Exchange 2007 SP3 rollup3 re-released (V2)
Version 2 of Rollup3 to Exchange 2007 SP3 has been released. If the first version of the rollup has been applied you do NOT have to uninstall it, you just install the re-released Rollup 3 over the top.
Info about the rollup can be found here:
http://blogs.technet.com/b/exchange/archive/2011/03/31/announcing-the-re-release-of-exchange-2007-service-pack-3-update-rollup-3-v2.aspx
The down load is here:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=17615f50-8a56-428c-bc1a-629795692da1&displaylang=en
Speedy response MS.
I.T. Manager International House London
- Changed type Alan.Gim Monday, April 4, 2011 2:24 AM Info Sharing
Reply:
Please check the below you will find the answer.
------------------------------------
Secure SQL Database
Dear, Just a simple question, I know it should be obvious to experienced people, I'm new at this.
Does SQL server Management, has a built in feature to "password secure" or encrypt the backup? Or do I have to rely on 3rd party tools to secure my backup?
Thanks in advance for any help.
Regards,
Reply:
Hi,
Please see http://msdn.microsoft.com/en-us/library/ms190964.aspx
Thanks,
Andrew Bainbridge
SQL Server DBA
Please click "Propose As Answer" if a post solves your problem, or "Vote As Helpful" if a post has been useful to you
------------------------------------
Temporary Table vs Table Variable in Real World Usage
#temptable vs @tablevariable is a popular debate topic with usually ending: it depends...
How about real world examples? Using 120K rows in the example following, #temptable is the clear winner over @tablevariable. The surprise is that the winning margin isn't that large. Should there be other reason(s) to use @tablevariable, taking a performance hit may prove to be a fair tradeoff.
-- Temporary table T-SQL script DECLARE @Start datetime DBCC DROPCLEANBUFFERS SET @Start = GETDATE() CREATE TABLE #SOD (SOID int, SODID int PRIMARY KEY, Qty int, PID int, Sale DECIMAL (20,2)); INSERT #SOD SELECT [SalesOrderID] ,[SalesOrderDetailID] ,[OrderQty] ,[ProductID] ,[LineTotal] FROM [AdventureWorks2008].[Sales].[SalesOrderDetail] -- (121317 row(s) affected) SELECT YYYY=YEAR(OrderDate), TotQty = SUM(Qty) FROM #SOD INNER JOIN Sales.SalesOrderHeader sod ON #SOD.SOID = sod.SalesOrderID GROUP BY YEAR(OrderDate) ORDER BY YYYY DROP TABLE #SOD SELECT ExecMilSec = DATEDIFF(millisecond, @Start, getdate()) GO -- 700 -- Table variable T-SQL script DECLARE @Start datetime DBCC DROPCLEANBUFFERS SET @Start = GETDATE() DECLARE @SOD TABLE (SOID int, SODID int PRIMARY KEY, Qty int, PID int, Sale DECIMAL (20,2)); INSERT @SOD SELECT [SalesOrderID] ,[SalesOrderDetailID] ,[OrderQty] ,[ProductID] ,[LineTotal] FROM [AdventureWorks2008].[Sales].[SalesOrderDetail] -- (121317 row(s) affected) SELECT YYYY=YEAR(OrderDate), TotQty = SUM(Qty) FROM @SOD A INNER JOIN Sales.SalesOrderHeader sod ON A.SOID = sod.SalesOrderID GROUP BY YEAR(OrderDate) ORDER BY YYYY SELECT ExecMilSec = DATEDIFF(millisecond, @Start, getdate()) GO -- 1100
Execution time measurement article:
http://www.sqlusa.com/bestpractices2005/executioninms/
Kalman Toth SQL SERVER 2012 & BI TRAINING
New Book: Beginner Database Design & SQL Programming Using Microsoft SQL Server 2012
- Edited by Kalman Toth Sunday, September 30, 2012 8:43 AM
Reply:
I am seeing response time similar to what you are showing; however, I do not consider inflating response time by 57% when going from a temp table to a table variable to be insignificant and neither do I consider this a situation in which "… the winning margin isn't that large…".
To me what you are saying is something like saying that a 6 and 10 team is almost as good as a 10 and 6 team.
- Edited by Kent Waldrop Monday, December 19, 2011 1:30 PM
------------------------------------
Reply:
Kalman Toth, SQL Server & Business Intelligence Training; SQL SERVER GRAND SLAM
------------------------------------
Reply:
Thanks Kent. Well I meant not 10x in favor of temporary table.
Kalman Toth, SQL Server & Business Intelligence Training; SQL SERVER GRAND SLAM
I agree with that; this is not a "home run" type win but rather the kind of win that takes place by consistently edging ahead. Most of the "Home Run" scenarios that I get for performance improvement are the 10x, 100x or even 1000x performance improvements.
------------------------------------
Reply:
The main determinant that I've seen is schema. My understanding is that a table variable does not contain schema. As well, indexes. Can you index a table variable if it has no schema?
Already reported as abusive
------------------------------------
Reply:
To index a table variable you have two options:
- Primary Key
- Unique Constraint
Also, I don't think you can defer index creation on a table variable as you can with a temp table; that is:
- Create the table variable
- Load the data
- Add constraints
With a table variable whatever you do for indexed constraints must be part of your declare for a table?
EDIT:
Something else to keep in mind with this:
If you want your table variable stored in a particular order, you will need to be judicious in which you choose to cluster your table variable on -- it can either be the primary key or a unique constraint, but since you don't get INCLUDES you don't get some of the other benefits that can be realized by the use of legitimate secondary indices.
- Edited by Kent Waldrop Tuesday, December 20, 2011 2:07 PM
------------------------------------
Reply:
Following is a looping measuring script with setting for loop cycle and TOP (n) records.
For 2000 records, appears like, table variable is the winner.
/* Execution time measurement: Run script in a loop and average results */ DECLARE @Rows int = 2000, @Loop int = 20 -- test control DECLARE @ExecutionTime TABLE( ID int,Duration INT ) -- ID = 1 temporary table -- ID = 2 table variable DECLARE @StartTime DATETIME DECLARE @i INT = 1; WHILE ( @i <= @Loop) BEGIN -- Temporary table T-SQL script DECLARE @Start datetime DBCC DROPCLEANBUFFERS SET @Start = GETDATE() CREATE TABLE #SOD (SOID int, SODID int PRIMARY KEY, Qty int, PID int, Sale DECIMAL (20,2)); INSERT #SOD SELECT top (@Rows) [SalesOrderID] ,[SalesOrderDetailID] ,[OrderQty] ,[ProductID] ,[LineTotal] FROM [AdventureWorks2008].[Sales].[SalesOrderDetail] -- (121317 row(s) affected) SELECT YYYY=YEAR(OrderDate), TotQty = SUM(Qty) FROM #SOD INNER JOIN Sales.SalesOrderHeader sod ON #SOD.SOID = sod.SalesOrderID GROUP BY YEAR(OrderDate) ORDER BY YYYY DROP TABLE #SOD INSERT @ExecutionTime SELECT 1, ExecMilSec = DATEDIFF(millisecond, @Start, getdate()) -- 700 -- Table variable T-SQL script DBCC DROPCLEANBUFFERS SET @Start = GETDATE() DECLARE @SOD TABLE (SOID int, SODID int PRIMARY KEY, Qty int, PID int, Sale DECIMAL (20,2)); INSERT @SOD SELECT top (@Rows) [SalesOrderID] ,[SalesOrderDetailID] ,[OrderQty] ,[ProductID] ,[LineTotal] FROM [AdventureWorks2008].[Sales].[SalesOrderDetail] -- (121317 row(s) affected) SELECT YYYY=YEAR(OrderDate), TotQty = SUM(Qty) FROM @SOD A INNER JOIN Sales.SalesOrderHeader sod ON A.SOID = sod.SalesOrderID GROUP BY YEAR(OrderDate) ORDER BY YYYY DELETE @SOD INSERT @ExecutionTime SELECT 2, ExecMilSec = DATEDIFF(millisecond, @Start, getdate()) SET @i += 1 END SELECT 'Storage' = CASE WHEN ID=1 THEN 'temp table' ELSE 'table variable' END, AvgDur = avg(duration) FROM @ExecutionTime GROUP BY ID ORDER BY ID /* Storage AvgDur temp table 112 table variable 92 */
Kalman Toth, SQL Server & Business Intelligence Training; SQL SERVER GRAND SLAM
------------------------------------
Reply:
Profiler shows
SELECT StatMan([SC0]) FROM (SELECT TOP 100 PERCENT [SOID] AS [SC0] FROM [dbo].[#SOD________________________________________________________________________________________________________________000000000078] WITH (READUNCOMMITTED) ORDER BY [SC0] ) AS _MS_UPDSTATS_TBL
Obviously table variable cannot have one. Btw, PK would be better on (SOID, SODID) in both cases.
cheers,
</wqw>
------------------------------------
Reply:
Based on limited tests for the example above, the breakeven point is around 13K rows. Below that point in favor of table variable.
Kalman Toth, SQL Server & Business Intelligence Training; SQL SERVER GRAND SLAM
------------------------------------
Reply:
I suggest also giving a look at this thread from yesterday; especially note the great discussion that revolves around MVP Erland Sommarskog's comments. Here are some other previous posts related to the issue of Table Variables versus Temp Tables:
Table Variables versus Temp Tables:
http://social.msdn.microsoft.com/forums/en-US/transactsql/thread/0304cbbb-eab0-4750-b0db-a2bad8f124fd/
Umachandar Jayachandran
http://social.technet.microsoft.com/Forums/en-US/transactsql/thread/a41834b2-bf9c-44ed-be07-a338c7da9796
Rich Brown
Kalman Toth
Naomi Nosonovsky
http://social.msdn.microsoft.com/forums/en-US/transactsql/thread/e8c6de94-cf42-41bc-baaa-acd8c02755af/
Alejandro Mesa
http://social.msdn.microsoft.com/forums/en-US/transactsql/thread/dcd6870f-ee6c-450e-b394-bca11e750f3f/
Alejandro Mesa
http://support.microsoft.com/default.aspx/kb/305977
Referenced by ALejandro Mesa
http://sqlblog.com/blogs/peter_larsson/archive/2009/10/15/performance-consideration-when-using-a-table-variable.aspx
Peter Larsson
* http://www.sqlservercurry.com/2010/03/temporary-tables-vs-table-variables.html
Suprotim Agarwal
* http://blogs.msdn.com/b/sqlserverstorageengine/archive/2008/03/30/sql-server-table-variable-vs-local-temporary-table.aspx
Sunil Agarwal
------------------------------------
SMS/SCCM Service account getting locked out
Hi All,
We have SMS Service account getting locked out very frequently.
I checked this account was configured for using the SMS Client push. I have resetted the password for the same as well still its getting locked out.
Reply:
"Account Lockout and Management Tools": http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465
Torsten Meringer | http://www.mssccmfaq.de
------------------------------------
Reply:
please check if this account is used by other services if you have specified anywhere(could be SMS or someother activities ).
also check if cached credentials (with old Previous passoword) are in use ? http://support.microsoft.com/kb/913485
//Eswar Koneti @ www.eskonr.com
------------------------------------
Reply:
Hi All,
I have update in this issue...
account is getting locked out from different machines( For this time it is getting locked from NJ00007& NJ00006)
I have checked these machines and couldn’t find any stored passwords ,couldn’t find any service that is running with adm_sms account , couldn’t find any profile for adm_sms account
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 644
Date: 19/12/2011
Time: 19:27:22
User: NT AUTHORITY\SYSTEM
Computer: ITDOMNJ
Description:
User Account Locked Out:
Target Account Name: adm_sms
Target Account ID: ASPN\adm_sms
Caller Machine Name: NJ00007
Caller User Name: ITDOMNJ$
Caller Domain: ASPN
Caller Logon ID: (0x0,0x3E7)
============================================================
Event Type: Success Audit
Event Source: Security
Event Category: Account Management
Event ID: 644
Date: 19/12/2011
Time: 20:05:03
User: NT AUTHORITY\SYSTEM
Computer: ITDOMNJ
Description:
User Account Locked Out:
Target Account Name: adm_sms
Target Account ID: ASPN\adm_sms
Caller Machine Name: NJ00006
Caller User Name: ITDOMNJ$
Caller Domain: ASPN
Caller Logon ID: (0x0,0x3E7)
------------------------------------
Reply:
Have you checked that you are not using it as a Network Access account aswell?
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter @ccmexec
------------------------------------
SQL Server 2008 hanging
hi all ,
i have SQL Server 2008 x64 bit clustered on windows 2008 IA .. i have a packages using xp_cmshell & write text file on remote server ..normal time execution for this package is 4-6 min and working normally on other machine but on my production it takes around 2 hours and while running the text excute is always sp_cmshell with waite type (662ms)PREEMPTIVE_OS_LOGONUSER
after restarded the node the package start working noramlly but the problem showed up today again the same behviour ?????!!!!
thanks in advance
- Edited by SQL Kitchen Tuesday, December 20, 2011 10:23 AM
Reply:
Best Regards, Uri Dimant SQL Server MVP http://dimantdatabasesolutions.blogspot.com/ http://sqlblog.com/blogs/uri_dimant/
------------------------------------
Reply:
how ?? is it a replacment of xp_cmdshell in the SSIS??
------------------------------------
so graphical representation of Worlflow develped in VS 2010 sharepoint 2010
Hi all,
i have developed a Workflow in VS 2010 for infopath Application. But i am not able to see the visual representation of My workflow as it happen in workflow developed in SPD and Visio.
is there any way i can integrated Visio with Visual studio.
Thanks and Regards Er.Pradipta Nayak
Reply:
Try using webpart Connections.
Use the 'Visio Web Access Webpart' as 'Consumer' to fetch data from 'status' field of your workflow attached list as 'Provider'. Depending upon the status of workflow you can make the visualization in Visio. Check this link : http://blogs.msdn.com/b/visio/archive/2010/02/05/no-code-mashups-with-visio-services-and-web-part-connections.aspx
get2pallav
Please click "Propose As Answer" if this post solves your problem or "Vote As Helpful" if this post has been useful to you.
------------------------------------
PowerPivot doesn't persist connection's user credentials
It remembers user name, but requires password at every update. PowerPivot 2012 RC0
(all was ok in PowerPivot 2010)
How to determine which app to deploy - 64bit or 32bit
Here is the dilema...
Flash Player is now a 64bit & 32bit install. We have both Windows XP 32bit and Windows 64bit machines - each install has it's own cmd line...
I would like to get both 32bit and 64bit installs to be associated with one collection and one advertisement. I do not want a task sequence for this...
How can one make that determination at the package/program level without using any extra scripting?
Has anyone tried or done this before?
Reply:
You would have to write a custom script that determines which version to install.
Torsten Meringer | http://www.mssccmfaq.de
------------------------------------
Reply:
As you have already said, “each install has its own cmd line” and a ConfigMgr Program is basically running a command line (not multiple command lines) you give it. If the detection logic is not present in the command line you need to add it somewhere, you can’t expect ConfigMgr to just know what the “right” choice is. If you don’t want to script detection of the OS architecture, you could create two programs (and hence two advertisements). These advertisements could both be targeted at a single collection by setting the Program platform requirements accordingly (i.e. one to run x64 OS and one to run on x86 OS).
- Edited by samuel_b Tuesday, December 20, 2011 11:01 AM
------------------------------------
How to generate service reference from WCF service hosted in Worker Role using net tcp?
Hi,
How do I generate service reference from WCF service hosted in Worker Role using net tcp?I have deployed a WCF service in worker role in azure. Locally it works fine and I can add service reference using VS 2010 for address:net.tcp://localhost:4503/Service1MetaDataEndpoint.
But when I try to add the same for Azure hosted one using address: net.tcp://<<staging deployment id>>.cloudapp.net:4503/Service1MetaDataEndpoint, it's gives the following error:
Metadata contains a reference that cannot be resolved: 'net.tcp://<<server>>.cloudapp.net:4503/Service1MetaDataEndpoint'.
Could not connect to net.tcp://<<server>>.cloudapp.net:4503/Service1MetaDataEndpoint. The connection attempt lasted for a time span of 00:00:21.0072016. TCP error code 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond <<Ip >>:4503.
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond <<IP>>:4503
If the service is defined in the current solution, try building the solution and adding the service reference again.
The worker role has started without any error. Please help.
Regards
Kakali
raich
Reply:
Hi,
Could it be because of firewall setting?
Regards
Kakali
raich
------------------------------------
Reply:
Did you define an endpoint in the ServiceDefinition.csdef file?
<ServiceDefinition name="MyService" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
<WorkerRole name="WorkerRole1">
<Endpoints>
<InputEndpoint name="EndpointName" protocol="tcp" port="4503" localPort="4503" />
</Endpoints>
</WorkerRole>
</ServiceDefinition>
Auto-scaling & monitoring service for Windows Azure applications at http://www.paraleap.com
------------------------------------
Reply:
Thanks for your input.
But I have defined the port properly in .csdef file. Locally it works fine.
I think the servicehost is not running due to some reason. I have used sync framework dlls in my service which includes Microsoft.Synchronization.Data.SqlServerCe.dll and System.Data.SqlServerCe.dll. I think they are the source of issue. I have used private assemblies for them and copy local is set to true. What could be the error?
Thanks & Regards
Kakali Gupta
raich
------------------------------------
Incomming email rejection looking for second opinion
I am receiving the following log entry from one particular sender.
2011-12-14T15:53:38.026Z,08CE88865E375677,192.168.0.2:25,192.168.0.4:49638,192.168.0.4,<XXX>,y@sender.com,y@sender.com;,X@ABC.com,1,FSE Content Filter Agent,OnEndOfData,AcceptMessage,,SCL,-1,All recipients bypassed: content filtering was bypassed.
All other incomming emails are reporting external ip addresses, but in this case i receive this information and the sender is receiving a 5.7.1 554 relay denied error. I am sure the error is for the ip appearing to be onm the internal network. What i cannot find anywhere in any of the logs is the actual rejection process and the source of the rejection (if it is forefront or exchange itself). I am under the impression that this would be classified as an ip address spoof and be very frowned upon anyway. Anyone with more experience in this area and has any additional insight would be greatly appreciated.
- Changed type Nick Gu - MSFT Wednesday, December 21, 2011 7:27 AM
Reply:
Hi,
Thank you for the post.
Please try to look for the bypass reason in the AgentLogs, and see if there is any hint.
Regards,
Nick Gu - MSFT
------------------------------------
X509Chain.Build failed even though I set X509RevocationFlag.EndCertificateOnly
Hi there,
I have a CA which is sub to a Root CA. In Root CA the CRL Distribution Point was set to "ldap:///CN=XXX,CN=XXX,DC=XXX,DC=xxx?certificateRevocationList?base?objectClass=cRLDistributionPoint".
And in my CA I set the CRL Distribution Point to "http://10.222.114.137/certenroll/myADCS-CA.crl" and open this CRL file over IIS.
Then I requested a certificate from Machine X to my CA and get a PFX file back, and installed this PFX file to machine Y which is out of the domain.
Then I tried to use C# X509Chain.Build to verify this certificate. If I set the RevocationFlag to EntireChain then it failed, which is correct since I cannot communication the the Root CA's CRL Distribution Point (ldap://xxxx). But after I changed the RevocationFlag to EndCertificateOnly it still failed. I tested that the CRL file (http://10.222.114.137/certenroll/myADCS-CA.crl) can be downloaded from my machine Y.
So I'm not sure why it can retrieve the CRL for the end certificate but still verify failed. BTW, I had cleared the local cache by using the command "certutil -urlcache CRL delete"
var store = new X509Store(StoreLocation.CurrentUser); store.Open(OpenFlags.MaxAllowed); var certs = store.Certificates.Find(X509FindType.FindByThumbprint, "be5d6fb95705dd6d831fada9b29c591e1689f0ec", false); var cert = certs[0]; // basic verify var ok = cert.Verify(); // advanced verify var chain = new X509Chain(); chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EndCertificateOnly; chain.ChainPolicy.RevocationMode = X509RevocationMode.Online; chain.ChainPolicy.UrlRetrievalTimeout = TimeSpan.FromSeconds(5); chain.ChainPolicy.VerificationFlags = X509VerificationFlags.AllowUnknownCertificateAuthority; var ok2 = chain.Build(cert); for (var i = 0; i < chain.ChainStatus.Length; i++) { Console.WriteLine(chain.ChainStatus[i].Status + "; " + chain.ChainStatus[i].StatusInformation); } chain.Reset(); store.Close(); if (ok && ok2) { Console.WriteLine("Pass!"); } else { Console.WriteLine("Fail!"); }
- Changed type Bruce-Liu Thursday, January 5, 2012 9:55 AM
Reply:
Some additional information:
I created another CA pair which one is root another is sub and set the CRL Distribution Points to "http://xxxxxx" that can be visited from my machine (out of the domain). Then I requested and issued a certificate and verify, and got failed.
I use Fiddler to watch the HTTP traffic and I can see that my verify application request the CRL files via HTTP and retrieve the value successfully.
------------------------------------
Reply:
More information:
The verification status are
RevocationStatusUnknown: The revocation function was unable to check revocation for the certificate.
OfflineRevocation: The revocation function was unable to check revocation because the revocation server was offline.
But I do see that the verify application retrieve the CRL file from the server over HTTP, and if I selected EndCertificateOnly it do check the end certificate. But why it told me that the revocation server was offline? Strange.
------------------------------------
Reply:
Does anyone have any suggestion here?
Additional information:
I modified the AIA (Authority Info Access) URL to HTTP and point to the root and sub CA but still no luck.
And if copied the certificate into the machine that I raised the request it pass the validation, but failed if I run my validation app from other machine out of the domain. And when I ran the app in the in-domain machine, I can see it only connect to the root CA's RDL. But in out-of-domain machine, it connect to the both root CA and sub CA's RDL.
------------------------------------
Reply:
Hi Shaun,
As this problem is more related to coding, I would like to suggest that you create a new thread in one of the MSDN forum for better and accurate answer to the question. The community members and support professionals there are more familiar with it and can help you in a more efficient way.
MSDN forum
http://social.msdn.microsoft.com/Forums/en-US/categories/
Thanks for your understanding.
Regards,
Bruce
------------------------------------
Newbie FIM user seeking the M$ best practice for ensuring unique mandatory AD attributes
I have tried to follow the discussion about how samaccountname upn displayname and cn AD attributes should be generated.
In my opinion the only time these attributes should be generated is at the export to AD, i.e. generate them in MV and flow to CS and out to the active directory host. Furthermore, the only resource they can be tested for uniqueness is by looking up AD and NOT the MV.
Several entries on this forum have stated that its not good idea to lookup AD from the MVextension rule but it IS ok from a custom Action Workflow. Why is this? In my opinion its is preferable to block and ensure a unique attribute value than to have a faster but unreliable WF.
Am I wrong in thinking that this action WF is called to generate and push "unique at that time" attributes INTO the CS (and later on into MV) at the time the user is created but the WF has no idea of WHEN these values are pushed out to AD. By which time they are they may not be so unique.
The point I try to make is why must we have to develop these super-complex action Workflows when they are not a 100% guarentee and why is it SO WRONG to use MVextension code which looks up external data sources?
- Changed type Markus VilcinskasMicrosoft employee Sunday, March 17, 2013 1:32 PM
Reply:
Using MVExtension does not guarantee AD uniquness no more then custom WF since even with MV extension there might be a long time before the actual export job is running.
Using WF and the FIM Service DB (not the MV) gives you the ability to make sure the attribute is populated at once and the next insance of the WF will be able to see the new value when doing uniqueness control.
If you get conflicts when doing the actual export to AD due to "rough" accounts will cause export errors no matter what.
To avoid that you need to populate the AD directy and even then AD replication migh be happening causing conflicts.
Just my 2c... ;-)
------------------------------------
Reply:
Are there other systems that create user accounts in AD, if not why do you think when generating the accountname in a WF will cause troubles for uniqueness?
If you generate the accountname in the metaverse or rules extension than also you don't know when these values are pushed out to AD, the only thing you do now that it is going to take "less" time before it is exported.
I prefer to do in also in the portal (to generate this attribute) because in the metaverse or connector space your values are not stored until you do an export, because unexported CS objects will be created again when synchronizations runs before exporting, which ofcourse you can overcome.
Need realtime FIM synchronization? check out the new http://www.traxionsolutions.com/imsequencer that supports FIM 2010 and Omada Identity Manager real time synchronization!
------------------------------------
Password Portal with FIM
Hi
Can someone guide me how to configure Password Reset feature with FIM, what needs to be installed on the server/client and what configuration is required.
Regards,
Guneet
Reply:
Hi Guneet,
Recommend you to run thru the step by step with Password Reset Deployment Guide
Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent | ADRMS Wiki Portal: Technet Wiki
------------------------------------
Group Policy getting blocked
Hi,
I've got an issue rolling out group policy at OU level in a 2003 AD domain, with a mix of windows 7 and XP SP3 clients.
I am trying to apply proxy settings using group policy, but only half of the clients are picking up the update.
When using the gpresult command on the client's pcs, it shows the group policy "proxy settings," which i had created, as applied. However a quick check on the proxy settings in IE doesn't show any change.
For the PCs where the policy doesn't work... I have tried logging users off, rebooting their pcs, and using the gpupdate /force command, but nothing works. The strange thing is when a user logs on to another PC the group policy works, and the proxy settings are applied.
Could this be an issue with the local profile on the client's PC?
Thanks in advance
- Moved by Yan Li_ Tuesday, December 20, 2011 3:16 AM (From:Directory Services)
Reply:
------------------------------------
Reply:
A couple of housekeeping things first off:
1) This is an Active Directory forum and yes I agree this is an Active Directory piece but Group Policy has been split out, so in the future you should post here:
http://social.technet.microsoft.com/Forums/en-NZ/winserverGP/threads
2) You have this question defined as a discussion. Many of the forum users will bypass this, so I would recommend you go back and modify this thread to a question.
Now on to the question...
It sounds me like the workstations that are having issues don't belong to an OU where the policy is being applied against. COuld you please define what your topolgy for the workstations and policy itself is.
Also, have you checked the Event Log to see if you are getting any errors on the failing machines?
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.
------------------------------------
Reply:
For this kind of issues, i would suggest enabling userenv logging which provide deep level of troubleshooting. If same policy is applied when user is logging at another system means the issue is segregated to system level, so you might want to disable security software like AV, update the system to its latest update/fixes along with NIC/system updates.
http://blogs.technet.com/b/instan/archive/2008/09/17/what-is-logged-to-the-userenv-log-file.aspx
Profile issue can't be ruled out too, so you can take a back of the old profile and create a new profile and see if that works. Make sure client system is using only local dns server and verify the event log for any errors.
Regards
Awinish Vishwakarma
MY BLOG: awinish.wordpress.com
This posting is provided AS-IS with no warranties/guarantees and confers no rights.
------------------------------------
Reply:
Sorry about that, this is my first time posting..
First off, thank you for your reply.
The topology is as follows domain -> 1st level OU with Poxy GP -> 2nd level OU (group not being applied).
I have tried applying the policy at both levels however no luck. The desired users are in do belong to the correct OU. I know this because the proxy settings are locked out which is part of the group policy on the 1st level 0U.
To bypass the issue I am now using log on scripts to edit proxy settings. However I would like to know why this isn't working.
here is a screen shot of an event log of one of the machines not picking up the group policy. This is however not typical as other machines have reported no errors, and proxy settings are still not updated.
------------------------------------
Reply:
hi Awinish,
Thanks for your reply!
I think I have narrowed it down to a profile issue. I deleted a user's profile who was not picking up the policy and when she logged back in again the proxy settings were applied.
Would there be any reason why the policy wouldn't override the information there?
------------------------------------
Reply:
Try hive cleanup and see if that helps.
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=6676
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights.
------------------------------------
Reply:
Hi,
It seems like that you have found the solution of this issue. After recreate the user profile, users are able to apply the policy.
The problem with the 1096 is due to a corrupt registry.pol file most likely.
Deleting and recreating the registry.pol on for that policy on that DC should fix the problem.
Best Regards,
Yan Li
Yan Li
TechNet Community Support
------------------------------------
Moving Outlook 2007 w/BCM data to another machine. How can I open Outlook from an external drive attached to my notebook?
My main PC motherboard died. My internal hard drive which houses Outlook 2007 w/BCM is fully intact and operational. I've been unable to successfully move data from this hard drive to my notebook. Thanks for your help.
I've now got the internal hard drive attached to my notebook successfully. How can start Outlook from this internal hard drive that is connected to my notebook?
Reply:
Hi,
Could you tell me if you received any error message or code when you failed to remove the data to a new laptop?
Since the PC motherboard is changed, we need to re-activate the Office Outlook first via the following link if you got the The retail version of the Office:
http://support.microsoft.com/kb/950929
Any questions, please let me know.
Tony Chen
TechNet Community Support
------------------------------------
cannot access shared folders(either from client side or from server end) in 2008 server standard sp2 showing the message "the specified network is no longer available"
Hi all,
We have 2008 server SP2(standard edition). this server we use for file sharing and trend micro server. suddenly some mess happened to the server file sharing is stopped working cannot open the shared items through ip or name(ex:\\192.168.1.10 or \\computer name) even from the server machine cannot open, showing the message "the specified network is no longer available" and through client machine it shows the different message "\\192.168.1.10 is not accessible. you might not have permission to use this network resource. contact the administrator of this server to find out if you have access permissions... logon failure: the user has not been granted the request logon type at this computer" but shared items are given permission for every one.... even it effected the trend micro it is not communicating the clients properly... Below are the trouble shooting steps i have done,
1) re installed the network drivers
2) restarted the server, workstation and computer browserservices
3) checked all the services are in running mode which is related to share drives
followed the steps from micro soft site "http://support.microsoft.com/kb/325487"
changed the cable and tried in different network card still no go...
this machine is not in the domain its running in work group all the clients are also in work group...
it will be more help full if you give suggestions on this...
thanks in advance...
sundarparanam
- Edited by sundarparanam Sunday, December 18, 2011 9:00 AM
Reply:
Hi sundarparanam,
Thanks for posting here.
Could you check if any error or warring is shown form event viewer and post back here ? have you recently modified any configuration on this server before issue occurred ?
It is hard to determine the root cause with current information so far, but would suggest to path the latest network hotfixes for this server and see if any improvement
List of Network related hotfixes post SP2 for Windows Server 2008 (R1) SP2
Thanks.
Tiger Li
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
------------------------------------
Reply:
Thanks for the reply
am not sure when this problem has been occurred but i can provide you recent event logs (after i have done modifications) see below
some have this procedure has worked for me....
after re installing the file services role in server manager it worked for some time(can able to access share folders at least on its own shared PC not from client machines) and again it stopped working after 1 day....
note: there are so many options in event viewer 1) custom view 2)windows logs 3) application and service logs if u can suggest me which one i need provide so that i can provide....
All this errors i have posted are most common errors
| 1) | System |
|
|
|
|
|
|
|
|
|
|
| - | EventData |
| 60 |
| 1355 |
| The specified domain either does not exist or could not be contacted. |
2)
| - | System |
|
|
|
|
|
|
|
|
|
|
| - | EventData |
| 2D20436F64653A2020434F525356434330303030303737332D2043616C6C3A2020434F525356434330303030303735372D205049443A202030303030343734382D205449443A202030303030373836302D20434D443A2020433A5C57696E646F77735C73797374656D33325C76737376632E6578652020202D20557365723A204E5420415554484F524954595C53595354454D20202020202D205369643A2020532D312D352D3138 |
3)
| - | System |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| - | EventData |
| param1 | watchDirectory:share |
| param2 | %%3 |
4)
| - | System |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| - | EventData |
| AppPoolID | OsceAppPool
|
sundarparanam
------------------------------------
DNS resolution between domains
I'm currently working on a new deployment of a Windows 2008 R2 Forest at work.
The idea is in the long run to migrate all infrastructure in an existing Windows 2003 forest to the Windows 2008 forest. But for the time being the 2 forests will co-exist. See the enclosed diagram.
What I need to set up is name resolution between a child W2k3 domain (dev.domain.local) and the new Window 2008 R2 domain. After doing a bit of reading, I thought the way forward would be setting up DNS conditional forwarders between the two domains. Each domain has it's own DNS server.
I attempted this on friday and got "The server forwarders cannot be updated, A zone configuration problem occurred". As far as I know there aren't any firewalls between the domains, so can anyone shed some light on what I'm doing wrong and how to resolve this?
Thanks in advance!!
Reply:
I believe, based on your description, is that your issue is that you are going to have some trouble setting up a conditional forwarding on domain.local to the other two domains because the other domains are actually each a "child" of domain.local (from the DNS naming perspetive, not AD). On domain.local, you would have to set up "sudomains" and provide the NS records of the DNS servers in each subdomain.
As far as conditional forwarding, are you indicating that you are unable to create a conditional forwarder on dev.domain.local pointing to ras.domain.local, and visa-verse?
Guides and tutorials, visit ITGeared.com.
------------------------------------
Reply:
------------------------------------
Reply:
Guides and tutorials, visit ITGeared.com.
------------------------------------
Reply:
Hmmm, yeah. I think you've nailed it. I've finally got access to the DNS server itself and there are other zones which would tie up with what you've said.
I've done a fair amount of my own reading on the problem wouldn't setting up DNS delegation in domain.local for ras.domain.local work?
------------------------------------
Reply:
in domain.local, set up delegation for both ras and dev. As long as you do not replicate the domain.local zone (with the subdomain info) to ras or dev, you will be able to set up conditional forwarding on ras and dev.
There are many ways to design DNS for name resolution, as you can see.
Guides and tutorials, visit ITGeared.com.
------------------------------------
lync 2010 Standard Edition monitoring server
Reply:
Justin Morris | Consultant | Modality Systems
Lync Blog - www.justin-morris.net
Twitter: @jm_deluxe
If this post has been useful please click the green arrow to the left or click "Propose as answer"
------------------------------------
Reply:
Planning for Monitoring: http://technet.microsoft.com/en-us/library/gg412952.aspx
Deploying Monitoring: http://technet.microsoft.com/en-us/library/gg398199.aspx
Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington
------------------------------------
Is TMG stripping /root from GET ?
Hi,
I'm trying to deploy the Lync mobility service through TMG. I would expect to see https://fqdn/Autodiscover/AutodiscoverService.svc/root?sipuri=alias@<sipdomain> in the TMG logs but all I see is https://fqdn/?sipuri=alias@southridgevideo.com. Seems like maybe TMG is stripping part of the URL?
- Changed type Nick Gu - MSFTModerator Monday, December 26, 2011 9:57 AM
Reply:
Hi,
Thank you for the post.
Do you mean that the internal Lync mobility service to access internet through TMG? Or external user access internal resource through TMG? How do you create the firewall rule and does it work?
Regards,
Nick Gu - MSFT
------------------------------------
Windows Server 2008 Direct Access
hi all,
im implementing direct access to a production environment after configuring the server and try to connect with windows 7 enterprise client i can't connect when i run the cmd ( netsh interface httpstunnel show interfaces ) i got the following error
Last Error Code : 0x2746
Interface Status : failed to connect to the IPHTTPS server. Waiting to reconnect
** The above IPHTTPSInterface setting is the result of Group Policy overriding
any local configuration.
Any Help
Thanks
Tarek Khairy
- Changed type Tiger LiMicrosoft employee Friday, December 23, 2011 7:26 AM
Reply:
Have you checked this article?
http://technet.microsoft.com/en-us/library/ee844126(WS.10).aspx
MCTS - Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
------------------------------------
No comments:
Post a Comment