I have several tasks in Windows 10 that have recently failed. I've made no recent changes to the server. The tasks were working fine for years, and then started failing in December of 2017. I have the Scheduler tasks configured to run on System Startup.
When I check the History tab, I see:
Task Start Failed error: Additional Data: Error Value: 2147943712.
The task/General Tab is configured as follows:
Run whether user is logged on or not
Do not store password.
Run with highest privileges
Configure for Windows 10
The user account is "Admin". That user has no password and is an administrator.
When I try to Run the task from the Selected Item / Run option, the scheduler logs the same error. Based on other posts, I've tried to edit the User Account, re-typing Admin and pressing the Check Names button. It shows the SERVERNAME\Admin, and does not prompt for a password.
How can I configure the task manager so that it does not produce this error?
The error code returned (0x80070520 in hex) is "A specified logon session does not exist. It may already have been terminated."
According to this technet blog entry, the solution may be to disable the security policy which prevents local storage of passwords.
Regarding your error, try to take this measure. Hope this help.
To fix this up Change the following Registry key to value 0x0
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
Value Name: disabledomaincreds
Value Type: REG_DWORD
Values: 0 (allow domain credentials to be stored)
Related
I have an email address provided and managed by OVH (French ISP)
I'm trying to configure the account in Thunderbird (which I've been using with multiple accounts, including Gmail over IMAP, for years with great satisfaction). It's version 91.8.0 in Debian 11.3. No fancy tweaking or whatever.
I followed the instruction from my ISP (https://docs.ovh.com/fr/emails/configuration-email-configuration-pour-thunderbird/) - ok, it's a guide for the windows version, but that shouldn't be an issue.
The thing is, my address is like contact#somedomain.fr, but the mail server is ssl0.ovh.net.
I'm sure the password is correct, but when I go and validate the settings, Thunderbird tries to check the password, and it gets stuck there.
I noticed in the status bar that Thunderbird is actually trying to reach contact#somedomain.fr#ssl0.ovh.net... That must be (part of) the issue.
I tried to go to Advanced settings (so it creates the accounts and sends me to the account settings page), and there Thunderbird changes the actual server (which should be ssl0.ovh.net) to the email account's domain (somedomain.fr in my example)... Ain't that weird ? (also, it seems not to be able to determine the server type which remains empty, and most dropdown options, like authentication methods, are empty, or rather there are no labels).
Has anyone ever run into such an issue, and better yet, solved it ;-) ?
(not sure if the cross-domain tag is relevant)
Edit 2022-05-03 :
After many tests, still not working, but I have dug a little deeper.
I've set up the account manually with "Advanced configuration" so it doesn't try to check the password.
In the Folders panel, the account has no name and only a sub-folder named INBOX.
When I try to browse this INBOX folder, I get an error :
Unable to open the summary file for INBOX on contact#somedomain.fr. Perhaps there was an error on disk, or the full path is too long.
Running Thunderbird in full debug mode from CLI :
thunderbird --safe-mode --jsconsole --verbose
In the shell, from the verbose mode, I get this error repeatedly :
IPDL protocol error: Handler returned error code!
###!!! [Parent][DispatchAsyncMessage] Error: PClientManager::Msg_ForgetFutureClientSource Processing error: message was deserialized, but the handler returned false (indicating failure)
But I don't think this is related to my problem.
However in the JS console, I get an interesting message :
gloda.index_msg: Problem entering folder: INBOX, skipping. Error was: undefined:659: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIMsgFolder.msgDatabase]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: resource:///modules/gloda/IndexMsg.jsm :: _indexerEnterFolder :: line 659" data: no]
Now, where do I go from here ?
After a user performs a login using the portal LoginPortlet the login does not succeed and a WARN was printed to the log:
User 0 is not allowed to access URL http://localhost:8080/web/guest/login and portlet com_liferay_login_web_portlet_LoginPortlet: User 0 did not provide a valid CSRF token for com.liferay.portlet.SecurityPortletContainerWrapper
After a second login afterwards, the login was ok. The issues only occurs if the login page was opened some minutes and the auth token gets invalidated. This is basically fine, but the portal config portlet.add.default.resource.check.whitelist has an exclude for LoginPortlet. But this whitelist seems not avoid the unwanted check. Are there any other places how the avoid CSRF checking for LoginPortlet?
I could not reproduce this issue, I used this server for testing:
Liferay Community Edition Portal 7.3.5 CE GA6
Here are my steps, please let me know what I should change to experience the issue:
I extracted this zip file to my ubuntu linux pc:
liferay-ce-portal-tomcat-7.3.5-ga6-20200930172312275.tar.gz
Started the server and completed the 1st time setup
I re-started the server and visited localhost:8080 in an Opera browser
Waited 7 minutes
I clicked on "Sign in" in the upper right corner
Waited again 5 minutes
I entered my credentials
Results:
I could log on successfully, there were no errors about CSRF
A couple of suggestions:
A. Do a search for CSRF in:
https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/portal.properties
and see if you can find a property that solves your issue
Such properties can be:
auth.token.impl=com.liferay.portal.security.auth.SessionAuthToken
auth.token.check.enabled=false
auth.token.ignore.origins
B. Maybe you can try to set up something like this in your portal-ext.properties:
portlet.add.default.resource.check.whitelist.actions=/login/login
C. You can do a search in Liferay Jira, for example this ticket talks about something similar:
https://issues.liferay.com/browse/LPS-129976
We have a script that checks a Gmail inbox for new messages, processes any it finds based on the subject and sender, marks said messages read, and then after processing moves the messages to a folder called "ProcessedMessages". This script has been running for several years without incident.
We recently migrated to Azure, and this script began failing on the last command:
<cfimap action="movemail"
connection="myConnection"
MessageNumber="#x#"
newfolder="ProcessedMessages">
This line started generating this error every night:
The cause of this exception was: java.lang.IllegalStateException: This operation is not allowed on a closed folder.
I'm not sure what a closed folder is, but we have tried:
Closing any Gmail browser window on any computer logged in as this account.
Running the process manually by hitting the url to make sure the task scheduler wasn't the problem.
Running the process from a browser window on the server itself pointing to it's own IP to make sure the new CF cluster wasn't causing the problem.
Looking around Gmail for some sort of 'closed' flag associated with a folder
Moving the messages from the inbox to that folder via the Gmail web interface to make sure there wasn't an account problem (it worked fine)
No changes were made to this Gmail account since the switchover to Azure; in fact no one had even logged into it for at least a month before. The username and password are set correctly on the new Azure server, as evidenced by the fact the script can log in and read message and mark them read.
What does this error message mean and what could cause it?
This is what I found (same issue):
"A common cause of this kind of issues is that the folder is being modified concurrently using the same account and credentials thus leaving the operations in an inconsistent state." from here:
https://help.mulesoft.com/s/article/Intermittent-IMAP-S-error-This-operation-is-not-allowed-on-a-closed-folder
In my case, it's running every 15 seconds, on 3 different email folders, so it would make sense.
I hope this clarifies the reasons for the issue.
Earlier today, a disabled scheduled agent ran on the indicated server where it would run. Note that the actual agent design element resides in a different server, also, the date where it would run is not specified.
It's function is to send an email to specific users. Upon checking the email, the sender some colleague (but the last modification date of the agent is way back 2014).
I'd like to ask if there's any way that a disabled agent would run without actually enabling it?
Also, is there a way where I can see who triggered the agent? I checked in the "Agent -> Log" but it did not indicated who ran the agent.
I also checked in the log.nsf (where the agent resides) but log is not there. I can't check in the indicated server where the agent ran because it's no longer existing.
Thanks!
There are at least four ways to run an agent that come to my mind, and there for sure are more:
You can run every agent just with a right- click in the designer and then "Run".
You can run an agent with Formula code:
#Command([ToolsRunMacro] ; "NameOfYourAgent" )
#Command([RunAgent] ; "NameOfYourAgent" )
Or with LotusScript- Code:
Set agent = db.GetAgent( "NameOfYourAgent" )
Call agent.Run()
'- or
Call agent.RunOnServer()
You can run it using a server console command:
tell amgr run "path\nameofyourdatabase.nsf" 'NameOfYourAgent'
(double quotes and single quote has to be mixed for this)...
So: just that an agent is disabled does not mean it cannot be run...
It is complex, I'll trying to describe it here.
If the user and his group have no access rights to anything on the SP site, the user will get a proper "Error:Access Denied" SharePoint page upon logon.
If the user has some access to something through his group membership, then
a. If the user is listed in the All People list, then the user can logon and use the site with no problem.
b. If the user is not listed in the All People list, then the user will get a IIS 403 Error page. Back on the server, there will be an event of "A process serving application pool '[IIS app pool name]' suffered a fatal communication error with the World Wide Web Publishing Service", which indicates a crash in the IIS app pool. If the user is keen and keeps trying, he can crash the app pool frequently and eventually cause the app pool to stop and the application is down!!!
We are using forms authentication and Asp.net membership provider and role provider. It appears that when 2b is happening, SP is repeatedly (should be only once) calling membership provider GetUser method (until the fatal communication error is coming up I guess). I believe it is for the initila user profile import. When 2a is happening, the GetUser method is not called.
We can manually do things like adding the user to the Visitors group and then taking the user out of the Visitors group, which will add the user to the All People list so he will be able to log on. During the manual process, the membership provider GetUesr is also called but just once and works fine.
This problem only just started occuring recently and only in one environment (the PRODUCTION!). It was all fine and the other environments UAT and training environment both don't have this issue. We've compared the environments and checked all the obvious and couldn't find any differences that could cause this. The production has got around 110 users, which is more than the other environments but still not a lot.
Anyone out there can help?
Based on the comment below it looks like the error is occuring in the custom implementation of GetUser, after the call to the web service. It is also only occuring in the environment that has the most data.
The next thing to check therefore is the code between the call to the web service and the return of getuser. Do you have any arrays where the max length is set? Do you make any assumptions about which data is contained i a spesific item in an array? How do you check/log that the web service is returning a valid result?
Hope this helps
Shiraz
Cause of the problem found. The advanced setting on All People list has got Item Level Edit permission set to none.