We have recently set up a test domain controller to examine settings before pushing them to production at work.
Upon setting up this domain a simple error was made in the DNS settings. We forgot the subdomain.
testdomain.com rather than site1.testdomain.com.
We found a way to change a majority of the references, but Group Policy objects are not being applied correctly.
When running RSOP.msc. we get an error: RSoP data is invalid Invalid namespace
Did a bit of digging and it seems when we create a group policy, and click edit, the name does not reflect the servers FQDN.
dc01.testdomain.com rather than dc01.site1.testdomain.com.
How can we change this name space? or will we be forced to reset and re-run dcpromo.exe and ensure correct settings this time?
I have found my problem.
We renamed our domain using rendom.exe, which changed settings in the forest. And then removed to testdomain.com zone in the DNS settings.
However! We failed to change the domain on the domain controllers DNS suffix through the system properties (System Properties > Advanced System Settings > Computer Name > "To rename this computer..." > "More..." > Change DNS there)
It's funny, here, how you seem to find the answer to your question right after you ask it.
Related
We're configuring SSO for our web app for a customer, but unfortunately we don't have access to the domain controller (one more reason why we don't do more experimenting to check our assumptions). So, we asked to run ktpass.exe and prepare .ktpass file to use for our server configuration.
The issue we are facing is "specified version of key is not available".
I looked up the keytab file (knvo = 5), and checked out the traffic with Wireshark on our web server:
As you can see, kvno = 1 in AP-REQ ticket. I suppose that it's the right ticket to check kvno version.
I know there're compatibility issues with Windows 2000 domain (/kvno 1 must be used for Windows 2000 domain compatibility), but we are said to deal with Windows 2008R2 server (and I can see the value msDS-Behavior-Version = 4 for our domain controller, which matches 2008R2!).
Is there anything like W2K domain mode we are facing with?
Would explicit kvno=1 help to resolve the issue? I.e., ktpass.exe [..] /kvno 1
EDIT #1
The problem was about incorrectly specified SPN. It was HTTP/computer_name#DOMAIN.COM instead of using fully-qualified domain name. This would only work if WINS were enabled, but it turned out it wasn't.
After generating keytab with the correct SPN, everything works fine, and kvno sent according to actual account value.
Will kindly accept answer that explains the effect I observed.
I do not know the internals well, but MIT Kerberos clients do forward resolution of the hostname part of a host-based service principal to canonicalize the hostname. In my experience if the name does not resolve it does affect Kerberos auth. When I setup service accounts for SQL Server to do Kerberos I always have to register an SPN with the host name and the fully qualified domain name because different SQL components seem to use different resolution methods.
In a very basic network topology WINS would be able to resolve the name. Even without WINS though, the NetBIOS service would be able to resolve the hostname. WINS and NetBIOS rely heavily on broadcasts, so if your webserver is on a different subnet, NetBIOS name resolution would fail, and WINS too if not configured correctly. Also Windows need to use the TCP/IP NetBIOS Helper service.
The problem was about incorrectly specified SPN. It was HTTP/computer_name#DOMAIN.COM instead of using fully-qualified domain name. This would only work if WINS were enabled, but it turned out it wasn't.
After generating keytab with the correct SPN, everything works fine, and kvno sent according to actual account value.
Will kindly accept answer that explains the effect I observed.
This question may be a dublicate, but no recent post leads to a working answer for my case.
I have a Sharepoint 2013 running on a Windows Server 2012. Following issue appeared:
I made a new Site-Collection as wiki. Everything (links,...) works fine on the server but when I want to access the wiki from outside (not localhost) the server runs in a 404 Not found error.
http://localhost/sites/wiki/Pages/Home.aspx - works fine(localhost)
http://10.38.0.15/sites/wiki/Pages/Home.aspx - doesn't work.
I checked the IIS settings, all servers are up and running. The log file has no errors in it.
Does anyone know, how to solve this problem?
thx
Jürgen
The most common cause for this is that you don't have the IIS host header configured correctly. The 404 will appear because you are hitting a different IIS web site and not the one you intended to.
If you go into IIS Manager and click on "Sites" in the right hand pane there will be a column called bindings and a column called ID.
IIS will check in the order of ID for the first site that matches. Make sure the default site is stopped. If you see bindings that look like the following:
ID 1: Bindings: *:80
ID 2: Bindings: www.yoursite.com:80
www.othersite.com will match ID 1. Any other site that doesn't specify a port or https: will be directed to ID 2. You need to ensure that the site you are trying to access matches your bindings. The "www.yoursite.com" is added to the site via "New Web Application" in SharePoint. There is a field called Host: in Central Administration. This should match what you are typing from inside and outside the server. If you need the site to respond to multiple names, you need to extend the web application.
Assuming you used the default of claims authentication, here are the instructions for that:
http://technet.microsoft.com/en-us/library/gg276325.aspx
I am not sure if this is still required in Server 2012, but disabling the loopback check might also help, although this usually results in a 401, and repeated attempts to log in. Here are the instructions for that.
http://support.microsoft.com/kb/896861
Сheck the alternate access mapping in SharePoint administrator.
It should be something like this:
http://yourservername default
http://10.10.1.30:80 internet
http:// so on ..
I am trying to set up a new domain with only one domain controller.
My DNS role seems to be getting event warning 4013 and my Active Directory role is getting events 2886, 1844, 1463 and 614. I have tried just about everything I could search for and think of for getting rid of these errors. I would appreciate any suggestions.
For events 4013 you should not see this error at all, I run one domain controller with DNS also. This is stating that you have an issue with the way DNS was configured. You only see this if DNS has issues. As for 2886 it has to do with LDAP you can ignore this event if you wish or you can make the changes to have the warning go away.
Check out this forum for help what 2886.
http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/57f4048a-2743-453f-93a3-765de01d0ad0
If I am correct, I will always get these 2 warnings occasionally since it is only a single domain controller on the domain hosting its own DNS service. These warnings do not seem to impede any performance on the server itself.
I need to read the Active Directory, search users and create user functionality.
I am able to use DirectoryEntry in C# and Domain is only physical server.
In my production environment, I have two physical domain servers with same domain name. When I try to search the AD user or create, I am getting the following exception.
Exception : "0000202B: RefErr: DSID-031007EF, data 0, 1 access points" [extended Error 8235]
Note that I have Domain Admin privileges on the domain but I'm still having the same issue.
0000202B: could mean wrong DN/searchbase like incorrect DC value etc.
Your problem looks like a DNS problem. I know writting that, I've got statisticaly 80% chance being right. Check the domain name resolution from your client. Check your DNS and verify that your two domain controlers are well registered.
The error you are getting is referall related:
ERROR_DS_REFERRAL
8235 (0x202B)
A referral was returned from the server.
You can find the error codes linked at this MSDN Article.
i found this error "Domain Name Does Not Exist In The Database" in DNN 5.6.2.
when i run my web site in another computer that time this kind of error is genetared.
i dont know why this happen.
I know this might be very late, but for anyone having this issue,
I had the same issue, after I made sure that I have updated the "Portal Alias" table in db, to have a HTTP Alias (for my local host, I set it to localhost:8089 which was equal to what I had set up in IIS binding for DNN website), with the portal ID of 0 (as my portal id was 0),
I was checking to be sure I have updated web.config file with data base connection strings, but then I realized there were two points for database connection in web.config, and I was missing one of them.
So make sure to update both two connections as:
1) <connectionStrings>
2) <appSettings>
Hope this helps.
How have you set up your website and how are you accessing your site from this other computer?
I'm assuming you have done this
1) Add binding to your IIS site, www.xxx.com or something
2) Set up the hostname on your domain so its accessible to all
3) Log in as Host and add a new portal alias to your portal
if it's http://localhost/xxx that you've set up the website on, and have not set up a non-localhost url for it, that will be the issue at hand.
To access it from another computer, you'll have to use the PortalAlias. Get access to your database and you'll be able to see all the portal aliases that your portal can use.