I'm trying to connect the User Profile Service (UPS) to AD using an account with the proper permissions. When I click the Populate button, the AD forrest immediatly appears, but I cannot expand it. If I select the entire forest the process times out.
The error message on screen says it is a client machine time out. There are no entries in ULS or the server app or system logs.
I've tried upping the default 300 to 3600 in the web.config files which didn't help. I have the exact same setup in my test farm, which makes me wonder if the problem lies with the UPS.
Both UPS services are running, both FIMs are running
Problem solved! Turns out there is a local security policy for LDAP that was set to Negotiate and should have been off.
Related
I am trying to schedule an on-premises copy job that contains a SQL Server.
However I am getting a different kind of error when trying to enter the sql server credentials.
Type=Microsoft.Data.Mashup.InternalMashupException.Message..sorry,en
error occurred during
evaluation.,Source=Microsoft.Data.Mashup"Type=Microsoft.Mas..data
protection operation was unsuccessful. This may have been caused by
not having the user profile loaded for the current thread's user
context which may be the case when the thread is
impersonanting.Sources, "Type=Microsoft.Mashup.Evaluation.Inter...
I have provisioned the gateway onto the server where the sql server is hosted but getting this error.
Also I am using the Copy Preview feature to get this working.
I may be wrong here, but it looks like an authentication issue. Have you tried connecting to the server from the gateway? Open the Microsoft Integration Runtime Configuration Manager, go to Diagnostics and fill every field, then click test. If everything is correct, a green check should appear. You are trying to impersonate a user, so choose Windows instead of Basic.
Try with it until you get the green check, then make sure that the linked service you are using has the same info you used and it should work.
You can also try creating a database user and give it permissions to make the query you want, then changing the linked service to use the database user instead of the windows user.
I'm currently facing an Access Denied error while connecting to an Azure VM. This VM is registered in an Active Directry. When I log with the AD credentials, I get an "Access Denied" error message with a "Ok" button without any other text on the screen. I never faced this issue before. The maching was working perfectly last week...
Do you have any idea about this issue ?
Thanks for your help
Access Denied Error Screenshot
Can you still access the VM and its using your Azure Portal login? If so, try adding the AD user via RDP.
Go to Computer Mgmt on the VM via Remote Desktop
Expand the list of Remote Desktop Users.
Select the user(s) to add.
See details in the MSDN thread:
https://social.msdn.microsoft.com/Forums/en-US/9ebce1bb-2aa0-4bb0-adc7-d1e229c5ee9e/add-user-to-remote-desktop-group-in-azure-vm?forum=WAVirtualMachinesforWindows
If you're having RDP issues with the primary user account, check the Settings blade of your VM in the Azure Portal, and look at the Users list under Resource Management.
Hope that helps!
I had the same issue, in my case it was related to Terminal Service Licensing.
First save a local copy of the RDP file from the portal and run this command at a PowerShell command prompt to connect. This will disable licensing for just that connection:
mstsc <File name>.RDP /admin
after you are able to connect then open the Event Viewer an look for an Event with ID 4105 in WIndows Logs > System. this event should appear every time a logging was attempted.
If that is the case, follow this steps to solve the issue
Event ID 4105 — Terminal Services Per User Client Access License Tracking and Reporting
Hope this helps.
I am getting error while publishing the 2013 workflow via designer. Also, under sharepoint designer if I try to delete any workflow then the page just refreshes and the workflow does not get deleted.
I checked the services.msc and found that the workflow backend service was stopped. (this happened as the password of the user under which this serivce was running had changed).
So, the network admin changed the service user to LOCAL SYSTEM and started the service.
Now, the workflow backend service is started. We have also ran the iisreset.
However, I am still getting the same error:-
System.IO.InvalidDataException: A response was returned that did not come from the Workflow Manager. Status code = 503: Service Unavailable
Service Unavailable
HTTP Error 503. The service is unavailable.
Client ActivityId : ee94689c-4e08-b055-fe9c-268d7a94
Please find attached snapshot.
Is the error as a result of the change in service user? Can you tell me what priviledges should the account running the workflow backend service must have?
UPDATE 1
We have tried to set the account to farm admin and also tried to set it to site admin. Now, for a new web application, I can delete workflows. However, for existing site, I am not able to delete the existing workflows.. Also, I am not able to publish workflows (present under new and previous sites) and the error is same as described earlier.
Open IIS and make sure identify of the WorkflowMgmtPool is correct, you can re-type the identify. Then make this pool is started.
Check and reenter credentials for:-
Open Services.msc, find Service Bus Message Broker service and Windows Fabric Host Service. Make sure they are running. If not, firstly, start Windows Fabric Host Service, then start Service Bus Message Broker service. If Service Bus Message Broker service is started, stop and re-start it.
Reference- this forum link
This error occur because you have not registered the workflow correctly. Re-register the workflow and it will get solved. Also make sure you have activated the App management Service in your site features.
http://designerworkflow.blogspot.in/
Workflow Manager CU2 to get to 1.0 Refresh in Web Platform installer worked first time for me!
http://support.microsoft.com/kb/2902007/en-us
I had this same issue.
I was able to resolve it by going to IIS on my application server, editing the identity on the Workflow Management Application Pool, saving it and restarting it. I also restarted the server.
Does anyone know how to download the Azure diagnostic logs? From the control panel, it shows me an ftp link for the logs, but when I click it it prompts me for a username/password. Any username/password I try just results in a "530 User Cannot Login" error.
It looks like the same address that Vis Studio does it's publishing to, and that had a '$' before my username. I tried that as well, but no-go.
Just curious how to get the logs when you start having errors pop up in the application, or is there something else I should be doing to prepare my app for going on Azure?
Thanks,
Mike
You would need to use FTP client application to access to files instead of using the Webpage as it is designed to use a client app to display the files.
I have configured FileZilla as below to access my Windows Azure websites to access Diagnostics Logs as well as use the same client application to upload/download site specific files:
In my blog Windows Azure Website: Uploading/Downloading files over FTP and collecting Diagnostics logs, I have described all the steps.
As an update as of December 2015 (New Azure Portal)
Apparently the FTP Username and Password is not set by your publish settings or anything else that I can find.
The steps to first set up your FTP credentials are to go to your web app on the new portal. Click the settings icon at the top of the "blade". There's like 25-30 different links to settings there. The one we want is under Publishing and then Deployment Credentials.
I thought I had already set these up with my publish profile but those were not working. You should have the opportunity to enter your desired username and password now for FTP and git specifically.
Now go to the blade for Diagnostics (It was right above the publishing section) and you can copy the ftp url. I just copied the first one (ftp not ftps), went to FileZilla and used the ftp url, my new username and password, and port 21 and I was able to see all log files as expected.
This does NOT mess up or affect your publishing credentials in any way that I can see.
On the new Azure Portal there's a new concept of site extensions there you can find an extension called Azure Website Log Browser which makes it extremly easy for you to access your website's logs (viewing and downloading them).
You can read more about it here.
Just to clarify the process, for me it was:
Setup APP server properly (Deployment -> Deployment Credentials ... set username and password
Read correct username at Monitoring -> Diagnostic Logs ... there's a label with SERVERNAME\USERNAME (this whole is username!)
Use WinSCP for SFTP connection and configure it properly. Then I was able to connect.
I had the same problem but your image helped solve my problem. I wasn't using the [sitename][username] (I say sitename but perhaps I should call it hostname/domain)
I don't know if this will help you, and you may have already tried it, but the username I used was my Windows Live ID. (I did not use the dollar $ign)
Oh and one other thing and I don't know if this matters or not as far as accessing the ftp site where logs are stored but make sure you have enabled them under Websites | [select your website] | Configure - Then scroll down to Diagnostics and click "ON" for the logs you want turned on.
I added that last part because I don't know if your ftp.[sitename].azurewebsites.windows.net/LogFiles/ directory has been created and since this is where I am dropped off at (/LogFiles) after signing in, if it doesn't exist you might not be able to log on.. just an after thought.
Good luck!
John
Make sure that you set up deployment credentials for the application. This is needed by FTP. (Example user name: MyFtpUserName)
Then, when browsing to that provided ftp link, remember to qualify the user id with the domain. (Example qualified user name: MyWebSiteName\MyFtpUserName)
I'm running Windows 7 SP 1 and have just turned on IIS 7. Just trying to access the default page it creates I get a 503 error, and the application pool stops. I look in the event log and I find the error:
Windows cannot copy file \?\C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm to location \?\C:\Users\TEMP.IIS APPPOOL.000\AppData\Local\Microsoft\Windows\Temporary Internet Files\SQM\iesqmdata_setup0.sqm. This error may be caused by network problems or insufficient security rights.
DETAIL - Access is denied.
I tried making the TEMP.IIS APPPOOOL.000 folder available to everyone. I tried making Users available to everyone. No luck, it still dies with the same error.
What is happening here, and how can it be fixed?
It sounds like you're having the same problem as details in this IIS.NET forums thread. You didn't mention if you have x64 Windows 7 or not. Suspect that your development machine is misconfigured somehow; sounds like the uninstallation and reinstallation of IIS7 would help/fix.
Suggested courses of action:
Open IIS and its Application Pools. Open "DefaultAppPool" and any other Application Pools in use.
Click Advanced Settings for each of these. Ensure the "Load User Profile" is set to 'False'
Also ensure that the "Set Application Pool Defaults" has the Load User Profile set to False."
I encountered the same problem in my development environment (Windows 8.1). Instead of disabling the load user profile as suggested by P.Campbell, I went ahead and changed the permission of the sqm file to allow modify accesses for IUSR, IIS_IUSRS and Network Service. In my case, the sqm file was not able to show me the file owner in which I taken over with my user account.
Basically, my problem was solved by giving the correct permission for both source and destination files/folders.
Found the answer here - http://forums.iis.net/p/1180636/1992024.aspx
Open IIS Manager
Find the App Pool that is causing the problem
Open Advanced Properties
Change 'Load User Profile' to false
Fixed!
After struggling with all these Application Pool issues in IIs, I found the problem and the solution. This may help you.
Each application pool on each website in Microsoft's Internet Information Server creates its own user account and folder under the "c:\Users" directory when the pool is created and first run. Its actually a virtual user account and should be named for the Application Pool assigned to your web application in IIs. In most development environments, its the default website or "DefaultAppPool". It uses this temporary user account to run the pool. Each website should have a named user pool account. This User folder is used by the pool and ASP.NET for caching and writing of file resources and other things used by IIs, ASP.NET, and this virtual account.
In some setups people are not seeing this folder but a "TEMP" folder (like you have) when the IIs web site is accessed and using the pool.
If you instead see a "TEMP" folder in the Users folder you have a broken application pool account in IIs and in the Registry. The pool is creating the TEMP folder as a backup for this virtual account, which might not have the right security setup. I had this exact scenario.
To fix it go to the registry under:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
See if you have a SID user account with the ".bak" extension for a DefaultAppPool user account. If so delete it and restart your PC. Test your website again, making sure its actually setup to use DefaulAppPool. It should now recreate the "DefaultAppPool" folder in Users, recreate the registry entry for DefaulAppPool user, and your error should go away.
You can delete the TEMP user folder at that point under the Users folder. (Keep in mind if your web app has been storing cached information critical to users of the website, some of that might have to be inserted into the new DefaultAppPool user folder. But for most of us, just delete it.)
I also found I had to add this kooky virtual application pool account to my local database so the worker process and app pool accnt could have the rights to grab data from SQL Server: Just go into SQL Server and under logins add "IIs AppPool\DefaultAppPool" and then assign it as a user to your databases.
(btw whomever dreamed up this virtual application pool account system is nuts....its way too complicated and convoluted to sort out)
After I did this, all my stack overflow errors went away in Visual Studio for my web application, all data connections fired perfectly, all write permission to the default User profile stored properly, and all the restarting and crashing of the Application Pool in IIs ended completely. :)