.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Sharon Maxwell
Post New Web Links

Error in Impersonation - different domain account.

Posted By:      Posted Date: August 28, 2010    Points: 0   Category :.NET Framework
 
Hi I am trying to stop a windows service in a server(on different domain) from my C#.NET windows application using ServiceController I am getting following error Inner Exception: {"Access is denied"} Exception Message: "Cannot open Service Control Manager on computer 'x.y.z.a'. This operation might require other privileges." Enviroment:       Windows application running on Windows 7, C#.NET, 3.5 on “ABC” DOMAIN       Target service running on Windows 2003 server. on “XYZ” DOMAIN       Port 445,135 opened between two systems Code:       ServiceController lo_WinSC = new ServiceController();       lo_WinSC.MachineName = "SYSTEMIPAddress";       lo_WinSC.ServiceName = "ServiceToBeStopped"; Some forum suggesting to impersonate account of target domain but failed to Impersonate. Error: “The security database on the server does not have a computer account for this workstation trust relationship”   Question 1: Is it possibile to impersonate account of different domain. i.e My application running on “XYZ” domain, I would like to impersonate an account “ABC” domain. Note: Port LDAP port 389 is opened between two systems. Is possb


View Complete Post


More Related Resource Links

Error during installation of SQL Server 2005 when typing the domain account

  

I am installing SQL Server 2005 on a server (Windows Server Enterprise Edition 2003 SP2) that is not domain controller and on the screen "Service Account" I checked the box "Customize for each service account" and typed a domain account (it has permission to "logon as a service"), its password and domain, and when I click the "Next" button, I am getting the error below:

"SQL Server Setup could not validate the service accounts. Either the service accounts have not been provided for all of the services being installed, or the specified username or password is incorrect. For each service, specify a valid username, password, and domain, or specify a built-in system account. "

What's happening? Why is this error occurring? What I have to do for this error does not occur?

Thanks for any help me to solve this problem

(Note : Excuse me because my English isn't very good !)

 


Error during installation of SQL Server 2005 when typing the domain account

  

I am installing SQL Server 2005 on a server (Windows Server Enterprise Edition 2003 SP2) that is not domain controller and on the screen "Service Account" I checked the box "Customize for each service account" and typed a domain account (it has permission to "logon as a service"), its password and domain, and when I click the "Next" button, I am getting the error below:

"SQL Server Setup could not validate the service accounts. Either the service accounts have not been provided for all of the services being installed, or the specified username or password is incorrect. For each service, specify a valid username, password, and domain, or specify a built-in system account. "

What's happening? Why is this error occurring? What I have to do for this error does not occur?

Thanks for any help me to solve this problem

 


Impersonation with domain account without joining the domain?

  

My feeling says it's not posible but anyway I am curious if there is at least a workaround for accomplish this.

Basically I am working at my client site and my machine is not connected to the domain.
What I want to do is running a web application locally under a domain account, and using the webdev server.
The webapp uses the default authentication, windows authentication that is.
I tried using impersonation with domain\user & password but I got the following error

Could not create Windows user token from the credentials specified in the config file. Error from the operating system 'Logon failure: unknown user name or bad password.

I have to mention that the username and the password are correct.

Thanks in advance
Iulian


During Install get "No mapping between account names and security IDs" error when picking domain acc

  

Test environment with 2008 servers set up from an image I've taken of a win 2008 r2 sp1 server. I restore that image to a vmware virtual machine, set up a domain controller and added the service accounts I'm going to use later for my sql 2008 r2 install.

Then I take the same image, restore it to another new virtual machine, rename it, give it a new ip address, reboot, join it to the domain, reboot, and begin the SQL install.

 

On the Server Configuration step, when I click the account name drop down and pick <<browse...>> It opens the "select user, computer, or group" dialog and I enter in [domain]\[login] for the service account and click "check names". It resolves that into the "[login] ([login]@[FQDN])" line. I click ok.

I get the "S-1-5-XX-XXXXX-XXXXX-XXXXX-1104: No mapping between account names and security IDs was done." error.

The frustrating part is if I create a new virtual machine win 2008 r2 server from scratch and start the SQL install and use the same login, no error and I can continue with the install.

I'm stuck, can I not create images and use them in this manner?


Wrong Account being used to access files - Help - No Impersonation

  

I run a simple .aspx website on a Windows Server 2008 machine.

There is NO impersonation, and System.Security.Principal.WindowsIdentity.GetCurrent().Name returns NT AUTHORITY\NETWORK SERVICE, which it the account which the application pool runs. In my web.config, I have <authentication mode="Forms">.

 

I tried to test the security of the application and server by removing file permissions to the .aspx files. I was greatly worried when the website continued to run without problem (it should not have been able to read the .aspx files).

By turning on file level auditing, I discovered that the .aspx files were being read by the machine$ account (if the machine is called Serv1, then the files would be read by the Serv1$ account, which seems to have access to all files on the local machine).

 

Is this a security breach or is this behaviour by design ?

Please can somebody assist, as I am worried.


Impersonation issue | Multiple domain

  
Hi,I am working on an Intranet site.The site is running with the following configurationWindows 2003 Server, IIS 6The users of the site come from 3 different domains (say Domain A, B, C). We have Integrated Windows Authentication turned on. App pool identity - Network Service Impersonation is turned Off in web.config. We try to impersonate the original caller programatically for one functionality where we try to access contents of a folder on shared drive by giving a UNC path. System.Security.Principal.WindowsImpersonationContext impersonationContext;impersonationContext = ((System.Security.Principal.WindowsIdentity)Context.User.Identity).Impersonate();...DirectoryInfo rootDir = new DirectoryInfo(path); DirectoryInfo[] dirContents = rootDir.GetDirectories();// We show the folders and files which can be downloaded after this ..impersonationContext.Undo();  The web server and the file share are on domain AIssue The above functionality works fine for all users coming from Domain A but for users coming in from Domain B and C get System.UnauthorizedAccessException at rootDir.GetDirectories(). But when the same users type the same UNC path from Win>Run or File Explorer, they are able to open it.The users are all coming in through IE6, so they do not have to provide their user name, password as trust has been established between all 3 domains. Can anyone please p

People Picker gets error when selecting user from a trusted domain(one way forest trust)

  
  Hello all,   Our current setup is SharePoint 2010 Foundation server in one external forest(Trusting forest), and trying to have users in a separate internal forest(Trusted forest) access the site. The external forest's DC and SharePoint server are in a DMZ separated by a firewall with the internal forest's DC and users. A one way transitive forest trust was successfully created and has been validated. On SharePoint, we're ran the sts commands to set the setapppassword as well as the peoplepicker-searchadforests adding the domain that the SharePoint server is in, as well as the trusted forest. An iisreset was issued after running these commands. In SharePoint, we can then search for users from the trusted domain, and select the users in the Select People page, but when hitting the final Ok, an error is received: An unexpected error has occurred in which a correlation ID is provided. Reviewing the SharePoint logs we find the following: <!-- /* Font Definitions */ @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-520092929 1073786111 9 0 415 0;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-520081665 -1073717157 41 0 66047 0;} /* Style Defin

Can't view the SharePoint Site. Explorer won't take domain account

  
Hi, I'm having issues viewing the SharePoint 2010 Site that I have deployed from any workstation. It seems that my permissions settings have broken - even though I haven't touched them. Whenever http://start/ is visited (the Intranet top site) it asks for credentials. They should have been taken from the User that was logged onto the machine. E.g. NATWIDE\UserA. After entering the credentials, it doesn't accept them, and asks for them again. And again. And then blank page. I'm not receiving the SharePoint "restricted access" page... HOWEVER, when I log into the website via Mozilla Firefox - it appears that the credentials are fine, and it works according to the permissions set for the site from within SharePoint. Does anyone have any idea why this would be happening. I'm completely stumped and I can't find a similar issue anywhere else. I have installed a Stand-alone installation of SharePoint 2010 Server Enterprise on Server 2008. The account that installed the SharePoint server and is a FARM Administrator, can't even log in to view the page. Cheers, Stu. I do not think much of a man who is not wiser today than he was yesterday. - Abraham Lincoln

"The username is invalid. The account must be a valid domain account."

  
So I'm at the SharePoint Products Configuration Wizard, I put in the Database Server and name then put in the username and password. It just keeps saying this message after I hit the Next button! :   The username is invalid. The account must be a valid domain account.   What's wrong?

The specified user account "domain\username" is a local account. Local accounts should only be used

  
HI Im getting this error when trying to set a new Service account for my performance point services. SharePoint is installed in a single server enviroment. I can´t get a new service account configured and I think this is causing my server to run slowly. Any help would be highly appreciated thanks

Invoking custom WCF service throws an Impersonation error from SQL

  
I've written a custom WCF service and hosted it in SharePoint. Accessing the MEX endpoint works fine. However, when I try to invoke the WCF service from my client code, I get the following error: 'A transport-level error has occurred when sending the request to the server. (provider: Shared Memory Provider, error: 0 - Either a required impersonation level was not provided, or the provided impersonation level is invalid.)'. This exception gets thrown even before my WCF service gets invoked. Attaching a debugger, I see the following stack trace associated with the exception: 00000000`0c2dd7d0 000007fe`e7589b95 System_Data_ni!System.Data.SqlClient.SqlConnection.OnError(System.Data.SqlClient.SqlException, Boolean)+0xd4 00000000`0c2dd810 000007fe`e7b7cd3b System_Data_ni!System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(System.Data.SqlClient.TdsParserStateObject)+0xf5 00000000`0c2dd870 000007fe`e758c4ee System_Data_ni!System.Data.SqlClient.TdsParserStateObject.WriteSni()+0x5f77ab 00000000`0c2dd8f0 000007fe`e758bf29 System_Data_ni!System.Data.SqlClient.TdsParserStateObject.ExecuteFlush()+0xae 00000000`0c2dd950 000007fe`e757a1c7 System_Data_ni!System.Data.SqlClient.TdsParser.TdsExecuteRPC(System.Data.SqlClient._SqlRPC[], Int32, Boolean, System.Data.Sql.SqlNotificationRequest, System.Data.SqlClient.TdsParserStateObject, Boolean)+0x1189 00000000`0c2ddbf

Hyphens in domain names get trimmed from account names in user profiles

  
We've been trying to launch an internal deployment of SharePoint 2010 MySites but we've run in to a problem with the user profile import. We've reviewed all of the relevant guidance and have been able to complete an import successfully, but all of the characters before a hyphen in our domain name are getting truncated from the imported username. To illustrate:   PREFIX-BLAH\tristan.watkins becomes BLAH\tristan.watkins after it is imported. When I log in, a new user profile is created for PREFIX-BLAH\tristan.watkins and all of the imported profile data is useless, since it is associated with a non-existent BLAH\tristan.watkins.   I'm assuming this is an issue with the beta version of Forefront Identity Manager 2010 that shipped with SharePoint 2010 beta, but I can't find any information suggesting this is a known issue and for all I know it may actually be a SharePoint issue rather than a problem with FIM. For what it's worth, this was not a problem in SharePoint 2007. Can anyone help?

Same server farm administrator domain account for both Intranet and Internet Sharepoint site?

  
Hello,   We are planning to setup 2 streams of architecture for both Intranet and Internet web sites. Just wondering whether there is any best practices/security concerns if we are using the same domain account as the Server Farm Administrator for both Intranet and Internet platform?   Thanks,

How to change the System Account into Domain Administrator account in Sharepoint?

  
I'm attaching the captured image from the Central Admin of our Sharepoint Server. (http://www.experts-exchange.com/images/346242/Central-Admin.jpg) As you can see from the Central Admin image, the user account shown is "System Account", in whereas I logged in as our Domain Administrator. Then when you check it's info from My Settings, the details from the captured image System Account Info was shown. ( http://www.experts-exchange.com/images/346243/System-Account-Info.jpg) How can I change it as be DOMAIN\Administrator & not SHAREPOINT\system or System Account? Please advise...  

User Profile Synchronization: Name of user account / id uses wrong Netbios domain name?!

  
I've got an interesting situation: I've got a domain e.g. FOOBAR.FI. The Netbios domain is due to historical reasons BARFOO. When I use UPS to import accounts from the FOOBAR.FI domain, the user account names in SharePoint are given the id of FOOBAR\<useraccount>. This works so and so. Users are identified and My Sites is fine. However the organizational chart and other fields where you can specify another user don't work as they should. If the manager is specified from AD, the organizational chart works. However, if I edit a profile and check the manager, it's in the form of FOOBAR\<useraccount>. SharePoint highlights this and a tooltip says that the account cannot be found. As a suggestion, it gives BARFOO\<useraccount>, which is found from the AD. All fine and dandy, until you check the organizational chart, which turns out to be empty at this point. This is because in SharePoint there's no user with the name BARFOO\<useraccount>, but only those FOOBAR\<useraccount> users who've been imported from the AD. So bottom line question is: How does UPS select and set the user account name?

Getting error messages after replacing the domain controller

  
Version: Sharepoint 2007 We installed new servers, including a new Domain Controller.  When I remove the old DC I start getting the following error: Error Please contact your administrator.  There was an error contacting the server. Technical information (for administrator): HTTP code 500: Internal Server Error Do I have to tell sharespoint to use a new DC somehow?

1511 Error on AppPool service account

  
How do I resolve the following error in the Windows application event log? This error occurs on the Web Application (managed) service account. Event Type: Error Event Source: Microsoft-Windows-User Profiles Service Event Category: None Event ID: 1511 Date:  6/08/2010 Time:  4:01:41 PM User:  [domain]\svcSharePointAppPool Computer: [my SP server] Description: The description for Event ID ( 1511 ) in Source ( Microsoft-Windows-User Profiles Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The event log file is corrupt..
Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend