Advertisements
Feeds:
Posts
Comments

Archive for July, 2014


 

Active Directory Security, Permission and ACL Analysis

http://www.ldapexplorer.com/en/liza.htm

Bottom of Form

 

LIZA

 
 

Active Directory Security, Permission and ACL Analysis


Fast and lucid display of container permissions and audit configurations in Active Directory environments.
Analysis: Where in the directory hierarchy are permissions granted for an account (including it’s group memberships)?For which objects the permission inheritance is blocked?

         
    Download Liza
    Version 1.8.11

Liza is a free tool for Active Directory environments which allows you to display and analyse object rights in the directory hierarchy. You could use the tool for example to perform security permission analysis in an AD domain or the AD Configuration Partition.

Top of Form

        

Bottom of Form 


I always found the out-of-the-box possibilities to examine the object security in Active Directory environments rather unwieldy to handle for complex permission settings. So with the LIZA development, i tried to display most of the permission ACE (Access Control Entry) information as simple as possible so you have an almost complete overview at the first sight.

The following topics are available for the LIZA online manual: 

Read Full Post »


NWLOnlineComponents.ascx failed:

Event ID: 7043

Load control template file /_controltemplates/15/NWLOnlineComponents.ascx failed: The expression prefix ‘NWLResources’ was not recognized. Please correct the prefix or register the prefix in the <expressionBuilders> section of configuration.

Log Name: Application

Source: Microsoft-SharePoint Products-SharePoint Foundation

Date: 7/8/2014 5:09:38 AM

Event ID: 7043

Task Category: Web Controls

Level: Error

Keywords:

User: NT AUTHORITY\IUSR

Computer: server.domain.com

C:\Program Files\Common Files\microsoft shared\Web Server Extensions\14\TEMPLATE\CONTROLTEMPLATES

NWLOnlineComponents.ascx

IT is Nintex Error

 

 

Solution

.1- Go to Central Admin > Nintex Workflow Management > Live Settings and activate Nintex Live.


Another solution

2- The “Nintex Workflow – Nintex Live Catalog” feature belongs to the Nintex Workflow solution and is not part of the Nintex Live solution. That is why the feature is in the list even though Nintex Live isn’t installed. You can remove the feature manually using PowerShell however.

 
 

Firstly, make sure the feature is deactivated on all Site Collections. Then open PowerShell and run the following command:

Uninstall-SPFeature NintexWorkflowLiveSite -force

Press “y” at the prompt.

 

http://connect.nintex.com/forums/thread/22630.aspx

Read Full Post »


Server Site Dependencies Common Issue After Upgrade

Event ID 6398, Event ID 7043, Event ID 2137, Event ID 7362, Event ID 57, Event ID 5586, Server Site Dependencies Common Issue After Upgrade

http://social.technet.microsoft.com/wiki/contents/articles/15302.event-id-6398-event-id-7043-event-id-2137-event-id-7362-event-id-57-event-id-5586-server-site-dependencies-common-issue-after-upgrade.aspx?Sort=MostUseful&PageIndex=1


 

Read Full Post »


The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

The Error

Event ID: 10016 Source: DistributedCOM


The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{FDC3723D-1588-4BA3-92D4-42C430735D7D}

and APPID

{83B33982-693D-4824-B42E-7196AE61BB05}

to the user Domain\S-sqlservices SID (S-1-5-21-682003330-1454471165-725345543-8056) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log Name: System

Source: Microsoft-Windows-DistributedCOM

Date: 7/7/2014 9:00:00 PM

Event ID: 10016

Task Category: None

Level: Error

Keywords: Classic

User: DOMAIN\S-sqlservices

Computer: server.Domain.com

Description:

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{FDC3723D-1588-4BA3-92D4-42C430735D7D}

and APPID

{83B33982-693D-4824-B42E-7196AE61BB05}

to the user DOMAIN\S-sqlservices SID (S-1-5-21-682003330-1454471165-725345543-8056) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Solution

I searched in the regedit I found the app id but couldn’t find the CLSID

App ID is for the SQl server integrated manager

To find it go to

So, a quick look at the listed components; and the CLSID can’t be found. That’s okay. Components can be listed in a variety of ways. The CLSID is only used as a last ditch effort if a more readable name is not stored for the component. To find the name for the component, I need to look it up in the registry under HKCR\CLSID, which gives me something much more useful.


Now, all COM security is configured from a little utility named dcomcnfg.exe. More specifically, the permissions I need to deal with are handled under the “DCOM Config” branch of the tree displayed in dcomcnfg.

Console Root -> Component Services -> Computers -> My Computer -> DCOM Config


Now I know that the COM+ server is named Microsoft.SqlServer.Dts.Server.DtsServer, and I know that this is definitely related to SQL Server – Data Transformation Services by the name. Switching back to dcomcnfg, the Microsoft.SqlServer.Dts.Server.DtsServer component is not listed either.


The process listed here is a Windows Service named MsDtsServer110, which is the short name for the SQL Server Integration Services 11.0service. Switching back to dcomcnfg, the SQL Server Integration Services 11.0 component is listed. Perfect. Now all I have to do is configure it.


Fixing the Permissions

The steps listed here are very specific to my error but can easily be adapted to whatever component you need by replacing SQL Server Integration Services 11.0 with the appropriate application name, AppID or CLSID and replacing Network Service with the appropriate Windows user.

  1. In dcomcnfg, right-click on SQL Server Integration Services 11.0 and click on Properties.


  2. Change to the Security tab.
  3. Under Launch and Activation Permissions select Customize.


  4. Click [Edit] to display the Launch and Activation Permissions window.


  5. Click [Add] to open the Select Users or Groups window.


  6. Enter USERNAME.
  7. Click [Check Names].
  8. Click [OK] to close the Select Users or Groups window.
  9. Select USERNAME in the Group or user names list.
  10. Check the Local Launch and Local Activation permissions.
  11. Click [OK] to close the Launch and Activation Permissions window.

The error should now be resolved. For me, all I have to do is wait 15 minutes to see if the error is logged again. If your error can be duplicated another way, repeat those steps to see if you are still getting the error.

How did I get here?

Perhaps more important than all of this is, “why did I get this error in the first place?” The answer to that, in my case, is that I installed SQL Server 2012 and selected Network Service as the logon account for all the Windows services created by the installer. This is contrary to recommended practices, especially since the SQL Server 2012 installer has the ability to configure Windows accounts specifically for use by the Windows services it creates.

Ref: http://klonkers.blogspot.com/2013/09/sql-server-2012-integration-services.html

Read Full Post »


Microsoft SharePoint Foundation Subscription

The Microsoft SharePoint Foundation Subscription Setting service is one element of a concept known as multi-tenancy in SharePoint 2010.  The service provides a means of creating and managing logical groups of site collections based on the need to share settings, features and service data.

         Service provides a means of creating and managing logical groups of site collections based on the need to share settings, features and service data. 

How to start it


1.
     The service “Microsoft SharePoint Foundation Subscriptions Settings Service” is stop

2.     Start service “Microsoft SharePoint Foundation Subscriptions Settings Service” by Open Management Shell input the script below

<# Start Microsoft SharePoint Foundation Subscriptions Settings Service #>

Get-SPServiceInstance | where{$_.GetType().Name -eq “SPSubscriptionSettingsServiceInstance”} | Start-SPServiceInstance


3.     Service “Microsoft SharePoint Foundation Subscriptions Settings Service” is started

 

Get-SPServiceInstance | where{$_.GetType().Name -eq “SPSubscriptionSettingsServiceInstance”} | Start-SPServiceInstance

 

For more Go to

http://www.microsofttechnology.net/2013/04/sharepoint-2010-microsoft-sharepoint.html

Read Full Post »


Event ID 6398 How to fix 6398 Issue

 

Go to Central Admin – monitoring – review job definitions – job history (left) and change the view (right) to Failed jobs. Click on Failed link and you should get similar error messages logged. Review the job to fix and if not needed disable it.

 


Ref:

Read Full Post »

Evend id 6398


http://www.sharepointdiary.com/2011/05/event-id-6398-and-5586-resolution.html

Event ID 6398 and 5586 in SharePoint – Resolution

Read more: http://www.sharepointdiary.com/2011/05/event-id-6398-and-5586-resolution.html#ixzz36hVjrxG5

In a SharePoint Implementation, after provisioning Search Service application, Event log gets filled by these two events every minute: 6398 and 5586.

Event ID: 5586.   
Unknown SQL Exception 2812 occurred. Additional error information from SQL Server is included below.
Could not find stored procedure ‘dbo.Search_GetRecentStats’.

Read more: http://www.sharepointdiary.com/2011/05/event-id-6398-and-5586-resolution.html#ixzz36hVqwnlo


 

Event ID: 6398
The Execute method of job definition Microsoft.Office.Server.Search.Monitoring.HealthStatUpdateJobDefinition (ID 9cb6be54-0384-4c6e-abfc-c2f25621a3ed) threw an exception. More information is included below.
Could not find stored procedure ‘dbo.Search_GetRecentStats’.


 

This is because you have the Usage and Health Data Collection Service Application installed. Intern this service application creates a database for logging and Search Service will try to make entries in that database and it couldn’t 🙂

The solution is:  Enable health data collection. go to “Central Administration >> Monitoring >> Configure usage and health data collection” and check “Enable health data collection” check box.


Don’t forget to Restart IIS and SharePoint Timer job!

If its enabled already and still these IDs are logged into event viewer, then disable that first, Restart IIS and SharePoint Timer job, enable them and Restart IIS and SharePoint Timer job again.

Read more: http://www.sharepointdiary.com/2011/05/event-id-6398-and-5586-resolution.html#ixzz36hVu7pwz

Read Full Post »

Older Posts »

%d bloggers like this: