I have up Azure AD DS, have joined some Windows 10 PC's, and created some security groups and GPO's. I am getting investigating an error in the Windows 10 System Event Log (Event 4, Security-Kerberos. The Kerberos client received a KRB_AP_ERR_Modified error from the server [AADDS-DC-SERVER-NAME$]. The target name used was ldap/FQDN-OF-SERVER/DOMAIN.COM#DOMAIN.COM. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (DOMAIN.COM) is different from the client domain (DOMAIN.COM), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.). I thought I'd do a quick test on the AADDS Domain Controllers with DCDIAG, and they are showing that Replications have been failing since yesterday. Results below:
Starting test: Replications [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: DC=ForestDnsZones,DC=domain,DC=com The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2020-01-17 10:48:28. The last success occurred at 2020-01-16 03:58:53. 34 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: DC=DomainDnsZones,DC=domain,DC=com The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2020-01-17 10:48:28. The last success occurred at 2020-01-16 03:58:53. 45 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=com The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2020-01-17 10:48:28. The last success occurred at 2020-01-16 03:58:53. 31 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: CN=Configuration,DC=domain,DC=com The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2020-01-17 10:48:28. The last success occurred at 2020-01-16 03:58:53. 33 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC1 to DC2 Naming Context: DC=domain,DC=com The replication generated an error (-2146893022): The target principal name is incorrect. The failure occurred at 2020-01-17 11:15:57. The last success occurred at 2020-01-16 04:54:52. 1777 failures have occurred since the last success. ......................... DC2 failed test Replications
Given that the AADDS DC's are supposed to be locked down, how is this happening?
Raised a case with Azure Support, they confirmed this should not happen and raised with their backend team. Issue appears to now be resolved.
Related
I have successfully set up a scan for an on-prem dev sql instance. However, i am trying to set up scans on multiple on-prem sql instances.
I have successfully installed the integration run time agent on a server I want to scan. When I double check the credentials to be sure the username and password are correct, it passes as successful.
When I go to set up the scan against this same db, I use the appropriate user name and secret out of the key vault. While setting up the scan, Purview sees all the tables in the db I am wanting to scan.
So, my thought it, if the username or password were incorrect, it wouldn't pass the connection test and or see the tables in the db I'm wanting to scan.
Ok, so after I start the scan, it fails.
In the logs on that server, I can see where it fails w/ the following error code: 7000215
According to https://login.microsoftonline.com/error?code=7000215, this error message is: Developer error - the app is attempting to sign in without the necessary or correct authentication parameters.
So, I'm at a loss at why I can see the db and tables, but it continues to fail the scan.
The event viewer details show: Message:(AADSTS7000215: Invalid client secret is provided.)
Any help or recommendations would be greatly appreciated.
Here's the actual error message:
Retrieving auth token from AAD failed, exception thrown
(Type:(Microsoft.IdentityModel.Clients.ActiveDirectory.AdalServiceException),
Message:(AADSTS7000215: Invalid client secret is provided. Trace ID:
525bc331-5788-4d3c-a576-3570c5c92b00 Correlation ID:
acfc0ed8-c522-4e3b-8922-804df3bf2fbe Timestamp: 2021-02-22 04:06:46Z),
StackTrace:( at
Microsoft.DataTransfer.Execution.DataScan.Retry.d__1`1.MoveNext()
--- End of stack trace from previous location where exception was thrown --- at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task) at
Microsoft.DataTransfer.Execution.DataScan.DataScanManagementServiceClient.d__22.MoveNext())
, InnerException (Type:(System.Net.Http.HttpRequestException),
Message:(Response status code does not indicate success: 401
(Unauthorized).), StackTrace:() , InnerException
(Type:(Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException),
Message:({"error":"invalid_client","error_description":"AADSTS7000215:
Invalid client secret is provided.\r\nTrace ID:
525bc331-5788-4d3c-a576-3570c5c92b00\r\nCorrelation ID:
acfc0ed8-c522-4e3b-8922-804df3bf2fbe\r\nTimestamp: 2021-02-22
04:06:46Z","error_codes":[7000215],"timestamp":"2021-02-22
04:06:46Z","trace_id":"525bc331-5788-4d3c-a576-3570c5c92b00","correlation_id":"acfc0ed8-c522-4e3b-8922-804df3bf2fbe","error_uri":"https://login.microsoftonline.com/error?code=7000215"}:
Unknown error), StackTrace:() ) ) ) Job ID:
986cf741-f4bf-4333-a51e-b9c04a15a75c Log ID: Error
I was able to address this issue.
The issue was the integration services run time client was not the most recent version.
A newer version (IntegrationRuntime_5.2.7713.1)
Once I installed this version, I was able to scan the databases previously not able to be scanned.
I am an Administrator for a company, we have multiple servers on premises,
1 is a Database Server (DATABASESERVER) running Windows Server 2008 R2 and SQL 2008 and IIS 7
1 is a Application Server (APPSERVER) running Windows Server 2008 R2
We have a company who owns and manages our CRM System installed across all 2 of these servers, DATABASESERVER contains the Database, the HTTPSERVER contains the Internal Web CRM for the staff to use, and the APPSERVER manages the print/sms/emails/timed executions etc through the 3rd party company's applications.
The 3rd Party Company's applications keep crashing on the APPSERVER and they are blaming this on the loss of connection to the DATABASESERVER which is what an error their system is producing is saying in the logs, however the staff do not have any issues with the Website which uses the same Database.
The error message they have provided for me to fix this is at the bottom, and they are fixating on this bit of the error.
[[DBNETLIB][ConnectionWrite (WrapperWrite()).]General network error. Check your network documentation.])
but it is my understanding that with the above section of the error there should be a SQLSTATE code?
Any help on this error would be greatly appreciated.
The VB Application identified by the event source logged this Application zXTmdExec: Thread ID: 12408 ,Logged: Timed execution: zX.clsDSHPrimary.iDSHandler_sqlRS: Unable to execute query (SELECT TOP 1 [zxPrcssMntr].[stts] AS [zxPrcssMntr_stts], [zxPrcssMntr].[autoPse] AS [zxPrcssMntr_autoPse], [zxPrcssMntr].[autoRsme] AS [zxPrcssMntr_autoRsme], [zxPrcssMntr].[lstStrtd] AS [zxPrcssMntr_lstStrtd], [zxPrcssMntr].[prcssCntrlId] AS [zxPrcssMntr_prcssCntrlId] FROM [zxPrcssMntr] WHERE (1 = 1) AND ([zxPrcssMntr].[id] = 'timedExecGeneral') [[DBNETLIB][ConnectionWrite (WrapperWrite()).]General network error. Check your network documentation.])
zX.clsDSHPrimary.iDSHandler_loadBO: Unable to execute load query (SELECT [zxPrcssMntr].[stts] AS [zxPrcssMntr_stts], [zxPrcssMntr].[autoPse] AS [zxPrcssMntr_autoPse], [zxPrcssMntr].[autoRsme] AS [zxPrcssMntr_autoRsme], [zxPrcssMntr].[lstStrtd] AS [zxPrcssMntr_lstStrtd], [zxPrcssMntr].[prcssCntrlId] AS [zxPrcssMntr_prcssCntrlId] FROM [zxPrcssMntr] WHERE (1 = 1) AND ([zxPrcssMntr].[id] = 'timedExecGeneral'))
zx.clsBOS.loadBO: Error during loadBO for data source (primary)
zxMisc.clsPrcssMntr.nextCycle: Unable to reload when cycling in prcssMntr
zX.clsDSHPrimary.iDSHandler_rollbackTx: Untrapped error (Connection failure)
zXTmdExec.modMain.goGoGo: Severe process monitor error
zX.clsDSHPrimary.iDSHandler_sqlExecute: Unable to execute query (DELETE FROM [zxSssn] WHERE (1 = 1) AND ([zxSssn].[id] = 79495)[[DBNETLIB][ConnectionWrite (WrapperWrite()).]General network error. Check your network documentation.])
zX.clsDSHPrimary.iDSHandler_deleteBO: Unable to delete BO
zx.clsBOS.deleteBO: Delete by data-source handler failed (primary)
zx.clsSession.disConnect: Unable to delete session
I have a server where in I can upload and retrieve data fast when my server is in (take offline) mode but if I live the server (with 150 + process) in SQL Server, I get an error from the application:
The server was unable to process the request due to an internal error.
For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs.
This is my screenshot of the server
and this is the error in Vb.net application
Error Logs
Date,Source,Severity,Message
12/05/2017 17:01:09,spid139,Unknown,CHECKDB for database 'SALESANDTRACKING07272017' finished without errors on 2016-06-07 00:00:09.867 (local time). This is an informational message only; no user action is required.
12/05/2017 17:01:06,spid139,Unknown,Starting up database 'SALESANDTRACKING07272017'.
12/05/2017 17:01:06,spid139,Unknown,Setting database option ONLINE to ON for database SALESANDTRACKING07272017.
12/05/2017 17:00:51,spid68,Unknown,Setting database option OFFLINE to ON for database SALESANDTRACKING07272017.
12/05/2017 17:00:51,spid68,Unknown,Process ID 139 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:51,spid68,Unknown,Process ID 105 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:51,spid68,Unknown,Process ID 53 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:44,spid68,Unknown,CHECKDB for database 'SALES07272017' finished without errors on 2016-06-07 00:00:09.867 (local time). This is an informational message only; no user action is required.
12/05/2017 17:00:40,spid68,Unknown,Starting up database 'SALES07272017'.
12/05/2017 17:00:39,spid68,Unknown,Setting database option ONLINE to ON for database SALES07272017.
12/05/2017 17:00:35,spid203,Unknown,Setting database option OFFLINE to ON for database SALES07272017.
12/05/2017 17:00:35,spid203,Unknown,Process ID 145 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:35,spid203,Unknown,Process ID 134 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 17:00:35,spid203,Unknown,Process ID 68 was killed by hostname DESKTOP-NAVEQ78<c/> host process ID 18060.
12/05/2017 16:41:57,spid70,Unknown,The client was unable to reuse a session with SPID 70<c/> which had been reset for connection pooling. The failure ID is 29. This error may have been caused by an earlier operation failing. Check the error logs for failed operations immediately before this error message.
12/05/2017 16:41:57,spid70,Unknown,Error: 18056<c/> Severity: 20<c/> State: 29.
12/05/2017 16:37:40,spid121,Unknown,The client was unable to reuse a session with SPID 121<c/> which had been reset for connection pooling. The failure ID is 29. This error may have been caused by an earlier operation failing. Check the error logs for failed operations immediately before this error message.
12/05/2017 16:37:40,spid121,Unknown,Error: 18056<c/> Severity: 20<c/> State: 29.
12/05/2017 16:24:36,spid66,Unknown,The client was unable to reuse a session with SPID 66<c/> which had been reset for connection pooling. The failure ID is 29. This error may have been caused by an earlier operation failing. Check the error logs for failed operations immediately before this error message.
12/05/2017 16:24:36,spid66,Unknown,Error: 18056<c/> Severity: 20<c/> State: 29.
12/05/2017 16:23:14,spid61,Unknown,CHECKDB for database 'SALESANDTRACKING' finished without errors on 2016-06-07 00:00:09.867 (local time). This is an informational message only; no user action is required.
12/05/2017 16:23:13,spid61,Unknown,Starting up database 'SALESANDTRACKING'.
12/05/2017 16:23:13,spid61,Unknown,Setting database option ONLINE to ON for database SALESANDTRACKING.
12/05/2017 16:07:20,spid61,Unknown,Setting database option OFFLINE to ON for
please see this screen shot from the server (memory usage)
Process in the server
https://ibb.co/nA2AHw
whenever I try to upload data in the server it goes to the servicereference.channelafter that it goes to the api apibilling but the thing here whenever the application sends data to the services and api then from there to server the pooling of process in the server makes the consuming of the memory and for that the error will occur because it cannot handle the other connection in the application
try to change my connection string to my other server with smaller process and it works... I conclude that the memory is the problem I will upgrade the memory of the server to 64gb.. by the way my current server has 32 ram on thanks for all the help :D it seems that the error is not on the Api or service behavior , it's the memory that causes the problem
and as far as I know on the server you must upgrade the memory if the database will expand fast that there are new users that are currently login in the application then it will have consume another memory.
'=========Updated Answer December 13, 2017 1:16 am------------------
I browse the internet and I search DataAdapter vs. DataReader and I found out that DataAdapter goes to memory cache while the DataReader The DataReader provides an unbuffered stream of data that allows procedural logic to efficiently process results from a data source sequentially. The DataReader is a good choice when retrieving large amounts of data because the data is not cached in memory.
I get that to this link http://www.dotnetcurry.com/aspnet/143/convert-data-reader-to-data-table
I use dataadapter when retrieving data so It happens that 150 + process will consume a lot of memory cache
'=========Updated Answer January 16, 2018 1:16 am------------------
My solution from this problem is Indexing
I read from this
What is an index in SQL?
that indexing has the ability to retrieve large amount of data in an instant
but beware to use indexing
I just read this
https://www.sqlpassion.at/archive/2016/03/29/clustered-indexes-advantages-disadvantages/
if you use many indexes the adding,uploading and deleting of data will be slowed
I am losing my patience with this problem. I'm running SQL Server 2008 R2 with all updates.
It is very intermittent. Every now and again this SQL server instance will report the error: Login failed for user 'XX'. Reason: Failed to open the database configured in the login object while revalidating the login on the connection.
Error: 18456, Severity: 14, State: 46.
I know this is a good login, it works all of the other times, and no one changes the credentials.
The above error is immediately followed by this error:
The client was unable to reuse a session with SPID 150, which had been
reset for connection pooling. The failure ID is 46. This error may
have been caused by an earlier operation failing. Check the error logs
for failed operations immediately before this error message.
Error: 18456, Severity: 14, State: 46.
When this occurs a few minutes later this is reported also:
Message
All schedulers on Node 0 appear deadlocked due to a large number of worker threads waiting on ASYNC_NETWORK_IO. Process Utilization 0%.
The above message just keeps repeating until I restart the server.
From researching this issue I've increased the maximum worker threads (currently at 1100). The server has 72G memory and 4 vCPUs, running Windows Server 2008 R2.
i don't encounter this issue at all on my other database servers that run the same environment. Just this one. Any help would be greatly appreciated, I'm running out of options.
I have a BizTalk server and a SQL server which BizTalk sends messages via WCF-SQL to. The BizTalk server has been calling to this server for over a year with no problems. I came in this morning any suddenly it can't (it was working on Friday).
The full error I'm getting when calling the WCF-SQL endpoint is:
A message sent to adapter "WCF-SQL" on send port "MyPort" with URI "mssql://mySQLServer" is suspended.
Error details: System.Transactions.TransactionManagerCommunicationException: Communication with the underlying transaction manager has failed. ---> System.Runtime.InteropServices.COMException:
The MSDTC transaction manager was unable to push the transaction to the destination transaction manager due to communication problems.
Possible causes are: a firewall is present and it doesn't have an exception for the MSDTC process, the two machines cannot find each other by their NetBIOS names, or the support for network transactions is not enabled for one of the two transaction managers. (Exception from HRESULT: 0x8004D02A)
at System.Transactions.Oletx.ITransactionShim.Export(UInt32 whereaboutsSize, Byte[] whereabouts, Int32& cookieIndex, UInt32& cookieSize, CoTaskMemHandle& cookieBuffer)
at System.Transactions.TransactionInterop.GetExportCookie(Transaction transaction, Byte[] whereabouts)
I've followed instructions from the following thread:
MSDTC on server 'server is unavailable
I've run msdtc -uninstall then msdtc -install and restarted the service several times.
I've rebooted the server several times.
I can connect to the database using Sql Server Management Studio
DTCPing when trying to connect from the SQL server to the Biztalk server results in (when DTCPing is running on the BizTalk):
Problem:fail to invoke remote RPC method
Error(0x6BA) at dtcping.cpp #303
-->RPC pinging exception
-->1722(The RPC server is unavailable.)
RPC test failed
when going from Biztalk to SQL I get this (even thought DTCPing is running on the other end)
Please refer to following log file for details:
C:\Temp\DTCPing\myserv.log
Invoking RPC method on dbaditest
RPC test is successful
++++++++++++RPC test completed+++++++++++++++
Please start PING from dbaditest to complete the test
neither server is running a firewall at all
I'm all out of things to try.
Edit: I can confirm that other servers/computers can connect to the SQL server. So I have to assume that it's the BizTalk server that is the problem.
Edit 2: I tried connecting from BizTalk Server to another SQL server on the network and got the same error. I'm moments away from throwing my hands up and rebuilding my dev environment -- ugg :(
Edit 3: I can telnet to port 135 from BizTalk to SQL Server, so there's nothing blocking it.
Edit 4: DTCTester results in:
tablename= #dtc24449
Creating Temp Table for Testing: #dtc24449
Warning: No Columns in Result Set From Executing: 'create table #dtc24449 (ival int)'
Initializing DTC
Beginning DTC Transaction
Enlisting Connection in Transaction
Error:
SQLSTATE=25S12,Native error=-2147168242,msg='[Microsoft][ODBC SQL Server Driver]Distributed transaction error'
Error:
SQLSTATE=24000,Native error=0,msg=[Microsoft][ODBC SQL Server Driver]Invalid cursor state
Typical Errors in DTC Output When
a. Firewall Has Ports Closed
-OR-
b. Bad WINS/DNS entries
-OR-
c. Misconfigured network
-OR-
d. Misconfigured SQL Server machine that has multiple netcards.
Aborting DTC Transaction
Releasing DTC Interface Pointers
Successfully Released pTransaction Pointer.
You've already taken some steps here, but carefully go through the MSDN Article on Troubleshooting MSDTC.
I'd be concerned that someone imaged another server off of yours, but uninstalling and reinstalling MSDTC should have fixed that. It might be worth checking on these registry values as well (from the above link):
Windows enhances security by requiring authenticated calls to the RPC interface. This functionality is configurable through the EnableAuthEpResolution and RestrictRemoteClients registry keys. To ensure that remote computers are able to access the RPC interface, follow these steps:
Click Start, click Run, type regedit.exe, and then click OK to start Registry Editor.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT
Under the RPC key, create the following DWORD entries with the indicated values. If the RPC key does not exist then it must be created.
DWORD entry Default value Recommended value
EnableAuthEpResolution 0 (disabled) 1
RestrictRemoteClients 1 (enabled) 0
Close Registry Editor.
Restart the MSDTC Service.
Is your BizTalk/SQL computer name unique? (no conflicts with other machine)
Can you DTC connect to another SQL server from your BizTalk server? I would suggest you to use DTCTester
testing the DTC connection instead of DTCPing.
Not sure if this will help but thought I'd mention it.
From BOTH servers:
Start -> Admin Tools -> Component Services
Expand Component Services -> Computers -> My Computer -> Distributed Transaction Coordinator and right-click Local DTC. Go to Security tab and check over the settings there.
Enable Network DTC Access
Allow Remote Clients
Allow Inbound/Outbound as required
Select correct authentication
Enable XA Transactions as required
MSDTC Service should auto restart. These settings could perhaps have changed since Friday? I have had this happen before for reasons unknown
Wow, I finally figured it out. As most people said, it MUST be some kind of network issue (and I didn't disagree). The kicker was that my PC was allowed DTC from it to SQL, but the VM running on my PC didn't. What it ended up being was that we were pushed to install Symantec Endpoint Protection just last week (right before I left for the weekend).
I uninstalled it and all it working now.