Search Results

Search found 21360 results on 855 pages for 'domain controller'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 192/855 | < Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199  | Next Page >

  • Am I harming myself by having two domains pointing at the same thing?

    - by Earlz
    I have a domain I recently purchased. I went ahead and pointed it at my website(via DNS) and by default, my server now serves my website on this new domain. Eventually, the new domain will replace my old domain(with 302 redirects and all that). However, I've not yet got my website ready for that because I'll need to do some rebranding and such. Am I actively hurting my SEO ratings and such by having these two domains point to the same thing?

    Read the article

  • Can Amazon VMs be used as Active Directory domain controllers?

    - by mrdenny
    I've got a client who wants to move his companies servers off site. As he is only a 10 person company I'm looking for some pretty in-expensive options. One option is the smallest of the Amazon cloud machines. The question becomes can I make one of these machines a domain controller? Cost wise the Amazon machine is cheaper than the power costs of keeping a server (or a PC) up and running in his home office 24x7 thanks to the high cost of power in Southern California.

    Read the article

  • Force www. on multi domain site and retain http or https [closed]

    - by John Isaacks
    I am using CakePHP which already contains an .htaccess file that looks like: <IfModule mod_rewrite.c> RewriteEngine on RewriteRule ^$ app/webroot/ [L] RewriteRule (.*) app/webroot/$1 [L] </IfModule> I want to force www. (unless it is a subdomain) to avoid duplicate content penalties. It needs to retain http or https Also This application will have multiple domains pointing to it. So the code needs to be able to work with any domain.

    Read the article

  • Is there a way to forward emails associated with a domain without a mail server?

    - by MeltingDog
    A client owns example1.com but wants to also purchase example2.com and have it point to their original site at example1.com. No problem there. But they also want any emails going to example2.com to be forwarded to their counter parts at example1.com Eg: if someone emails [email protected] it will be forwarded to [email protected] They only way I can think of doing this at the moment is to set up host for example2.com and then set up mail forwarders in cpanel. But this seems a bit excessive and costly. Does anyone know another, cheaper way of doing this?

    Read the article

  • Ok, i know i messed things up pretty bad..... virtualmin sub domain user taken over root login

    - by Collins Areba
    ok, here is the scenario, i was playing around the import wizard and imported a subdomain i had created on a linode and now im having trouble cause the user i assigned to the subdomain is root. Now when i log into webmin / usermin / virtualmin with my root credentials, i end up administering a sub domain instead of working on the webmin root console. Is there a way of a) deleting the virtualhost completely from usermin using ssh? b) rectifying this ..

    Read the article

  • Merging two sites into one, how to redirect from the domain that's going away?

    - by bikeboy389
    I haven't been able to find any existing questions that cover my exact issue, so here goes: My client wants her two sites (domain1.com and domain2.com) rolled into a single, new site under domain1.com. Once the site is ready on domain1.com, DNS for domain2.com would be pointed at the same server as domain1.com. I know how to do an htaccess rewrite rule that would make all domain2.com traffic map to a specific single page or directory within domain1.com. But that's not what the client wants. What she wants is for a bunch of specific pages on domain2.com to map to specific new pages on domain1.com. For example: domain2.com/index.php?pageid=58 GOES TO domain1.com/2011/04/somearticle domain2.com/index.php?pageid=92 GOES TO domain1.com/2011/03/differentname etc. I could put a bunch of 301 redirects in the htaccess on domain1.com, which would work fine. The problem is, the client doesn't want/need specific redirects for ALL the domain2.com pages, and if I just do 301 redirects, anybody who comes looking for a domain2.com page that I haven't built a specific redirect for will get a 404 error. So I need to use 301 redirects for some traffic, and a rewrite rule for any traffic that's not covered in the 301 redirects. How do I do sort of a blending of a rewrite rule and 301 redirects, all in the htaccess file for domain1.com? Is this possible? Is it as simple as putting the 301 redirects in the htaccess file first, then doing the rewrite rule? I'm guessing not.

    Read the article

  • I have many domain names and 1 website, how can I improve my SEO strategy?

    - by user114659
    I have some domains with several extensions like .us, .net, .org etc. I want to use them all to redirect to one website, which is a social networking website. I want to use these domains in such a way that these domains become helpful in SEO point of view, this time. So far I am doing the followoing: pointing all domains to one directory on my hosting I have some other options including using 301 redirect, but I don't want to see duplicate contents in Google, What else do I need to do?

    Read the article

  • Change "From" email address when sending to a specific domain.

    - by RB
    Hi, I would like to set up Exchange so that when a user (e.g. [email protected]) sends an email to somedomain.com Exchange makes the email appear to have come from [email protected]. This would have to be done on a per-domain basis, and invisibly to the user. So all emails come from [email protected], except emails to somedomain.com, which appear to come from [email protected]. If anyone has any ideas I would really appreciate it. Cheers, RB.

    Read the article

  • When I use a form to call a method on the controller, I want the page to refresh, and the url to sho

    - by MedicineMan
    Using ASP MVC, I have set up a webpage for localhost/Dinner/100 to show the dinner details for dinner with ID = 100. On the page, there is a dropdown that shows Dinner 1, Dinner 2, etc. The user should select the dinner of interest (Dinner 2, ID = 102) off the form and press submit. The page should refresh and show the url: localhost/Dinner/102, and show the details of dinner 2. My code is working except for the url. During this, my url shows localhost/Dinner/100 even though it is correctly displaying the details of Dinner 2 (ID = 102). My controller method is pretty simple: public ActionResult Index(string id) { int Id = 0; if (!IsValidFacilityId(id) || !int.TryParse(id, out Id)) { return Redirect("/"); } return View(CreateViewModel(Id)); } can you help me figure out how to get this all working? p.s. I did create a custom route for the method: routes.MapRoute( "DinnerDefault", // Route name "Dinner/{id}", // URL with parameters new { controller = "Dinner", action = "Index", id = "" } // Parameter defaults );

    Read the article

  • How do I access variable values from one view controller in another?

    - by Thomas
    Hello all, I have an integer variable (time) in one view controller whose value I need in another view controller. Here's the code: MediaMeterViewController // TRP - On Touch Down event, start the timer -(IBAction) startTimer { time = 0; // TRP - Start a timer timer = [NSTimer scheduledTimerWithTimeInterval:1 target:self selector:@selector(updateTimer) userInfo:nil repeats:YES]; [timer retain]; // TRP - Retain timer so it is not accidentally deallocated } // TRP - Method to update the timer display -(void)updateTimer { time++; // NSLog(@"Seconds: %i ", time); if (NUM_SECONDS == time) [timer invalidate]; } // TRP - On Touch Up Inside event, stop the timer, decide stress level, display results -(IBAction) btn_MediaMeterResults { [timer invalidate]; NSLog(@"Seconds: %i ", time); ResultsViewController *resultsView = [[ResultsViewController alloc] initWithNibName:@"ResultsViewController" bundle:nil]; [self.view addSubview:resultsView.view]; } And in ResultsViewController, I want to process time based on its value ResultsViewController - (void)viewDidLoad { if(time < 3) {// Do something} else if ((time > 3) && (time < 6)) {// Do something else} //etc... [super viewDidLoad]; } I'm kind of unclear on when @property and @synthesize is necessary. Is that the case in this situation? Any help would be greatly appreciated. Thanks! Thomas

    Read the article

  • pushing view controller inside a tab bar from app delegate, after a notification.

    - by shani
    hi i have an app with tab bar and a navigation controller inside every tab. i have set a notification that when it lunches the user can get lunch the app by pressing the action on the alert. i want to redirect the user to one of the views inside one of the controllers. i have tried this: (void)application:(UIApplication *)app didReceiveLocalNotification:(UILocalNotification *)notif { NSArray *data = [notif.userInfo objectForKey:@"todoDate"]; NSInteger ind = [[data objectAtIndex:2] integerValue]; QuickViewController *detailViewController ; detailViewController = [[QuickViewController alloc] initWithNibName:@"QuickViewController" bundle:nil]; detailViewController.title = @"Edit"; detailViewController.personName = [data objectAtIndex:0]; detailViewController.DelitionDate=[data objectAtIndex:1]; detailViewController.personCategory=@"NO Category"; detailViewController.personID = ind r ; rootControler.selectedIndex = 1; [rootControler.tabBarController.selectedViewController.navigationController pushViewController:detailViewController animated:YES]; } but nothing is happening (no crashing) except of the :rootControler.selectedIndex = 1; when i tried : presentModalViewController i got the view perfectly but without the navigation controller. thanks shani

    Read the article

  • How can I shared controller logic in ASP.NET MVC for 2 controllers, where they are overriden

    - by AbeP
    Hello, I am trying to implement user-friendly URLS, while keeping the existing routes, and was able to do so using the ActionName tag on top of my controller (http://stackoverflow.com/questions/436866/can-you-overload-controller-methods-in-asp-net-mvc) I have 2 controllers: ActionName("UserFriendlyProjectIndex")] public ActionResult Index(string projectName) { ... } public ActionResult Index(long id) { ... } Basically, what I am trying to do is I store the user-friendly URL in the database for each project. If the user enters the URL /Project/TopSecretProject/, the action UserFriendlyProjectIndex gets called. I do a database lookup and if everything checks out, I want to apply the exact same logic that is used in the Index action. I am basically trying to avoid writing duplicate code. I know I can separate the common logic into another method, but I wanted to see if there is a built-in way of doing this in ASP.NET MVC. Any suggestions? I tried the following and I go the View could not be found error message: [ActionName("UserFriendlyProjectIndex")] public ActionResult Index(string projectName) { var filteredProjectName = projectName.EscapeString().Trim(); if (string.IsNullOrEmpty(filteredProjectName)) return RedirectToAction("PageNotFound", "Error"); using (var db = new PIMPEntities()) { var project = db.Project.Where(p => p.UserFriendlyUrl == filteredProjectName).FirstOrDefault(); if (project == null) return RedirectToAction("PageNotFound", "Error"); return View(Index(project.ProjectId)); } } Here's the error message: The view 'UserFriendlyProjectIndex' or its master could not be found. The following locations were searched: ~/Views/Project/UserFriendlyProjectIndex.aspx ~/Views/Project/UserFriendlyProjectIndex.ascx ~/Views/Shared/UserFriendlyProjectIndex.aspx ~/Views/Shared/UserFriendlyProjectIndex.ascx Project\UserFriendlyProjectIndex.spark Shared\UserFriendlyProjectIndex.spark I am using the SparkViewEngine as the view engine and LINQ-to-Entities, if that helps. thank you!

    Read the article

  • Controller actions appear to be synchronous though on different requests?

    - by Oded
    I am under the impression that the below code should work asynchronously. However, when I am looking at firebug, I see the requests fired asynchronously, but the results coming back synchronously: Controller: [HandleError] public class HomeController : Controller { public ActionResult Status() { return Content(Session["status"].ToString()); } public ActionResult CreateSite() { Session["status"] += "Starting new site creation"; Thread.Sleep(20000); // Simulate long running task Session["status"] += "<br />New site creation complete"; return Content(string.Empty); } } Javascript/jQuery: $(document).ready(function () { $.ajax({ url: '/home/CreateSite', async: true, success: function () { mynamespace.done = true; } }); setTimeout(mynamespace.getStatus, 2000); }); var mynamespace = { counter: 0, done: false, getStatus: function () { $('#console').append('.'); if (mynamespace.counter == 4) { mynamespace.counter = 0; $.ajax({ url: '/home/Status', success: function (data) { $('#console').html(data); } }); } if (!mynamespace.done) { mynamespace.counter++; setTimeout(mynamespace.getStatus, 500); } } } Addtional information: IIS 7.0 Windows 2008 R2 Server Running in a VMWare virutual machine Can anyone explain this? Shouldn't the Status action be returning practically immediately instead of waiting for CreateSite to finish? Edit: How can I get the long running process to kick off and still get status updates?

    Read the article

  • Pass object from JSON into MVC Controller - its always null ?

    - by SteveCl
    Hi I have seen a few questions on here related to the a similar issue, I have read them, followed them, but still i have the same problem. I am basically creating an object in javascript and trying to call a method on the controller that will return a string of html. Not JSON. I've been playing around with dataType and contentType but still no joy. So apologies if the code snippets are a bit messy. Build the object in JS. function GetCardModel() { var card = {}; card.CardTitle = $("#CardTitle").val(); card.TopicTitle = $("#TopicTitle").val(); card.TopicBody = $("#TopicBody").data("tEditor").value(); card.CardClose = $("#CardClose").val(); card.CardFromName = $("#CardFromName").val(); return card; } Take a look at the object - all looks good and as it should in JSON. var model = GetCardModel(); alert(JSON.stringify(GetCardModel())); Make the call... $.ajax({ type: "POST", url: "/Postcard/Create/Preview/", dataType: "json", //contentType: "application/json", date: GetCardModel(), processData: true, success: function (data) { alert("im back"); alert(data); }, error: function (xhr, ajaxOptions, error) { alert(xhr.status); alert("Error: " + xhr.responseText); //alert(error); } }); Always when I step into the controller, the object is ALWAYS there, but with null values for all the properties.

    Read the article

  • Where should my "filtering" logic reside with Linq-2-SQL and ASP.NET-MVC in View or Controller?

    - by Nate Bross
    I have a main Table, with several "child" tables. TableA and TableAChild1 and TableAChild2. I have a view which shows the information in TableA, and then has two columns of all items in TableAChild1 and TableAChild2 respectivly, they are rendered with Partial views. Both child tables have a bit field for VisibleToAll, and depending on user role, I'd like to either display all related rows, or related rows where VisibleToAll = true. This code, feels like it should be in the controller, but I'm not sure how it would look, because as it stands, the controller (limmited version) looks like this: return View("TableADetailView", repos.GetTableA(id)); Would something like this be even work, and would it be bad what if my DataContext gets submitted, would that delete all the rows that have VisibleToAll == false? var tblA = repos.GetTableA(id); tblA.TableAChild1 = tblA.TableAChild1.Where(tmp => tmp.VisibleToAll == true); tblA.TableAChild2 = tblA.TableAChild2.Where(tmp => tmp.VisibleToAll == true); return View("TableADetailView", tblA); It would also be simple to add that logic to the RendarPartial call from the main view: <% Html.RenderPartial("TableAChild1", Model.TableAChild1.Where(tmp => tmp.VisibleToAll == true); %>

    Read the article

  • what is the wrong with this spec and controller code?

    - by user1609468
    I'm trying to test an existing rails project with rspec. And I want to test a controller but getting an error which I can't solve :S Here is the my spec code ; require 'spec_helper' describe BriefNotesController do before(:all) do @customer=Factory(:customer) @project=Factory(:project_started, :owner => @customer) end context 'get :new' do it 'should redirect to login page for not signed in users' do get :new, :project_id => @project.id response.should redirect_to("/kullanici-girisi") end it 'should be success and render new brief note page for project owner' do sign_in @customer get :new, :project_id => @project.id response.should be_success end end end Here is the my controller code ; class BriefNotesController < ApplicationController before_filter :authenticate_user! before_filter :find_project def new @brief_note = @project.brief_notes.new end def create @brief_note = @project.brief_notes.build(params[:brief_note]) if @brief_note.save redirect_to brief_project_path(@project) else render :action => :new end end private def find_project @project = current_user.projects.find_by_cached_slug([params[:project_id]]) end end I think current_user.projects.find_by_cached_slug method don't work. So this is the error; Failures: 1) BriefNotesController get :new should be success and render new brief note page for project owner Failure/Error: get :new, :project_id => @project.id NoMethodError: undefined method `brief_notes' for nil:NilClass # ./app/controllers/brief_notes_controller.rb:6:in `new' # ./spec/controllers/brief_notes_controller_spec.rb:19:in `block (3 levels) in <top (required)>'

    Read the article

  • One controller with multiple models? Am I doing this correctly?

    - by user363243
    My web app, up until this point, has been fairly straight forward. I have Users, Contacts, Appointments and a few other things to manage. All of these are easy - it's just one model per section so I just did a scaffold for each, then modified the scaffolded code to fit my need. Pretty easy... Unfortunately I am having a problem on this next section because I want the 'Financials' section of my app to be more in depth than the other sections which I simply scaffolded. For example, when the user clicks the 'Contacts' link on the navigation bar, it just shows a list of contacts, pretty straight forward and is in line with the scaffold. However, when the user clicks the 'Financials' link on the navigation bar, I want to show the bank accounts on the left of the page and a few of the transactions on the right. So the financials tab will basically work with data from two models: transactions and bank_accounts. I think I should make the models (transactions & bank_accounts) and then make a controller called Financials, then I can query the models from the Financials controller and display the pages in app/views/financials/ Am I correct in this app layout? I have never worked with more than the basics of scaffolding so I want to ensure I get this right! Thank you!

    Read the article

  • Active Directory Password Policy Problem

    - by Will
    To Clarify: my question is why isn't my password policy applying to people in the domain. Hey guys, having trouble with our password policy in Active Directory. Sometimes it just helps me to type out what I’m seeing It appears to not be applying properly across the board. I am new to this environment and AD in general but I think I have a general grasp of what should be going on. It’s a pretty simple AD setup without too many Group Policies being applied. It looks something like this DOMAIN Default Domain Policy (link enabled) Password Policy (link enabled and enforce) Personal OU Force Password Change (completely empty nothing in this GPO) IT OU Lockout Policy (link enabled and enforced) CS OU Lockout Policy Accouting OU Lockout Policy The password policy and default domain policy both define the same things under Computer ConfigWindows seetings sec settings Account Policies / Password Policy Enforce password History : 24 passwords remembered Maximum Password age : 180 days Min password age: 14 days Minimum Password Length: 6 characters Password must meet complexity requirements: Enabled Store Passwords using reversible encryption: Disabled Account Policies / Account Lockout Policy Account Lockout Duration 10080 Minutes Account Lockout Threshold: 5 invalid login attempts Reset Account Lockout Counter after : 30 minutes IT lockout This just sets the screen saver settings to lock computers when the user is Idle. After running Group Policy modeling it seems like the password policy and default domain policy is getting applied to everyone. Here is the results of group policy modeling on MO-BLANCKM using the mblanck account, as you can see the policies are both being applied , with nothing important being denied Group Policy Results NCLGS\mblanck on NCLGS\MO-BLANCKM Data collected on: 12/29/2010 11:29:44 AM Summary Computer Configuration Summary General Computer name NCLGS\MO-BLANCKM Domain NCLGS.local Site Default-First-Site-Name Last time Group Policy was processed 12/29/2010 10:17:58 AM Group Policy Objects Applied GPOs Name Link Location Revision Default Domain Policy NCLGS.local AD (15), Sysvol (15) WSUS-52010 NCLGS.local/WSUS/Clients AD (54), Sysvol (54) Password Policy NCLGS.local AD (58), Sysvol (58) Denied GPOs Name Link Location Reason Denied Local Group Policy Local Empty Security Group Membership when Group Policy was applied BUILTIN\Administrators Everyone S-1-5-21-507921405-1326574676-682003330-1003 BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users NCLGS\MO-BLANCKM$ NCLGS\Admin-ComputerAccounts-GP NCLGS\Domain Computers WMI Filters Name Value Reference GPO(s) None Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 12/29/2010 10:17:59 AM EFS recovery Success (no data) 10/28/2010 9:10:34 AM Registry Success 10/28/2010 9:10:32 AM Security Success 10/28/2010 9:10:34 AM User Configuration Summary General User name NCLGS\mblanck Domain NCLGS.local Last time Group Policy was processed 12/29/2010 11:28:56 AM Group Policy Objects Applied GPOs Name Link Location Revision Default Domain Policy NCLGS.local AD (7), Sysvol (7) IT-Lockout NCLGS.local/Personal/CS AD (11), Sysvol (11) Password Policy NCLGS.local AD (5), Sysvol (5) Denied GPOs Name Link Location Reason Denied Local Group Policy Local Empty Force Password Change NCLGS.local/Personal Empty Security Group Membership when Group Policy was applied NCLGS\Domain Users Everyone BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users LOCAL NCLGS\MissingSkidEmail NCLGS\Customer_Service NCLGS\Email_Archive NCLGS\Job Ticket Users NCLGS\Office Staff NCLGS\CUSTOMER SERVI-1 NCLGS\Prestige_Jobs_Email NCLGS\Telecommuters NCLGS\Everyone - NCL WMI Filters Name Value Reference GPO(s) None Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 12/29/2010 11:28:56 AM Registry Success 12/20/2010 12:05:51 PM Scripts Success 10/13/2010 10:38:40 AM Computer Configuration Windows Settings Security Settings Account Policies/Password Policy Policy Setting Winning GPO Enforce password history 24 passwords remembered Password Policy Maximum password age 180 days Password Policy Minimum password age 14 days Password Policy Minimum password length 6 characters Password Policy Password must meet complexity requirements Enabled Password Policy Store passwords using reversible encryption Disabled Password Policy Account Policies/Account Lockout Policy Policy Setting Winning GPO Account lockout duration 10080 minutes Password Policy Account lockout threshold 5 invalid logon attempts Password Policy Reset account lockout counter after 30 minutes Password Policy Local Policies/Security Options Network Security Policy Setting Winning GPO Network security: Force logoff when logon hours expire Enabled Default Domain Policy Public Key Policies/Autoenrollment Settings Policy Setting Winning GPO Enroll certificates automatically Enabled [Default setting] Renew expired certificates, update pending certificates, and remove revoked certificates Disabled Update certificates that use certificate templates Disabled Public Key Policies/Encrypting File System Properties Winning GPO [Default setting] Policy Setting Allow users to encrypt files using Encrypting File System (EFS) Enabled Certificates Issued To Issued By Expiration Date Intended Purposes Winning GPO SBurns SBurns 12/13/2007 5:24:30 PM File Recovery Default Domain Policy For additional information about individual settings, launch Group Policy Object Editor. Public Key Policies/Trusted Root Certification Authorities Properties Winning GPO [Default setting] Policy Setting Allow users to select new root certification authorities (CAs) to trust Enabled Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only Administrative Templates Windows Components/Windows Update Policy Setting Winning GPO Allow Automatic Updates immediate installation Enabled WSUS-52010 Allow non-administrators to receive update notifications Enabled WSUS-52010 Automatic Updates detection frequency Enabled WSUS-52010 Check for updates at the following interval (hours): 1 Policy Setting Winning GPO Configure Automatic Updates Enabled WSUS-52010 Configure automatic updating: 4 - Auto download and schedule the install The following settings are only required and applicable if 4 is selected. Scheduled install day: 0 - Every day Scheduled install time: 03:00 Policy Setting Winning GPO No auto-restart with logged on users for scheduled automatic updates installations Disabled WSUS-52010 Re-prompt for restart with scheduled installations Enabled WSUS-52010 Wait the following period before prompting again with a scheduled restart (minutes): 30 Policy Setting Winning GPO Reschedule Automatic Updates scheduled installations Enabled WSUS-52010 Wait after system startup (minutes): 1 Policy Setting Winning GPO Specify intranet Microsoft update service location Enabled WSUS-52010 Set the intranet update service for detecting updates: http://lavender Set the intranet statistics server: http://lavender (example: http://IntranetUpd01) User Configuration Administrative Templates Control Panel/Display Policy Setting Winning GPO Hide Screen Saver tab Enabled IT-Lockout Password protect the screen saver Enabled IT-Lockout Screen Saver Enabled IT-Lockout Screen Saver executable name Enabled IT-Lockout Screen Saver executable name sstext3d.scr Policy Setting Winning GPO Screen Saver timeout Enabled IT-Lockout Number of seconds to wait to enable the Screen Saver Seconds: 1800 System/Power Management Policy Setting Winning GPO Prompt for password on resume from hibernate / suspend Enabled IT-Lockout

    Read the article

  • NetApp erroring with: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT

    - by Sobrique
    Since a sitewide upgrade to Windows 7 on desktop, I've started having a problem with virus checking. Specifically - when doing a rename operation on a (filer hosted) CIFS share. The virus checker seems to be triggering a set of messages on the filer: [filerB: auth.trace.authenticateUser.loginTraceIP:info]: AUTH: Login attempt by user server-wk8-r2$ of domain MYDOMAIN from client machine 10.1.1.20 (server-wk8-r2). [filerB: auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- attempting authentication with domain controller \\MYDC. [filerB: auth.trace.authenticateUser.loginRejected:info]: AUTH: Login attempt by user rejected by the domain controller with error 0xc0000199: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT. [filerB: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: Delaying the response by 5 seconds due to continuous failed login attempts by user server-wk8-r2$ of domain MYDOMAIN from client machine 10.1.1.20. This seems to specifically trigger on a rename so what we think is going on is the virus checker is seeing a 'new' file, and trying to do an on-access scan. The virus checker - previously running as LocalSystem and thus sending null as it's authentication request is now looking rather like a DOS attack, and causing the filer to temporarily black list. This 5s lock out each 'access attempt' is a minor nuisance most of the time, and really quite significant for some operations - e.g. large file transfers, where every file takes 5s Having done some digging, this seems to be related to NLTM authentication: Symptoms Error message: System error 1808 has occurred. The account used is a computer account. Use your global user account or local user account to access this server. A packet trace of the failure will show the error as: STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT (0xC0000199) Cause Microsoft has changed the functionality of how a Local System account identifies itself during NTLM authentication. This only impacts NTLM authentication. It does not impact Kerberos Authentication. Solution On the host, please set the following group policy entry and reboot the host. Network Security: Allow Local System to use computer identity for NTLM: Disabled Defining this group policy makes Windows Server 2008 R2 and Windows 7 function like Windows Server 2008 SP1. So we've now got a couple of workaround which aren't particularly nice - one is to change this security option. One is to disable virus checking, or otherwise exempt part of the infrastructure. And here's where I come to my request for assistance from ServerFault - what is the best way forwards? I lack Windows experience to be sure of what I'm seeing. I'm not entirely sure why NTLM is part of this picture in the first place - I thought we were using Kerberos authentication. I'm not sure how to start diagnosing or troubleshooting this. (We are going cross domain - workstation machine accounts are in a separate AD and DNS domain to my filer. Normal user authentication works fine however.) And failing that, can anyone suggest other lines of enquiry? I'd like to avoid a site wide security option change, or if I do go that way I'll need to be able to supply detailed reasoning. Likewise - disabling virus checking works as a short term workaround, and applying exclusions may help... but I'd rather not, and don't think that solves the underlying problem. EDIT: Filers in AD ldap have SPNs for: nfs/host.fully.qualified.domain nfs/host HOST/host.fully.qualified.domain HOST/host (Sorry, have to obfuscate those). Could it be that without a 'cifs/host.fully.qualified.domain' it's not going to work? (or some other SPN? ) Edit: As part of the searching I've been doing I've found: http://itwanderer.wordpress.com/2011/04/14/tread-lightly-kerberos-encryption-types/ Which suggests that several encryption types were disabled by default in Win7/2008R2. This might be pertinent, as we've definitely had a similar problem with Keberized NFSv4. There is a hidden option which may help some future Keberos users: options nfs.rpcsec.trace on (This hasn't given me anything yet though, so may just be NFS specific). Edit: Further digging has me tracking it back to cross domain authentication. It looks like my Windows 7 workstation (in one domain) is not getting Kerberos tickets for the other domain, in which my NetApp filer is CIFS joined. I've done this separately against a standalone server (Win2003 and Win2008) and didn't get Kerberos tickets for those either. Which means I think Kerberos might be broken, but I've no idea how to troubleshoot further. Edit: A further update: It looks like this may be down Kerberos tickets not being issued cross domain. This then triggers NTLM fallback, which then runs into this problem (since Windows 7). First port of call will be to investigate the Kerberos side of things, but in neither case do we have anything pointing at the Filer being the root cause. As such - as the storage engineer - it's out of my hands. However, if anyone can point me in the direction of troubleshooting Kerberos spanning two Windows AD domains (Kerberos Realms) then that would be appreciated. Options we're going to be considering for resolution: Amend policy option on all workstations via GPO (as above). Talking to AV vendor about the rename triggering scanning. Talking to AV vendor regarding running AV as service account. investigating Kerberos authentication (why it's not working, whether it should be).

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 188 189 190 191 192 193 194 195 196 197 198 199  | Next Page >