the Guests SSID. The important thing is that this single GPO controls both settings.
On a few laptops we have been noticing that the blocking of the Guests SSID is working fine, but the Staff SSID is failing to show. Its as if only half the policy is applying. This is happening to only a small number of laptops which reside in the same AD
OUs and it doesn't matter who logs on, the same problem occurs. The laptop is able to view all other wireless networks in the vicinity.
I have logged in to one as myself (with Domain Admin permissions) and I get this problem, but on other laptops, the policy applies completely allowing me to connect to the Staff SSID while blocking the Guests SSID, as it should.
I've run a RSOP against the laptop which shows that the policy is applying (confirmed by the fact that the Guests SSID is blocked) and the only problem I can find in the event logs are for the EapHost service with event ID of 2002. I've followed the advice
in a few forum posts below but have been unsucccessful (not even sure if it's related to the GPO issue).
http://www.eventid.net/display-eventid-2002-source-Microsoft-Windows-EapHost-eventno-10874-phase-1.htm
http://www.sevenforums.com/network-sharing/336450-event-id-2002-source-eaphost-eap-method-dll-path-name-failed.html
Any suggestion would be greatly appreciated.
Hi Daverino,
Since RSOP shows that the policy has been applied, it should not be a grouppolicy issue.
According yourdescription, it seems that the system of the laptop has been changedby the user data.
Could you please post the original information about event 2002? It is useful for further troubleshooting.
Best Regards.
Steven Lee
TechNet Community Support
Similar Messages
-
A problem about the policy of RMS which is added more than 500 principals
Hello specialists ,
I've a question about RMS , when I added more than about 500 principals (users & groups ) into a policy in the RMS , it will report an error for any operation about the policy , and I find the error message as followed (for theconvenience, I paste all of the logs in the weblogic).
We have tested all of our environments : Weblogic , JBoss , Websphere , each of them makes the same mistake . those operations include : try to open the documents protected by this kind of policies , to disable or enable the policies, to look the detail from the "adminui" . when decreasing the principals for this kind of policy to almost 450 (I am not sure the clearly number) with java code , the results will be ok .
So anyone can help me ? It's really very important for us , becuase our customer refused to pay the left money of this project till this problem is resolved . and I have reported this problem to the Enterprise Support in Indian (the case is :181916446), but , obviously , it seems they are burning my patience . At the same time , I think it's a problem of the product , I think the SQL is really very bad ,at least , not so good .
Any help will be very appreciated !
<2011-2-10 16:01:14> <Info> <NodeManager> <Starting WebLogic server with command line: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\bin\java -Dweblogic.Name=RightsManagementServer -Djava.security.policy=E:\bea\WLSERV~1.3\server\lib\weblogic.policy -Dweblogic.management.server=http://192.168.52.196:7001 -Djava.library.path=E:\bea\WLSERV~1.3\server\bin;.;C:\Windows\system32;C:\Windows;E:\bea\ WLSERV~1.3\server\native\win\32;E:\bea\WLSERV~1.3\server\bin;E:\bea\JROCKI~1\jre\bin;E:\be a\JROCKI~1\bin;E:\bea\WLSERV~1.3\server\native\win\32\oci920_8;C:\Windows\system32;C:\Wind ows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\bin; -Djava.class.path=E:\jdbc\sqljdbc_1.2\enu\sqljdbc.jar;E:\bea\wlserver_10.3\server\lib\web logic.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\lib\tools.jar;E:\bea\user_projects\dom ains\lcdomain\idplib\pop3.jar -Dweblogic.system.BootIdentityFile=E:\domains\zonydomain\servers\RightsManagementServer\d ata\nodemanager\boot.properties -Dweblogic.nodemanager.ServiceEnabled=true -Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.ReverseDNSAllowed=false -Dadobeidp.RootDirectory=E:\domains\zonydomain\. -Dfile.encoding=utf8 -Djava.net.preferIPv4Stack=true -Djava.security.policy=E:\bea\wlserver_10.3\server\lib\weblogic.policy -Xms256m -Xmx1792m weblogic.Server >
<2011-2-10 16:01:14> <Info> <NodeManager> <Working directory is "E:\domains\zonydomain">
<2011-2-10 16:01:14> <Info> <NodeManager> <Server output log file is "E:\domains\zonydomain\servers\RightsManagementServer\logs\RightsManagementServer.out">
<2011-2-10 16:01:16 CST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Oracle JRockit(R) Version R28.1.0-123-138454-1.6.0_20-20101014-1351-windows-x86_64 from Oracle Corporation>
<2011-2-10 16:01:17 CST> <Info> <Management> <BEA-141107> <Version: WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967 >
<2011-2-10 16:01:20 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<2011-2-10 16:01:20 CST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool>
<2011-2-10 16:01:20 CST> <Notice> <Log Management> <BEA-170019> <The server log file E:\domains\zonydomain\servers\RightsManagementServer\logs\RightsManagementServer.log is opened. All server side log events will be written to this file.>
<2011-2-10 16:01:20 CST> <Warning> <NodeManager> <BEA-300043> <Node manager native library not found - server process id not saved.>
<2011-2-10 16:01:20 CST> <Error> <Socket> <BEA-000438> <Unable to load performance pack. Using Java I/O instead. Please ensure that wlntio.dll is in: 'E:\bea\WLSERV~1.3\server\bin;.;C:\Windows\system32;C:\Windows;E:\bea\WLSERV~1.3\server\n ative\win\32;E:\bea\WLSERV~1.3\server\bin;E:\bea\JROCKI~1\jre\bin;E:\bea\JROCKI~1\bin;E:\b ea\WLSERV~1.3\server\native\win\32\oci920_8;C:\Windows\system32;C:\Windows;C:\Windows\Syst em32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\bin;'
>
<2011-2-10 16:01:25 CST> <Notice> <Security> <BEA-090082> <Security initializing using security realm myrealm.>
<2011-2-10 16:01:30 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STANDBY>
<2011-2-10 16:01:30 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING>
<2011-2-10 16:01:41 CST> <Warning> <JDBC> <BEA-001110> <No test table set up for pool "IDP_DS". Connections will not be tested.>
<2011-2-10 16:01:43 CST> <Warning> <JDBC> <BEA-001110> <No test table set up for pool "RM_DS". Connections will not be tested.>
<2011-2-10 16:02:00 CST> <Warning> <EJB> <BEA-010100> <This server is not part of a cluster. Hence "InMemory replication feature" for StatefulSession EJB "PolicyManagerBean" will have no effect on this server.>
2011-2-10 16:02:06 com.adobe.logging.AdobeLoggerImpl <clinit>
Info: Logging level null
2011-2-10 16:02:10 com.adobe.logging.AdobeLoggerImpl <clinit>
Info: Logging level null
16:02:34,362 WARN Digester:121 - [NavigationRuleRule]{faces-config/navigation-rule} Merge(/*)
16:02:36,022 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/validator-rules.xml'
16:02:36,023 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/custom-rules.xml'
16:02:36,024 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/validation.xml'
16:02:36,532 INFO TilesPlugin:236 - Tiles definition factory loaded for module ''.
16:02:38,534 INFO TilesPlugin:236 - Tiles definition factory loaded for module ''.
16:02:38,548 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/validator-rules.xml'
16:02:38,549 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/validation.xml'
16:02:39,064 INFO UMActionServlet:84 -
* System Properties **************************************************
adobeidp.RootDirectory.......................: E:\domains\zonydomain\.
awt.toolkit..................................: sun.awt.windows.WToolkit
com.adobe.idp.enableLC7Compatibility.........: false
com.adobe.idp.enableLC7Compatibility.SetByDM.: true
com.adobe.serverInstanceId...................: adobewl_RightsManagementServer
com.adobe.tempDirectory......................: E:\temp\adobewl_RightsManagementServer
file.encoding................................: utf8
file.encoding.pkg............................: sun.io
file.separator...............................: \
java.awt.graphicsenv.........................: sun.awt.Win32GraphicsEnvironment
java.awt.printerjob..........................: sun.awt.windows.WPrinterJob
java.class.path..............................: E:\jdbc\sqljdbc_1.2\enu\sqljdbc.jar;E:\bea\wlserver_10.3\server\lib\weblogic.jar;E:\Java\ jrockit-jdk1.6.0_20-R28.1.0-4.0.1\lib\tools.jar;E:\bea\user_projects\domains\lcdomain\idpl ib\pop3.jar
java.class.version...........................: 50.0
java.endorsed.dirs...........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\endorsed
java.ext.dirs................................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\ext
java.home....................................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre
java.io.tmpdir...............................: C:\Windows\TEMP\
java.library.path............................: E:\bea\WLSERV~1.3\server\bin;.;C:\Windows\system32;C:\Windows;E:\bea\WLSERV~1.3\server\na tive\win\32;E:\bea\WLSERV~1.3\server\bin;E:\bea\JROCKI~1\jre\bin;E:\bea\JROCKI~1\bin;E:\be a\WLSERV~1.3\server\native\win\32\oci920_8;C:\Windows\system32;C:\Windows;C:\Windows\Syste m32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\bin;
java.naming.factory.initial..................: weblogic.jndi.WLInitialContextFactory
java.naming.factory.url.pkgs.................: weblogic.jndi.factories:weblogic.corba.j2ee.naming.url:weblogic.jndi.factories:weblogic.c orba.j2ee.naming.url
java.net.preferIPv4Stack.....................: true
java.protocol.handler.pkgs...................: weblogic.utils|weblogic.utils|weblogic.utils|weblogic.net
java.runtime.name............................: Java(TM) SE Runtime Environment
java.runtime.version.........................: 1.6.0_20-b02
java.security.policy.........................: E:\bea\wlserver_10.3\server\lib\weblogic.policy
java.specification.name......................: Java Platform API Specification
java.specification.vendor....................: Sun Microsystems Inc.
java.specification.version...................: 1.6
java.vendor..................................: Oracle Corporation
java.vendor.url..............................: http://www.oracle.com/
java.vendor.url.bug..........................: http://download.oracle.com/docs/cd/E15289_01/go2troubleshooting.html
java.version.................................: 1.6.0_20
java.vm.info.................................: compiled mode
java.vm.name.................................: Oracle JRockit(R)
java.vm.specification.name...................: Java Virtual Machine Specification
java.vm.specification.vendor.................: Sun Microsystems Inc.
java.vm.specification.version................: 1.0
java.vm.vendor...............................: Oracle Corporation
java.vm.vendor.url...........................: http://www.oracle.com/
java.vm.vendor.url.bug.......................: http://download.oracle.com/docs/cd/E15289_01/go2troubleshooting.html
java.vm.version..............................: R28.1.0-123-138454-1.6.0_20-20101014-1351-windows-x86_64
javax.rmi.CORBA.PortableRemoteObjectClass....: weblogic.iiop.PortableRemoteObjectDelegateImpl
javax.rmi.CORBA.UtilClass....................: weblogic.iiop.UtilDelegateImpl
javax.xml.rpc.ServiceFactory.................: weblogic.webservice.core.rpc.ServiceFactoryImpl
javax.xml.soap.MessageFactory................: weblogic.webservice.core.soap.MessageFactoryImpl
kernel.download.enabled......................: false
line.separator...............................:
org.omg.CORBA.ORBClass.......................: weblogic.corba.orb.ORB
org.omg.CORBA.ORBSingletonClass..............: weblogic.corba.orb.ORB
org.xml.sax.driver...........................: weblogic.xml.jaxp.RegistryXMLReader
org.xml.sax.parser...........................: weblogic.xml.jaxp.RegistryParser
os.arch......................................: amd64
os.name......................................: Windows Server 2008 R2
os.version...................................: 6.1
path.separator...............................: ;
sun.arch.data.model..........................: 64
sun.boot.class.path..........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\resources.jar;E:\Java\jrockit-jdk1.6.0_ 20-R28.1.0-4.0.1\jre\lib\rt.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\sunrsasi gn.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\jsse.jar;E:\Java\jrockit-jdk1.6.0 _20-R28.1.0-4.0.1\jre\lib\jce.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\charse ts.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\classes
sun.boot.library.path........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\bin
sun.cpu.endian...............................: little
sun.cpu.isalist..............................: amd64
sun.desktop..................................: windows
sun.io.unicode.encoding......................: UnicodeLittle
sun.java.launcher............................: SUN_STANDARD
sun.jnu.encoding.............................: Cp1252
sun.management.compiler......................: Oracle JRockit(R) Optimizing Compiler
sun.os.patch.level...........................:
user.country.................................: CN
user.dir.....................................: E:\domains\zonydomain
user.home....................................: C:\
user.language................................: zh
user.name....................................: LATTE$
user.timezone................................: Asia/Shanghai
user.variant.................................:
vde.home.....................................: E:\domains\zonydomain\servers\RightsManagementServer\data\ldap
weblogic.Name................................: RightsManagementServer
weblogic.ReverseDNSAllowed...................: false
weblogic.classloader.preprocessor............: weblogic.diagnostics.instrumentation.DiagnosticClassPreProcessor
weblogic.management.server...................: http://192.168.52.196:7001
weblogic.nodemanager.ServiceEnabled..........: true
weblogic.security.CustomTrustKeyStoreFileName: ads-ca.jks
weblogic.security.CustomTrustKeyStorePassPhrase: password
weblogic.security.CustomTrustKeyStoreType....: JKS
weblogic.security.SSL.ignoreHostnameVerification: true
weblogic.security.TrustKeyStore..............: CustomTrust
weblogic.system.BootIdentityFile.............: E:\domains\zonydomain\servers\RightsManagementServer\data\nodemanager\boot.properties
* JSP Engine ****
JSP-Specification..: 2.1
* Runtime ****
Total Memory.......: 764 mb
16:02:39,072 INFO UMActionServlet:85 -
* Servlet Context ****************************************************
Servlet API........: 2.5
ServerInfo.........: WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967
* Attributes ****
com.cc.framework.locale......................: true
com.cc.framework.painter.....................: [app, html, global]
javax.servlet.context.tempdir................: E:\domains\zonydomain\servers\RightsManagementServer\tmp\_WL_user\adobe-livecycle-weblogi c\uv7zbv\public
org.apache.commons.validator.VALIDATOR_RESOURCES: org.apache.commons.validator.ValidatorResources@3334767
org.apache.struts.action.ACTION_SERVLET......: com.adobe.idp.um.ui.UMActionServlet@2e716fd
org.apache.struts.action.MESSAGE.............: org.apache.struts.util.PropertyMessageResources@3021141
org.apache.struts.action.MODULE..............: org.apache.struts.config.impl.ModuleConfigImpl@2d75c6b
org.apache.struts.action.PLUG_INS............: [Lorg.apache.struts.action.PlugIn;@302b235
org.apache.struts.action.SERVLET_MAPPING.....: *.do
org.apache.struts.globals.MODULE_PREFIXES....: [Ljava.lang.String;@31aa885
org.apache.struts.tiles.DEFINITIONS_FACTORY..: I18nFactorySet :
--- default factory ---
{${YOUR_DEFINITION_HERE}={name=${YOUR_DEFINITION_HERE}, path=null, role=null, controller=null, controllerType=null, controllerInstance=null, attributes={}}
--- other factories ---
org.apache.struts.validator.STOP_ON_ERROR....: true
weblogic.servlet.WebAppComponentMBean........: [email protected]a([zonydomain]/Applicatio ns[adobe-livecycle-weblogic]/WebAppComponents[/um])
weblogic.servlet.WebAppComponentRuntimeMBean.: weblogic.servlet.internal.WebAppRuntimeMBeanImpl@52ebb2
16:02:39,284 INFO QuartzScheduler:209 - Quartz Scheduler v.1.6.0 created.
16:02:39,300 INFO RAMJobStore:141 - RAMJobStore initialized.
16:02:39,301 INFO DirectSchedulerFactory:422 - Quartz scheduler 'SimpleQuartzScheduler
16:02:39,302 INFO DirectSchedulerFactory:424 - Quartz scheduler version: 1.6.0
16:02:39,306 INFO QuartzScheduler:455 - Scheduler SimpleQuartzScheduler_$_SIMPLE_NON_CLUSTERED started.
Got IP Address of LC Server:192.168.52.196
16:03:08,130 INFO QuartzScheduler:209 - Quartz Scheduler v.1.6.0 created.
16:03:08,136 INFO DSCJobStoreTX:547 - Using thread monitor-based data access locking (synchronization).
16:03:08,234 INFO DSCJobStoreTX:721 - Removed 0 Volatile Trigger(s).
16:03:08,235 INFO DSCJobStoreTX:729 - Removed 0 Volatile Job(s).
16:03:08,244 INFO DSCJobStoreTX:61 - JobStoreTX initialized.
16:03:08,245 INFO DSCSchedulerFactory:972 - Quartz scheduler 'IDPSchedulerService' initialized from an externally provided properties instance.
16:03:08,245 INFO DSCSchedulerFactory:974 - Quartz scheduler version: 1.6.0
16:03:08,259 INFO DSCJobStoreTX:775 - Freed 0 triggers from 'acquired' / 'blocked' state.
16:03:08,269 INFO DSCJobStoreTX:879 - Handling 1 trigger(s) that missed their scheduled fire-time.
16:03:08,389 INFO DSCJobStoreTX:785 - Recovering 0 jobs that were in-progress at the time of the last shut-down.
16:03:08,390 INFO DSCJobStoreTX:799 - Recovery complete.
16:03:08,393 INFO DSCJobStoreTX:806 - Removed 0 'complete' triggers.
16:03:08,395 INFO DSCJobStoreTX:812 - Removed 0 stale fired job entries.
16:03:08,411 INFO QuartzScheduler:455 - Scheduler IDPSchedulerService_$_20 started.
<2011-2-10 16:03:25 CST> <Error> <com.adobe.datamodel.repository.DBModelPersistence> <BEA-000000> <Naming exception during loading of all data models: javax.naming.NameNotFoundException: While trying to look up /IDP_DS in /app/webapp/remoting/18935606.; remaining name '/IDP_DS'>
16:03:27,894 INFO TilesPlugin:236 - Tiles definition factory loaded for module ''.
16:03:27,910 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/validator-rules.xml'
16:03:27,910 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/validation.xml'
16:03:28,555 INFO EDCActionServlet:84 -
* System Properties **************************************************
adobeidp.RootDirectory.......................: E:\domains\zonydomain\.
awt.toolkit..................................: sun.awt.windows.WToolkit
com.adobe.idp.DocumentManagerServlet.........: started
com.adobe.idp.enableLC7Compatibility.........: false
com.adobe.idp.enableLC7Compatibility.SetByDM.: true
com.adobe.serverInstanceId...................: adobewl_RightsManagementServer
com.adobe.tempDirectory......................: E:\temp\adobewl_RightsManagementServer
file.encoding................................: utf8
file.encoding.pkg............................: sun.io
file.separator...............................: \
gemfire.disableShutdownHook..................: true
java.awt.graphicsenv.........................: sun.awt.Win32GraphicsEnvironment
java.awt.printerjob..........................: sun.awt.windows.WPrinterJob
java.class.path..............................: E:\jdbc\sqljdbc_1.2\enu\sqljdbc.jar;E:\bea\wlserver_10.3\server\lib\weblogic.jar;E:\Java\ jrockit-jdk1.6.0_20-R28.1.0-4.0.1\lib\tools.jar;E:\bea\user_projects\domains\lcdomain\idpl ib\pop3.jar
java.class.version...........................: 50.0
java.endorsed.dirs...........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\endorsed
java.ext.dirs................................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\ext
java.home....................................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre
java.io.tmpdir...............................: C:\Windows\TEMP\
java.library.path............................: E:\bea\WLSERV~1.3\server\bin;.;C:\Windows\system32;C:\Windows;E:\bea\WLSERV~1.3\server\na tive\win\32;E:\bea\WLSERV~1.3\server\bin;E:\bea\JROCKI~1\jre\bin;E:\bea\JROCKI~1\bin;E:\be a\WLSERV~1.3\server\native\win\32\oci920_8;C:\Windows\system32;C:\Windows;C:\Windows\Syste m32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\bin;
java.naming.factory.initial..................: weblogic.jndi.WLInitialContextFactory
java.naming.factory.url.pkgs.................: weblogic.jndi.factories:weblogic.corba.j2ee.naming.url:weblogic.jndi.factories:weblogic.c orba.j2ee.naming.url
java.net.preferIPv4Stack.....................: true
java.protocol.handler.pkgs...................: weblogic.utils|weblogic.utils|weblogic.utils|weblogic.net
java.runtime.name............................: Java(TM) SE Runtime Environment
java.runtime.version.........................: 1.6.0_20-b02
java.security.policy.........................: E:\bea\wlserver_10.3\server\lib\weblogic.policy
java.specification.name......................: Java Platform API Specification
java.specification.vendor....................: Sun Microsystems Inc.
java.specification.version...................: 1.6
java.vendor..................................: Oracle Corporation
java.vendor.url..............................: http://www.oracle.com/
java.vendor.url.bug..........................: http://download.oracle.com/docs/cd/E15289_01/go2troubleshooting.html
java.version.................................: 1.6.0_20
java.vm.info.................................: compiled mode
java.vm.name.................................: Oracle JRockit(R)
java.vm.specification.name...................: Java Virtual Machine Specification
java.vm.specification.vendor.................: Sun Microsystems Inc.
java.vm.specification.version................: 1.0
java.vm.vendor...............................: Oracle Corporation
java.vm.vendor.url...........................: http://www.oracle.com/
java.vm.vendor.url.bug.......................: http://download.oracle.com/docs/cd/E15289_01/go2troubleshooting.html
java.vm.version..............................: R28.1.0-123-138454-1.6.0_20-20101014-1351-windows-x86_64
javax.rmi.CORBA.PortableRemoteObjectClass....: weblogic.iiop.PortableRemoteObjectDelegateImpl
javax.rmi.CORBA.UtilClass....................: weblogic.iiop.UtilDelegateImpl
javax.xml.rpc.ServiceFactory.................: weblogic.webservice.core.rpc.ServiceFactoryImpl
javax.xml.soap.MessageFactory................: weblogic.webservice.core.soap.MessageFactoryImpl
kernel.download.enabled......................: false
line.separator...............................:
org.apache.xerces.xni.parser.Configuration...: org.apache.xerces.parsers.XMLGrammarCachingConfiguration
org.omg.CORBA.ORBClass.......................: weblogic.corba.orb.ORB
org.omg.CORBA.ORBSingletonClass..............: weblogic.corba.orb.ORB
org.xml.sax.driver...........................: weblogic.xml.jaxp.RegistryXMLReader
org.xml.sax.parser...........................: weblogic.xml.jaxp.RegistryParser
os.arch......................................: amd64
os.name......................................: Windows Server 2008 R2
os.version...................................: 6.1
p2p.useSSL...................................: false
path.separator...............................: ;
sun.arch.data.model..........................: 64
sun.boot.class.path..........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\resources.jar;E:\Java\jrockit-jdk1.6.0_ 20-R28.1.0-4.0.1\jre\lib\rt.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\sunrsasi gn.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\jsse.jar;E:\Java\jrockit-jdk1.6.0 _20-R28.1.0-4.0.1\jre\lib\jce.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\charse ts.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\classes
sun.boot.library.path........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\bin
sun.cpu.endian...............................: little
sun.cpu.isalist..............................: amd64
sun.desktop..................................: windows
sun.io.unicode.encoding......................: UnicodeLittle
sun.java.launcher............................: SUN_STANDARD
sun.jnu.encoding.............................: Cp1252
sun.management.compiler......................: Oracle JRockit(R) Optimizing Compiler
sun.os.patch.level...........................:
user.country.................................: CN
user.dir.....................................: E:\domains\zonydomain
user.home....................................: C:\
user.language................................: zh
user.name....................................: LATTE$
user.timezone................................: Asia/Shanghai
user.variant.................................:
vde.home.....................................: E:\domains\zonydomain\servers\RightsManagementServer\data\ldap
weblogic.Name................................: RightsManagementServer
weblogic.ReverseDNSAllowed...................: false
weblogic.classloader.preprocessor............: weblogic.diagnostics.instrumentation.DiagnosticClassPreProcessor
weblogic.management.server...................: http://192.168.52.196:7001
weblogic.nodemanager.ServiceEnabled..........: true
weblogic.security.CustomTrustKeyStoreFileName: ads-ca.jks
weblogic.security.CustomTrustKeyStorePassPhrase: password
weblogic.security.CustomTrustKeyStoreType....: JKS
weblogic.security.SSL.ignoreHostnameVerification: true
weblogic.security.TrustKeyStore..............: CustomTrust
weblogic.system.BootIdentityFile.............: E:\domains\zonydomain\servers\RightsManagementServer\data\nodemanager\boot.properties
* JSP Engine ****
JSP-Specification..: 2.1
* Runtime ****
Total Memory.......: 917 mb
16:03:28,559 INFO EDCActionServlet:85 -
* Servlet Context ****************************************************
Servlet API........: 2.5
ServerInfo.........: WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967
* Attributes ****
com.cc.framework.locale......................: true
com.cc.framework.painter.....................: [app, html, global]
javax.servlet.context.tempdir................: E:\domains\zonydomain\servers\RightsManagementServer\tmp\_WL_user\adobe-livecycle-weblogi c\srbeev\public
org.apache.commons.validator.VALIDATOR_RESOURCES: org.apache.commons.validator.ValidatorResources@33c707a
org.apache.struts.action.ACTION_SERVLET......: com.adobe.edc.ui.EDCActionServlet@6f15bc0
org.apache.struts.action.MESSAGE.............: org.apache.struts.util.PropertyMessageResources@31fdbc7
org.apache.struts.action.MODULE..............: org.apache.struts.config.impl.ModuleConfigImpl@2f3b181
org.apache.struts.action.PLUG_INS............: [Lorg.apache.struts.action.PlugIn;@32005d9
org.apache.struts.action.SERVLET_MAPPING.....: *.do
org.apache.struts.globals.MODULE_PREFIXES....: [Ljava.lang.String;@12907d6
org.apache.struts.tiles.DEFINITIONS_FACTORY..: I18nFactorySet :
--- default factory ---
{${YOUR_DEFINITION_HERE}={name=${YOUR_DEFINITION_HERE}, path=null, role=null, controller=null, controllerType=null, controllerInstance=null, attributes={}}
--- other factories ---
org.apache.struts.validator.STOP_ON_ERROR....: true
weblogic.servlet.WebAppComponentMBean........: [email protected]b8([zonydomain]/Applicati ons[adobe-livecycle-weblogic]/WebAppComponents[/edc/admin])
weblogic.servlet.WebAppComponentRuntimeMBean.: weblogic.servlet.internal.WebAppRuntimeMBeanImpl@946930
16:03:29,403 INFO TilesPlugin:236 - Tiles definition factory loaded for module ''.
16:03:29,420 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/validator-rules.xml'
16:03:29,421 INFO ValidatorPlugIn:211 - Loading validation rules file from '/WEB-INF/validation.xml'
16:03:30,011 INFO EDCActionServlet:84 -
* System Properties **************************************************
adobeidp.RootDirectory.......................: E:\domains\zonydomain\.
awt.toolkit..................................: sun.awt.windows.WToolkit
com.adobe.idp.DocumentManagerServlet.........: started
com.adobe.idp.enableLC7Compatibility.........: false
com.adobe.idp.enableLC7Compatibility.SetByDM.: true
com.adobe.serverInstanceId...................: adobewl_RightsManagementServer
com.adobe.tempDirectory......................: E:\temp\adobewl_RightsManagementServer
file.encoding................................: utf8
file.encoding.pkg............................: sun.io
file.separator...............................: \
gemfire.disableShutdownHook..................: true
java.awt.graphicsenv.........................: sun.awt.Win32GraphicsEnvironment
java.awt.printerjob..........................: sun.awt.windows.WPrinterJob
java.class.path..............................: E:\jdbc\sqljdbc_1.2\enu\sqljdbc.jar;E:\bea\wlserver_10.3\server\lib\weblogic.jar;E:\Java\ jrockit-jdk1.6.0_20-R28.1.0-4.0.1\lib\tools.jar;E:\bea\user_projects\domains\lcdomain\idpl ib\pop3.jar
java.class.version...........................: 50.0
java.endorsed.dirs...........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\endorsed
java.ext.dirs................................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\ext
java.home....................................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre
java.io.tmpdir...............................: C:\Windows\TEMP\
java.library.path............................: E:\bea\WLSERV~1.3\server\bin;.;C:\Windows\system32;C:\Windows;E:\bea\WLSERV~1.3\server\na tive\win\32;E:\bea\WLSERV~1.3\server\bin;E:\bea\JROCKI~1\jre\bin;E:\bea\JROCKI~1\bin;E:\be a\WLSERV~1.3\server\native\win\32\oci920_8;C:\Windows\system32;C:\Windows;C:\Windows\Syste m32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program Files (x86)\Microsoft SQL Server\100\DTS\Binn\;C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\bin;
java.naming.factory.initial..................: weblogic.jndi.WLInitialContextFactory
java.naming.factory.url.pkgs.................: weblogic.jndi.factories:weblogic.corba.j2ee.naming.url:weblogic.jndi.factories:weblogic.c orba.j2ee.naming.url
java.net.preferIPv4Stack.....................: true
java.protocol.handler.pkgs...................: weblogic.utils|weblogic.utils|weblogic.utils|weblogic.net
java.runtime.name............................: Java(TM) SE Runtime Environment
java.runtime.version.........................: 1.6.0_20-b02
java.security.policy.........................: E:\bea\wlserver_10.3\server\lib\weblogic.policy
java.specification.name......................: Java Platform API Specification
java.specification.vendor....................: Sun Microsystems Inc.
java.specification.version...................: 1.6
java.vendor..................................: Oracle Corporation
java.vendor.url..............................: http://www.oracle.com/
java.vendor.url.bug..........................: http://download.oracle.com/docs/cd/E15289_01/go2troubleshooting.html
java.version.................................: 1.6.0_20
java.vm.info.................................: compiled mode
java.vm.name.................................: Oracle JRockit(R)
java.vm.specification.name...................: Java Virtual Machine Specification
java.vm.specification.vendor.................: Sun Microsystems Inc.
java.vm.specification.version................: 1.0
java.vm.vendor...............................: Oracle Corporation
java.vm.vendor.url...........................: http://www.oracle.com/
java.vm.vendor.url.bug.......................: http://download.oracle.com/docs/cd/E15289_01/go2troubleshooting.html
java.vm.version..............................: R28.1.0-123-138454-1.6.0_20-20101014-1351-windows-x86_64
javax.rmi.CORBA.PortableRemoteObjectClass....: weblogic.iiop.PortableRemoteObjectDelegateImpl
javax.rmi.CORBA.UtilClass....................: weblogic.iiop.UtilDelegateImpl
javax.xml.rpc.ServiceFactory.................: weblogic.webservice.core.rpc.ServiceFactoryImpl
javax.xml.soap.MessageFactory................: weblogic.webservice.core.soap.MessageFactoryImpl
kernel.download.enabled......................: false
line.separator...............................:
org.apache.xerces.xni.parser.Configuration...: org.apache.xerces.parsers.XMLGrammarCachingConfiguration
org.omg.CORBA.ORBClass.......................: weblogic.corba.orb.ORB
org.omg.CORBA.ORBSingletonClass..............: weblogic.corba.orb.ORB
org.xml.sax.driver...........................: weblogic.xml.jaxp.RegistryXMLReader
org.xml.sax.parser...........................: weblogic.xml.jaxp.RegistryParser
os.arch......................................: amd64
os.name......................................: Windows Server 2008 R2
os.version...................................: 6.1
p2p.useSSL...................................: false
path.separator...............................: ;
sun.arch.data.model..........................: 64
sun.boot.class.path..........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\resources.jar;E:\Java\jrockit-jdk1.6.0_ 20-R28.1.0-4.0.1\jre\lib\rt.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\sunrsasi gn.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\jsse.jar;E:\Java\jrockit-jdk1.6.0 _20-R28.1.0-4.0.1\jre\lib\jce.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\lib\charse ts.jar;E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\classes
sun.boot.library.path........................: E:\Java\jrockit-jdk1.6.0_20-R28.1.0-4.0.1\jre\bin
sun.cpu.endian...............................: little
sun.cpu.isalist..............................: amd64
sun.desktop..................................: windows
sun.io.unicode.encoding......................: UnicodeLittle
sun.java.launcher............................: SUN_STANDARD
sun.jnu.encoding.............................: Cp1252
sun.management.compiler......................: Oracle JRockit(R) Optimizing Compiler
sun.os.patch.level...........................:
user.country.................................: CN
user.dir.....................................: E:\domains\zonydomain
user.home....................................: C:\
user.language................................: zh
user.name....................................: LATTE$
user.timezone................................: Asia/Shanghai
user.variant.................................:
vde.home.....................................: E:\domains\zonydomain\servers\RightsManagementServer\data\ldap
weblogic.Name................................: RightsManagementServer
weblogic.ReverseDNSAllowed...................: false
weblogic.classloader.preprocessor............: weblogic.diagnostics.instrumentation.DiagnosticClassPreProcessor
weblogic.management.server...................: http://192.168.52.196:7001
weblogic.nodemanager.ServiceEnabled..........: true
weblogic.security.CustomTrustKeyStoreFileName: ads-ca.jks
weblogic.security.CustomTrustKeyStorePassPhrase: password
weblogic.security.CustomTrustKeyStoreType....: JKS
weblogic.security.SSL.ignoreHostnameVerification: true
weblogic.security.TrustKeyStore..............: CustomTrust
weblogic.system.BootIdentityFile.............: E:\domains\zonydomain\servers\RightsManagementServer\data\nodemanager\boot.properties
* JSP Engine ****
JSP-Specification..: 2.1
* Runtime ****
Total Memory.......: 917 mb
16:03:30,014 INFO EDCActionServlet:85 -
* Servlet Context ****************************************************
Servlet API........: 2.5
ServerInfo.........: WebLogic Server 10.3 Fri Jul 25 16:30:05 EDT 2008 1137967
* Attributes ****
com.cc.framework.locale......................: true
com.cc.framework.painter.....................: [app, html, global]
javax.servlet.context.tempdir................: E:\domains\zonydomain\servers\RightsManagementServer\tmp\_WL_user\adobe-livecycle-weblogi c\xhf1jd\public
org.apache.commons.validator.VALIDATOR_RESOURCES: org.apache.commons.validator.ValidatorResources@231f192
org.apache.struts.action.ACTION_SERVLET......: com.adobe.edc.ui.EDCActionServlet@153d409
org.apache.struts.action.MESSAGE.............: org.apache.struts.util.PropertyMessageResources@2208500
org.apache.struts.action.MODULE..............: org.apache.struts.config.impl.ModuleConfigImpl@1ee0605
org.apache.struts.action.PLUG_INS............: [Lorg.apache.struts.action.PlugIn;@216aebd
org.apache.struts.action.SERVLET_MAPPING.....: *.do
org.apache.struts.globals.MODULE_PREFIXES....: [Ljava.lang.String;@2675446
org.apache.struts.tiles.DEFINITIONS_FACTORY..: I18nFactorySet :
--- default factory ---
{${YOUR_DEFINITION_HERE}={name=${YOUR_DEFINITION_HERE}, path=null, role=null, controller=null, controllerType=null, controllerInstance=null, attributes={}}
--- other factories ---
org.apache.struts.validator.STOP_ON_ERROR....: true
um_assertionid_holder........................: com.adobe.idp.um.auth.filter.AssertionIdHolder@1c5878e
weblogic.servlet.WebAppComponentMBean........: [email protected]8([zonydomain]/Applicatio ns[adobe-livecycle-weblogic]/WebAppComponents[/edc])
weblogic.servlet.WebAppComponentRuntimeMBean.: weblogic.servlet.internal.WebAppRuntimeMBeanImpl@ac5e96
========= calling EDCStartupService::initializeresources =========
<2011-2-10 16:03:32 CST> <Notice> <Log Management> <BEA-170027> <The Server has established connection with the Domain level Diagnostic Service successfully.>
<2011-2-10 16:03:32 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to ADMIN>
<2011-2-10 16:03:32 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RESUMING>
<2011-2-10 16:03:33 CST> <Notice> <Security> <BEA-090171> <Loading the identity certificate and private key stored under the alias ads-credentials from the JKS keystore file E:\domains\zonydomain\ads-credentials.jks.>
<2011-2-10 16:03:33 CST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the JKS keystore file E:\domains\zonydomain\ads-ca.jks.>
<2011-2-10 16:03:33 CST> <Error> <Server> <BEA-002606> <Unable to create a server socket for listening on channel "DefaultSecure". The address 192.168.52.196 might be incorrect or another process is using port 7002: java.net.BindException: Address already in use: JVM_Bind.>
<2011-2-10 16:03:33 CST> <Notice> <Server> <BEA-002613> <Channel "Default" is now listening on 192.168.52.196:8001 for protocols iiop, t3, ldap, snmp, http.>
<2011-2-10 16:03:33 CST> <Notice> <WebLogicServer> <BEA-000332> <Started WebLogic Managed Server "RightsManagementServer" for domain "zonydomain" running in Development Mode>
<2011-2-10 16:03:35 CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to RUNNING>
<2011-2-10 16:03:35 CST> <Notice> <WebLogicServer> <BEA-000360> <Server started in RUNNING mode>
16:03:46,830 INFO Reference:? - Verification successful for URI "#dc30cfd93b52e950ebde68e0b7c8ac56"
16:03:50,726 INFO Reference:? - Verification successful for URI "#cb96de4448538dd00314b484966dae46"
16:03:51,127 INFO TilesRequestProcessor:103 - Tiles definition factory found for request processor ''.
<2011-2-10 16:03:51 CST> <Warning> <Socket> <BEA-000402> <There are: 5 active sockets, but the maximum number of socket reader threads allowed by the configuration is: 4. You may want to alter your configuration.>
16:04:08,115 INFO Reference:? - Verification successful for URI "#ba03069e2b38142918e1e6f54a73208c"
16:04:10,602 INFO Reference:? - Verification successful for URI "#a120044172268198925a0495b25e618a"
16:05:56,603 INFO Reference:? - Verification successful for URI "#e4e5267f958ba1431f4ecdee4b18e454"
16:06:04,059 INFO Reference:? - Verification successful for URI "#f664cefe6083120e323479fd72ec57c1"
<2011-2-10 16:06:44 CST> <Warning> <com.adobe.idp.common.errors.exception.IDPLoggedException> <BEA-000000> <UserM:GENERIC_WARNING: [Thread Hashcode: -1257420086] com.adobe.idp.common.errors.exception.IDPLoggedException| [com.adobe.idp.storeprovider.jdbc.DBStatement] errorCode:12290 errorCodeHEX:0x3002 message:execute query failure(select distinct top 500 * from EDCAGGPRINCIPALVIEWENTIT where ((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( (((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((((( ((((((((((((((((((((((((((((((((((((((((((((((((((EDCAGGPRINCIPALVIEWENTIT.v17 = ? or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EDCAGGPRINCIPALVIEWENTIT.v17 = ?) or EWe are using Microsoft SQL Server 2008 . but it's well with MySQL & JBoss
-
Group Policy Infrastructure Failed : The target name is incorrect
Hi,
I am currently facing issues regarding Group Policy, users are unable to change the password.
When i run gpupdate /force on servers, the user policy and computer policy are successful but when i run the same on any client i receive error as per below,
" C:\Windows\system32>gpupdate /force
Updating Policy...
User policy could not be updated successfully. The following errors were encountered:
The processing of Group Policy failed. Windows attempted to read the file \\mydomain.com\SysVol\mydomain.com\Poli
cies\{5C07D38D-C488-4E32-9871-AA99DAB86898}\gpt.ini from a domain controller and was not successful. Grou
p Policy settings may not be applied until this event is resolved. This issue may be transient and could
be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to th
e current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer Policy update has completed successfully.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to a
ccess information about Group Policy results."
Below is the result of GPRESULT /H GPReport.html.
Component Status
Component Name Status
Last Process Time
Group Policy Infrastructure Failed
9/8/2014 1:56:58 PM
Group Policy Infrastructure failed due to the error listed below.
Logon Failure: The target account name is incorrect.
Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 9/8/2014 1:56:48 PM and 9/8/2014 1:56:58 PM.
Any idea on how to solve this problem ? thanks.Hi Calin,
1). yes the dns resolution is working fine in our environment
2). the GPO object and its folder was deleted and doesnt exist anymore.
3). IPconfig/all result as per below from client
C:\Users\arslan>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ITMGMTPC
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.com
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : XXXXXX
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 10, 2014 8:50:36 AM
Lease Expires . . . . . . . . . . : Thursday, September 18, 2014 8:50:36 AM
Default Gateway . . . . . . . . . : XXXXXX
DHCP Server . . . . . . . . . . . : XXXXXX
DNS Servers . . . . . . . . . . . : 192.168.200.1
192.168.240.2
Primary WINS Server . . . . . . . : 192.168.200.1
NetBIOS over Tcpip. . . . . . . . : Enabled
3). IPconfig/all result as per below from server
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : hopdc
Primary Dns Suffix . . . . . . . : mydomain.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.com
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : XXXXXX
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.200.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : XXXXXX
DNS Servers . . . . . . . . . . . : 192.168.200.1
192.168.240.2
NetBIOS over Tcpip. . . . . . . . : Enabled
4. please find below findings,
C:\Users\arslan>nltest /dsgetsite
HO1
The command completed successfully
C:\Users\arslan>nltest /dsgetdc:domain
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN -
Active-X update group policy problem
I am having problems distributing
install_flash_player_active_x.msi via a group policy in our MS AD.
I am familiar with creating GPOs. I used a GPO to distribute
Adobe Reader without any problems, but this active-X update will
not apply via a gpo. The error I get is: The install of application
Adobe Flash Player 9 ActiveX (2) from policy Adobe_Flash_Patch
failed. The error was : The installation source for this product is
not available. Verify that the source exists and that you can
access it.
I created an administration install and used the same shared
distribution folder as I did for Adobe Reader so I know that this
error is not due to permissions. Any help would be gratefully
appreciated.> 9. The Database Security Editor appears. You need to add the user or
> group that you want the *Security* tab to be removed from.
What EXACT group was entered in your GPO there?
And if you want to revert, it is most probably NOT sufficient to simply
unlink the GPO, but you need to implement a second GPO that grants the
required read rights (aka "removes the deny entry")
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
How to determine the policy, when it is applied?
Hi!
Perform Group Policy.
When do I need to reboot when
to logoff, and when the policy is executed after
without further action?
How to determine the policy, when it is applied?Hi,
Group policy settings that affect computer settings section apply at reboot and refrresh every 90 min (default refresh interval for computers). Group policy settings that affect user settings section apply at user logon to the domain.
You can use RSOP.MSC or command-line gpresult /? to find out what/which GPO settings have been applied to the computer/user belonging to a domain.
More information can be found below:
http://msdn.microsoft.com/en-us/library/aa373481(v=vs.85).aspx
http://technet.microsoft.com/en-us/library/cc940895.aspx
Hope this help.
Regards,
Calin -
Group Policy Pref - Mapped Drives Not Applying to One User
Hi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
SimoneWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
Software Installations
N/A
Startup Scripts
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
N/A
Account Policies
Audit Policy
User Rights
Security Options
Event Log Settings
Restricted Groups
System Services
Registry Settings
File System Settings
Public Key Policies
N/A
Administrative Templates
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
Software Installations
N/A
Public Key Policies
N/A
Administrative Templates
N/A
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: Proxy Settings
Import the current Program Settings: No -
How to use Group Policy to remove the shutdown button on the logon screen
Environment: Shared use computers running Window 7 Professional and MS office Suite; Windows 2008 Standard server, Windows 7 EC Domain Policy and MS Office 2007 ADML Template downloaded from Microsoft. WIndows 7 Accounts OU.
I am in the process of developing a shared use computer lockdown policy for several Windows 7 computers that will made available in my client's computer lab. I need to use a group policy setting to remove the Shut Down button on
the logon screen of the Windows 7 client computers. I am editing the Windows 7 EC Domain Policy to user accounts in a Windows 7 Accounts OU that I created. I am using the Group Policy editor in the Group Policy Management Console.
Please let me know the best practice for accomplishing this using Group Policy editor.
Thanks.
P.S. I tried a setting recommended in the following link in the Windows 7 EC Domain Policy which did not seem to work.
http://www.windowsitpro.com/article/group-policy/can-i-use-group-policy-to-display-or-remove-the-shut-down-button-on-the-logon-screen-.aspxHi Vernon,
I tried the group policy you mentioned (Computer Configuration, Windows Settings, Security Settings, Local Policies, and select Security Options, "Shutdown: Allow system to be shut down without having to log on") and it worked on a Windows 7 client.
Thus you may need to check if the group policy you created is actually applied to clients.
A screenshot can be found here:
http://cid-b7ed40feb32ba29f.office.live.com/self.aspx/.Public/desktop/Capture.JPG -
Problem found: The Diagnostics Policy Service is not running
Whenever I attempt to run network diagnostics Windows 7 Ultimate response with Problem
found: The Diagnostics Policy Service is not running. <o:p></o:p>
I usually find my own solution to the network problem. However, not to the inability to run
diagnostics. In addition, in my attempt to find a solution, the Diagnostic
Policy Service Properties has become corrupted. The run under this account information
is not valid.
So I basically need the account and password for the service. In addition, once I have that info properly
inserted, I need a way to get the diagnostics to actually run.Hello,
The Windows Desktop Perfmon and Diagnostic tools forum is to discuss performance monitor (perfmon), resource monitor (resmon), and task manager, focusing on HOW-TO, Errors/Problems, and usage scenarios.
Since your post is off-topic, I am moving it to the
off topic forum.
Karl
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
My Blog: Unlock PowerShell
My Book:
Windows PowerShell 2.0 Bible
My E-mail: -join ('6F6C646B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}}) -
I have purchased my iPhone 4S from USA. Its a Factory unlocked phone. I am facing problem with the hardware. Is there any support that apple provides to send the phone from India to USA to get it replaced? Also if there is any travelers Policy?
No and no.
-
Dear All
I am facing problem with the aging policy in iplanet messaging server.My aging policy is not working
Please find the below information for your reference
1) bash-2.03# ./imsimta version
iPlanet Messaging Server 5.2 Patch 1 (built Aug 19 2002)
libimta.so 5.2 Patch 1 (built 23:25:07, Aug 19 2002)
2)configutil Output
store.expirerule.19042k7i.createtimestamp = 20070419051559Z
store.expirerule.19042k7i.creatorsname = "cn=msg-mymessaging,cn=iplanet messaging suite,cn=server group,cn=mymessaging.mydomain.com,ou=mydomain.com,o=netscap
eroot"
store.expirerule.19042k7i.folderpattern = user/%@mydomain.com/*
store.expirerule.19042k7i.messagedays = 90
store.expirerule.19042k7i.modifiersname = "cn=msg-mymessaging,cn=iplanet messaging suite,cn=server group,cn=mymessaging.mydomain.com,ou=mydomain.com,o=netsca
peroot"
store.expirerule.19042k7i.modifytimestamp = 20070419051614Z
store.expirerule.19042k7i.objectclass = nsmsgcfgexpirerule
store.expirerule.createtimestamp = 20030427141705Z
store.expirerule.creatorsname = "uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
store.expirerule.modifiersname = "uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot"
store.expirerule.modifytimestamp = 20030427141705Z
store.expirerule.objectclass = nsmsgCfgContainer
store.expirerule.santosh.createtimestamp = 20090317095139Z
store.expirerule.santosh.creatorsname = "cn=msg-mymessaging,cn=iplanet messaging suite,cn=server group,cn=mymessaging.mydomain.com,ou=mydomain.com,o=netscape
root"
store.expirerule.santosh.folderpattern = user/[email protected]/*
store.expirerule.santosh.messagecount = 5
store.expirerule.santosh.messagedays = 1
store.expirerule.santosh.modifiersname = "cn=msg-mymessaging,cn=iplanet messaging suite,cn=server group,cn=mymessaging.mydomain.com,ou=mydomain.com,o=netscap
eroot"
store.expirerule.santosh.modifytimestamp = 20090317095315Z
store.expirerule.santosh.objectclass = nsmsgcfgexpirerule
store.expirestart = 1530
Any one can help me ?Prashant_wagh wrote:
1) bash-2.03# ./imsimta version
iPlanet Messaging Server 5.2 Patch 1 (built Aug 19 2002)
libimta.so 5.2 Patch 1 (built 23:25:07, Aug 19 2002)Seriously? I would say you should upgrade but I would be probably wasting my time.
2)configutil Output
store.expirerule.19042k7i.folderpattern = user/%@mydomain.com/*
store.expirerule.19042k7i.messagedays = 90
store.expirerule.santosh.folderpattern = user/[email protected]/*
store.expirerule.santosh.messagecount = 5
store.expirerule.santosh.messagedays = 1You have two overlapping rules. Only one rule can be applied to a folder. You could try setting:
store.expirerule.santosh.exclusive = yeshttp://docs.sun.com/source/816-6009-10/store.htm
Regards,
Shane. -
Security policy from old GPO still applying after removal
We have a Server 2k3 domain with a mix of 2k8R2 (PDC) and 2k3 DCs. We are currently in the process of
replacing older 2k3 DC policies with newer policies. Policy A (AKA "Old policy") has always been a problem as it contains settings which cause errors in the event logs of the DCs it is applied to (ID 1020 "Windows cannot create
registry key CurrentControlSet\Control\Session Manager. (The parameter is incorrect)" and 1096 "Windows cannot access the registry policy file, \\domain.com\sysvol\domain.com\Policies\{GUID}\Machine\registry.pol. (The parameter is incorrect)").
Policy B (AKA "New policy") has been wonderful in a completely different AD Forest/Domain that we created it in but is not happy after we copied it to this Domain.
The new policy was exported as a Backup and imported by creating a new GPO on this domain and choosing "Import settings". We've previously encountered both the "hidden file" and "read only" issues with copying GPOs so we avoided
those by ensuring hidden files were copied and removing "read only" from the policy folder. The new policy was then applied to the Domain Controller OU with a higher precedence than the old policy. Neither policy is set to enforced
and the links for both were enabled, both policies are set with GPO Status "Enabled" so the new policy should have overridden the older policy settings. After several gpupdate /force and reboots, the 2k3
domain controllers are showing in RSOP a Red x on "Computer policy" with "Group policy Infrastructure" as failed with details "Group Policy Infrastructure processed successfully but failed to log resultant set of policy information".
Under general with "Display all GPOs and filtering status" Old policy is lower than new policy.
When drilling down to "User Rights Assignment" you can see that "Old Policy" is still the winning policy for all settings. When under "Administrative Templates" "New policy" is the winning policy there. So it
seems that the new policy is applying for admin template settings but not for security policies.
I then disabled the old policy which reflected under the general tab filtering status "Disabled" but the user rights assignment still showed Old policy as winning. I tried modifying the Old policy and saw that the serial number for the policy updated
in the RSOP general tab. Then I completely removed the link for the policy from the DC OU and the policy disappeared from the general tab but still showed under User Rights Assignment.
I've tried clearing the Cached group policy from the machine with:
secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
and deleting [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft] from registry and c:\windows\system32\GroupPolicy from HD.
Usually I'll get an error from RSOP about RSOP already running until I gpupdate /force and then I'm back at square one.
I've confirmed that the issue is not replication, the machine shows no errors in FRS and I've performed non-authoritative SYSVOL restore on this server. repadmin
shows no errors.
I have not yet tried to demote/repromote the server as I'm unconvinced that will have any effect. I've seen this kind of issue on 2k3 servers where even after removing the server from the domain entirely the policies from the domain still remain in effect
to where you cannot even modify a setting from local gpedit.msc.
It seems that something is causing security policies to stick from the old policy but is allowing admin template policies to apply from the new policy. Where would these old settings be cached from, and how can I get them to go away?I've now also tried putting the machine in an OU with inheritance blocking an no policies applied.
I've tried deleting [HKLM\Software\Microsoft\Windows\CurrentVersion\GroupPolicy\History] and reboot.
I've turned on all the logging (http://technet.microsoft.com/en-us/library/cc775423%28v=ws.10%29.aspx) and I can even see the .inf files created in c:\windows\security\templates\policy
for each GPO and the policy shows the correct settings.
NTRights (http://ss64.com/nt/ntrights.html,
http://support.microsoft.com/kb/315276) allows me to set the setting manually and AccessChk shows me the current settings
http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx but I still cannot get RSOP to come back clean. I can also see in c:\windows\security\logs that some of the security settings
I'm working show up; "remove SeDebugPrivilege." for example shows up as having been removed from the local administrator which was one of the changes I made.
I've opened up a ticket with Microsoft Support but they haven't had any fresh ideas either. My best guess at this point is that policy is actually applying but RSOP is busted. I have no idea how to reset the RSOP data however.
At this point I'm trying to run WMIDiag to see if there's an issue with WMI as several of the misc errors in the gpedit.log file come up with WMI related issues in google ("InitializeRSOP failed with 0x80070102", "GetObject for event source
of RSOP_ExtensionEventSource.id="{GUID}" failed with 0x80041002").
I should clarify that AccessChk seems to indicate that the User Rights Assignment settings ARE applying but are not showing correctly in RSOP. -
How do I move the policy from Default domain policy to a custom policy.
I want to implement a new password policy. In the past we had a fairly loose policy, now I want to implement minimum length and complexity. I know how to set this up in Computer Config Policies windows settings security settings and account policies
password policy. However after I set it up I notice that it is not being applied. I have run gpupdate, and even waited several days but still it's not taking effect. I have created what im calling a custom gpo calling it "password policy".
It is situated under domains/mydomain.com . There are a number of other policies here.
When I run gpresult /h c:\temp\gpreport.html its all a bit confusing. It looks like it being applied but then further down it says under Group policies Applied GPOs Denied GPOs Pssword Policy mydomain.com empty. ??
But let me ask this first off .
The previous administrator I think has the password policy set up in the "default domain policy"
Is it possible that the default domain policy which IS indeed set differently is overriding my custom "password policy"
If this is so how can I make it so my custom password policy is applied over the default domain policy.
Or what other answers could it be.Hi,
Based on your requirement you can create Fine Grained Password Policies.
This feature introduced in Windows Server 2008 allows you to override password policy set at the Default Domain Policy for specific users or groups.
Checkout the below link for creating Fine Grained Password Policies from GUI in Windows Server 2012,
http://blogs.technet.com/b/reference_point/archive/2013/04/12/fine-grained-password-policies-gui-in-windows-server-2012-adac.aspx
Regards,
Gopi
JiJi
Technologies -
Could not find the policy in WMI for package
Hi,
I am trying to deploy a language pack to a windows 8.1 machine and it is not installing. According to the execmgr.log it cannot find the policy in WMI? I have tried running the machine policy update within CFG MGR but no change. Is there something else
I can check?
<![LOG[Policy is updated for Program: InstallEN, Package: LIA002A0, Advert: LIA2011A]LOG]!><time="09:47:18.345+300" date="01-28-2015" component="execmgr" context="" type="1" thread="980"
file="execreqmgr.cpp:7063">
<![LOG[Raising client SDK event for class CCM_Program, instance CCM_Program.PackageID="LIA002A0",ProgramID="InstallEN", actionType 45l, value NULL, user NULL, session 4294967295l, level 0l, verbosity 30l]LOG]!><time="09:47:18.347+300"
date="01-28-2015" component="execmgr" context="" type="1" thread="980" file="event.cpp:405">
<![LOG[Mandatory execution requested for program InstallEN and advertisement LIA2011A]LOG]!><time="09:47:19.220+300" date="01-28-2015" component="execmgr" context="" type="1" thread="3684"
file="execreqmgr.cpp:3527">
<![LOG[Creating mandatory request for advert LIA2011A, program InstallEN, package LIA002A0]LOG]!><time="09:47:19.220+300" date="01-28-2015" component="execmgr" context="" type="1" thread="3684"
file="execreqmgr.cpp:3653">
<![LOG[Could not find the policy in WMI for package LIA002A0 program InstallEN]LOG]!><time="09:47:19.242+300" date="01-28-2015" component="execmgr" context="" type="2" thread="3684" file="softdistpolicy.cpp:2851">
<![LOG[CreateMandatoryRequestRecursively failed at FindUserOrSystemPolicy InstallEN]LOG]!><time="09:47:19.243+300" date="01-28-2015" component="execmgr" context="" type="2" thread="3684"
file="execreqmgr.cpp:3670">Did you check this
post?
It turned out the root cause of the problem was one of the packages that the TS called. Even though SCCM had been set to use the selected distribution points and said the package was installed on those DPs, it hadn't actually copied the files over.
Updating to a new source version and ensuring the files copied correctly resolved the issue. Hopefully SCCM 2012 will do a better job of communicating a dependency problem, but I haven't had a chance to test it yet.
You can also check this
post.
it appears the majority of these messages occur when you have a system that has an expired advertisement still being applied to it.
Nick Pilon | Blog : System Center Dudes -
Traffic exceeding the policy limit on ASR9K Bundle-Ether
Hi,
I have a problem regarding an issue on ASR 9000 bundle interface.
I apply 20mbps input and output policy to the interface to limit our customers traffic but sometimes I see 40mbps of customer traffic. It doesn't happens always but it occurs on different customers on different bundle interface.
What would be the possible reason? Thanks in advance.
note: we have different burst values on other ASR9 devices such as:
police rate 20000000 bps burst 3750000 bytes
police rate 20000000 bps burst 3200000 bytes
police rate 20000000 bps burst 3000000 bytes
police rate 20000000 bps burst 2500000 bytes
but not sure if indeed this is the problem,
Configurations:
policy-map 20mbps
class class-default
police rate 20000000 bps burst 3200000 bytes
conform-action transmit
exceed-action drop
interface Bundle-Ether1
mtu 9216
load-interval 30
interface Bundle-Ether1.100
service-policy input 20mbps
service-policy output 20mbps
ipv4 address 10.10.10.1
encapsulation dot1q 100
interface GigabitEthernet0/0/0/1
bundle id 1 mode active
interface GigabitEthernet0/0/0/2
bundle id 1 mode active
when i send traffic of 40mb to the customer:
ASR9#sh int Bundle-Ether1.100
Bundle-Ether1.100 is up, line protocol is up
30 second input rate 11361000 bits/sec, 6642 packets/sec
30 second output rate 40558000 bits/sec, 6877 packets/secHi Rivalino,
Here is the output, the thing is this time even if I've sent 40m, peak is 26m.
Bundle-Ether1.100
30 second input rate 4291000 bits/sec, 886 packets/sec
30 second output rate 24492000 bits/sec, 2574 packets/sec
3763694312 packets input, 1626561697099 bytes, 108538 total input drops
3365349 drops for unrecognized upper-level protocol
Received 38 broadcast packets, 3365349 multicast packets
4012226890 packets output, 3050913586640 bytes, 42481432 total output drops
Output 123 broadcast packets, 0 multicast packets
ASR9#show policy-map interface Bundle-Ether1.100 output
Wed Jan 22 08:06:41.049 Turkiye
Bundle-Ether1.100 output: 20mb
Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 413918382/342268391637 42461
Transmitted : N/A
Total Dropped : 5387815/7327884962 17684
Policing statistics (packets/bytes) (rate - kbps)
Policed(conform) : 408530567/334940506675 24777
Policed(exceed) : 5387815/7327884962 17684
Policed(violate) : 0/0 0
Policed and dropped : 5387815/7327884962 -
Software Updates Failing - Group Policy Overwritten - Server and Policy NOT CONFIGURED
I have seen a few posts about this issue and group policy overwriting the settings needed by SCCM with the wrong WSUS server. I checked the wuahandlerlog and found this error but it didnt have the server information.
"Group policy settings were overwritten by a higher authority (Domain Controller) to: Server and Policy NOT CONFIGURED"
The only coputer policy that applies to this system does not have WSUS entries in it. Windows update runs ok, and I deleted the WSUS registry keys that were set by a script and reinstall the client still getting the same error. I dont see any GPO local or domain, or reg keys that are setting anything. I have 10 other servers is the same AD container that this is working perfecly on.......
Suggestions????Check out this GPO:
Computer Configuration -> Administrative Templates -> System -> Group Policy:
"Turn off Local Group Policy Objects processing"
The help text:
"This policy setting prevents Local Group Policy Objects (Local GPOs) from being applied.
By default, the policy settings in Local GPOs are applied before any domain-based GPO policy settings. These policy settings can apply to both users and the local computer. You can disable the processing and application of all Local GPOs to ensure that only
domain-based GPOs are applied.
If you enable this policy setting, the system does not process and apply any Local GPOs.
If you disable or do not configure this policy setting, Local GPOs continue to be applied.
Note: For computers joined to a domain, it is strongly recommended that you only configure this policy setting in domain-based GPOs. This policy setting will be ignored on computers that are joined to a workgroup."
Rolf Lidvall, Swedish Radio (Ltd)
Maybe you are looking for
-
KDM doesn't save previous user
Hello! Since the upgrade to KDE 4.5 KDM doesn't show the previous logged in user at the login screen. Because of that, every time I have to type my username in the user field. I checked in KDE "System Settings" the configuration of KDM. The option "p
-
HCM errors in phase Identify Objects for Transfer and Start Data Selection.
Hello Colleagues , Background: We are using TDMS HCM PA PD Expert package to transfer all of the HCM data We are using TDMS 4.0 SP 5. We are trying to do the Configuraition in Identify Objects for Transfer and Start Data Selection.. In this phase, we
-
How to stop the software update
The software update of my Curve9360 has started automatically and is blocked at 9% since a very long time, while the blackberry is hot and I can't exit in any way. How can I stop the process? I've tried to take off the battery, but when I put it insi
-
Are .jpg images non-destructive editing?
If changes to .jpg's are non-destructive in LR, how can you migrate the changes /w images to another copy of LR on another computer? I've noticed Exporting .jpg's export the changed .jpg's, which must mean that they undergo another round of compressi
-
Cannot open document on a mapped Samba drive in windows XP
The latest version of Reader will not allow me to open a PDF on my network drive. What a pain! I'm running Windows XP Professional and I map a Samba drive that's on my Redhat server. This is my primary drive where all my documents are created and sto