I have Team Foundation server 4 years and suddenly all the users not authorized, even the admin users.
When I try to open the website in the server on http://localhost:8080/tfs I get error 401.1
The website work on Windows authentication.
This the failure message in the event viewer:
An account failed to log on.
Subject: Security ID: NULL SID Account Name: - Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed: Security ID: NULL SID Account
Name: ttre Account Domain: WIN-0000000
Failure Information: Failure Reason: An Error occured during Logon.
Status: 0xc0000008 Sub Status: 0x0
Process Information: Caller Process ID: 0x0 Caller Process Name: -
Network Information: Workstation Name: WIN-00000000 Source Network
Address: f280::524:66531:1525:455a Source Port: 52911
Detailed Authentication Information: Logon Process: NtLmSsp
Authentication Package: NTLM Transited Services: - Package Name (NTLM
only): - Key Length: 0
This event is generated when a logon request fails. It is generated on
the computer where access was attempted.
The Subject fields indicate the account on the local system which
requested the logon. This is most commonly a service such as the
Server service, or a local process such as Winlogon.exe or
Services.exe.
The Logon Type field indicates the kind of logon that was requested.
The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on
the system requested the logon.
The Network Information fields indicate where a remote logon request
originated. Workstation name is not always available and may be left
blank in some cases.
The authentication information fields provide detailed information
about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Any idea?
Related
I am using odoo 14 community edition.
I am facing error when click on email (Setting/Technical/Email)
In start its working fine but now its giving following error;
The requested operation cannot be completed due to security restrictions. Please contact your system administrator.
(Document type: Message, Operation: read) - (Records: [512], User: 2)
First of, I'm still new when it comes to Oracle DBs and how they tend to do stuff so please forgive if I'm failing to see something obvious. I spent around 5 hours troubleshooting following issue and can't seem to resolve it on my own. Would really appreciate any help I can get.
I'm running SQL Developer for Oracle XE 18c database on my personal PC, trying to learn APEX with it and I'm having issues creating connection to DB with new user, once new user is added. Relevant info:
Able to connect to database using New connection prompt > sys as SYSDBA / password or system / password screenshot of successful test
Must change from CDB to PDB (in my case to XEPDB1 with ALTER SESSION) if I want to add user
If I try to add user either through SQL or GUI when in CDB - I get error ORA-65096: invalid common user or role name in oracle (meaning I have to switch to PDB - ok, no problem)
Once I switch to PDB - I am able to add user properly
User is simple name, simple pass, no way it can be missed, made 5-6 different accounts while trying, demo/demo, test/test, we'll use username: master / password: masterkey in this example
Once I try to create New connection > master / masterkey I get Status : Failure -Test failed: ORA-01017: invalid username/password; logon denied, this is happening with every single user I created logon denied
Same happens if I try logging through SQLPlus sqlplus success for system user
All the tutorials, explanations and answers I found, make it so simple to log in with system > create new user > create new connection with that same user. Simple as that, but not me.
Now, I do see my created user under Other users section but I believe I should be able to have this user separately, as it's own connection, right?
screenshot for that
I will appreciate every help I can get. Let me know if you need any other configuration data.
lsnrctl services output:
LSNRCTL for 64-bit Windows: Version 18.0.0.0.0 - Production on 09-MAY-2021 02:52:21
Copyright (c) 1991, 2018, Oracle. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=DESKTOP-LU84249)(PORT=1521)))
Services Summary...
Service "33a4c118d1384fc5842519d99267b5b7" has 1 instance(s).
Instance "xe", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:13 refused:0 state:ready
LOCAL SERVER
Service "CLRExtProc" has 1 instance(s).
Instance "CLRExtProc", status UNKNOWN, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:0 refused:0
LOCAL SERVER
Service "XE" has 1 instance(s).
Instance "xe", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:13 refused:0 state:ready
LOCAL SERVER
Service "XEXDB" has 1 instance(s).
Instance "xe", status READY, has 1 handler(s) for this service...
Handler(s):
"D000" established:0 refused:0 current:0 max:1022 state:ready
DISPATCHER <machine: DESKTOP-LU84249, pid: 7788>
(ADDRESS=(PROTOCOL=tcp)(HOST=DESKTOP-LU84249)(PORT=59728))
Service "xepdb1" has 1 instance(s).
Instance "xe", status READY, has 1 handler(s) for this service...
Handler(s):
"DEDICATED" established:13 refused:0 state:ready
LOCAL SERVER
The command completed successfully```
Resolved by rebooting PC. Database was installed few hours earlier and I didn't reboot PC ever since, even with everything else properly configured. Connected successfully using service name XEPDB1 (should be default for XE DBs).
Web deployment task failed. Error ERROR_USER_UNAUTHORIZED
We are using Tfs Build Automation and msdeploy for publishing an web application on remote machine.
On "Visual Studio Build" step we set this parameters on "MSBuild Arguments":
/p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=$(UserName);Password=$(Password)
After quing the build we get this error:
C:\Program Files (x86)\MSBuild\Microsoft\VisualStudio\v14.0\Web\Microsoft.Web.Publishing.targets(4276,5): Error ERROR_USER_UNAUTHORIZED: Web deployment task failed. (Connected to the remote computer ("MySERVER") using the Web Management Service, but could not authorize. Make sure that you are using the correct user name and password, that the site you are connecting to exists, and that the credentials represent a user who has permissions to access the site. Learn more at: http://go.microsoft.com/fwlink/?LinkId=221672#ERROR_USER_UNAUTHORIZED.)
I am sure that username and password is correct, and the user isAdministrator on the server (MySERVER).
I checked the Management Service log on IIS and found something important:
the build agent's username(tfsadmin) sent for deploy on IIS instead of the user/pass that I set in build variables.
Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 - MyBuildServerIP - - 401 2 5 1322
2018-01-03 09:29:02 MYSERVERIP HEAD /msdeploy.axd site=MySiteName 8172 tfsadmin MyBuildServerIP - - 401 1 1326 86
Update 1:
I add more information, as you see below in build log, in msBuildArgs the password is empty (instead of ********)!
WebDeploy Version : 3.6
TFS Version : 2015.1
Target Machine (MySERVER) : Windows 2012 R2
IIS Version : 8.5
The "tfsadmin" user has local administrator of target server (MyServer) and IIS Manager Permission on the target IIS Site.
Build log :
2018-01-06T06:37:19.9298797Z Starting task: Build solution $/MyProject/MySolution.sln
2018-01-06T06:37:20.0529203Z Executing the powershell script: D:\Agents\Agent-01\tasks\VSBuild\1.0.16\VSBuild.ps1
2018-01-06T06:37:20.3760645Z ##[debug]Entering script VSBuild.ps1
2018-01-06T06:37:20.3790648Z ##[debug]vsLocation =
2018-01-06T06:37:20.3800653Z ##[debug]vsVersion = 14.0
2018-01-06T06:37:20.3810663Z ##[debug]msBuildLocation =
2018-01-06T06:37:20.3820668Z ##[debug]msBuildVersion =
2018-01-06T06:37:20.3830692Z ##[debug]msBuildArchitecture = x64
2018-01-06T06:37:20.3840679Z ##[debug]msBuildArgs = /p:DeployOnBuild=true;PublishProfile=myProfile;AllowUntrustedCertificate=true;UserName=tfsadmin;Password=;Pass2=********
2018-01-06T06:37:20.3840679Z ##[debug]solution = D:\Agents\Agent-01\_work\2\s\MyProject\MySolution.sln
2018-01-06T06:37:20.3860721Z ##[debug]platform =
2018-01-06T06:37:20.3870700Z ##[debug]configuration =
2018-01-06T06:37:20.3880727Z ##[debug]clean = true
2018-01-06T06:37:20.3890697Z ##[debug]restoreNugetPackages = true
2018-01-06T06:37:20.3890697Z ##[debug]logProjectEvents = true
2018-01-06T06:37:20.4010877Z ##[debug]Loading module from path 'D:\Agents\Agent-01\agent\worker\Modules\Microsoft.TeamFoundation.DistributedTask.Task.Internal\Microsoft.TeamFoundation.DistributedTask.Task.Internal.dll'.
...
Can anybody help me ?
You are correct that the wrong username and password were ultimately used to authenticate the request. Running the command net helpmsg 1326 (1326 is the sc-win32-status value from the log entry you provided) yields "The user name or password is incorrect."
Also interesting is the request/response logged before that. The substatus value 2 for a 401 means "Access is denied due to server configuration favoring an alternate authentication method." according to TechNet. And net helpmsg 1322 yields "This operation is disallowed as it could result in an administration account being disabled, deleted or unable to logon."
Review (or re-review) the instructions at https://learn.microsoft.com/en-us/iis/publish/using-web-deploy/configure-the-web-deployment-handler
If your deployment is still not working, take a look at Microsoft's Troubleshooting Common Problems with Web Deploy.
Deploy from VS with the command line will use the user name and password you provided. However deploy from TFS will use the build agent. So, the first thing is that the service account of the build process should has the correct permission to access the remote server.
Just try to give the build service account local administrator permissions and IIS Manager Permissionson to the site's scope on the remote server ("MySERVER"). Then set the username parameter to "" (empty quotes) and the password field omitted.
Reference: Build only works with username and password in msbuild arguments
This error code can surface because of a number of different reasons.
It typically indicates an authentication or authorization problem, and
can happen because of any of hte following reasons:
If connecting using the Web Management Service:
Verify that the username and password are correct
Verify that the site exists
Verify that the user has IIS Manager Permissions to the site's scope
If connecting using the Remote Agent Service:
Verify that the username and password are correct
Verify that the user account you specified is a member of the Administrators group on the remote computer. NOTE: Because of a bug
in Web Deploy 2.0, the user must be either the built-in Administrator
or a member of the Domain Administrators security group. Attempts to
sync with any other user account, even if it is an administrator,
will see this error code. Verify that the site exists
Reference : ERROR_USER_UNAUTHORIZED
UPDATE:
By default, Web Deploy will connect using HTTP Basic Authentication.
When using HTTP Basic Authentication, specific credentials must be supplied,
e.g.
msdeploy.exe -verb:dump -source:apphostconfig,wmsvc=demo-host,authType:basic,username=someuser,password=somepassword
In your scenario, you can try set the AuthType as NTLM, then try it again.
Just try adding the line <AuthType>NTLM</AuthType> to the publish .pubxml file.
Try this:
On your server go to Computer Management
From the left pan select Local Users and Groups
Go to users find the tfsadmin user
Right click on it and click on Set Password
Give your existing password (whatever it is)
This seems unnecessary but worked for me. I hope someone can explain the "why".
Trying to learn SQL Server, so bear with my noobness, please.
I see the same errors repeatedly in the SQL Server log:
Error: 18456, Severity: 14, State: 38.
Login failed for user 'domain\username'. Reason: Failed to open the explicitly specified database. [CLIENT: ]
There were also many failed login attempts for the same client prior to this error starting.
I checked the connection string on the problem client and it's identical to the string used on other clients that successfully connect. Can SQL Server limit access to a specific IP/client, but continue to allow access to all other users?
This has been discussed here by Aaron Bertrand:Troubleshooting Error 18456
Error: 18456, Severity: 14, State: 38.
Login failed for user ''.
Reason: Failed to open the database specified in the login properties.
Reason:
The database specified in the connection string, or selected in the Options > Connection Properties tab of the SSMS connection dialog, is no longer valid or online (it might be set to AutoClose or the user may simply not have permission).
Note that this could also be a symptom of an orphaned login. In this situation, you will need to synchronize the login and user information
Can SQL limit access to a specific IP/client, but continue to allow access to all other users?
SQL will not and won't deny access to a specific client,it must fall into one of the above cases
My server setup is a bit weird. One of my DB Admins added a Linked Server to my server. In the linked server properties, I see the following in the Security view:
Local server login to remote server login mappings:
Local Login Impersonate Remote User Remote Password
domain\myusername CHECKED
For a login not defined in the list above, connections will:
- Be made using the security context
Remote login: linkedserveruser
With password: **************
Therefore, when I created a stored procedure with the following:
SELECT *
INTO #TEMP
FROM LINKEDSERVERNAME.DBName.dbo.TableName
-- Update local table after processing #TEMP
And setup a SQL job, it was failing with the following message:
Message
Executed as user: NT AUTHORITY\NETWORK SERVICE. Login failed for user 'linkedserveruser'. [SQLSTATE 28000] (Error 18456). The step failed.
After, digging through documentation, I found a KB811031 article that explains this problem and suggested that I map the security context and run the job as osql.
I did not have to map the security context because (as you can see from the settings of the linked server above), it already was mapped. I changed the Type to Operating System Command as suggested. When I run the job now, I get the following message:
Executed as user: domain\MYMACHINENAME$. Msg 18456, Level 14, State 1, Server SOMEOTHERDATABASENAME, Line 1 Login failed for user 'linkedserveruser'. Process Exit Code 0. The step succeeded.
And the job quits reporting success when in fact it failed. Any suggestions on how I can get this type of stored procedure containing a query to a linked server to run as a SQL job?