X-Serve not finding active directory

My X-Serve has begun to behave somewhat peculiarly.
I recently had SNow Leopard installed, and it had been working fine. I was deploying using deploy studio, it was all working fine. Then one day suddenly it just seems not to be able to find the active directory.
The AD is the PC network, I also can't connect to the internet. (And I've checked the proxies)
Also Server Admin has started throwing up errors saying it can't find the X-Serve... I'm a little confused as to why it can't find itself. Also the workstations now can't find the deploy studio server.
I can see the X-Serve remotely and operate it.
Any clues?
I've rebooted, I've fixed preferences, I'd update, but I can't get on the internet.

Just speaking to the loss of AD, If you are running Deep Freeze you may need to run a command that sets passinterval to 0.
http://www.mikespike.org/2008/08/12/osx-leopard-deep-freeze-and-active-directory -oh-my

Similar Messages

  • Lion Server not reading Active Directory Groups reliably

    I am trying to upgrade one of our XServes from Snow Leopard Server to Lion Server and am running into a strange issue with our Active Directory based users and Groups.
    The current Snow Leopard Server serving files from a XSan volume is running fine, though we find a very long Lag time for Windows users to connect. Once a few users have connected the lag seems to go away, but it is still not nearly as fast as Mac users connecting or Windows connecting to a PC server.
    So I have connected a second Xserve to the SAN and performed a clean install of Lion Server. Initially while it would find my Active Directory Groups it would not import any of the users, so obvioulsly no one could connect. In a last ditch effort I installed the beta of 10.7.4, which seemed to resolve the issue for a small group of test users. However as I expanded the test I found that some users would get a message that the were no resources available to them, or they didn't have the correct permissions. This is very strange as everyone is in the same group so should have the same permissions. As a test I took one of the user accounts and created a new share and gave him R/W permission to that share and suddenly all of the shares that he should have had permission to in the first place popped up.
    The only thing that I can think of is that we have such a large Active Directory structure that the authentication is timing out or reaching some user limit and stops looking. (we have over 50,000 users and thousands of groups spread through multiple OUs in the AD structure)
    The new Server.app in Lion looks nice, but it does not seem to have nearly the robustness of the previous Server Admin tools. For instance, I never needed or wanted to setup a "Golden Triangle" but with Lion it is required. Perviously I could search for AD users or groups and drag them from the search window to the share to assign permission, now even though I've imported the groups and users it needs to search the entire directory when assigning permissions - why can't it see the groups that are already there? Why can I run a dscl search and find a user or group instantly, but the Server.app hangs for 5 minutes and shows 0 results?
    Has anyone found a way to make Lion Server work in an enterprise environment?

    Yesterday morning I bound a 10.7.4 server to our AD, and in the afternoon I eventually saw all the AD users, groups, etc show in Workgroup Manager. Now, with dscl, I can see all the AD user and group records, and with Workgroup Manager, I can search the groups, users, and computers, but with the Server.app, when trying to create new group of the type "Imported group from another directory", the searches returned nothing. Directory Utility can show all the AD information also. Our AD has thousands of user record, and so it is reasonable that it may take some time for the Mac server to get all the info. But from the add users or groups interface, I just could not get any search results. What could be wrong then? 

  • HT201401 my iphone 4s could not be activated as could not find activation server/ sim not supported

    just got a used i phone 4s and its says could not be activated as could not find activation server also say sim not supported what am i doing wrong

    cindyfromsa wrote:
    ... what am i doing wrong
    Buying a used iPhone from unofficial place.
    1.) Your iPhone maybe locked to a certain carrier.
    2.) The sim may not be compatible.
    3.) Maybe it was jailbroken.
    Find out from the seller the 3 points I've mentioned.

  • Can't connect to Small Business Server 2003 via Active Directory

    I have done lots of searching, both in these forums and the wider internet, and cannot find a solution to my specific problem.
    I am trying to connect my G5 (10.3.9) to a Windows network. We have a Microsoft Small Business Server 2003 with Active Directory. The PCs have no problem using this, and I can connect to shares setup on the server via AFP.
    But I am having problems when I try to configure the AD plug-in in Directory Access on the Mac. When I click 'Bind', I enter the Server's Administrator username & password and when I click 'OK', it gets to Step 3 of 5 "Verifying Credentials". It ticks away at this step for about 30 seconds, then comes up with error message saying "Invalid user name and password combination."
    I have tried other users with admin privileges, but they don't work either. I know the usernames and passwords aren't invalid, because I created them. I have tried fiddling around with other settings in the AD setup, but nothing gets any further.
    Without any other 3rd party software (that's my final option), is there something I need to check/change, either on the Mac or the server, to make this Mac to authenticate via AD? Please help!

    Hi Andbrowny, thanks for your response.
    Your advice didn't really help my Active Directory problem (AD doesn't require SMB does it?), but it gave me some progress on my SMB problem. I can connect via AFP, but previously when I tried to connect via SMB, it kept coming up with the error "Could not connect to the server because the name or password is not correct".
    Now, after changing the policies on the server, I get an error -43 message saying "The operation could not be completed because one or more required items cannot be found."
    So now I have two problems! SMB is not finding something it needs, and Active Directory is not "verifying credentials".
    Actually, I have three problems: When I am connected via AFP, filenames over 31 characters long are truncated on the server, and I can't copy long filenames onto the server without renaming them. I have read that SMB would fix this to a degree (256 characters for the complete file path), but is there anything (a protocol or software) that allows long filenames to be read/written with ease?
    Side note: The server is not 100% configured, the bloke installing it still has some work to do, but Active Directory works for all the XP machines, and I can connect to each XP workstation with SMB.

  • Directory Security Strange Permissions Issues (Windows Server 2003 running Active Directory)

    I have a user that all of a sudden was not able to open 70% of her files located on a file server, Windows Server 2003 running Active Directory, from her laptop. The same user can access all the same files from a different machine, logging on with the same
    credentials. Just looking for a point in the right direction and a possible theory as what could cause this problem, an why all of a sudden. I did go back through the logs but nothing sticks out. For the most part the logs on the server and the laptop are
    pretty clean. 
    Both machines are Latitude E5420s running Windows 7 Enterprise Service Pack 1. Both machines are 64bit and connect to the network via hard-wire, not wireless.
    Thanks in advanced.
    Grajek

    I would recommend proceeding that way:
    Check that your DCs are in a healthy state and AD replication is fine: It might be that the user is member of security groups and the membership is not getting replicated properly which can cause this random behavior. You can use
    dcdiag and repadmin for checks and you can refer to my recommendations here: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
    Make  sure that the file server is reachable from the user client computer. Start with
    ping and nslookup. Also, you need to make sure that the traffic between the client and the server is not blocked or filtered. You might want to temporary disable security software for testing
    This posting is provided AS IS with no warranties or guarantees , and confers no rights.
    Ahmed MALEK
    My Website Link
    My Linkedin Profile
    My MVP Profile

  • Windows Server 2008 R2 - Active Directory Replication over DynDNS

    Hello,
    I have one server that Windows Server 2008 R2 - Active Directory / DNS
    Now some users shifted to new office with the server
    Some users still in the original place that now don't have ADDS/DNS
    i want to install one replication server in the original place to retrieve AD/DNS form new office via DynDNS
    is that possible of not?
    Best regards,

    Badr, I don't think you want AD replication occurring over the internet - even if that was possible the server would need access to all the SRV records, a records, And all the ports required for communication - See here for an exhaustive list
    http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx - I don't think I have to tell you how bad opening all these ports to the internet would be.
    You may want to look at Setting up a vpn or DirectAccess from the original site to the new site. This will give you more security and generally won't cost to much.
    http://technet.microsoft.com/en-us/network/dd420463.aspx
    Another thing that may work for you would be if you setup remote desktop services in the new location and had the original location remote into via a gateway server -
    http://blogs.technet.com/b/windowsserver/archive/2012/05/09/windows-server-2012-remote-desktop-services-rds.aspx as a starting point. With RDS your users would be able to access the new location from anywhere, although there would be upfront costs associated,
    licensing and server being part of them - I don't recommend turning your domain controller into an RDS server.These are just some ideas to help you with your issue

  • Always finding problem "server not find in safari"

    Always finding problem "server not find in safari" for any redirection or even opening some sites through google.. Hv to delete cookies an still some times work some times no..pls do not give me ******** answer like apple for restarting wifi..its a serious issue and i think millions of users are finding this problem.. Apple should be forced to fix this issue through an update..or should come out with a  or react solution..

    It is not a broad issue, I have absolutely no problems using Safari and ios7.1 on many ipads.
    Verify that you have good DNS entries, that can be a major cause of this type of message.

  • Error when joining a leopard server to an active directory

    Hi all,
    I'd like to add my mac os x server to an active directory. If I fill the "Active Directory Domain" with ip address, "Unable to add the domain, there was no response from the ip,please check that the address you entered is correct", if I fill with domain name, "Unable to add domain, An unexpected error of type -14987 (eUndefinedError) occurred.
    What's going on there???

    Hi all,
    I'd like to add my mac os x server to an active directory. If I fill the "Active Directory Domain" with ip address, "Unable to add the domain, there was no response from the ip,please check that the address you entered is correct", if I fill with domain name, "Unable to add domain, An unexpected error of type -14987 (eUndefinedError) occurred.
    What's going on there???

  • Error message "Could not find active BDoc...." in "genstatus" transaction

    Hello
    we upgrade from CRM 2007 SP 5 to SP 9.
    in transaction GENSTATUS we get 2 kind of message.
    1. yellow messages
    2. red ERROR
    Generator group: GNREP
                                 LUTAB
    we already run the job  MW_GENERATE
    |Object Name                 |Gen. group|Generator|Status|Type|Message text                                                                                |
    CNBCCPSAP00070            CG
    GNREP
    E
    F
    Could not find active BDoc for TRANS_ID CNBCCPSAP00070 - Identification not possible via TransID / Name
    |CNBCCPSAP00070            CG|LUTAB     |         |E     |F   |Could not find active BDoc for TRANS_ID CNBCCPSAP00070 - Identification not possible via TransID / Name|
    Please assiste.
    Best regards
    Merav

    Hello Merav,
    The reason for such generation errors is that a replication object to distribute CNBCCPSAP00070 is existing but the related BDOC is not there. These types of replication objects and BDocs have to be maintained manually by customers.
    Please refer to SAP Note 1114576 (Deletion of RO CNBCCPSAP00070) and make the corrections.
    Afterwards kindly go to transaction GENSTATUS and mark the two lines and press generation button.
    Your issue would be solved.
    Thanks,
    Rohit

  • Can not find RTE directory

    Using LabWindows 8 and the full runtime engine, I get a "Can not find RTE directory" error at rutime on some Windows PCs.  PCs with the problem have it persistently, PCs without the problem never fail.

    Posted in wrong forum.  Was correctly posted in Labwindows forum here.

  • New Server 2012 install - Active Directory not working properly

    We recently converted from 2003 to 2012. Our 2012 R2 server seems to be running fine. We did a DCPROMO on the OLD 2003 DC just fine but now there are all sorts of odd errors (Sharepoint can't authenticate users, Can't run Exchange 2013 on another 2012 server
    because it can't find AD, etc.)
    on the DC we have a Group Policy error 1096. "Group Policy Object LDAP://CN=User,cn={2B476B3E-2749-4B1B-8EC1-F5672A66F94F},cn=policies,cn=system,DC=mydom,DC=local\\mydom.local\SysVol\mydom.local\Policies\{2B476B3E-2749-4B1B-8EC1-F5672A66F94F}\User\registry.pol"
    So far I haven't found anything on how to fix this (and the AD itself.) There are some errors in the DCDIAG log, too:
          Starting test: NetLogons
             Unable to connect to the NETLOGON share! (\\ISD-DC1\netlogon)
             [ISD-DC1] An net use or LsaPolicy operation failed with error 67,
             The network name cannot be found..
    Starting test: FrsEvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
    Any suggestions how we can fix these errors are greatly appreciated!

    Hi,
    Did you migrate the Active Directory from Windows server 2003 to Windows server 2012?
    Please refer to this article:
    https://blogs.technet.com/b/canitpro/archive/2013/05/27/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx
    Regards.
    Vivian Wang

  • Server 2008 R2 DNS Server can not open active directory erro 4000

    The DNS server was unable to open Active Directory.  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly
    and reload the zone. The event data is the error code. Error 4000
    This just started happening yesterday. Also File service and print server is unable to contact because of this error. I have no lookup zones. When I try and go to the DNS server I get a message The server VETSALDC could be contacted The error was Access
    Denied. Would you like to add it anyway?
    PLEASE HELP

    Hi,
    According to your description, my understanding is that DNS unable to open Active Directory with error 4000.
    This happens when that particular DC/DNS server has lost its Secure channel with itself or PDC. This can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.
    You may check AD DS using command line “DCdiag” (run as administrator). besides, you may try to stop and restart AD DS service(detailed steps reference the link:
    http://technet.microsoft.com/en-us/library/cc732714(WS.10).aspx ), make sure that the AD DS is running correctly.
    Then restart the DNS service, detailed steps reference the link:
    http://technet.microsoft.com/en-us/library/cc735673(v=ws.10).aspx .
    If the problem still exits, is there any other DC or DNS on your network? Post the TCP/IP parameters (ipconfig /all) of DC and DNS here.
    Best Regards,           
    Eve Wang     
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Find Active Directory Attributes that are Not Set

    I'm trying to generate a report that lists all accounts where the thumbnailPhoto attribute in Active Directory is not set.  I've tried using WHERE thumbnailPhoto < 0, WHERE IsNULL({thumbnailPhoto}) and several others with no success.  Can anyone point me in the right direction?

    Hi,
    1) What version of Crystal Reports are you using?
    2) Are you using a SQL Query to report against the Active Directory?
    3) What is the datatype of the 'thumbnailPhoto' field?
    -Abhilash

  • VDI 3.4 Inegrate with Windows Server 2008 R2 Active Directory

    OK,I follow the official documents step by step,I installed the vdi 3.4 in Oracle Linux 5.7(oraclevdi.jiayutester.com),then installed a window server 2008 r2 64bit(jiayudc.jiayutester.com) that made it to be the Domain Controller(jiayutester.com) and DNS,at the end,I edit the /etc/krb5.conf.I execute the following commands:
    1.getent hosts jiayudc.jiayutester.com
    --------------------My Note:Normal-----------
    2.kinit -V [email protected]
    Authenticated to Kerberos v5
    This is my krb5.conf------------------------------------
    [logging]
    default = FILE:/var/log/krb5libs.log
    kdc = FILE:/var/log/krb5kdc.log
    admin_server = FILE:/var/log/kadmind.log
    [libdefaults]
    default_realm = JIAYUTESTER.COM
    default_checksum = rsa-md5
    dns_lookup_realm = true
    dns_lookup_kdc = true
    ticket_lifetime = 24h
    forwardable = yes
    [realms]
    JIAYUTESTER.COM = {
    kdc = space-21pel8ghu.jiayutester.com
    admin_server = space-21pel8ghu.jiayu.com:749
    default_domain = jiayutester.com
    [domain_realm]
    .jiayutester.com = JIAYUTESTER.COM
    jiayutester.com = JIAYUTESTER.COM
    [appdefaults]
    pam = {
    debug = false
    ticket_lifetime = 36000
    renew_lifetime = 36000
    forwardable = true
    krb4_convert = false
    Then,I login to the web console to set company, I select Active Directory to use as User Directory,then I fill up all the needed information(I am sure that all the information I fill in the form is correct),when I click the next,error occured....it's the context:
    Unable to Connect to User Directory
    Failed to connect, no servers available
    Now,I searched everywhere for information,but I can't resolve the problem...Please help me,smart guys

    Would probably need to see your VDI instance cacao log file to see why this is failing, but you might need to add the following to [libdefaults] section of your krb5.conf file, for 2008R2 AD server:
    default_tkt_enctypes = rc4-hmac
    default_tgs_enctypes = rc4-hmac
    And then restart VDI services (/opt/SUNWvda/sbin/vda-service restart)
    Note that VDI will actually try to query individual AD servers as defines as part of your AD Global Catalog when it tries to lookup AD domain data. This means you need to verify that your global calalog referenced servers are valid and having matching forward and reverse DNS information:
    For example:
    $ *nslookup -querytype=any gc.tcp.vdi.com.*
    Server:          win2008.vdi.com
    Address:     192.168.1.100#53
    gc.tcp.vdi.com     service = 0 100 3268 win2008.vdi.com*.
    $ nslookup win2008.vdi.com.
    Server:          win2008.vdi.com
    Address:     192.168.1.100#53
    Name:     win2008.vdi.com
    Address: _192.168.1.100_
    r$ nslookup 192.168.1.100
    Server:          win2008.vdi.com
    Address:     192.168.1.100#53
    100.1.168.192.in-addr.arpa     name = win2008.vdi.com.*
    You'd want to verify that every record returned by the *nslookup -querytype=any gc.tcp.yourdoamin.com* command refers to a server that can be reached and has matching forward and reverse DNS. Otherwise, this may trigger VDI to have failures or delays in performing directory queries.
    Beyond that, you need to look in the cacao.log file for errors that you can find and post.
    Edited by: DoesNotCompute on Oct 13, 2012 11:48 AM

  • Unable to find Active Directory Domain Groups via /_vti_bin/UserGroup.asmx GetRoleCollectionFromGroup

    Hi, I am writing a Powershell script locally on my machine to aggregate data from SharePoint 2010 and Active Directory.  All groups in our SP environment are Active Directory Domain Groups (AD DG).  Accessing group members via SharePoint is not
    possible (as many of you already know).  My plan was to pull Domain Group lists and aggregate AD DG data with SharePoint data (permission levels, etc...).  I unfortunately ran into a problem when I realized that AD DGs are not considered "SP
    Groups" but instead are considered user??? 
    How do I leverage SharePoint web services to perform an action similar to /_vti_bin/UserGroup.asmx > GetRoleCollectionFromGroup?  I do not want to perform this action on the server, but locally on my machine.  When I run the below script
    it throws a 401 error and complains it "can't find the group".  Keep in mind I am trying to get info on a
    AD Domain Group, not a
    SharePoint Group.  I think that is the underlying reason this request keeps failing as I tested the below script on SP groups and it worked perfectly.
    clear
    $CRED = Get-Credential
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
    $uri = "http://{site}/_vti_bin/UserGroup.asmx"
    $soap = '<?xml version="1.0" encoding="utf-8"?>'
    $soap+= '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
    $soap+= '<soap:Body>'
    $soap+= '<GetRoleCollectionFromGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">'
    $soap+= '<groupName>TestGroup</groupName>'
    $soap+= '</GetRoleCollectionFromGroup>'
    $soap+= '</soap:Body>'
    $soap+= '</soap:Envelope>'
    [xml]$WF = Invoke-RestMethod $uri -Credential $CRED -Method POST -ContentType "text/xml" -Body $soap
    echo $WF
    $WF.Envelope.Body.GetRoleCollectionFromGroupResponse.GetRoleCollectionFromGroupResult.GetRoleCollectionFromGroup.Roles.Role
    Thank you. 

    Hi, I am writing a Powershell script locally on my machine to aggregate data from SharePoint 2010 and Active Directory.  All groups in our SP environment are Active Directory Domain Groups (AD DG).  Accessing group members via SharePoint is not
    possible (as many of you already know).  My plan was to pull Domain Group lists and aggregate AD DG data with SharePoint data (permission levels, etc...).  I unfortunately ran into a problem when I realized that AD DGs are not considered "SP
    Groups" but instead are considered user??? 
    How do I leverage SharePoint web services to perform an action similar to /_vti_bin/UserGroup.asmx > GetRoleCollectionFromGroup?  I do not want to perform this action on the server, but locally on my machine.  When I run the below script
    it throws a 401 error and complains it "can't find the group".  Keep in mind I am trying to get info on a
    AD Domain Group, not a
    SharePoint Group.  I think that is the underlying reason this request keeps failing as I tested the below script on SP groups and it worked perfectly.
    clear
    $CRED = Get-Credential
    [System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
    $uri = "http://{site}/_vti_bin/UserGroup.asmx"
    $soap = '<?xml version="1.0" encoding="utf-8"?>'
    $soap+= '<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">'
    $soap+= '<soap:Body>'
    $soap+= '<GetRoleCollectionFromGroup xmlns="http://schemas.microsoft.com/sharepoint/soap/directory/">'
    $soap+= '<groupName>TestGroup</groupName>'
    $soap+= '</GetRoleCollectionFromGroup>'
    $soap+= '</soap:Body>'
    $soap+= '</soap:Envelope>'
    [xml]$WF = Invoke-RestMethod $uri -Credential $CRED -Method POST -ContentType "text/xml" -Body $soap
    echo $WF
    $WF.Envelope.Body.GetRoleCollectionFromGroupResponse.GetRoleCollectionFromGroupResult.GetRoleCollectionFromGroup.Roles.Role
    Thank you. 

Maybe you are looking for

  • CS5 takes forever to open via remote desktop

    Hi All, We are using CS5 and have it installed on a machine, which has a production license with Darwin VDP software. The way we work, is to do all the design work on our local copy of Indesign, and run productions using the pilot license of Darwin (

  • Iphone Bluetooth Headset

    I just bought one maybe 2 weeks ago and the silly thing will not hold a charge, it says it's charged but when it is paired with my Iphone 3GS the battery icon shows less than a 1/4 charge on it........Whatsup with that? These things aren't cheap.....

  • HT1688 delete an old Apple ID?

    Anyone know how to do this? iphone 4 and desktop WinXP getting confused on old apple id... Thanks NKP

  • How to make the main window's table size fixed?

    Hi all,    when i have a single line item, the size of table in main window is getting reduced. Its size is varying according to number of line items. Is not is possible to keep the size of table fixed even you have single line item? Regards, Bipen

  • Wireless keyboard/mouse unable to wake imac

    I am currently using a iMac G4, D-Link DBT-120 vers B3 and have been unable to wake computer using wireless keyboard or mouse. Once computer is awake (using wired mouse) keyboard is fine. I have tried updating bluetoothversion but am told it is curre