Not for SharePoint 2010 questions
Just like all the other forums with "Pre-SharePoint 2010" in the name of the forum, this forum too is not for SharePoint 2010 questions.
Moderator
SP 2010 "FAQ" (mainly useful links): http://wssv4faq.mindsharp.com/default.aspx
WSS3/MOSS FAQ (FAQ and Links) http://wssv3faq.mindsharp.com/default.aspx
Both also have links to extensive book lists and to (free) on-line chapters
windows 2008 manually created service events above 1000
Is it possible to manually generate events for service and applications on events above 1000.
Need to test that windows events with event ids above 1000 are captured and reported.
The report is to be captured by Netcool, which has already been set up for these event capture, but I can not confirm that the system will capture the events with out a manual generation of the event on the external 2008 server.
Thanks
Richard
Reply:
Hi,
you can just restart the securitycenter-service. This will generate Event 1800.
Kind regards,
M.Hivner
------------------------------------
Reply:
Hi,
From your description, I know that you do not want to use Eventcreate or logevent to manually generate a specific Event ID. You need a normal event log generate in event viewer. As a test, we can restart the Network Access Protection Agent services. The following event log will generate at system logs.
Log Name: System
Source: Service Control manager
Event ID: 7036
Hope it helps.
Best Regards,
Aiden
Aiden Cao
TechNet Community Support
------------------------------------
PowerConnect 5524
Hi,
i like to know Dell Power connect 5524 is good for Hyper v san switch , some where i read its very slow switch
Thomas
- Changed type Vincent Hu Sunday, January 29, 2012 4:04 AM
Reply:
Hi,
Hyper-V doesn’t need a specific SAN switch, you can use most popular switch in the market.
By the way, this is a hardware relevant issue, it is recommended that you perform the further research in a hardware corresponding community so that you can get the most qualified pool of response. Thanks for your understanding.
Vincent Hu
------------------------------------
Server 2008 PPPOE client/NAT/DHCP/RADIUS
Hello,
I installed server2008 on PC with 2 ethernal cards.
One card is WAN card, I must set it to connect to router(in bridge mode) with pppoe client to internet.
Other card will be conected to switch and from switch to 2 wifi AP-s.
Every PC that connects to AP or switch must get IP address (DHCP server must work), every PC must get internet access(NAT must be enabled), every PC on the beguining must be authentificated(RADIUS must work).
Now I'm using pfsense and i used m0n0wall, but those OSs dont have good user controll so I want to configure microsoft based router.
Can you write wtah I have to do?(or just link tutorials?)
every help is welcome :)
ps. sorry for my bad english :)
Reply:
Hi posavec,
Thanks for posting here.
By installing and configuring RRAS (Routing with Remote Access service) could allow us to set this multihomed server as a NAT/Firewall and allow internal users to access internet through this host . This can be done by its first wizard :
Share an Internet Connection by Using Network Address Translation (NAT)
http://technet.microsoft.com/en-us/library/ff687757(WS.10).aspx
Enable and Configure NAT
http://technet.microsoft.com/en-us/library/dd469812(WS.10).aspx
And we can also install RADIUS/NPS on server with specifying policies and set AP devices as RADIUS clients in order for authenticated wireless accessing :
Configure NPS on a Multihomed Computer
http://technet.microsoft.com/sv-se/library/cc731801(WS.10).aspx
Thanks.
Tiger Li
Tiger Li
TechNet Community Support
------------------------------------
errors on dc - dynamic registration dcdiag
- Changed type Tiger LiMicrosoft employee Wednesday, February 1, 2012 2:12 AM
Reply:
Hello,
how many DCs in total do you have? How are the settings for forward lookup zone in DNS, is it set to secure dynamic updates?
Did you make sure the DHCP client service(Windows server 2003 and lower) or DNS client service(Windows server 2008 and higher) are started and set to automatic, they are required for correct DNS registration?
Please upload the following files:
ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server]
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and don't run on Windows server 2008 R2]
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)]
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)
As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
------------------------------------
Reply:
An error event occurred. EventID: 0x0000168ETime Generated: 01/28/2012 13:50:12Event String:The dynamic registration of the DNS record 'ForestDnsZones.xxxxxxxx. 600 IN A 10.10.10.10' failed on the following DNS server:
It appears you truncated the part after "the following DNS server:" It would have helped to see which DNS server it's trying to register into.
Also, the 'ForestDnsZones.xxxxxxxx. part scares me, because it either indicates your AD DNS domain name may be a single label name. If you manually edited it that way and it's not, then that's a good thing. However, if it is a single label name, then we have a bit of a problem.
Also just as importantly, is the DNS server an internal DNS server, or an ISP's DNS server, or the router being used as a DNS address? If the ISP's or ther router, then that would explain it, since those will not accept an update. YOu must only use the internal DNS in an AD infrastructure.
Now if you are only using your internal DNS, then here are other things to check:
- The zone is allowing updates
- The Primary DNS suffix matches the zone it's trying to update into
- The zone can't be single label named zone (domain vs the required minimum or domain.com or domian.local, etc)
- No duplicate DNS zones
If there are duplicates, that can cause a problem. I can post a link to explain how to find them, but let's first determine the basics are set correctly, that it's not a single label name, not using an ISP's DNS, Google's, your router as a DNS, etc.
The information Meinolf requested will definitely help us diagnose this for you, especially starting with an unedited ipconfig /all.
Thank you,
Ace
Ace Fekay
MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
------------------------------------
Windows 7 32bit SP1 won't install.
- Changed type Nicholas Li Friday, February 3, 2012 3:06 AM
Reply:
Hi,
Regarding the error 8024200D, please see the following document:
Windows Update error 8024200d
http://windows.microsoft.com/en-US/windows7/Windows-Update-error-8024200d
I also notice that you have posted another thread about the issue. To avoid possible confusion and make the discussion clear, please continue the discussion on that thread:
Windows 7 32bit SP1 won't install
Thank you for your understanding and cooperation.
Nicholas Li
TechNet Community Support
- Edited by Nicholas Li Monday, January 30, 2012 9:06 AM
------------------------------------
0x800CCC80 Error in Outlook 2010 Beta
I have just installed MS Outlook 2010 Beta on my new Windows 7 computer. When trying to send email through Roadrunner using SMTP port 25, I received the following error message: "0x800CCC80 None of the authentication methods supported by this client are supported by your server."
I was using the exact same settings as I have on all my other computers, which are all running Outlook (2003 or 2007).
I was able to receive email from Roadrunner using POP3 on port 110, and I was able to send/receive email using two other email providers, one with POP3/SMTP settings that used different ports and the other was Gmail with IMAP settings. Those worked perfectly.
I contacted Roadrunner support, and after sending them all my settings, this was the solution: After setting up your email address and password, etc., click on "More Settings" and go the the "Outgoing Server" tab. UNCHECK the box that says "My outgoing server (SMTP) requires authentication." Also, make sure none of the encrypted connection boxes (SSL) are checked in the Advanced tab and that you have the default ports (100 for POP3, 25 for SMTP) entered. Click OK and try sending yourself a test email.
It worked like a charm for me. I hope it does the same for you if you're having this problem. Now, my question is this: what is there about Windows 7 and/or MS Outlook 2010 Beta that causes this to work differently from their predecessors? Is there some sort of glitch in the software that is causing this, or does Roadrunner need to make changes to accommodate the new OS and/or email software? Evidently there are some security protocols working here that were not present in the earlier versions of Outlook (or Windows).
I can't be the only one having this problem, so maybe this will help someone. Good luck!
Reply:
POP uses port 110, not 100.
Outlook 2010 with my service provider works identically to prior versions of Outlook. I have to use port 995 for POP and 465 for SMTP and enable SSL encryption for each. I have no access to a service that doesn't require alternate ports and authentication to the outgoing server. When I checked the Road RUner help pages (http://help.rr.com/HMSFaqs/e_outlook2003.aspx) it's fairly clear that Road Runner expects you to use ports 110 and 25 for any version of Outlook.
Brian Tillman [MVP-Outlook]
------------------------------------
Reply:
------------------------------------
Best Practices - Developing a SharePoint Steering Committee
Overview - Developing a SharePoint Steering Committee
As well as working on best practices material for AIIM.ORG, I have been working with my senior architecture team at EPC Group on a series of white papers to provide to the SharePoint community through our SharePoint Consulting efforts and lessons learned.
Define
First, determine who the key stakeholders are that should be involved in the SharePoint Steering committee. Initially, develop a somewhat generic forum to discuss the phase 1 and future phase 2 (phase 3, phase 4, etc.) issues as the committee will learn over time how best to work together and will identify internal committee roles that will work best within the organization. Typically, these are Business Leaders, IT Managers, Key Technology Stakeholders, Legal, and Records Management owners, etc.
Educate
Is is key that the SharePoint Services Team demo to the SharePoint Steering Committee any existing solutions that have been created in phase 1 and discuss the types of requests that are coming in to the SharePoint Services Team to help the Steering Committee understand the overall scale of the SharePoint, its growth and the types of business units within the organization making the requests. Ongoing demos should continue to be demoed to the SharePoint Steering Committee to reflect any updates or new projects.
SharePoint 2010 Steering Committee Best Practices
The SharePoint Steering committee is comprised of key stakeholders which oversees the strategic service direction and provides policy guidance.
The SharePoint Steering Committee will be comprised of a number of roles through the organization including the SharePoint Services Team Senior Management and SharePoint Stakeholders. SharePoint Stakeholders are defined as those in the business units which rely on the SharePoint Services as a part of their business operation. The committee will meet regularly with defined success criteria and measurable goals based on project definition, design and timeline.
The SharePoint Steering Committee should meet regularly to revisit structure, responsibilities and membership to ensure maximum effectiveness as well as potential scope changes for the organization to address changes in business conditions and technology.
The role of the SharePoint Steering Committee will be to:
- Aligning SharePoint initiatives to overall business goals.
- Set strategic and functional guidance to the SharePoint Platform \ Service(s) Team.
- Continually assess SharePoint project viability.
- Determine corporate standards.
- Approve all governance, standards and policies.
Note: With large enterprise organizations, other business units or subsidiaries worldwide may adopt some of their own regional governance policies (i.e. development, etc.) and the SharePoint Steering Committee will be responsible for taking these local considerations into the overall SharePoint 2010 Governance to ensure SharePoint governance stays up-to-date and relevant.
- Approve content publishing policies and assigning departmental and functional ownership.
- Approve SharePoint branding/usability/look and feel.
- Approve changes to the SharePoint Governance Document.
- Review any 3<sup>rd</sup> party SharePoint Software Vendor purchase requests to ensure that any large licensing purchases are taken into consideration at the enterprise level.
- Ensure the SharePoint training strategies continue to fit the needs of the organization.
SharePoint Steering Committee Roles
Roles
An overview of Best Practices responsibilities for the an organization’s SharePoint Steering Committee are as follows:
| Role | Responsibilities and Tasks |
| SharePoint Steering Committee Chair Person | Responsible for Chairing the SharePoint Steering Committee and owning sign-offs and casting the overall vote or decision should any impasse occur. |
| SharePoint Platform or Services Owner | The overall platform or service owner of SharePoint who is responsible for all SharePoint Product and Technology Efforts. Leads the SharePoint Steering Committee meetings and is the manager of the SharePoint Services Team. |
| SharePoint Services Team Manager | The manager of the SharePoint Services team who is responsible for managing the day-to-day activities of the SharePoint Services team and delegating the incoming requests coming into the team from the different business units. |
| Records Management Representative | A key stakeholder for Records Management within the organization and ensures the technology and business decisions being made for the SharePoint System continue to follow the records management standards within the organization. |
| Development Team(s) Representative | A key stakeholder or manager representing the SharePoint development teams and providing input on the continued development and how best the custom SharePoint Solutions should be managed and added into the SharePoint platform (i.e. continuing the development of a SharePoint as a Service Concept I have written about in the past). |
| SharePoint Training Representative | A key stakeholder from training that will continue to monitor the ongoing activities of the SharePoint 2010 initiative while continuing to deliver training to the different audiences to meet the ongoing and possible changing needs and requirements of the SharePoint user base within the organization. |
| Help Desk or Service Desk Representative | A key stakeholder from your organization’s help desk \ service desk or I.T. support staff that will monitor the activities of SharePoint and report back to the committee on metrics regarding support calls, possible resolutions to reoccurring issues, and ensure they continue to be properly trained and proactive regarding the overall SharePoint Services within the organization. |
SharePoint Governance, as we all know is one of the major keys to any organization's SharePoint long-term success, and implementing a SharePoint 2010 Steering Committee is something that myself and my team at EPC Group.net have helped to establish within orgnaizations and its something that is overlooked in at least 80% of enterprise SharePoint implementations.
errino@epcgroup.net
Reply:
Hi Errin,
I found your document to be very informative.
Could you please advise if you are aware of any documents on developing a TOR for the SharePoint Steering Committee.
We are looking at implementing SharePoint 2010 and want to ensure that the governance is more formal than our previous 2007 implementation.
Regards, Andrea
------------------------------------
windows 7 workstation cannot receive DHCP or see the sbs 2008 sever with static ip
- Changed type Sean Zhu - Wednesday, February 8, 2012 6:00 AM no response
Reply:
Larry Struckmeyer[SBS-MVP]
------------------------------------
SBS 2008 DNS Server stops responding to everything
Hi all,
i am having an issue with a clients sbs2008 dns server where it will stop responding to everything. It will not resolve internal domains as well as all external domains. Client machines take a long time to log on because of this. If i try to restart the dns service, it will not stop. The only way to temporarily fix is to reboot the server. It lasts for maybe 1 -2 days or sometimes an hour before it happens again. Could anyone help shed some light on this please
Thanks!
Matt
- Changed type Tiger LiMicrosoft employee Tuesday, January 31, 2012 1:06 AM
Reply:
Any error messages in the DNS or other event logs? Have you run the SBS BPA to see if it flags any issues?
Steve
<mduggy> wrote in message news:e3ca18f4-7972-46ad-ac98-fda88c0bb58b@communitybridge.codeplex.com...
Hi all,
i am having an issue with a clients sbs2008 dns server where it will stop responding to everything. It will not resolve internal domains as well as all external domains. Client machines take a long time to log on because of this. If i try to restart the dns service, it will not stop. The only way to temporarily fix is to reboot the server. It lasts for maybe 1 -2 days or sometimes an hour before it happens again. Could anyone help shed some light on this please
Thanks!
Matt
------------------------------------
Reply:
Kind regards, Philipp - Solid IT Solutions
------------------------------------
Reply:
Hi Matt,
Thanks for posting here.
Can also verify the version number of file DNS.exe form this server and post here?
Have we modified any system configuration or installed any software before this issue occurred ?
Try to perform commands below and see if the DNS will still work when issue occurs on SBS server:
C:\Nslookup
>server <IP of SBS server>
><SBS domain name>
Try also patch the latest hotfixes for DNS service:
http://blogs.technet.com/b/networking/archive/tags/dns/
Thanks.
Tiger Li
Tiger Li
TechNet Community Support
------------------------------------
Reply:
Hi Matt,
If there is any update on this issue, please feel free to let us know.
Regards,
Tiger Li
TechNet Subscriber Support in forum
If you have any feedback on our support, please contact tnmff@microsoft.com.
Tiger Li
TechNet Community Support
------------------------------------
Search Error
Hi,
I was trying to start the search on linux node and i see following error in the fdispatch logs .
[abhanand@srch-prod-94 searchctrl]$ more fsearch-0_704.log.failed
[2012-01-25 20:06:57.075] VERBOSE fsearch Loading rc-file: '/apps/esp/var/searchctrl/etc/fsearchrc-0_704-15700'
[2012-01-25 20:06:57.077] VERBOSE fsearch Max number of open files = 1024
[2012-01-25 20:06:57.077] VERBOSE fsearch Max data segment size = unlimited
[2012-01-25 20:06:57.077] VERBOSE fsearch Checking for persisted data in '/apps/esp/data/data_index/index_0_704/srch-prod-94.cisco.com_15700'...
[2012-01-25 20:06:57.079] VERBOSE fsearch ...no persisted data found
[2012-01-25 20:06:57.079] VERBOSE fsearch Reading index configuration from /apps/esp/data/data_index/index_0_704/index.cf
[2012-01-25 20:06:57.114] VERBOSE fsearch Checking dataset version file /apps/esp/data/data_index/index_0_704/version.txt
[2012-01-25 20:06:57.114] VERBOSE fsearch Dataset status: version=1.1, state='Ok'
[2012-01-25 20:06:57.114] VERBOSE fsearch Maximum cache memory usage (without result cache) : 2831151 B (2.70 MB)
[2012-01-25 20:06:57.114] VERBOSE fsearch Number of documents indexed: 9214
[2012-01-25 20:06:57.114] VERBOSE fsearch Total attributevector (incl. disabled) memory usage is 4367623 B (4.17 MB)
[2012-01-25 20:06:57.116] VERBOSE fsearch Active attributevector memory usage is 4367623 B (4.17 MB)
[2012-01-25 20:06:57.144] VERBOSE fsearch Default index set to bcatcdccomposite.bidxcdccompositelvl1
[2012-01-25 20:06:57.144] INFO fsearch Could not load category data: url='/apps/esp/data/data_index/index_0_704/merged/category'
[2012-01-25 20:06:57.144] INFO fsearch Could not initialize categorization. Feature is disabled.
*** glibc detected *** malloc(): memory corruption (fast): 0x09d0c8b8 **
The search is failing .
I tried to delete the data_index folder so that it copies the new data but still it is failing . This also results in creating core.123** and bin folder for search .
- Moved by Igor Ve - MSFT Sunday, January 29, 2012 9:00 PM ESP product (From:FAST Search for SharePoint)
Reply:
Is this ESP or FAST for Sharepoint, since you are mentioning running it on Linux.
Do you have a high QPS rate? Alternatively, you may have some complex queries that cause FSEARCH crashes, but it would be difficult to tell exactly what's happening without narrowing down to queries that causes in FAST querylogs or sending core dumps to MSFT support team. You may also want to have something like "top" or "vmstat" running at the time of the crash to see whether system resource usage is very high at that particular time.
Igor Veytskin
------------------------------------
ILM 2007 Delta-sync
Hi everyone, i am facing a problem on configuring ILM 2007 for implmenting Live@edu, I have installed Olsync and all the setting came under ILM 2007 correctly. On my Active directory i created a test OU with a test user account, then on running Delta Sync on OnPremise, i am getting error stating extension-entry-point-not-implemented on the corresponding user account, anyone know how to fix this problem
Stack Trace show as follow
Microsoft.MetadirectoryServices.EntryPointNotImplementedException: Error in the application.
at Microsoft.Exchange.GALSync.RulesExtensions.MAExtensionObject.Microsoft.MetadirectoryServices.IMASynchronization.FilterForDisconnection(CSEntry csentry)
Extension Type: disconnector-filter.
- Changed type Markus VilcinskasMicrosoft employee Sunday, March 17, 2013 8:37 AM
Reply:
My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
------------------------------------
Windows 7 vs. Windows 2008 R2 - performance as VMs
Hyper-V host is Windows 2008 R2 SP1. I am comparing benchmarks on a Windows 7 x64 VM vs. a Windows 2008 R2 SP1 VM. It seems that the performance is much better on the server platform. (CPU and RAM, disk is about the same)
Is there a reason for this? The virtual hardware is the same, the latest integration services are installed on both, etc. We are looking at moving to a VDI model and it seems (both anecdotally and from the benchmarks) that Win7 runs poorly as a Hyper-V VM.
- Changed type Vincent Hu Thursday, February 2, 2012 7:11 AM discussion is better
Reply:
What is the virtual hardware configuration of the VMs?
My point is that most Client OSes as VMs run better with 1 vCPU and 512 - 2048 MB RAM. Most Server VMs tolerate 1 or 2 vCPU as a base configuraiton pretty well.
I have seen VDI configuration where 2 vCPU is insisted upon and the performance of a client OS with 2 vCPU is rarely as good as it is with one. I saw a combination once of XP x64 and 2 vCPU and the performance was pitiful, on ESX, Hyper-V, and XenServer. It had nothing to do with the hypervisor.
Also, Server has must less overhead in the background than Client. The only way to get the two anywhere close to equal is to install the Desktop Experience into your Server VM.
Also, have you tried Win7 x86? (do you have a requirement for x64?)
Brian Ehlert (hopefully you have found this useful) http://ITProctology.blogspot.com
Learn. Apply. Repeat.
Disclaimer: Backup, test your backup, try new things. Attempting change is of your own free will.
------------------------------------
Reply:
Brian,
Thanks for your feedback. I've read different things about setting the number of virtual CPUs. My problem right now is the users feel that 4 is better than 2, and 2 is better than one. More memory is better than less. So we throw 4 virt cpus and 8GB of RAM at a client OS (because the user demands it) and it runs poorly. We'll try our benchmarks with 1 virt cpu and report back with the results.
I've tried to steer the users into using Windows server as a desktop rather than Win7 but haven't gotten a lot of traction.
More soon.
- Edited by Blake Duffey Friday, January 27, 2012 5:36 PM
------------------------------------
Reply:
VMs aren't like physical computers. Throwing more unneeded resources on a VM doesn't help, just adds overhead.
Not sure you should be using VDI if you need 4 CPUs and 8GB of RAM.
------------------------------------
Reply:
------------------------------------
Reply:
I have totally been here.
The task at had is removing the subjectivity of the user and making this a quantitative measure.
If you tell someone that you increased the resources they will rarely tell you it is worse, even if it is.
You can use LoginVSI as a free download. It will give you an 'experience' measurement. Setting it up for a small test is not a big deal, it does require AD and a couple user accounts. It also gives you a chance to push a little load and see how the VMs affect each other.
If the user is pushing to be part of the solution:
You can also set up you experiement by providing sugar pills. Make a matrix of configurations. And twice as many tests. 1/2 of the tests should be actual changes in configuration and the other 1.2 should be no changes (whatever you think the best performing configuration is, or whatever your configuration is today).
Never tell the user what the settings are: this must be blind. The user should also help decide how to measure. Again, get the subjective out.
This intent of all this mess is to prove your configuration and to educate the user and get them on your side. It is a lot of work, but if done well you gain an ally.
The hard part is to come up with something that takes IO out of the equation. And cross VM impacts.
Brian Ehlert (hopefully you have found this useful) http://ITProctology.blogspot.com
Learn. Apply. Repeat.
Disclaimer: Backup, test your backup, try new things. Attempting change is of your own free will.
------------------------------------
Reply:
------------------------------------
Password Change Notification Service two forest
Hi, I am interesting in document guide for PCNS when PCNS and FIM2010 are located in different forests, and account computer FIM2010 is not authoritative source for password change.
Thank you
Jesús Mªª Alvarez
- Changed type Markus VilcinskasMicrosoft employee Sunday, March 17, 2013 2:04 PM
Reply:
Hi-
You will need to have a forest trust in place for the mutual Kerberos authentication to work. Not sure I follow the second half of your question, though.
My Book - Active Directory, 4th Edition
My Blog - www.briandesmond.com
------------------------------------
Reply:
Hi, the forest trust is OK, one user domainA logon session domainB.
I run in domain A:
Setspn.exe -a <user defined named for target FIM 2010server>/<fully qualified domain name of the server running FIM2010>\<domainA\user name of the MIIS 2003 service account>
The answer is correct.
In Domain B:
Setspn.exe -a <user defined named for target FIM 2010server>/<fully qualified domain name of the server running FIM2010>\<domainA\user name of the MIIS 2003 service account>
I get error. What account should I use?
Thank you
Jesús Mªª Alvarez
- Edited by Chesu Alvarez Friday, January 27, 2012 8:43 AM
------------------------------------
Reply:
Hi Jesus
Have you refered to http://technet.microsoft.com/en-us/library/cc720594(WS.10).aspx#install_pcns_contoso_ad_dom_cont
The SPN has to be set in the domain/forest where FIM is deployed and PCNS installed in the Forest from where you want to capture the password changes.
Hope this helps
Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent | ADRMS Wiki Portal: Technet Wiki
------------------------------------
Reply:
Hi Adan
I am trying to configure PCNS to work between forest a (foresta.net) to forest b (forestb.root.net). FIM is sitting in forest b. The users are in forest a. I have a management agent set up and i reads forest a users and populates to forest b.
I have a two way forest trust setup. All firewalls are turned off.
The creation of a SPN in forest a
setspn -A PCNS-ILM/ilm.forestb.net forestb\s-ad-ilm
returns
Failed to assign SPN on account 'CN=s-AD-ILM,OU=Users,DC=forestb,DC=root,DC=net', error 0x2098/8344 -> Insufficient access rights to perform the operation.
I ran the same setspn on a server in forestb and the SPN was created. I then configured pcns as follows:
pcnscfg addtarget /n:CNS-ILM /a:ilm.forestb.root.net PCNS-ILM/ilm.foresta.root.net /fi:"Domain Users" /f:3
I get the following:
Warning: The Service Principal Name you specified could not be found on any
accounts in this domain. This target configuration will not be able to deliver
passwords if the Service Principle Name is not configured properly.
This is because the SPN in on the user in forest b.
I then changed a password in forest a and received the following error message on forest a domain controller:
PCNSSVC
Error 6025
Password Change Notification Service received an RPC exception attempting to deliver a notification.
The password change notification target could not be contacted.
User Action:
The target server may not be running. Verify that the target server is running.
I have not found anywhere how to configure this type of scenario. All documentation assumes that the FIN server is in the same domain as the user password that is changing. In my scenario, the fim server is in a different forest.
thank you
Jesús Mª Alvarez
- Edited by Chesu Alvarez Sunday, January 29, 2012 11:15 AM
------------------------------------
Reply:
Hi
Firstly, you are not required to run the setspn commang in Forest A.
SPN is already configured in Forest B and that should work fine.
Do you have a firewall in between the two forest domain controllers?
Can yo do a full DNS query from one forest to another and vice versa (configure DNS forwarders on both sides)?
Have a read thru http://social.technet.microsoft.com/wiki/contents/articles/troubleshooting-pcns.aspx
I used the same myself, when setting up a similar scenario
Blog Link: http://blogs.cyquent.ae | Follow us on Twitter: @cyquent | ADRMS Wiki Portal: Technet Wiki
------------------------------------
Reply:
Hi,
I have firewall disabled and configure DNS forwarders on both sides.
If i not configure SPN i get warning with
pcnscfg addtarget /n:CNS-ILM /a:ilm.forestb.root.net PCNS-ILM/ilm.foresta.root.net /fi:"Domain Users" /f:3
Warning: The Service Principal Name you specified could not be found on any
accounts in this domain. This target configuration will not be able to deliver
passwords if the Service Principal Name is not configured properly.
and reset password no work.
In the Event view get error 6025:
Password Change Notification Service received an RPC exception attempting to deliver a notification.
The password change notification target could not be authenticated.
User Action:
This usually happens under the following conditions:
1. The Service Principal Name (SPN) for the target has not been assigned to the Active Directory account used to host the target process......
Thank
Jesús Mªª Alvarez
------------------------------------
capture user data & settings during Win7 migration
Reply:
no, you should not modify the default XML files provided, if you need to capture files and settings that are not captured by the default rules then create your own custom.xml file and include that file in your scanstate/loadstate options and add it to your USMT package.
http://technet.microsoft.com/en-us/library/dd560773(WS.10).aspx
Step by Step ConfigMgr 2007 Guides
Step by Step ConfigMgr 2012 Guides
I'm on Twitter > ncbrady
------------------------------------
Can't Install XP
Forefront protection for exchange 2010 Cloudmark antispam engine update got disabled
Hi,
We have Forefront protection for exchange 2010 installed in our HUBCAS server, the last update received was 10/19/2011 and the Update engine got in disable state, I could enable the update and the moment i click update all/selected engine the Cloudmark antispam engine gets disabled again.
In the event viewer i get the below
Microsoft Forefront Protection did not detect any new scan engine updates.
Scan Engine: Cloudmark
Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate
Where as if i telnet to the below from the FPE 2010 server i am albe to get in to the source
telnet cdn-microupdates.cloudmark.com 80
telnet lvc.cloudmark.com 443
Can anyone suggest where the problem could be, I am not using any Proxy.
regards
Arul
Reply:
Hi,
the Cloudmark engine isn't updated very often because it uses online signatures. So there is no need to worry about it.
Are there any entries in the eventlog when the Cloudmark engine gets disabled?
Greetings
Christian
Christian Groebner MVP Forefront
------------------------------------
Reply:
Hi Christian,
I dont find any event related to the cloudmark other than mentioned above.
I see the below from the FPE2010 console for the cloudmark.
Engine Summary:
Cloudmark antispam engine:
In use - status NO,
Update Enabled: Status NO
Engine version: Status 3050.1.2.20
Definition version: status 12/25/2011 11:19Am
Last update: status 10/19/2011 2:05Pm
Last check: Status NONE
The issue is we are with plenty of spam e-mail now.
I remember that last month when i made the engine updates as manual and update all the engines, i used to get the result as last check and updated date and time. The Engine used to be in use always. now i am seeing the engine in use: status is NO
Please advice.
Regards
Arul
------------------------------------
Reply:
Hi,
is your engine management set to automatic or manual. I suggest to set it to automatic.
Check the following article about configuring the engine updates:
http://technet.microsoft.com/en-us/library/dd639399.aspx
Greetings
Christian
Christian Groebner MVP Forefront
------------------------------------
Reply:
Hi Christian,
The engine maanagement all are set to automatic only. From the Monitoring > Dashboard > Engine summary
i can see the cloudmark in use: Status is NO and the Update enabled: status is also NO
Please advice.
Arul
------------------------------------
Reply:
Hi,
I think I know what's going on. Check if you have enabled the content filter.
Check the following article how to configure it:
http://technet.microsoft.com/en-us/library/dd639396.aspx
Greetings
Christian
Christian Groebner MVP Forefront
------------------------------------
Reply:
Hi Christian
You are right, The filters are not enabled, the moment i enable those i can see the cloudmark engine got enabled and started the update.
Thanks
Arul
------------------------------------
Reply:
Might also check your own backyard with spamhaus.
------------------------------------
Window 7 Media Player 12 cannot play audio CD
Hi ,I put an audio cd in my windows 7 machine and when I go to double click on it to play it, it gives me the following error:
Windows cannot access the specified device, path, or file. You may not have the appropriate permission to access this file.It does this for any audio cd I put in, but I can put in software cd's and these work fine. Please help and many thanks.
Reply:
------------------------------------
Reply:
Hi,
You may refer to the following KB article to check if it helps:
Windows Media Player Does Not Play Audio CD-ROMs Automatically
Regards,
Sabrina
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
------------------------------------
Reply:
I am having the same issue! This is Windows 7 x64 with SP1. Zune is also installed. The DVD-RW is attached to a SATA II port. X58 chipset! The above article has nothing to do with the issue.
Event viewer shows an error in the system log:
<Lambros />
The device, \Device\CdRom0, has a bad block. with a source of cdrom.
I am sure the media is in a very good condition
------------------------------------
Reply:
Lambros, does this happen for all audio CDs, or just one or a few?
Please try running the troubleshooter at
http://support.microsoft.com/mats/cd_dvd_drive_problems
Does that help?
Tim De Baets
http://www.bm-productions.tk
------------------------------------
Reply:
This is happening on brand new and old media. I was also having issues with writting to CDs/DVDs so I recently bought a new DVD-RW so it cannot be the unit either. Zune was kind enough to report an error that the disc switched from didgital to analogue mode but still failed.
The utility does not appear to detect any issues
<Lambros />
------------------------------------
Reply:
Tim De Baets
http://www.bm-productions.tk
------------------------------------
Reply:
That article doesn't have any use with WMP 12 at all - refers to non-existent tabs and things. Even the secondary stuff is useless in Windows 7.
You may refer to the following KB article to check if it helps:
Windows Media Player Does Not Play Audio CD-ROMs Automatically
Regards,
Sabrina
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
------------------------------------
Reply:
<Lambros />
------------------------------------
Reply:
------------------------------------
Reply:
------------------------------------
SharePoint 2010: Calendar Views: Hiding the time component in a single day event.
- Edited by Rahul Vartak Saturday, January 28, 2012 1:20 PM
SCCM Client Install not starting through client push
Hi,
following is the configuration :
SCCM 2007 SP2 + R3
AD schema not extended. using SLP
I am doing XP to Win7 refresh scenario and I have some XP machine which does not have the SCCM agents installed.
If i am manually adding the XP machines to SCCM then the sccm agents easily gets deployed to the XP machine but when I do a AD discovery and then I try to push the SCCm agents to those XP machines then its not getting installed. even the CCMsetup.exe is not starting on the XP machine. But if same machine is added manually then the its installing the SCCM client.
Firewall is off on both XP and SCCM server
Any help would be highly appreciated. I am puzzled for last 2 days.
Thanks Chandan
- Edited by Chandan.Omkar Friday, January 27, 2012 7:37 PM
Reply:
Have you checked the log file CCM.log and adsysdis.log files on the SCCM server?
Any errors in there?
------------------------------------
Reply:
Does the client download the files though?
If not then its permissions most likely at the client end.
For permissions what account are you using to push the clients out?
Has this account or group been added to the local admin group on the clients?
If not then you need to look at creating a gpo with restriced groups to fix the problem of the permissions on the client.
You could also cheat if you need to fix them quickly by using psexec tools with a list of all clients missing and just point it to a unc path where the client is.
------------------------------------
Reply:
No, the client does not download the files.
I am able to access <clientmachine>\admin$ folder from SCCM machine.
I am using a service account to push the clients and the account is added into local admin groups on the client.
If i am adding the machine manually then the client gets installed but if the same is added through AD discovery then the client is not getting installed even the ccmsetup is not starting. What permission change is here?
there is no CCM.log and adsysdis.log file in sccm server.
Thanks Chandan
- Edited by Chandan.Omkar Saturday, January 28, 2012 7:41 AM
------------------------------------
Reply:
------------------------------------
Reply:
hi,
Check your boundary...
------------------------------------
Reply:
Thanks Chandan
------------------------------------
Reply:
i am also facing the same issue. here what i did to solve the problem.
in my scenario, the schema is not extended.
select the AD boundary in SCCM when discovering the machine through AD group discovery method.
when you are using the active directory group discovery method to discover the client, it will search into the AD boundary for the machine. if the AD boundary will not be selected, the client push will not work.
Gaurav Ranjan
------------------------------------
No comments:
Post a Comment