Wednesday, March 2, 2022

Which Objects to be used for .net API out of SPSite(server) or Site(client)

hi,

I am newbie to sharepoint.I am creating a share point 2010 publishng site.I am also going to create few custom visual webpart using .Net API using C# to populate my Sharepoint list data to users.I have found Server and Client objects in sharepoint Like "SPSite","SpWeb" etc... server object equivalent Client object as "Microsoft.Sharepoint.Client.Site" so in my coding using which object is prefarable.Can any one explain with sample scenarions means will be great.

Thanks & Regards, Krishna

Edited by Krishna_2011 Friday, February 3, 2012 2:39 PM

Reply:

If you are writing code that will execute directly on the SharePoint server (i.e.: a web part), you should use the server object. Use the client objects when you are writing code that runs on a remote server not on the SharePoint farm.

Corey Roth - SharePoint Server MVP blog: www.dotnetmafia.com twitter: @coreyroth

------------------------------------
Reply:

Thanks Corey For Reply,

I got it.But one clarification if i am going to create one Publishing Intranet/Internet Portal in sharepoint 2010 where our client organization needeed it.So in such case our client may be going to access it either Intranet or Internet.So before developing code for this site which Object model i can go.Can you elaborate more on this.

Thanks & Regards, Krishna

------------------------------------
Reply:

Internet or Intranet, if the code you are writing is going to sit on the SharePoint server itself, you should use the Server object model. Of course you can use the client model to if you prefer to use JavaScript / jQuery. It really just depends on what you want your interface to be like.

Corey Roth - SharePoint Server MVP blog: www.dotnetmafia.com twitter: @coreyroth

------------------------------------
Reply:

1.Can you provide me few examples for the items which sits on Sharepoint server Itself and not available if it is out of sharepoint server.

2.In the performance point of view which can be preferable to use either Client or Server object model to the code which sits on Sharepoint server itself.

Thanks & Regards, Krishna

------------------------------------
Reply:

Any code that you might write that is hosted by the SharePoint web application itself. These could be pages, web parts, etc. The server object model will perform better than the client om since the client om effectively calls the server om it is just wrapped around JSON calls.

Corey Roth - SharePoint Server MVP blog: www.dotnetmafia.com twitter: @coreyroth

------------------------------------

Patch updation

Hi,

in my zone push software updates in all location bdps all are reached but one location systems directly connected to sccm mail server network over uetilizied when i adevertised downloaded and install option selected which log ineed to check why thease location systems not connected bdp directly download updates from mail server kindly help.

Kiran

Reply:

I think you are asking why in one of your locations why clients are not connecting to their local BDP, and instead are connecting to your mail server, which I'm guessing is set up as a distribution point

Is this correct?

Cheers.

------------------------------------
Reply:

yer clients are not connecting to local BDP all clients updates taken for site server.

Kiran

------------------------------------
Reply:

You need to look at your boundaries.

First look here: http://technet.microsoft.com/en-us/library/bb680558.aspx

Secondly, you will need to look at configuring your BDP's are protected BDP's. This will force clients within the same "boundary" as the BDP to use that particular BDP.

Look here for more information on protecting your DP's. http://technet.microsoft.com/en-us/library/bb932133.aspx

Cheers.

------------------------------------

Forums 4 - Release 35 - February 6

Release Details

This forums release had two main goals

Update to the rich text editor
Updates to address performance issues in the application, especially for thread page load times for thread that had more than 40 replies

We also expect the performance issues to improve overall stability and availability of the application. In addition to the above there have also been numerous bug fixes.

Known Issues

Editor: Edit code in Google Chrome drops line breaks. When users edit code after it has been submitted, the edit code dialog drops the line breaks. To get around this copy the code and re insert it (instead of editing the code in place).

Community Forums Program Manager

Changed type Brent Serbus Tuesday, February 7, 2012 12:35 AM release notes

Hyper-V VPS Disk I/O bottleneck??

Hi All,

I am facing a weird disk I/O issue on my Hyper-V node. I have 4 x 1TB disks in RAID-10. We have around 10 Virtual Machines running and still there is some issue with the disk I/O.

When we perform a disk intensive activity on the node, then the Disk I/O can easily go upto 150Mbps. But when any disk intensive activity is performed on a VPS, the disk I/O cannot go over 10Mbps even when there isn't any load on the node.

Would really appreciate a little help in this regard. Is there some setting which has to be changed so that VPS can overcome the disk I/O bottleneck of 10mbps?

Thanks in advance!

Changed type Vincent Hu Friday, February 10, 2012 8:00 AM

Reply:

What hardware configuration? + RAID Controller + Non-Volatile or BBU based Cache? + 1TB SATA or SAS? + Spindle Speed? + CPU configuration? + Vendor?

Philip Elder SBS MVP Blog: http://blog.mpecsinc.ca

------------------------------------
Reply:

Can you please clarify your use of the abbreviation "VPS"?

Brian Ehlert (hopefully you have found this useful) http://ITProctology.blogspot.com
Learn. Apply. Repeat.
Disclaimer: Backup, test your backup, try new things. Attempting change is of your own free will.

------------------------------------

backing up hyper-v server running sbs 2011 to the cloud

Scenario: 1x windows server 2008 r2 in hyper-v running SBS 2011 VM. I set up a backup to a 1TB Lun from the SBS 2011 console through iSCSI to a QNAP NAS (TS-459 Pro II Turbo). It has been going great so far but I would like to now set up a backup to the cloud for extra redundancy.

Questions for a discussion:

1. You cannot backup the LUN itself to the cloud as it is locked by the SBS backup. Fortunately, QNAP devices provide a safe way to backup a LUN. I have set it up that it backs it up to another folder inside the QNAP. I now have a 1TB file backup of the LUN that I can use to backup to the cloud. My options are many as QNAP provides native connectivity to a few providers(S3, Elephant Drive, Symform) or any other that supports rsync.

I am stuck now having to transfer the whole 1TB LUN over to the cloud. I am testing to see if it only would transfer the deltas (created rsync server within QNAP and backing it up to itself for the first time, taking 55 hours).

If only deltas, with the Amazon S3, I would only have to pay 14 cents / GB, so that is around $140 for the first TB and then deltas would be at around 5GB a week / backup. Pretty good but not sure if that is how it would work.

The actual backup data itself is at around 300GB. I would imagine one can script wbadmin tool to perform a backup on weekends seperate from SBS backup to a folder on the QNAP and rsync this folder over to the cloud.

Curious how others address this...

2. My other question relates to backing up the HOST OS Hyper-V Server. Is it enough to back just the hyper-v server alone, or just individual VMs, or both? I have SBS 2011 backing up twice a day, should I start backing up the physical OS once a week at the end of the week?

For restoring purposes, believe either one will do, which would have the fastest restore time in case of a system failure and best practice? I cases such as the VM itself is corrupted, or physical server hardware problem, or a fire destroys everything.

Reply:

Why bother backing up the HyperV at all? (OK, this idea may take some getting used to)

The HyperV server should not be domain joined and should be a most simple installation. Anything goes wrong with it, FORMAT C: and install anew is going to be as quick as any restore, and quite likely as quick as repair attempts. Consider the HyperV installation 'disposable'.

OK, when I build my HyperV's I already have this 'in mind', so there's nothing but the OS on C:, all VHDs are on a separate partition (actually, a separate RAID array). Backup is then used inside the VM, with restore also happening inside the VM, should it be necessary. One could additionally do backup of the VMs, or just the VHDs, from the host, if one required an alternate backup/restore.

I don't do cloud backup, but if I did I'd be looking at direct from VM to cloud.

------------------------------------
Reply:

SuperGumby,

Thanks for the reply.

If you remember, I used your suggestion and created on large partition for all the VM vhds over a raid 6 partition. Has been working well so far.

Unless you are doing HA and failover clustering, you are correct to say that hyper-v is disposable. This is why I do not currently back it up. I just wanted to hear other opinions on this.

I am surprised, as it seems not many people here backup to the cloud. With so much buzz about it, thought more it pros would be testing it in their environments.

------------------------------------

Server 2003, full LAN/WAN access, no access to www (internet)...totally stumped

Windows Server 2003 R2

Active as DC and DNC, DHCP controllers.

Everything has been set up properly and working smoothly for many years now (since 2007) -- so not a configuration issue as far as I can tell.

Suddenly lost www (internet) connectivity on 2011-11-21 -- unable to ping any major websites. Discovered this because virus definitions stopped updating.

All WAN/LAN features and connectivity working properly. I can remote in normally.

Does have Symantec Endpoint Protection Manager and Client installed. Server also acts as a virus definition distribution site to client computers.

Have double checked all IP settings pasted below.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : trouble01
   Primary Dns Suffix . . . . . . . : NWG.XXXXXXXX.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : NWG.XXXXXXXXX.com
                                       XXXXXXXX.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix . :
   Description . . . . . . . . . . . : HP NC373i Multifunction Gigabit Server Ad
apter
   Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 10.8.3.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.8.3.1
   DNS Servers . . . . . . . . . . . : 10.8.3.10
                                       10.8.1.3
   Primary WINS Server . . . . . . . : 10.8.1.3

I have yet to uninstall/reinstall driver for NIC, firmware upgrade for NIC as these require me or someone to be onsite at server located a few hundred miles away. I am pretty confident it is not a firewall/blacklist error due to our WAN setup and client computers running through the same switch and router have access to www.

Please help!! Any comments or suggestion welcome. Or even if any of you have even encountered a problem like this before, some comaraderie would be welcome lol.

Reply:

Hello,

which machine is 10.8.1.3, different subnet? But you are talking about one DC only?

4 weeks ago this started or is this a typo?

Are you able to ping your router?

Did you talk to the ISP about connectivity problems?

Please describe the complete network built so we get an overview.

Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

------------------------------------
Reply:

Our company has several physical locations so each location has a subnet. 10.8.1.3 is the "primary" DC on the 10.8.1 subnet that is also a DNS. All subnets are connected to a AT&T VPN, which is then connected to our parent company's network, which is then connected to an ISP, and then to the WWW.

Given that I can access the WWW from any other client or computer on our company WAN, minus the server in question, would contacting the ISP do anything?

This started 2011-11-21, not a typo, more like 8 weeks ago, there have been some personel changes recently so this should have been solved much earlier.

Yes, I can ping our router connected to the server...but again this is the stumper...all LAN/WAN functions are seemingly operational.

From my viewpoint, the problem seems to local, on the computer, not having anything to do with our network. However, my networking skills are severely limited so I welcome any opposing views.

thanks again!

edit: though I check Symantec Endpoint Protection, I'm not completely familiar with that software so it is still possible that it is a virus scan issue, as this is the only similar case I have encountered like this.

Edited by Tiger3k Tuesday, January 24, 2012 11:18 PM

------------------------------------
Reply:

Have you upgraded or made any changes to the SEP product? What client features are installed on the server? Have you tried disabling the NTP (firewall feature) on the server?

It is possible the server has an infection. If that is the case, you can run the Power Eraser tool to rid the system of hard to detect threats.

http://www.symantec.com/security_response/malware.jsp

The next option would be to run a scan with the SERT utility.

http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US

Let me know how it goes for you.

Best,

Thomas

------------------------------------
Reply:

Yes, I disabled NTP on the server. I even went so far as to disable all the SEP services, short of this I would have to uninstall SEP which I did not do. I will run the Power Eraser and SERT utility and give an update. **EDIT: do I still need to do this if I manually updated the virus definitions and ran a full scan? The Power Eraser tool webpage is dated to 2011-10-28, not sure what the tool is dated to. Reading the SERT documentation, that seems like worthy try either way.

What did fix the issue is changing the IP address of the server. However, changing it back to the original IP address "unfixed" it.

To me, this hints that there is definitely some application layer issue...but again, my network skills are severely limited!

Edited by Tiger3k Wednesday, January 25, 2012 5:04 PM

------------------------------------
Reply:

Hi, Sorry for the delay in responding, I missed your response somehow. Yes, you should run the Power eraser/SERT tools even if you tried running a scan with the latest rapid Release defs. The date of the tool is just the last version release date.
Let me know what happens.

Regards,

Thomas

------------------------------------

IE 8 support in Windows 7

I saw from few of the discussions outside that Microsoft has stopped supporting IE8 on Windows 7 Machines.Is there any truth in the same.Can someone guide me to a compatibility matrix for Windows 7 and IE 8 which proofs/dis-proof the same? Thanks in advance all...

Changed type Hypvcn Monday, February 6, 2012 4:46 PM

Reply:

Hi,

no you are incorrect. the latest news about IE from MS can be read on the IEBlog.

Regards.

Rob^_^

------------------------------------

The security database on the server does not have a computer account for this workstation trust relationship

Hi

Please help - I'm getting crazy. Four machines, after SP1, two with this login problem. I'm getting the message "The security database on the server does not have a computer account for this workstation trust relationship.". I updated the network card driver, I removed computer from domain and rejoined. Nothing helps.

First login works fine, second one gets the error message again. Please help. User and I don't know what to do!

Any help would be appreciated.

Best wishes

Roberto

Moved by Carey FrischMVP, Moderator Tuesday, May 10, 2011 11:20 PM Moved to more appropriate forum category (From:Windows Vista Service Packs/Windows Server 2008 Service Packs)
Changed type Carey FrischMVP, Moderator Friday, February 10, 2012 3:21 AM Discussion

Reply:

Having same issue. The same system is OK on a simple domain (no special GPOs) but our work domain has this issue. The work domain has some "special" things.

Do you by chance have a GPO which changes the primary domain suffix?

------------------------------------
Reply:

a few people (including myself) seem to be having this problem.

http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=2875206&SiteID=17

I have a GPO that does set the primary domain suffix.. ill try and kill the setting and see if it changes anything.

------------------------------------
Reply:

The problem was indeed the domain suffix. Thank you.

------------------------------------
Reply:

This was the fix for me as well! thanks!!

------------------------------------
Reply:

sorry for an uninformed question but how do you kill the setting exactly? I cant find that GPO?

thanks

peter

------------------------------------
Reply:

ok, so i found in computer configuration/administrative templates/network/dns client/primary DNS suffix ... but it is not configured. am i looking in the wrong place?

------------------------------------
Reply:

no, that's the right place.

on a PC that's having trouble, go

start -> run

rsop.msc

it will probably bring up a UAC thing, just login with any admin user.

then go the the above place (computer configuration/administrative templates/network/dns client/), and see if the Primary DNS suffix is set. If it is, then you have another policy somewhere that's setting it.. if its not set... then you might be stuck Smile

------------------------------------
Reply:

removed the computer from the Active Directory on the SBS2003, then rebooted the workstation (actually also rebooted the server) and was able to login again. ugh ... thanks guys ... this at least put me in the right direction. as an fyi, my bluetooth (logitech) and radiocontrolled (SONY) keyboards and mice on multiple machines stopped working last week with some odd incompatibility/Win95 error. i was hoping that SP1 fixes it, which it did!

------------------------------------
Reply:

I'm getting the exact same problem on a Vista Business PC/SBS2003 setup. Before I updated to VistaSP1, I'd get this, but after 4 or 5 goes it would eventually connect. However, I've just finished upgrading to SP1 and nothing will work. I've tried removing PC from Active Directory and the resetting it, I've tried just removing it from AD, I've checked RSOP (no settings there at all), still nothing works!! Does anyone have any other ideas I can try.

Cheers

MannyW

------------------------------------
Reply:

Manny,

try to remove the workstation from the domain and make it a 'workgroup' box. then restart and rejoin to the domain. then restart and see if it works (I am not saying that this is pretty but the only way to make it work for me on one of the machines).

peter

------------------------------------
Reply:

Hi Manny

Try this out on your Domain Controller:

A) Start > Run > ADSIEDIT.MSC

B) Go to Domain Partition and mark the affected computer

C) Rightclick and Properties.

D) Doubleclick ServicePrincipalName

E) Add new value: HOST/yourcomputername.yourdomain.xyz or whatever HOST is missing.

Best wishes

Roberto

------------------------------------
Reply:

Peter

Thanks for this, I did get round to doing exactly that and, yes it does work and yes, it's seriously not pretty!!

Although this issue has gone and login is now ok, I've ended up with a new user, in the format username.domainname.local.001. As all my settings are with the prior user, big problem!! So I'm going to uninstall SP1 and System Restore back to yesterday and hope I get my original user back!

I'm really not sure why Vista invents a new user and doesn't give you the option to connect to the prior one and I'm still no nearer to figuring out what is behind this login issue; is there a setting on the Vista PC that holds the PC/Server relationship settings?

Anyone any further ideas?

MannyW

PS I'm also going to try Roberto's idea and see if that helps

------------------------------------
Reply:

Roberto,

This worked perfectly. it appears that the Domain Suffix GPO was doing it's job, but the SPN wasn't being updated properly.

Obviously, this is a workaround, not a fix, but it'll do in the meantime. We won't be able to roll out SP1 in our environment until this bug is fixed. Bummer.

Thanks again!

-Bozford

------------------------------------
Reply:

Just curious as to if anyone else out there is still seeing this issue. We still are at Princeton. If we either send SP1 via WSUS or even have someone manually apply it about 1 out of every 5 installs gets the "The security database on the server does not have a computer account for this workstation trust relationship" after SP1 install. We do have a premier ticket in with Microsoft, but no answers yet.

Princeton IT

------------------------------------
Reply:

Peter, this works fine in my case but after two reboots the problem comes back. I'll try the ASDI solution below also.

Vista Business, the problem appeared right after applying SP1.

Thanks,

Antonio.

------------------------------------
Reply:

I found the solution. Just revert to XP. Smile

ALL the solutions on this forum and others have no permanent solution. There is an update from Microsoft that still doesn't fix the problem.

In my case, all work-arounds failed. Apparently I just have to wait till MS gives this better attention -though I doubt they will now with 2008 and all.

------------------------------------
Reply:

probably there is a user domainName\MachineName in your local administrators, remove it from the administrators group,

this is works for me,

------------------------------------
Reply:

Im having the same error problem while connecting a terminal session to a domain. Its not an issue that can be changed by adding/removing this 'computer' from the domain. Is there an account policy setting im missing in Server 2008? Or how do i find a computer account for a Terminal session? Is this an authentification issue because there is none setup on the server as yet. It will not be possible to add the user as an administrator, the user is a member of Remote Desktop Users and Domain Users group. Have i missed something?

------------------------------------
Reply:

Hi I'm still stuck with this problem!! What was the MS update, do you have the KB number for this (or any other ID)?

I'll give anything a try !!

Cheers

MannyW

------------------------------------
Reply:

solution:

Computer to computer properties

Select the Tab which allows you to change the computer Name.

Ensure the computer name domain and suffix are in sync with the Domain (name).

Good Example>

Full Computer Name: DougLubeyComputerName.mydomain.com

Domain: mydomain.com

BAD example> (WHICH WILL CAUSE THE ERROR after upgrading to Windows vista SP1)

Full Computer Name: DougLubeyComputerName.mydomain

Domain: mydomain.com

Bad example is missing the ".com" after the "mydomain".

to note: the old style/old procedure on our network was to use the bad example becuase our computers would

not properly join the domain if we used the fully qualified domain name "mydomain.com". We had to use just

"mydomain" for the computer name, while full qualified domain name was automatically picked up whether or not

we entered "mydomain.com" or just "mydomain".

Anyhow...it was pretty simple fix.....my just adding ".com" in the computer name. Did not have to rejoin the domain or delete computer account names or edit the registry or anything......some a 30 second fix.

SPECIFIC ERROR WAS: The security database on the server does not have a computer account for this workstation trust relationship.

Thanks,

Doug Lubey of Louisiana

www.douglubey.com

------------------------------------
Reply:

- My network settings are perfect. xxx.xxx.loc and DNS is perfect

- Installed Vista SP1 (reformatted my system, because of other Vista problems - Previous Vista Ultimate SP1 did not have this issue)

- I can join domain, but get the error

- I have no GPOs in use

My last Vista system ran fine with SP1, this one does not... nice! I can't take the Vista pain anymore... I hate to say this since I have been so die hard microsoft, but this is ridiculous, so buy a computer that works... aka NOT Vista

If anyone actually knows what causes this, please let me know... thanks....

------------------------------------
Reply:

I'm not sure it would work with the vista problems above, but i solved my Server 2008 Terminal issue, "the security database.........".. By luck we stumbled upon the local policy account setting (gpedit.msc) and had to add the terminal users group to the remote desktop policy; or the other way around (i forgot, it was a couple of weeks ago). With the Vista problems mentioned above it would be advisable to go through the different security policies on the server side of your domain and check to make sure you have all the relevant permissions associated with your account profile. Good luck!!

------------------------------------
Reply:

This is a problem with Windows Vista when you update to SP1.

Rejoining the Domain (reregistering) may solve the problem.

Click on Computer.

Right Click Properties.

Under Computer name, domain, and workgroup settings-

Change Settings

Under to rename this computer its domain or

workgroup, Click Change.

Under member of:

Domain

Enter your domain name.

Click O.K. and restart system.

You haven't changed anything, but reregistering your system with your domain MAY solve the problem (it did with my system).

There obviously are issues when you update the OS that caused the problem.

As I always say, if in doubt, reboot. Cleaning out the system by doing this seems to work in many cases.

------------------------------------
Reply:

I experienced a similar problem with our Terminal Server 2008 farm, i could log on using a domain account from the host domain but when trying from a trusted domain it failed with the above error.

What Microsoft implemented in SP1 for both Vista and Server 2008 was a design change to address security concerns regarding a downgrade attack. Therefore, if the type of domain trust is NT4, no failover to NTLM authentication will be performed after the Kerberos authentication failed, which results in the logon failing with the above message.

Upon checking the trust status using replmon all the failing domains were of the type DOWNLEVEL, i.e. NT4, rebuilding the 2 way trusts from a Windows 2003 DC and enabling SID filtering allowed trusted domain accounts to log on to the Terminal Server 2008 farm.

So check any domain trusts, especially if they were in place prior to Windows 2000 SP4 and make sure the type is NT5 i.e. UPLEVEL

------------------------------------
Reply:

I just encounter this problem too but what i did was, I checked my computer name/hostname on my Active Directory if my hostname still exist but unfortunately it was gone. So i tried to disjoined my PC to the network and joined again and it works.

If you see your computer name/hostname on the AD by searching on the computers and still the error will appear just delete your computer on the AD list of computers then try to disjoin and join on the network.

My OS is a VISTA PC also.

mykeel

------------------------------------
Reply:

Join to Workgroup

reboot

Change computer name

Join to domain

reboot

------------------------------------
Reply:

works very well,

we have an non rfc compatible domain name because of the company owner ...

dhcp an dns is running under linux, the domaincontroller is an dns slave (all so stupid, i know but not my work!)

so if i added a vista busines computer to the domain you could login after the first reboot (no domainsuffix registed) but not after the second reboot because of the domainsuffix is added later by the domaincontroller

thanks a million!

6 working hours to solve the problem because of non rfc compatible installations in our network

------------------------------------
Reply:

Roberto Pascolo said:

Hi Manny

Try this out on your Domain Controller:

A) Start > Run > ADSIEDIT.MSC

B) Go to Domain Partition and mark the affected computer

C) Rightclick and Properties.

D) Doubleclick ServicePrincipalName

E) Add new value: HOST/yourcomputername.yourdomain.xyz or whatever HOST is missing.

Best wishes

Roberto

Thanks Roberto. I still can't understand why this is the fix for the problem I had.

I am also confused on why it does that both for Vista and Windows 7. XP Worked just fine.

What is the reason behind these messages?

------------------------------------
Reply:

PaulJSO said:

Roberto Pascolo said:

Hi Manny

Try this out on your Domain Controller:

A) Start > Run > ADSIEDIT.MSC

B) Go to Domain Partition and mark the affected computer

C) Rightclick and Properties.

D) Doubleclick ServicePrincipalName

E) Add new value: HOST/yourcomputername.yourdomain.xyz or whatever HOST is missing.

Best wishes

Roberto

This solution worked for me also.

Note: Problem was caused when the primary DNS suffix was changed from the default Domain suffix.

Rblend

------------------------------------
Reply:

Greetings all,

I detected this issue too after rebuilding one of my development servers. I had a server named USTRSCTC002 that belonged to my development domain dct.com. I unjoined the machine from the domain when it still had Windows Server 2003 on it, and then rebuild the machine to Windows Server 2008. Do bear in mind that Windows Server 2008 RTM is actually Server 2008 Service Pack 1, released in conjunction with Vista SP-1.

When I rejoined the machine to the domain, I was greeted with the error message "the security database on the server does not have a computer account for this workstation trust relationship."

I also noticed that for every logon attempt with a domain ID, I'd get a Kerberos error in the log. I originally didn't pay much attention to this error, but after trying everything that folks said to try (including multiple domain unjoin/rejoin attempts), and having nothing work, I decided to look into the Kerberos error some more.

Description:
A Kerberos Error Message was received:
on logon session
Client Time:
Server Time: 11:28:8.0000 6/25/2008 Z
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Extended Error: 0xc0000035 KLIN(0)

I looked up the KDC_ERR_S_PRINCIPAL_UNKNOWN and got hits across the board. There were no quick solutions there. But the 0xC0000035 error provided a much faster insight. 0xC0000035 maps to the symbolic name STATUS_OBJECT_NAME_COLLISION. That was interesting...where did I have a conflicting named object in my Active Directory?

This thread shed some light on the subject, and also provided a command to check for dupes: http://social.technet.microsoft.com/Forums/en-US/systemcenter/thread/be6fcac4-7310-42d1-980e-e1725b464756/

This command was in the above mentioned thread and is provided here for convenience:
ldifde -f C:\SPNs.txt -t 3268 -d dc=domain,dc=com -l serviceprincipalname -r (serviceprincipalname=*) -p subtree

I went through the results and checked for the conflicting name, in this case "ustrsctc002" or "ustrsctc002.dct.com"

Several years ago we were beta testing Windows Vista and had rebuilt this machine to Vista build 5270, and after having problems with it, we rebuilt it to Server 2003--and forgot to unjoin it from the domain.

Years later, the old Vista Dev Server computer record was still lingering in the AD. I was able to find it in ADSI Edit. Basically I had two different Computer objects possessing the same servicePrincipalName value(s). My USTRSCTC002 machine object was correct:

HOST/USTRSCTC002
HOST/USTRSCTC002.DCT.COM
TERMSERV/USTRSCTC002
TERMSERV/USTRSCTC002.DCT.COM

But my old Vista Dev Server had the following for servicePrincipalName:

HOST/Vista Dev Server
HOST/USTRSCTC002.DCT.COM
TERMSERV/Vista Dev Server
TERMSERV/USTRSCTC002.DCT.COM

It was the instance of HOST/USTRSCTC002.DCT.COM that was the killer.

It is my understanding that Vista SP-1 and Server 2008 have an affinity for Kerberos over NTLM, and will use it if available. That said, since this was a fresh Server 2008 build which wanted to use Kerberos, the old computer record that was hanging around was the downfall. Once I deleted the offending computer object (the Vista Dev Server), life was good. :)

Best regards,
Matt

------------------------------------
Reply:

hi..dear...

I used your idea..it is working....thnks man..keep in touch..my id us shuanak312@gmail.com

------------------------------------
Reply:

This is a reply to the post by Matthew Sawyer...YOU ARE THE MAN! Thank you!!

I ran ldifde -f C:\SPNs.txt -t 3268 -d dc=domain,dc=com -l serviceprincipalname -r (serviceprincipalname=*) -p subtree on my DC and I found the problem. Once I deleted the offending computer, I was able to login to my other DC.

------------------------------------
Reply:

Could someone sujjest.

what will be resolution for Windows 7

------------------------------------
Reply:

That Ldifde command is awesome, many thanks!

------------------------------------
Reply:

Hey, I seemed to have found the fix to my problem.

My situation:

Old staff file server was renamed in AD to SSS4-OLD from SSS4 and then rebooted as well as IP changes, etc. I then made a new server (in our VMWare cluster) as a Server 2008 SP2 Standard Edition named SSS4 (replacement server).

I could join the domain, but not login getting that server security database error. Thanks to the some of the other posters here, I checked the SPN on the new SSS4, and it was fine, however, the old SSS4-OLD had not changed it's SPN. Upon changing the SPN and rebooting the new SSS4, everything is now fine.

Thanks for the help in pointing me to the right direction.

------------------------------------
Reply:

I've been building out over 30 2008 servers and have been encountering this problem with about half of the servers. At first, I would unjoin, reset the computer account, then rejoin which seemed to resolve the problem. Then it happened to a new DC - That was a pain in the %$#@. After promoting the server, there was no local account to log back into. I found a duplicate entry for that one in AD and eventually resolved the issue.

I've seen this error come up and resolve itself after renaming a computer, re-joining it to thedomain and I've seen it just go away on it's own. I don't have a single clue as to what is going on? Has Microsoft chimed in on this yet?

The are 3 domains in the forest I'm working in. All servers are 64bit 2008 standard. There is a trust with another forest hosting 1 domain. Computer accounts are typically created in AD first. These are new machines in a new domain using a new naming scheme. I know there are no duplicates.

------------------------------------
Reply:

Hi, I came accross this issue, but now I resolved it, I changed my computer name and then restart it, then it could be log on with my domain account, I think this will help you to resolve this issue.
Good luck,
Paul Li

------------------------------------
Reply:

That worked in most cases but it doesn't help when it happens to a domain controller. After you promote a machine, it removes the local user accounts so the only account you can log in with is a domain account. Of course when you try to log in with a domain account you get the "Security Database" error and your totally screwed. Even if you could get in and change the name, (which is not something you want to do with a DC) you would have to spend the next 5 years cleaning out rogue ADSI and DNS entries.

Fortunately I was able to get back in using Safemode (no networking) which allowed me to access the event logs. The event logs indicated Kerberos errors and I ended up have to shut off the Kerberos and DNS services to get back in. Later I did find a rogue AD entry that looks like it was create when the server was promoted. Removing that resolved the issue.

The fact is that a lot of people are having this issue and no-one has a clear reason why it's happening or a sure fire fix for all situations. This appears to be a pretty big bug and I'm amazed it hasn't been addressed yet.

------------------------------------
Reply:

Leaving and re-joining the domain did it for me. Check the Event Viewer on the server for a NETLOGON notiifcation and it will tell you to try re-joining the domain if the machine should have access.

------------------------------------
Reply:

Tried all the workaround you peeps posted, nothing worked.

Even tried to upgrade to SP2 the Vista PC and still not able to join the domain. Will try a format on the PC even i cannot find anything soon, and prolly will install winXP,

------------------------------------
Reply:

I recently performed a 20+ Server 2008 SP2 install and had this happen on about 1/3 of the machines. I most cases I was able to unjoin and then rejoin. This even happened to 2 newly promoted DC's so I didn't have the luxury of logging in with a local admin account (that wasn't fun). I attempted to look at the ADSIedit fix others mentions and didn't find anything out of the ordinary.

During this project I noticed some of the servers exhibiting these symptons just fixed themselfs after about half a day which to me strongly suggests a replication issue. I was pretty careful to make sure I was only making changes on the DC the servers were logging into however this problem still occured. After a while, this problem stopped happening altogether.

The only thing can think of was I made some major changes to AD sites and services. Sites and Services was selecting replication partners that physically couldn't talk to either due to firewall policies or lack of established tunnels. I gave the default site link a ridiculously high cost and then started modelling out the perferred replication paths so the DC's could actually communicate with each other. (It's also neccessary to delete the automatic links that couldn't communicate - If they keep reappearing then you have more work to do.) This smoothed out almost all of the AD replication issues and I haven't seen the security error on the last 8 server installs.

I don't know if this is the end all solution, but it's another avenue you can explore.

------------------------------------
Reply:

Hello,

I found myself in the same situation. In fact I have renamed a decomissioned server but I omit to do a restart and just did a lazy shut down. After lookin at your post and the event viewer I found a eventID 11 from Kerberos-Key-Distributoin-center (source). The source of my problem was a duplicate SPN on the DC (SBS 2K8). I found a procedure to fix the problem from microsoft here:

http://technet.microsoft.com/en-us/library/cc733945(WS.10).aspx

Hope this help.

Best regards,
Pierre

Pierre Sioui

------------------------------------
Reply:

Try to remove the records of this computer from active directory --> Computers and also remove the entry from DNS (Forward lookup zones). After this, remove the system from domain and join as a work group, once restarted, join again in domain

------------------------------------
Reply:

I had the same problem after changing IP address of Windows 2008 Server Std. Quick solution in my case was the following:
1. Delete primary DNS suffix in Computer Name dialog window and reboot.
2. Set primary DNS suffix equal to domain suffix and reboot server again.
After these steps I was able to logon with domain user credentials on that server.

------------------------------------
Reply:

Roberto, you rock!!

------------------------------------
Reply:

Another case:

It's computer conflict in Domain, so just change the computer name unique and rejoin the domain, the problem will be solved.

Cheers Roberto,

Kevin

------------------------------------
Reply:

The time was not set correctly on mine.

------------------------------------
Reply:

I spent a week and a half on this issue, only to find out how silly my situation was. In my office I have to use a switch so that I can work on different PCs at the same time. It finally donned on my that maybe the switch was the problem. Sure enough, I took the Vista SP1 laptop that into the server room and connected directly to the network from a main switch and now everything is just fine. I've not had problems with XP being setup in my office over the secondary switch, but for whatever reason Vista wouldn't function properly...

fat

------------------------------------
Reply:

Dear Matthew,

Thanks for your explanation. My problem are the same, but the problem resides on duplicate SPN in the Active Directory Objects.
I have 2 SPN pointed to SMTPSVC/COMPUTERNAME, thats cause the 2 Exchange Servers do not communicate each other.
The problem get 2 days of my work and your ldifde command saves more works days.

Thanks again.

Paulo Hecko
MCSE, MCP, MCTS.

------------------------------------
Reply:

Surely just the simple way as I have just done for two machines that I have the issue with is to run the joining network wizard within change settings for domain/computer name etc.

As long as you know the name of your domain and know the username and password of an administrator of that domain it will then re-add the machine to the domain.

------------------------------------
Reply:

I got this issue on a WS08 R2 DC at a branch site after changing my password and trying to log on too soon before replication had sorted itself out. No action required apart from waiting in this case.

------------------------------------
Reply:

I was able to fix this issue on a laptop with windows 7 Pro 64bit OS by logging-in as another user with administrative rights and simply detaching and re-joining the domain.

------------------------------------
Reply:

I had the same issue on one of my remote site domain controller (it was a new installation). After my R&D I found one thing, in AD there were two computer accounts for single domain controller. First one is displayed as "workstation or server" and second one is dispalyed as "writaable domain controller". I just deleted the computer account which is having a machine role of "workstation or server" then immediately I was able to login.

Santhosh Sivaraman MCITP: Microsoft Exchange Server 2007/2010 | MCSE/MCSA

------------------------------------
Reply:

Santhosh Sivaraman MCITP: Microsoft Exchange Server 2007/2010 | MCSE/MCSA

------------------------------------
Reply:

Hey

Good News. I just have sorted the problem out.

I have one dedicated server for file, application and print services on Windows Server 2008 R2 Enterprise 64 bit. I normally joined this member server under our Domain. Suddently i was facing this problem while i started workshop. I could not join the server under domain after doing lots of changes. Everytime the same messege appeared "The security database on the server does not have a computer account for this workstation trust relationship." While i was going through MSDN this problem blog i was trying to solve this issue and i solved it.

I just simply joined the computer under workgroup and than restarted.

Than i logged on locally as an administrator and changed the computer name to a different name and clear the dns suffix and netbios computer name.

Than again i restarted the computer and logged in as local administrator.

Than i tryed to join the computer under domain and it allowed me join under domain but you have to put administrator previleges.

Than restarted the computer again and put domain administrator account and logged in under domain. I logged in successfully.

I think this will help you a lot. If you do lots of changes on your domain controller or dns server than server holds the old legacy cache information sometimes even after flashing the cache information from the server it doesnot help us to get rid of the old information.

Anyway i solved my problem the way i explained you. Try it hopefully it will work. Good Luck

Best Wishes

Abu Tareq Mohammad Zobayer

------------------------------------
Reply:

I have about 150 users that authenticate with cross forest. There is password policy change for these users, where they are required to change password every 4 weeks. Every time I change password, I cannot login because of this error. Very soon I will need to upgrade all users to Windows 7, and if I have to rejoin computer to domain every time one of them changes password that will be a disaster. There must be a permanent fix for this? C'mon Microsoft!

------------------------------------
Reply:

Hello,

There are, unfortunately, a number of factors that contribute to this error being generated. Although the Win7 machine may have *looked* like it successfully joined the domain (after all, a Computer object exists in AD), in fact the joining wasn't entirely succuessful. That is, yes, the Computer object gets created, but it is not fully and correctly configured. This can be due to myriad reasons - firewalls enabled, cloned machines, conflicting product keys/sids etc. etc.

When joining Win7 machines to a pre-AD2008 domain, always make sure all Windows firewalls are turned off on the machine, and have one and only one network route to the domain controller (e.g. don't enable the wired network and wireless).

If you get this error: "The security database on the server does not have a computer account for this workstation trust relationship." when attempting to login, this is usually because the Computer object creation did not complete (you may have seen a DNS or similar error after joining the domain). This means the object is created, but important LDAP attributes are not set in the object. So...to set these, try this:

On your Domain Controller, get hold of ADSIEDIT.MSC. If you don't have it, you can download it from the Microsoft Support Tools site.

RUN: Start -> Run> ADSIEDIT.MSC

Under the Domain tree, find the Computer object in question and select Properties. When you see the list of attributes for the machine - and it should be a fairly long list - you need to change these 2 attributes:

dNSHost

If you've seen the trust error, this attribute's value will probably be blank or incomplete. Change the value to the fully-qualified DNS name of the machine as shown in the machine's System properties - e.g. mywin7box.mycompany.domain

servicePrincipalName

This attribute takes multiple values. Again, if you've seen the trust error, it will likely be blank. You need to add 2 values to this attribute:

1. HOST/the computer's MACHINE NAME in all capitals (NOT the FQ DNS name) - e.g. HOST/MYWIN7BOX

2. HOST/the computer's fully qualified DNS name - e.g. HOST/mywin7box.mycompany.domain

NOTE the use of a FORWARD slash, NOT a BACK slash, as is often used in MS naming (thankfully, this is LDAP)

Press OK to save the changes, and you should then be able to login via the domain on the Win7 box.

I really hope this horrible hack helps people get to grips with the 'new and improved' Win7 (Vista.1) networking.

-midiman-

------------------------------------
Reply:

what is this bullcrap! this is happeing with windows 7 all the time on our domain! i have to keep changing it to workgroup then back onto the domain with a changed name. Please is there a way to prevent this from happeinging when setting up a pc with windows 7?!

------------------------------------
Reply:

This problem was resolved with the below simple steps.

1) REmove the system from Domain.

2) Set the DNS suffix correctly. Ensure that you have all the suffix set correctly especially for the domain where you log in.

3) Add the system back to domain.

My guess is, if the DNS suffix is set up correctly before adding the system to the domain, this error/problem can be avoided.

Regards,

Chandan Patralekh

------------------------------------
Reply:

I have run into this issue repeatedly on Server 2008 R2 and Windows 7 machines. Checking the DNS suffix with ADSIEDIT showed that both the correct entries were there. There are a few ways I have found to resolve this issue.

1. Reboot the 2008R2 DC - not the best of fixes as it will cause other issues

2. Reboot the computer - seems to fix the issue 90% of the time, until it happens again.

By far the easiest way I have found to get around this issue:

When logging into your domain. When you receive this error, Instead of using user/pass/domain change your login name to user@domain/pass, or vice-versa This little work around has worked for me every time.

Hope this will help some folks, I was hoping SP1 would have fixed this issue, but no, its still around.

------------------------------------
Reply:

For some reasons, I needed to format and re-install my Windows 2003 Enterprise server. I re-setup it with same fqdn name and other stuffs alongwith AD as they were before.

Now, all clients (WinXP) can connect and use the server resources but everytime they connect to sever, following errors are logged:

Event ID: 5513  The computer COMP1 tried to connect to the server \\SERVER using the trust relationship established by the EXAMPLE domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

Event ID: 2723  The session setup from computer 'COMP1' failed because the security database does not contain a trust account 'COMP1$' referenced by the specified computer.

Event ID: 5805  The session setup from the computer COMP1 failed to authenticate. The following error occurred:   Access is denied.

I tried to re-join the client machine from client, but by doing so it creates separate user profile folder in 'Documents and Settings', and user's earlier preferences are gone.

Will solution suggested by Roberto.Pascolo solve my problem? or Is there any other way to re-join client machines to the domain?

Thanks in advance.

------------------------------------
Reply:

Hi Manny

Try this out on your Domain Controller:

A) Start > Run > ADSIEDIT.MSC

B) Go to Domain Partition and mark the affected computer

C) Rightclick and Properties.

D) Doubleclick ServicePrincipalName

E) Add new value: HOST/yourcomputername.yourdomain.xyz or whatever HOST is missing.

Best wishes

Roberto

Helped to cope with the problem in my case.
Are there plans to release fixes?

------------------------------------
Reply:

Hi Everybody,

I do have the same problem with different Windows 7 machines. Once in a while different workstations can´t log on. they get the error:

The scurity database on this server does not have a computer accout for this workstation...

The Computer account is there, also the right ServicePricipalName. This happens one day and then for weeks there is no problem with the logon. Then again, and next day everything is fine. I tried all the different sollutions provided here. But the problem stil persists.

Does anybody have an idea?

Thanks

Juergen

------------------------------------
Reply:

Hi,

we had a same problem with couple of (virtual) servers. These was cloned, from the one working host, and had some SPN:s was setup for the servers. After rejoining from domain (several times....) did not help (with the same name) we changed the name of the servers and then (from server-x to server-xx) they started working. Reason was propably that, the SPN holds the SID information, and therefore those servers could not login with old name.

Now servers are workig fine. Just needed to reconfigure SPN:s to get services working as expected.

------------------------------------
Reply:

Manny,

try to remove the workstation from the domain and make it a 'workgroup' box. then restart and rejoin to the domain. then restart and see if it works (I am not saying that this is pretty but the only way to make it work for me on one of the machines).

peter

This worked for me!

Thnx

------------------------------------
Reply:

If you can't logon, how would you achieve this?

------------------------------------
Reply:

Sure to change the name and rejoin the domain works for a while, but than all of a sudden, the workstation can´t log on. Than for one or two weeks it works again, and the again I get the error that no computer account is there.

Since months I look for a solution, so far without success.

If someone out there has an idea it would be great.

Juergen

------------------------------------
Reply:

Hello PKSB

Can you point me to exactly where the computer configuration is? I just see system configuration which does not contain administrative templates... please excuse my slowness :)

------------------------------------
Reply:

Hello all, hope my little contribution may help someone.

I started getting this error after cloning a member server. When I cloned my 02 server to create a replacement for my ailing 03 server, I ran into this error when I turned off the ailing server and renamed the new one with the name and ip of the original sick server.

- after reboot, my application would no longer work on the new server. The client would give a generic aspx error, and say unavailable.
- Discovered that although the server indicated it joined the domain, it would not allow logons with any domain accounts. It gave the error above that brought us here.

- discovered that AD would not/could not create a computer account for the new server.
- finally decided to create a computer account manually in AD. Tested, but it still didn't work.

- Then using info from the posts here, edited the serviceprinciplename value in the manually created AD account, using the ADSIEdit tool. I also edited some other values that involved server names, etc.
- after editing the values for the new server, using another good server as a guide, saved the changes and I tested again and the server worked.

Thanks to Roberto for mentioning the servicenameprinciple in his post, that guided me to what was wrong.

------------------------------------
Reply:

Hi All,

I am getting this error for past few days on Windows 7 .At the time of giving the credentials just off the wireless and you can bypass this error.But this is a temporary solution.Once you have access you can look for a permanent solution.

Looking for a permanent solution.Can anybody help me out (:

------------------------------------
Reply:

I found I needed to do this to get it all working

From a DC/AD server

ldifde -f C:\SPNs.txt -t 3268 -d dc=domain,dc=com -l serviceprincipalname -r (serviceprincipalname=*) -p subtree

In the above command, replace DC=domain,DC=com with the DN of the domain. To check if duplicate SPN is present.

for me the issue was a duplicate HOST/ entry for the server found in a service account

Found from this link - the link has more steps if needed

http://social.technet.microsoft.com/Forums/en-US/systemcenter/thread/be6fcac4-7310-42d1-980e-e1725b464756/?prof=required

------------------------------------
Reply:

1. Try to login with Local Administrator/User and remove current machine from the domain and restart the machine. 2. Again join the domain and restart the machine, now you can login with domain Users 3. it will work OK.

------------------------------------
Reply:

Hello, during some troubleshooting of mscrm, I messed up our dc itself with setspn command. please tell me what spns should be configured for dc in adsiedit.msc

------------------------------------
Reply:

PaulJSO said:

Roberto Pascolo said:
Hi Manny

Try this out on your Domain Controller:

A) Start > Run > ADSIEDIT.MSC

B) Go to Domain Partition and mark the affected computer

C) Rightclick and Properties.

D) Doubleclick ServicePrincipalName

E) Add new value: HOST/yourcomputername.yourdomain.xyz or whatever HOST is missing.

Best wishes

Roberto

This solution worked for me also.

Note: Problem was caused when the primary DNS suffix was changed from the default Domain suffix.

Rblend

Hey, Rblend, How Can I change primary DNS suffix on a DC?

------------------------------------
Reply:

start to change the network id of client and login as admin and follow the wizard.

------------------------------------
Reply:

Hi Roberto,

I just tried your workaround and it worked perfectly.

Many thanks!

Kind regards,

Buz

Phil. B.

------------------------------------
Reply:

Thanks Peter. This worked for me.

------------------------------------
Reply:

Just a follow up to the cause of this error for our Agency.

Some of our Agency computers were connecting to remote portals using Connectix or Citrix software. What was happening was the remote location was adding a "Domain" suffix to the computers that were connecting. These computers would then try to login using the "default" domain suffix that was now incorrect.

I fixed this issue by using a GPO and forcing our domain suffix to be the primary suffix. I have not seen this error since I have made this change.

If you were to look in the computers "Advanced TCP/IP" DNS settings you will probably find the offending domain suffix.

Might not be everyones problem but it sorted mine out.

------------------------------------
Reply:

Hi

Please help - I'm getting crazy. Four machines, after SP1, two with this login problem. I'm getting the message "The security database on the server does not have a computer account for this workstation trust relationship.". I updated the network card driver, I removed computer from domain and rejoined. Nothing helps.

First login works fine, second one gets the error message again. Please help. User and I don't know what to do!

Any help would be appreciated.

Best wishes

Roberto

I have an easier way. Log into the AD server goto workstations and manage that computer. In there you can add a local user or enable/reset the password on that workstation. If you can NOT find the workstation name Add it (the same one that it used to have) You cna tell what that is by trying to log into the computer that is giving you the Security error. Choose other user and you'll see what the computer name was

Now once you have enable the admin account or found what another local account was you can go back to the workstation login locally and then re-add yourself to the domain. One reason the security database lost the computer account is because there might be two computers with the same name. maybe the old one was recently turned back on??

Goodluck!

------------------------------------
Reply:

How I fixed it:

I had this problem on a Windows 7 workstation, connecting to a Windows 2008 SBS server. I could only login to the workstation by unplugging the network cable, then plugging it back in once the PC logged in. But once on I couldn't access that server.

I could ping the server's IP address, but I couldn't see the server at all. I could see other computers on the network, just not the server controlling the domain.

I Googled the problem and followed various solutions, none of which worked. (Like disconnecting it from the domain, renaming the computer, then reconnecting it to the domain... which didn't work because it couldn't find the domain controller. After this I did a System Restore to put things back to how they were.)

I finally modified the hosts.ini (C:\Windows\System32\drivers\etc\hosts.ini)

In my case, with the server's IP being 192.168.0.200 and the server name being TrackServer I added the following line to the hosts.ini file:

192.168.0.200 //Trackserver

Poof! After that it worked beautifully. I could login to the domain and access the server fine.

I assume something screwy happened to the DNS on that computer. This system has about 15 computers on it, and all but 4 have XP. This is the only one of the 4 Windows 7 PC's that have had the problem.

------------------------------------
Reply:

Any update from Microsoft as to when we can expect a permanent solution to this problem? Also maybe a reason for why this is happening?

I have this problem on my networt on different PC's at random times.

CVR

------------------------------------
Reply:

I am running into this issue with a Windows 7 Enterprise machine. Problem is that when I try to log into the local machine with the administrator account, it tells me the account is locked. I was able to get into the computer and take it off the domain by disconnecting the network cable and having the user login with the local administrator account (this is at a an office 3 hours away with no IT people in house). Now that I have restarted with the workstation on the work group, I cannot login using the administrator account anymore. Also, the computer was not listed in the Active Directory or the DNS Manager. Ideas?

Edited by C_J_GO Monday, February 6, 2012 5:50 PM

------------------------------------

Features MDT V/S SCCM OSD

what all are OSD features MDT does have and SCCM does not have.

mohd.w

Edited by Md.Waseem Wednesday, February 8, 2012 1:05 AM

Reply:

Depends on how you look at things. The question isn't necessarily the correct one to ask though because the two solutions are not mutually exclusive. MDT works in two ways:

- Stand-alone (often called lite-touch)

- Integrated with ConfigMgr (often called zero-touch)

So, for the things that MDT does above and beyond what ConfigMgr OSD does out of the box, you would just integrate it into ConfigMgr.

The reverse is not true however, there are many, many things that ConfigMgr does that MDT does not so if you have ConfigMgr in place, it would be somewhat silly not to use it and integrate MDT into it.

Jason | http://myitforum.com/myitforumwp/community/members/jasonsandys/ | Twitter @JasonSandys

------------------------------------
Reply:

Hello Jason,

You are correct, MDT Works in two ways as you described above. Actually i was trying to differentiate it only with OSD deployment feature.

If i have SCCM in place should I integrate MDT also or SCCM can do ZTI without MDT.

Thanks

mohd.w

------------------------------------
Reply:

ConfigMgr OSD can absolutely get the job done without MDT.

However, MDT adds a lot of great functionality. Basically, things that a lot of folks would write/create on their own is already provided by MDT for easy reuse.

Also, integrating MDT into ConfigMgr doesn't mean you have to use the MDt functionality, it just means it's now available for use. So I would defintiely install it and evaluate the things it gives you against those that are often characterized as "missing" from native ConfigMgr OSD.

Jason | http://myitforum.com/myitforumwp/community/members/jasonsandys/ | Twitter @JasonSandys

------------------------------------

Alert history time vs. alert created property

I'm looking for an explanation for the difference of time between the alert history tab "alert activated by the system" value and the "created" property value on the alert itself.

My example is logical disk free space. It appears the alert history tab shows when the alert opened by the system and the created property for the alert aligns with a sample of the logical disk free space (doesn't appear to be up to date with now, it stops pulling in the most recent sample for some reason). Again, the sample is NOT the most recent it's just some point in time so I was looking for some clarification around how this works.

Example of situation:

Alert for Logical Disk:

Time in Alert history where alert was opened by system: 1/1/2012 5:10pm
"Created" property of alert: 1/1/2012 5:25pm

FIM 2010 Hotfix Installation - Error 25070 These workstations have sessions with open files on this server

FIM 2010 Hotfix Installation - Error 25070 These workstations have sessions with open files on this server: http://social.technet.microsoft.com/wiki/contents/articles/7214.fim-2010-hotfix-installation-error-25070-these-workstations-have-sessions-with-open-files-on-this-server.aspx

Timothy P Macaulay, MCSD, MCSD.NET, MCAD, MCP

Converting UNIX date/time bigint value to SQL DateTime format

Hi all,

We have a database that stores a UNIX epoch value in a BIGINT field. It's a hassle to continuallly type out the appropriate conversion code to show the human-readable date and time. So here is a function that I created to handle the task. I hope this is helpful to others.

CREATE FUNCTION dbo.udf_ConvertUnixDT2SqlDT (  	@unixDT BIGINT,  	@GMToffset INT  )    RETURNS DATETIME    AS    BEGIN    	DECLARE @epoch DATETIME  	DECLARE @retDT DATETIME    	SET @epoch = '1/1/1970'    	SET @retDT = DATEADD(hh, @GMToffset, DATEADD(ss, @unixDT, @epoch))    	RETURN @retDT  END

The first input is the UNIX epoch value to convert. The second value allows you to adjust the return value to reflect the targeted timezone. Below is a sample usage statement.

select dbo.udf_ConvertUnixDT2SqlDT(<UNIX timestamp field name>, -5) as datevalue, * from TableName

Example datevalue: 2012-02-01 13:41:21.000

Changed type KJian_ Monday, February 6, 2012 7:34 AM
Edited by a14437 Monday, February 6, 2012 4:41 PM Formatting

Reply:

Jian Kang,

I see that you changed the type for my post. Can you tell me what changed? This was my first post and I'd like to learn more about how you organize posts.

Kind regards,

Steve

------------------------------------
Reply:

If your post is not a question asking for answers, then it's better to use 'discussion' type of the thread to indicate you're not looking for answers.

For every expert, there is an equal and opposite expert. - Becker's Law

My blog

------------------------------------
Reply:

Thanks Naomi. Does that mean I would have started a thread differently? I clicked "Ask a question", which didn't seem correct because I wasn't asking a question but didn't see how else to start a thread.

------------------------------------
Reply:

No, you start a thread exactly the same way as normal, but then change the type of the thread to be a discussion.

For every expert, there is an equal and opposite expert. - Becker's Law

My blog

------------------------------------
Reply:

Thanks again!

------------------------------------

FIM 2010 - Working with the Recycle Bin Feature in Windows Server 2008 R2 Active Directory

More of an information, central location wiki on FIM 2010 working with Windows Server 2008 R2 AD.

FIM 2010 - Working with the Recycle Bin Feature in Windows Server 2008 R2 Active Directory: http://social.technet.microsoft.com/wiki/contents/articles/7262.fim-2010-working-with-the-recycle-bin-feature-in-windows-server-2008-r2-active-directory.aspx

Timothy P Macaulay, MCSD, MCSD.NET, MCAD, MCP

FIM 2010 - Installation Companion - Accounts

So in support we do receive a lot of installation type calls. One thing that is discussed is the accounts needed for the installation. I decided to throw together a wiki that has the accounts needed. The goal of the article is to provide a list of accounts that is recommended to be created, and if possible prior to installation to help the install go by faster. It is a companion type article to the installation guide.

FIM 2010 - Installation Companion - Accounts: http://social.technet.microsoft.com/wiki/contents/articles/7222.fim-2010-installation-companion-accounts.aspx

Timothy P Macaulay, MCSD, MCSD.NET, MCAD, MCP

Changed type Tim MacaulayMicrosoft employee Monday, February 6, 2012 4:37 PM wrong type
Changed type Tim MacaulayMicrosoft employee Saturday, May 26, 2012 5:51 PM

IIS Management Pack - Default website cannot be started (port 80 in use)

Hello everyone,

Since this is my first post on this forum, this might not be the appropriate subforum for this discussion. I couldn't find one which would be more suitable though. On the other hand, i believe SCOM users and administrator might be more familiar with this issue than IIS admins.

This situation takes place in a relatively large domain with fairly new Microsoft products, including SCOM 2007R2 CU5. SCOM uses the IIS Management Pack to monitor several servers. The IIS Management Pack also monitors the Default Website, assigned to port 80, and will present an alert in case the website is not running or is unable to start. (The IIS 7 web site named Default Web Site on server.domain.com is unavailable as the site has been stopped.)

Then, there also other system administrators who are hosting websites on the IIS servers, using port 80 of 443. Without using host headers, only one website can use port 80 so one of both sites cannot be started. Since the IIS admins prefer to run their website on port 80, the Default Website cannot be started.

With >500 servers running IIS, how would you prevent this situation from happening? Ask all IIS admins to use different ports? Use host headers? Assign the IIS Default Website to use a different port? Or is there another option which hasn't crossed my mind?

Many thanks and regards,
Martijn

Edited by MWeterings Monday, February 6, 2012 4:05 PM

asus m4a88t-m express gate problem feb 05 2012

My problem is about Express Gate

I was make a homework in my pc when i encounter some problem,
it's "not responding" of other program...

i use "ctr + alt + del" to force end task but it's not easy to stop....

So i force to restart my PC when booting i'ts show's "disk read error press ctr+alt+del"

i turn off the PC and open it, when boot it's appear "express gate loading" then nothing happen...I look up in "BIOS" it's already disabled...

So why they required the express gate?

When i install the Operating System i already did not install the driver of express gate so that they will not appear forever i don't want to use that...

And now it will appear again...how can i stop that thing...

is this asus board required to install driver of express gate?

hope can save my problem as now i can't use my PC cause of express gate always boot not in windows instead....

Edited by morkie28 Monday, February 6, 2012 2:41 PM
Changed type Niki Han Wednesday, February 8, 2012 6:26 AM

Reply:

You are on the wrong website. This is a Microsoft website.

Express Gate is an ASUS product and feature. It is not a Windows 7 feature nor a Microsoft product!

For problems with ASUS products, you must go to the ASUS website forums or contact ASUS Technical Support.

Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. "

------------------------------------

Kundly 2009 compitibility problem with the Windows7.0

kundly2009, kundlypro software can not run on windows 7 OS. to run the programme succesively pls give the solution.

Reply:

You will have to contact the publisher of the program because this program is not compatible with Windows 7.

The publisher of the program will have to give you the needed information, not Microsoft!

------------------------------------

Fabric Management in the IaaS Private Cloud Article

Fabric management is a key indicator of success for IaaS Private Cloud. Private cloud is all reaching a high level of maturity when it comes to service management, since your IT group is now in competition with public cloud providers. Improve your fabric management game! Check out "Private Cloud Infrastructure as a Service Fabric Management" to learn more - and then let's talk about the article here.

Thanks!

Tom

MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx

SWIFT standard Developer Kit (SDK) adoption

Hello

as you know SWIFT is now suport converting SWIFT MT into XML format by using tool called SDK https://www.swiftcommunity.net/communities/245/detail

my question is : is thier any plan in the coming future to see the same XML ()

because the generated XML form SDK is different than the XML coming from A4SWFIT

Changed type Lloyd Zhang Monday, February 6, 2012 2:38 AM

Reply:

That is a good suggestion for a future A4SWIFT version. I am not sure if there are any plans to do that.

Thanks,

If this answers your question, please use the "Answer" button to say so | Ben Cline

------------------------------------
Reply:

Any Microsoft reply ?

------------------------------------

Kjell Uppheim-administrator

Hi.

During this weekend my exchange system with outlook is changed to office 365. And it is working. Meanwhile, we find different computers with different display in "Microsft Online Services Sign in".

In one computer we can see "My Company Portal" after signing in. In this computer we can separately open Office 2010/Outlook and be asked for password etc. and then work in Outlook as before.

In another computer we can see "My Company Portal" and " E mail and Calendar". Here we can choose between working in Outlook 2010 or work on the web.

In another computer we can see only "My Company Portal" and when trying to open separately Outlook 2010, it opens but with message-not connected.. There is no place to connect.

What are we doing wrong.

Best regards,

Kjell Uppheim

sub report formatting

How can i position my sub report adjacent to the main report and function like there is not a sub report on the end? Currently i have to match up the main reprt headings with the sub report. Is there a more precise way?

Reply:

Hi,

You have set the column Sequence and column width in both the report is Same

Hope this will help you !!!
Sanjeewan

------------------------------------
Reply:

Ah yes i totally missed this property under position/size Thanks!!

------------------------------------

Technical difference between Adapter and Pipelines

Pls delete it

Edited by JBhola Tuesday, February 7, 2012 4:13 PM wrong send

Reply:

On a very basic level, the adapters provide the transport capability (TCP, HTTP, FILE, MSMQ...), the pipelines provide normalization (Decoding, Disassembly, Assembly, Encoding,...). You can download the following posters to get an idea of where everything fits in BizTalk.

BizTalk Posters Link
http://msdn.microsoft.com/en-us/library/ff742262.aspx

David Downing... If this answers your question, please Mark as the Answer. If this post is helpful, please vote as helpful.

------------------------------------

In SharePoint 2010 event calendar , which column can be used as edit area, which allow the user to embed links, images, video and text?

In SharePoint 2010 event calender, which column can be used as edit area, which allow the user to embed links, images, video and text ? is it Full_HTML column?

Reply:

Two possible options

1. you can use a meeting workspace with the calander event.

2. you can add a custom column to the calander to store the information.

Thanks,

Sahil

------------------------------------

how to get all task list items from all sites in a web application

hi,

In my senario. i need to display all my task item from all sites and subsites in a web application. for example in my site have 5 sub sites each site have a task list. I need to display all task in site 3 from all the sites.

i write a custom webpart and using spwebcollection but it assking authendiacation for the assigned to user also.

please help me

Reply:

Hi there

So to confirm this, you are trying to query multiple site collections and so using SPSiteDataQuery or other cross-site query mechanisms are not available?

In this case you should be running this code as a user with permission to all site collections, in other words, someone with full control to the entire web application. If the user context in SharePoint is not that of a user with this level of permissions then you may want to look at using this http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges.aspx

Thanks

Stuart

Read my wiki at www.intheknow.it for more code and tips for developing with SharePoint 2007 & 2010
Twitter: @starznet

Technical Architect at Starznet Ltd. WSS/MOSS development and customisation with a primary focus on CMS.

------------------------------------

Outlook 2010 not syncing with exchange 2010, iOS devices fine.

I am having a sync problem with Outlook 2010 and exchange 2010. If I go to Inbox Properties then Synchronization, "Last synchronized on: 06/02/2012 9.35" it is now 14.16, so iver 4 hours ago. The "Server folder contains: 6858 Item(s), Offline folder contains 6849 Item(s)".

Where can I find logs to trouble shoot this issue?

This is happening on 2 of my client PCs.

Thanks for any help

PS its not happening on my iOS devices.

Reply:

Synchronizing Outlook is a complete different story than syncing mobile devices. Regarding your Outlook client running in cache mode, switch to folder list mode and see if there's a "Sync Issues" folder with a possible clue in there on the problem.

Also, did you check out this article?
http://support.microsoft.com/kb/842284

------------------------------------
Reply:

Hi,

I had a look at the sync folder and there was one instance from this morning at 9.35 when outlook failed to sync deletions but that would not explain the problems before today and for the rest of today. My outlook shows as connected and "All folders are up to date" next to that thou I just noticed it says updating address book and looks like it hanging on that, could that be causing the problem , I assume so as wouldnt outlook have to complete this task before starting normal activity?

Thanks for your time.

regards

Gordon

------------------------------------

libiodbc.so & libodbc.so error: cannot open shared object file.

#include <cstdio> // for printf  #include <SQLAPI.h> // main SQLAPI++ header  #include <iostream>      int main(int argc, char* argv[])  {   SAConnection con; // create connection object      try   {   // connect to database   // in this example it is Oracle,   // but can also be Sybase, Informix, DB2   // SQLServer, InterBase, SQLBase and ODBC   con.Connect(   "test", // database name   "tester", // user name   "tester", // password   SA_ODBC_Client);     printf("We are connected!\n");     // Disconnect is optional   // autodisconnect will ocur in destructor if needed   con.Disconnect();     printf("We are disconnected!\n");   }   catch(SAException &x)   {   // SAConnection::Rollback()   // can also throw an exception   // (if a network error for example),   // we will be ready   try   {   // on error rollback changes   con.Rollback();   }   catch(SAException &)   {   }   // print error message   printf("%s\n", (const char*)x.ErrText());   }      return 0;  }

Well, I found out what the problem was, seems I was giving the Oracle connection parameter in my source program.
the correct one should be SA_ODBC_CLIENT which is for SQL Server connections.You know, another story just started to play as soon as this bug was identified.

g++ -c -Wall -O2 -DNDEBUG -I/usr/lib/SQLAPI/include -o dbConnection.obj dbConnection.cpp
bash-3.1# g++ dbConnection.obj -o dbConnection -L/usr/lib/SQLAPI/lib -s -lsqlapi -lc -lm -lcrypt -ldl
bash-3.1# export LD_LIBRARY_PATH=/usr/lib/SQLAPI/lib
bash-3.1# ./dbConnection

libiodbc.so: cannot open shared object file: No such file or directory
libiodbc.so.3: cannot open shared object file: No such file or directory
libiodbc.so.2: cannot open shared object file: No such file or directory
libodbc.so: cannot open shared object file: No such file or directory
libodbc.so.1: cannot open shared object file: No such file or directory

DBMS API Library loading fails
This library is a part of DBMS client installation, not SQLAPI++
Make sure DBMS client is installed and
this required library is available for dynamic loading

You know, I think the SQLServer Driver is not included in the SQLAPI++. So, I think I need to install the unixODBC driver for SQLServer. You got the same idea?, moreover, if the case is right, I think m not gonna need SQLAPI++ anymore, as I guess, you know, the ODBC manager driver automatically supports SQL APIs.

looking forward to hearing from you.
Saman

Moved by SSISJoostMVP Wednesday, June 19, 2013 6:26 PM Not SSIS related

help with seeing web page

I can only partially view a web page?? some one told me i need to update my internet explorer? so tried..and telling me my security system will not let me download?

Changed type Niki Han Wednesday, February 22, 2012 7:11 AM

Reply:

Hi,

does this happen on every web page you visit? Which web site page if not?

Which Windows and IE version are you using?

Regards.

Rob^_^

------------------------------------
Reply:

what excatly do you see? what is displayed on the part of the website that you cannot see.

please paste the screen dump

Web Designer Edinburgh Web Designer Glasgow
SEO Edinburgh SEO Glasgow

------------------------------------

Shared Calendar in mixed mode

in a mixed mode EX2k10/Ex2k3 if a user on Ex2k3 share his calendar with a user on EX2k10 and if we close port 135 between both server ( we are using Outlook anywhere), then the calendar will not show details, it shows just free or buzy.

if we open the port RPC 135, the calendar will be shown correctly.

my questions is, why port RPC 135 is needed?

i tested sharing calendar between 2 users on an exchange 2k10 ( in the same site as Exchange 2003) and there is now issue.

So:

1- EX2k3 to Ex2k3: No Issue with port RPC 135 closed

2- Ex2k10 to Ex2k10: No Issue with port RPC 135 closed

3- Ex2k3 to Ex2k10: Calendar shown with No details with port RPC 135 closed

4- Ex2k3 to Ex2k10: Calendar shown with details with port RPC 135 opened.

5- Ex2k10 to Ex2k3: Calendar shown with No details with port RPC 135 closed

6- Ex2k10 to Ex2k3: Calendar shown with details with port RPC 135 opened

can anyone explain to me why Port RPC 135 is needed in mixed mode in this case please?

Reply:

if we open the port RPC 135, the calendar will be shown correctly.

my questions is, why port RPC 135 is needed?

i tested sharing calendar between 2 users on an exchange 2k10 ( in the same site as Exchange 2003) and there is now issue.

So:

1- EX2k3 to Ex2k3: No Issue with port RPC 135 closed

2- Ex2k10 to Ex2k10: No Issue with port RPC 135 closed

3- Ex2k3 to Ex2k10: Calendar shown with No details with port RPC 135 closed

4- Ex2k3 to Ex2k10: Calendar shown with details with port RPC 135 opened.

5- Ex2k10 to Ex2k3: Calendar shown with No details with port RPC 135 closed

6- Ex2k10 to Ex2k3: Calendar shown with details with port RPC 135 opened

can anyone explain to me why Port RPC 135 is needed in mixed mode in this case please?

Merged by wendy_liu Friday, March 2, 2012 3:13 AM duplicate

------------------------------------
Reply:

Why are you closing port 135 between the servers? When the shared calendar needs to be accessed for the details, it uses RPC to connect to it.

You can see free/busy because Exchange 2010 uses HTTP to connect to the 2003 Public folder store virtual directory to access that and on the 2003 side, it looks at the free/busy folder in the pf store.

------------------------------------
Reply:

Duplicate. See: http://social.technet.microsoft.com/Forums/en-US/exchange2010/thread/3005eb2e-5dcf-44d7-b480-990fa3d947ac

------------------------------------
Reply:

the company policy need to close all RPC trafic between both sites.

could you please give me more details or any

MS article about this information:

"When the shared calendar needs to be accessed for the details, it uses RPC to connect to it."

it's clear there that it's not supported to install a firewall between exchange servers http://technet.microsoft.com/en-us/library/bb331973.aspx

but in the other hand, Microsoft said that Outlook Anywhere does not need any RPC connections to be made there:

Edited by HMondher Tuesday, January 31, 2012 2:51 PM

------------------------------------
Reply:

http://technet.microsoft.com/en-us/library/bb232134.aspx

Understanding the Availability Service

Check the flow chart for "Detailed" information.

Note also that blocking Exchange required ports between servers in the same forest is not supported.

------------------------------------
Reply:

Hi A_D

thanks for reply, this article does not explain how it work for Outlook Anywhere and what port are required !!!

excuse me for the confusion:

we did not blocked any RPC communication between servers, just between servers and clients using OA.

from our tests we found that:

A- if the UserA is on EX2k3A and share his calendar with UsersB residing on EX2k3B server: NO issue, we can see details even if Port 135 is blocked between EX2k3B and UserA

B- if the UserA is on EX2k10A and share his calendar with UsersB residing on EX2k10B server: NO issue, we can see details even if Port 135 is blocked between EX2k3B and UserA

C- if the UserA is on EX2k3A and share his calendar with UsersB residing on EX2k10B server: We cannot viwe details.

D- if the UserA is on EX2k10A and share his calendar with UsersB residing on EX2k3B server: We cannot viwe details.

the conclusion is:

if UserB who shared the calender is not on the same version of exchange of UserA, and Port 135 is blocked, We cannot viwe details.

My Question is: What is the difference between 2 scénarios? is this any article that explain that?

Thanks in advance :)

Mondher

Edited by HMondher Thursday, February 2, 2012 11:36 AM

------------------------------------
Reply:

Hi ,

I recommend you view Exchange 2003 and Exchange 2010 network Port about 135 port. And you will understand.

Port Used in Exchange Server 2003:

http://technet.microsoft.com/en-us/library/bb124075(v=exchg.65).aspx

Exchange Network Port Reference:

http://technet.microsoft.com/en-us/library/bb331973.aspx

Wendy Liu - MSFT

------------------------------------
Reply:

Hi ,

The similar issue for your reference.

http://social.technet.microsoft.com/Forums/en-US/exchangesvrclients/thread/6d79d0b7-0aa7-4689-925c-c0eb37c59780

Wendy Liu - MSFT

------------------------------------
Reply:

has anyone an answer for this question please?

Some peoples said that RPC 135 is required for calendar details other said No, i'm really confused !!!!!!!!

kinds

------------------------------------

SCCM architecture

Where can I find the sample case studies or Diagrams for SCCM !!

Abheek Dutta IT Analyst

Changed type Sabrina Shen Tuesday, February 21, 2012 9:12 AM

Reply:

There are none, because every implementation will be unique ...

Torsten Meringer | http://www.mssccmfaq.de

------------------------------------
Reply:

Hi Torsten,

I know . That's why I mentioned any sample case studies or diagrams !! :-)

Abheek Dutta IT Analyst

------------------------------------
Reply:

That's why I mentioned any sample case studies or diagrams !! :-)

Try this http://anoopmannur.wordpress.com/2010/12/31/sample-of-sccm-configmgr-highlevel-architecturedesign/

Anoop C Nair - @anoopmannur

MY BLOG: http://anoopmannur.wordpress.com

User Group: ConfigMgr Professionals

This posting is provided AS-IS with no warranties/guarantees and confers no rights.

------------------------------------

Discuss Private Cloud Infrastructure as a Service Monitoring and Manageable Applications

Discuss the Private Cloud Infrastructure as a Service Monitoring and Manageable Applications article here.

Thanks!

Tom

MS ISDUA/UAG DA Anywhere Access Team Get yourself some Test Lab Guides! http://blogs.technet.com/b/tomshinder/archive/2010/07/30/test-lab-guides-lead-the-way-to-solution-mastery.aspx

Changed type Kristian Nese [MSFT]Microsoft employee Tuesday, February 7, 2012 4:39 PM Changing it to "General Discussion"

Problem selecting queues in userrole

Hello all,

I've got the following problem; since CU3 ouis installed our custom made incident form erases all the fields when a service engineer clicks on "apply".

The information is saved, but the form has been emptied which makes a immediate followup tricky. I managed to trace back the problem to the userrole rights. If I edit the userrole to include all the queues than this problem doesn't occur.

However; the strange thing is that I need to check the option "All work items can be accessed" . If I use the combination "Provide access to only the selected queues" in combination with "select all", it DOESN'T work. Which in my opinion should be exactly the same? So apparently there is some sort of "internal" queue which is selected when I use the "All work items can be accessed" option.

The problem is that I cannot use this option, since I have implemented several dedicated Servicedesk departments in our SCSM setup, and they are not allowed to see each other Incidents. Does anyone have any insight in this? Is it possible to edit the userrole in an other way?

Regards

Martijn

Edited by Martijn van Zeeland Tuesday, February 7, 2012 12:55 PM

Reply:

Hi,

Queues and Groups are updated on a set interval - so once the incident is saved, it can actually take a couple of minutes until it's actually accessable for people in the Queue.

Regards
//Anders

Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se

------------------------------------
Reply:

Hi,

Queues and Groups are updated on a set interval - so once the incident is saved, it can actually take a couple of minutes until it's actually accessable for people in the Queue.

Regards
//Anders

Anders Asp | Lumagate | www.lumagate.com | Sweden | My blog: www.scsm.se

Hi Anders,

Thanks for the reply, however that's not the issue, if you fill in an incident form, and you click Apply instead of OK then the entire form is erased of it's content. If you change the userrole to include all queue's than this doesn't happen...

------------------------------------

Outlook 2010 Auto Reply based on time of day

Hello,As many of us have regular time on which we work and leave the office is there a way of automatically enable the Outlook Auto-reply at a certain time and switch it of at another time or be able to schedule this based on rules. I went thru all the rules option but this is only based on dates or other triggers but not based on the time-of-day.As an example my shift starts at 23:00 UTC and end at 07:00 UTC on weekdays. It woul be great if the Outlook folks created an option to schedules such kind of things.If somebody has a wsh script or VB add-on which dioes the same please let me know.Regards.Erwin

Reply:

Hi there,

you may try below settings for all the users and schedule this every day at particular time as you wished

http://www.telnetport25.com/2012/01/exchange-2010-out-of-office-fun-with-set-mailboxautoreplyconfiguration/

http://www.mikepfeiffer.net/2010/07/manage-exchange-2007-out-of-office-oof-settings-with-powershell-and-the-ews-managed-api/

Kottees : My Blog : Please mark it as an answer if it really helps you.

------------------------------------
Reply:

Hi DrEvl,

try this process:

To use Outlook 2007 to turn on and turn off Out-of-Office replies

On an Outlook 2007 client computer, on the Tools menu, click Out of Office Assistant.
In Out of Office, perform the appropriate task:
- To turn on out-of-office replies, click Send Out of Office auto-replies, and then customize your auto-reply messages.
- To turn off out-of-office replies, click Do not send Out of Office auto-replies.

How to Turn on and Turn Off Out-Of-Office Replies

Thanks... (Rember to vote as Helpful.)

------------------------------------

Installation requirements to run SSIS package on a server??

Can any one tell me about the installation requirements to run an EXE which has ssis package implementation on a server..

SUNIL PARISI

Reply:

Hi,

To execute SSIS Package you need to Install Integration Service on same server.

Shailesh, Please mark the post as answered if it answers your question.

------------------------------------
Reply:

You need to have SSIS runtime components to exist on the server where you need to run the SSIS packages. However this will not be available for separate download.

Phani Note: Please vote/mark the post as answered if it answers your question/helps to solve your problem.

------------------------------------
Reply:

Hi,

To execute SSIS Package you need to Install Integration Service on same server.

Shailesh, Please mark the post as answered if it answers your question.

That's not true. The SSIS service is only used to monitor packages and to manage package storage.
To run SSIS packages, you only need the DTEXEC executable.

http://support.microsoft.com/kb/942176

MCTS, MCITP - Please mark posts as answered where appropriate.
Answer #1: Have you tried turning it off and on again?
Answer #2: It depends...

------------------------------------
Reply:

Hi,

To execute SSIS Package you need to Install Integration Service on same server.

Shailesh, Please mark the post as answered if it answers your question.

That's not true. The SSIS service is only used to monitor packages and to manage package storage.
To run SSIS packages, you only need the DTEXEC executable.

http://support.microsoft.com/kb/942176

MCTS, MCITP - Please mark posts as answered where appropriate.
Answer #1: Have you tried turning it off and on again?
Answer #2: It depends...

I wanted to say Integration Services (SSIS) not Integration Services Serivce

since installing it will install Integration Services core components and the dtexec which require to execute package.

Shailesh, Please mark the post as answered if it answers your question.

------------------------------------
Reply:

I wanted to say Integration Services (SSIS) not Integration Services Serivce
since installing it will install Integration Services core components and the dtexec which require to execute package.

Shailesh, Please mark the post as answered if it answers your question

That is indeed something very different :)

MCTS, MCITP - Please mark posts as answered where appropriate.
Answer #1: Have you tried turning it off and on again?
Answer #2: It depends...

------------------------------------
Reply:

Hello Sunil,

After development of package do the following steps for package installation:

1) Make a Deployment Manifest file. For this Right Project and Create. It will save in Bin\Deployment Folder

2) Now Double Click on the Manifest File. You will see Installation Wizard for the package installation.

3) Follow the steps as per your requirements (Deploy the package, Configure it with your parameters, etc.)

You need Integration Services installed on the Server where you are deploying, Execute Package Utility (dtexecui) and you have to start SQL Server Agent.

Kind Regards

Dani

------------------------------------
Reply:

...and you have to start SQL Server Agent.

That's only necessary if you want to schedule the SSIS package through SQL Agent.

MCTS, MCITP - Please mark posts as answered where appropriate.
Answer #1: Have you tried turning it off and on again?
Answer #2: It depends...

------------------------------------

Shared storage mandatory ?

Hi,

Is there a way to use failover clustering with two nodes but without a shared storage ?

Or is it mandatory to put an external disk as shared storage connected to the 2 servers ?

Thank you for your answers

Changed type Vincent Hu Wednesday, February 8, 2012 8:05 AM discussion is better

Reply:

I have looked at ioDrives in combination with Steeleye datakeeper for our SQL server. Steeleye promises that it does not need shared resources. We decided to go for a SAN. You can look it up and download evaluation software.

Fred

------------------------------------
Reply:

Hi,

You need to have the same data available to both of the nodes. The only supported way I know of that does not required shared storage between the two nodes is a mult-site cluster however this will usually utilise a enterprise SAN with SAN replication between the two storage arrays to provide the same data to both nodes.

You usually use iSCSI, SAN or external DAS arrays for this.

Sean Massey | Consultant, iUNITE

Feel free to contact me through My Blog, Twitter or Hire Me.
Please click the Mark as Answer button if a post solves your problem!

------------------------------------
Reply:

Hi,

Thanks for your reply.

For what I have understood, I will need a SAN/iSCSI or DAS to have a common disk for my two nodes...

Is it possible, whatever software I run on one node, to have it available on the other node in case of failure of thie first node ? (assuming I put the software data on the external disk of course)

And do you have a model of disk to give me that will be not too expensive ? My two servers are DELL and will be in a rack. So I need the disk to be in the rack too.

Thanks again.

------------------------------------
Reply:

For an application to work successfully with a cluster it normally needs to be written to be cluster aware, although you can probably make certain applications work within a cluster it may be quite difficult. Is the application you are trying to cluster proprietary?

Recommending specific hardware is too difficult due to the fact that there are too many unknowns. I would suggest that you contact your Dell account manager. Dell have a large number of suitable storage arrays available. In order to choose one appropriate you really need to know things like your expected IOPS, RAID requirements, storage redundancy requirements, if pondering iSCSI you need to know about your network infrastructure, etc, etc.

Sean Massey | Consultant, iUNITE

Feel free to contact me through My Blog, Twitter or Hire Me.
Please click the Mark as Answer button if a post solves your problem!

------------------------------------
Reply:

No, the application is not designed to work with cluster. But maybe I can install the software on each server, and use only one instance at a time. But I need the data of this software to be common of course.

Concerning the choice of storage, I have contacted my DELL account manager to have more technical information.

Fred B. has talked about "Steeleye Datakeeper". Is it really a good solution to replace a shared storage ?

Really thank you for your help.

------------------------------------
Reply:

Hi Marco,

We use a two node failover cluster with a 4 node iSCSI SAN for Hyper-V virtualisation. For a specific situation (SQL server replication with high IOPS) I have looked at the Steeleye Datakeeper Solution which promises shared-nothing clustering based on host replication integrating with Microsoft failover clustering.
As we will be adding more cluster nodes and ioDrives are still expensive, we choose to stick with the SAN. The principle of Steeleye can also be used without ioDrives. I am still watching the developments of ioDrives and Netlist Hyper-cloud RAM as I belief it will replace current technology.

This link is from the iodrive perspective:
http://www.fusionio.com/blog/do-you-have-to-sacrifice-high-availability-for-high-performance/H

From Steeleye:
"SteelEye DataKeeper Cluster Edition extends the robust DataKeeper replication engine to allow the use of replicated volumes within Windows Server Failover clustering in lieu of a shared disk. Once DataKeeper Cluster Edition is installed, a new cluster called a DataKeeper Volume replaces the shared disk resource required in traditional clusters, allowing users to build clusters without shared storage. Microsoft refers to this type of cluster as a multi-site cluster and relies on 3rd party replication engines such as SteelEye DataKeeper Cluster Edition to enable multi-site configurations."
http://us.sios.com/products/steeleye-datakeeper-windows/

Steeleye Quickstart:
http://docs.us.sios.com/DK4W/DK4WCEQuickStartWHTarget/

Have fun.

Edited by Fred B. _ Saturday, February 4, 2012 9:20 PM

------------------------------------
Reply:

Hi,

Is there a way to use failover clustering with two nodes but without a shared storage ?

Or is it mandatory to put an external disk as shared storage connected to the 2 servers ?

Thank you for your answers

Absolutely not. There are number of companies and products except already referenced SteelEye (AFAIK it has issue of putting one VM to one LUN most people don't do it) solving this task either mirroring whole LUNs (StarWind Native SAN for Hyper-V and DataCore SANsymphony-V) or only VHD files between multiple hosts (VM6 and Virsto). StarWind and DataCore can work w/o Hyper-V not sure about VM6 and Virsto. Never seen Steel Eye in action.

-nismo

------------------------------------
Reply:

Hi,

Is there a way to use failover clustering with two nodes but without a shared storage ?

Or is it mandatory to put an external disk as shared storage connected to the 2 servers ?

Thank you for your answers

You've asked on Windows forum so I assume you run Windows, don't you? :) But whole concept of using DAS instead of SAN/NAS is not new. Red Hat experimental hypervisor called KVM can feed mirrored storage from both nodes, Xen (don't confuse with XenServer) can do it out-of-box as well and DRBD does this for years. So you may solve your issue with paid software under Windows or you may re-think what you're doing :) Here are some links just in case you'd like to read on topic:

http://www.drbd.org/

http://www.linbit.com/en/products-services/drbd-enterprise-cluster/drbd-storage-enterprise-cluster/

http://www.linux-kvm.org/page/Migration

http://blog.allanglesit.com/2011/08/linux-kvm-management-live-migration-without-shared-storage/

Hope is helped :)

-nismo

------------------------------------
Reply:

I have read all the links you have all given to me... Thank you for that.

To answer one question : Yes, I will use Windows Server 2008 R2 Enterprise Edition.

It is really hard to decide what architecture must be build for my needs... I am a bit lost in fact :-(

I have two servers under Windows Server 2008 R2 (already bought) that must be set in failover clustering.

This cluster will manage a network of 15 workstations. For now, I have only the two servers (no shared storage, no replication software).

So, what is the best solution to "activate" the cluster ?

And I have also to install Tripwire Log Center to collect all the logs from each workstation and each server.

In fact, I don't understand where I can install Tripwire (on one of the node ?, on both ?) and what will happen for Tripwire if one node goes down ?

I know this must be basic for clustering expert but I am a bit lost...

Thanks for any help.

------------------------------------
Reply:

I am not sure for what application you need High Availability. A cluster server setup needs shared storage in order to be able to provide high availability. Cluster server nodes monitor heartbeats and in case of a node failure will start failover of cluster systems/applications. On top of cluster server you run for example virtual servers giving you the ability to provision, load balance, and make them HA. Installing Tripwire on the local disk of a cluster node won't make it HA. Tripwire in that case would fail with the cluster node. If you installed it on a virtual server on the shared storage resource that VM would failover and Tripwire with it, IF its database is cluster aware, fault tolerant.

With 15 workstations cluster server might be the deep end. It gives you two active cluster server nodes versus server mirroring which has an active and passive node for mission critical apllications. I am not sure what is mission critical in your case, compared to disk RAID, redundant power, UPS, spare parts and a good backup procedure.

For cluster server you need shared storage, period. Steeleye is a possibility for nothing shared. If you have an (older) third server you could use it for a software virtual SAN solution like Starwind or HP VSA. The high end is a hardware SAN.

You can also check out HP storage mirroring software but that gives you one active hardware host and a second passive one. On the active server host you can run a number of Hyper-v virtual servers depending on your licence.

Edited by Fred B. _ Sunday, February 5, 2012 1:45 PM

------------------------------------
Reply:

Really thank you for the time spent to answer me. It's a bit clearer now.

Concerning Tripwire, do you think I can install a licence on each node (so totally independent instances of the software) that will both collect every logs from all the workstations ?

So that if one node is down, I have everything also on the other node.

For me, the failover clustering is really used for the active directory, in order for each workstation to be able to log on, even if one server is down.

The other software I will install does not need the HA, but must be installed on the two servers.

Also, you have talked about Hyper-V. I don't see how Hyper-V will be used in my case ?

Thank you again.

------------------------------------
Reply:

Marco, you don't need failover clustering for AD, you can join a second Domain Controllor to an existing domain for that.

Tripwire can be made HA and Failover as it's database can be Ms-SQL and data collection, log management and database server can run on separate virtualized systems. MySQL can also be made HA http://www.clusterdb.com/mysql/mysql-with-windows-server-2008-r2-failover-clustering/

What more do you need? Have you looked at MS Small Business Server? It is a product I would advice for small/medium sized companies, pre-configured out of the box with wizards to run for configuration. I would advice secure AD user and password policies, a good virus scanner solution and a good firewall with AD integration.

Read up on virtualization. If you bought W2008 R2 you have the possibility to run Hyper-V virtual servers on your W2008 R2 host system. The guest OS in that virtual server (VM) can be your OS of choice and be given your role of choice. Virtualization gives you the opportunity to utilize your hardware more efficient and effective, seperating server roles on their own VM and giving you more bang for your hardware buck.

For an explenation have a look at: http://www.youtube.com/watch?v=5gYvSdZMWO4

Edited by Fred B. _ Sunday, February 5, 2012 4:56 PM

------------------------------------
Reply:

I have read all the links you have all given to me... Thank you for that.

To answer one question : Yes, I will use Windows Server 2008 R2 Enterprise Edition.

It is really hard to decide what architecture must be build for my needs... I am a bit lost in fact :-(

I have two servers under Windows Server 2008 R2 (already bought) that must be set in failover clustering.

This cluster will manage a network of 15 workstations. For now, I have only the two servers (no shared storage, no replication software).

So, what is the best solution to "activate" the cluster ?

And I have also to install Tripwire Log Center to collect all the logs from each workstation and each server.

In fact, I don't understand where I can install Tripwire (on one of the node ?, on both ?) and what will happen for Tripwire if one node goes down ?

I know this must be basic for clustering expert but I am a bit lost...

Thanks for any help.

Give a fast try to StarWind as it's pretty easy to install just to find out would whole concept work for you or not. Sorry I have no idea what Tripwire is and how it's related to clustering :)

-nismo

------------------------------------
Reply:

In fact, I realize that might failover clustering is too big for my needs.

What I need, if possible, is to have two servers and one is the replication of the other. If the first one stopped, I start the second one and I retreive all my data.

------------------------------------
Reply:

In fact, I realize that might failover clustering is too big for my needs.

What I need, if possible, is to have two servers and one is the replication of the other. If the first one stopped, I start the second one and I retreive all my data.

There are many ways to skin a cat (c) ...

You may find some sort of replication software for Windows (Double Take or whatever they call themselves now had one for years) suiting your needs. But I would suggest to choose a common route other people could help you with. In this particular case it's running a hypervisor, putting your servers into VMs spread on a different hardware and using some shared storage for data they produce. And running HA or failover. IMHO of course.

-nismo

------------------------------------
Reply:

I don't really understand how Hyper V will be used inside my architecture in fact :-(

You mean the two servers will be physically linked to a shared storage with failover clustering activated.

And on each server, I run a VM for all the other software ?

------------------------------------
Reply:

I don't really understand how Hyper V will be used inside my architecture in fact :-(

You mean the two servers will be physically linked to a shared storage with failover clustering activated.

And on each server, I run a VM for all the other software ?

Yes, exactly! If your app is not cluster aware you need to configure HA. So if one node will die you'll eventually switch to second one with nearly no downtime. Something you wanted, right?

-nismo

------------------------------------
Reply:

Yes, thank you very much !

I will try to go on with all the information everyone gave to me.

------------------------------------

WD smartware and compacting virtual disk.

I seem to have found a glitch.

While compacting XP vhd, it seems the WD smartware tries to follow which ends up with a code 67 and compact fails.

I stopped WD from auto back up, but it appears to have made no difference, I have had no previous problems and other then code 67 in wvpc, no other errors are prompting.

I am compacting again, with WD backup dissabled, but the WD drive is very active, and it has nothing to do with wvpc or XP mode, so I wonder why compacting or WD is behaving this way?

Changed type Niki Han Wednesday, February 15, 2012 9:17 AM

Reply:

Came up with code 67 agian, compacting failed, the Wd drive not as active but still active and my XP drive is still active?

Time to power down I guess.

------------------------------------
Reply:

I didnt power down, and all has returned to normal, but I havent tried compact again, XPmode is running normal.

So I will try to compact again.

------------------------------------
Reply:

I ended up with code 67 again, WD auto backup will need to be dissabled or it will backup the the compact at the same time, whch interfere's with compacting.

------------------------------------
Reply:

Hi,

Thanks for your time and efforts to test the compatibility issue. Since WD SmartWare is a third party software, I suggest consulting WDC support to confirm if it is a known issue.

Niki Han

TechNet Community Support

------------------------------------

configure RTAudio with constant bit rate

is there an option to configure Lync to use RTAudio with constant bit rate and not variable bit rate?I saw in RAudio overview document that this should be possible:

Reply:

is there an option to configure Lync to use RTAudio with constant bit rate and not variable bit rate?I saw in RAudio overview document that this should be possible:

the doc says: The RT Audio encoder is capable of encoding single-channel (mono), 16 bits per sample audio signals. The encoder can be configured to run in constant bit rate mode or variable bit rate mode

------------------------------------

internet ixplorer

have 2 or more of internet explorer when statr

Changed type Niki Han Wednesday, February 15, 2012 9:16 AM

Reply:

Maybe you can explain what's going wrong in more detail?

My blogs: Henk's blog and Virtuall | Follow Me on: Twitter | View My Profile on: LinkedIn

------------------------------------
Reply:

Hi,

If possible, please use PSR to capture the issue.

How do I use Problem Steps Recorder?
http://windows.microsoft.com/en-US/windows7/How-do-I-use-Problem-Steps-Recorder

Niki Han

TechNet Community Support

------------------------------------

Using MSProject with SharePoint 2010

We want to save MS Projects (2010) on SharePoint 2010 and link them to form hierachies of a prgramme. (MS Project is not the server edition). Depending on particular user's designation, we would like to assign specific permissions (CRUD) to them. So an administrator may have full rights; the project managers will have full rights over their own projects, but not be able to see the projects of other PM's. Department managers will be have read access only to those projects within their department; Division managers will have read rights of all projects in their departments; and executives to have read rights of all projects. Some variations of this may be required.

Can SharePoint be set up to allow such configurations (including cases where new departments are created or amalgamated). I have been told that everytime there is a change, SharePoint will need to be reinstalled with the new configuration. I cannot believe that this is the case.

Any assistance will be appreciated.

Thanks,

Allen Lang

Reply:

You are talking about MS Project Plan (.mpp) files, correct?

Yes, SharePoint can do what you are asking, its simply a matter of assigning the appropriate permissions to each file. I recommend you assign the permissions to SharePoint groups and then add your users into these groups. Depending on the size of your organization and your administrative requirements, you may want to create Active Directory security groups with the users as members and join these AD groups into the SharePoint groups.

This could get complicated if you have many project plans in the same document library.

------------------------------------
Reply:

Thanks, Jason.

Allen +27 (0) 21 532 7040

------------------------------------

access to deploymentshare

why is it possible to access from a client with local administrator login to deploymentshare$ after setup

there is only domain users in local\users (server), and no everyone?

Chris

Reply:

MDT maps a network drive to the deployment share during deployment. Also, if your local admin password is the same as your domain you will get access.

/ Johan

Regards / Johan Arwidmark Twitter: @jarwidmark Blog: http://www.deploymentresearch.com FB: www.facebook.com/deploymentresearch

------------------------------------
Reply:

I think I have found it. It's the User the we have defined in bootstrap.ini

Chris

------------------------------------

Duplicate Sent MS Outlook Emails associated with Gmail POP3 & IMAP account

When sending Gmail Pop3/IMAP emails from my laptop via MSOutlook two messages get sent; however, when sending the message from the Gmail web access, only one message gets sent. IMAP and POP3 are both enabled, could this be the reason for the duplicate sent emails? I am not receiving duplicate emails in my Inbox.

How could I resolve this issue?

Reply:

Based on my recall, we could setup Gmail Pop3/SMTP account and Gmail IMAP/SMTP account separately and individual. (create the Pop3 account data file first) And we only could Send mail from one type of account in one time.

A bit more information and your exact steps how you configure the Gmail account would be helpful. You may capture a screenshot in Outlook Account setting feature.

Thanks.

Tony Chen

TechNet Community Support

------------------------------------

Wednesday, March 2, 2022

Which Objects to be used for .net API out of SPSite(server) or Site(client)

Which Objects to be used for .net API out of SPSite(server) or Site(client)

Patch updation

Forums 4 - Release 35 - February 6

Hyper-V VPS Disk I/O bottleneck??

backing up hyper-v server running sbs 2011 to the cloud

Server 2003, full LAN/WAN access, no access to www (internet)...totally stumped

IE 8 support in Windows 7

The security database on the server does not have a computer account for this workstation trust relationship

Features MDT V/S SCCM OSD

Alert history time vs. alert created property

FIM 2010 Hotfix Installation - Error 25070 These workstations have sessions with open files on this server

Converting UNIX date/time bigint value to SQL DateTime format

FIM 2010 - Working with the Recycle Bin Feature in Windows Server 2008 R2 Active Directory

FIM 2010 - Installation Companion - Accounts

IIS Management Pack - Default website cannot be started (port 80 in use)

asus m4a88t-m express gate problem feb 05 2012

Kundly 2009 compitibility problem with the Windows7.0

Fabric Management in the IaaS Private Cloud Article

SWIFT standard Developer Kit (SDK) adoption

Kjell Uppheim-administrator

sub report formatting

sub report formatting

Technical difference between Adapter and Pipelines

In SharePoint 2010 event calendar , which column can be used as edit area, which allow the user to embed links, images, video and text?

how to get all task list items from all sites in a web application

Outlook 2010 not syncing with exchange 2010, iOS devices fine.

libiodbc.so & libodbc.so error: cannot open shared object file.

help with seeing web page

Shared Calendar in mixed mode

SCCM architecture

Discuss Private Cloud Infrastructure as a Service Monitoring and Manageable Applications

Problem selecting queues in userrole

Outlook 2010 Auto Reply based on time of day

Installation requirements to run SSIS package on a server??

Shared storage mandatory ?

WD smartware and compacting virtual disk.

configure RTAudio with constant bit rate

internet ixplorer

Using MSProject with SharePoint 2010

access to deploymentshare

Duplicate Sent MS Outlook Emails associated with Gmail POP3 & IMAP account

Setup is Split Across Multiple CDs