I am doing a Project on LAN of an internet cafe. I have a scenario in which 9 nodes and a server is attached with a switch. I have a "reboot and restore" application hosted on a server. So when a client node reboots the particular application on server auto runs and restore the settings on client node.
I want to know which application server will be used for particular store and reboot application with auto start settings?
Look, as for as Auto Star feature is concerned, You can add (to my experience) any application to the startup calls of Windows (assuming you are a windows user)....and the procedure is not that tough,
go to start -> program -> start up ( The idea is to open this folder for you required user)
paste a shortcut of your application executable in to it..
when next time, windows will login, it will load all the applications present in this folder ( and others coming from different Registery Entries ) and thus your application will become Autostart..
and the other thing, I saw a few cafes / offices using an application named "freeze". what this application does is, it creates a snap of user settings, and each time when system is logged in, this application loads and restore that snap shop of user settings...thus, you are able to have predefined settings always applied to such scenarios as yours..
Hopes this helps..
Related
I have been working with Oracle SOA Suit 12c human task component. However, I have created a simple bpel processs that takes one input for human intervention and response required by the user assigned. The project deployed successfully to weblogic domain soa_server1. Now the web service is being tested by oracle em->soa_server->composite application. When the user login to worklist, the task is being populated but when he clicks on task, it shows a login form rathar than the huam task form(the jsf/jspx) page.
Additional Details
Weblogic Server 12c, SOA Quick Start 12c(12.2.2.1.0) installed and weblogic domain configured using database. JDeveloper version 12c.
Below is the screenshot of worklist
Can anyone please look in to this, what's the issue??
Issue was related to user assignment in Human Task dedinition.
Double click on human task in your composite.
Go to assignments(user assignment)
My mistake- I had set the owner as weblogic and trying to access the task in worklist with user 'level1'
SOLUTION THAT WORKED FOR ME
Either leave blank to owner text filed or specify all users whom task is being assigned or users who manually clam task.
I haven't tried but probably of you have hierarchy set for users then it might require only top level person to be specified in owner section.
I had a different issue the url in the humantask configuration was pointing to some random name and not the server host name changing that worked
I have spent several days trying to get a "managed service account" set up on Windows Server 2012 for a .NET web app. Let's start with the error and work backwards.
I get the following events ever time I try to access a page on the web site where * is the name of my app pool:
Warning 5021 - The identity of application pool * is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number.
Warning 5057 - Application pool * has been disabled. Windows Process Activation Service (WAS) did not create a worker process to serve the application pool because the application pool identity is invalid.
Error 5059 - Application pool * has been disabled. Windows Process Activation Service (WAS) encountered a failure when it started a worker process to serve the application pool.
~~~
While standing up a new server, I came across what appears to be an awesome feature which I had not used before:
http://technet.microsoft.com/en-us/library/dd548356%28v=ws.10%29.aspx
Since I am standing up a new app with a new database, this seemed like the perfect opportunity to take this for a drive!
I eventually figured out how to create the managed service account with the following power shell commands on a domain controller:
import-module activedirectory
new-ADServiceAccount -SAMACCOUNTname "SERVICE_ACCT$"
add-adComputerServiceAccount -Identity SERVER_NAME SERVICE_ACCT$
In the same powershell window, I can list services accounts for a given server with this powershell command:
get-ADComputerServiceAccount SERVER_NAME
And my managed service account is there! All good so far ...
I then had to modify our central group policy to include my service account for "Log on as batch job" and "Log on as service". These were under Polices\Windows Settings\Security Settings\Local Policies\User Rights Assignment on our domain controller (these were not editable on the local server as these were being pushed down).
After the changes and a coffee break, the rights show up on my server!
So now I have (1) created a managed service account which has (2) been granted access to a specific server and on that specific server (3) the service account has log on as batch job/service rights. I also (4) gave both the app pool and service account modify access to the web site folder.
I verified the site works with the default AppPoolIdentity account.
And ... I still get the errors above (which I have had during this whole process). I have to be missing something, but I just can find anything else to try!
Regards,
Cooter
I had to put this on the shelf for a while, but was eventually able to get this working. The most helpful resource I found was the following YouTube on MSAs.
http://www.youtube.com/watch?v=VNCGSQPhLuM
To summarize, there are quite a few requirements and steps
Domain Requirements:
Domain Function Level - Windows Server 2008R2+
Run ADPrep/ForestPrep
Client Requirements:
Windows Server 2008R2+
.Net Framework 3.5
Active Directory Module for Windows PowerShell (this gets installed with AD DS, but I was able to excluded all but the module during the process)
Supported Software:
IIS - yes (app pools)
SQL Server - no
On server where MSA is to be used, navigate to Server Manager - Features - Add features
Confirm 3.5 Framework installed
Confirm Active Directory Module for Windows PowerShell installed
On any server with AD administration tools, Via PowerShell: NOTE: My MSA is WorkProdDnnIIS and my host is WorkProd2012.
C:> import-module activedirectory
C:> New-ADServiceAccount -name WorkProdDnnIIS -enable $true
C:> Add-AdComputerServiceAccount -Identity WorkProd2012 -ServiceAccount WorkProdDnnIIS
On any server with AD administration tools, via AD Users and Computers
the new MSA should be listed under "Managed Service Accounts"
On server on which MSA is to be used, via PowerShell
C:> import-module activedirectory
C:> Install-AdServiceAccount -Identity WorkProdDnnIIS
On server on which MSA is to be used, via IIS Manager
Change App Pool identity (e.g. POWER\WorkProdDnnIIS$ - Dollar sign required on end, leave password blank)
Lastly, the local policy settings to allow "Log on as batch job" and "Log on on as service" are required for the MSA for IIS app pools. I would suspect that the Install-ADServiceAccount would do this, however these changes could not be made locally. I manually edited the group policy on a domain controller to achieve the same end result.
Regards,
Cooter
This probably isnt an issue with SiteCore per se but I've included it for completeness. I have sitecore 6.3 running under IIS7 using a custom identity for the app pool. I cant get Sitecore to write its logging information (using the default log4net settings) to the eventlog. I've followed the advice here: http://logging.apache.org/log4net/release/faq.html#Why%20doesn%27t%20the%20EventLogAppender%20work? and although it works fine when I make the custom identity a member of the administrator's group I need to find a way to get it working in production without such a security hack.
The weird thing is that I have a MSI that installs it (running under an account which IS a member of the administrator's group) and creates the correct registry keys in the eventlog for me and yet despite that, I am still getting the following error when I run the application using the custom identity (without it being a member of administrators).
log4net:ERROR DOMConfigurator: Could not create Appender [EventLogAppender] of type [log4net.Appender.EventLogAppender]. Reported error follows.
System.Security.SecurityException: Requested registry access is not allowed.
at Microsoft.Win32.RegistryKey.OpenSubKey(String name, Boolean writable)
at System.Diagnostics.EventLog.GetEventLogRegKey(String machine, Boolean writable)
at System.Diagnostics.EventLog.FindSourceRegistration(String source, String machineName, Boolean readOnly)
at System.Diagnostics.EventLog.DeleteEventSource(String source, String machineName)
at log4net.Appender.EventLogAppender.ActivateOptions()
at log4net.Repository.Hierarchy.DOMHierarchyConfigurator.ParseAppender(XmlElement appenderElement)
The Zone of the assembly that failed was:
MyComputer
log4net:ERROR DOMConfigurator: Appender named [EventLogAppender] not found.
Thinking I could narrow it down to a registry permission issue I granted Everyone full permissions to the following registry key and subkeys but it didnt work either: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog
The custom identity is a member of the following groups:
Event Log Readers
IIS_USERS
Performance Monitor Users
I've also seen the following question which seems to ask the same thing. The Microsoft article seems to suggest it might be a problem with ACLs on an event log and gives examples on how you can change SSDLs but I'd rather avoid that if at all possible.
EDIT:
I have another server running where the log is being populated fine. The custom identity was a member of administrators so I revoked that and rebooted, trying to purposely break it but I cant. Config is identical on both boxes and same identity used to run the MSI which creates the registry keys. Have run procmon on both (after doing a IISReset and spinning up the app pool again) to examine registry activity. Strange thing is - on the box that works you get 477 name not found records for my event source in the wrong places (Application, and a different Custom EventLog "MyCompany"). No hits for the place where it is logging which is "MyCompany\MyCompany.SiteCore". Whilst on the box which is broken, it does appear to be requesting to read the right key (albeit only 6 times) but you then get the Log4Net registry access error.
As I understand it EventStores are stored in the registry, so you only need write permission to registry to create or delete an EventStore. This is usually only needed once and most applications create this as part of the install procedure so that the application does not need to be run as Administrator during normal execution.
However your error message (in the question) includes the method DeleteEventSource from which I would deduce/guess that the EventSource does exist but is wrong in some way. So perhaps this is currently registered as writing to the event log named MyCompany and you are now trying to change it to "MyCompany\MyCompany.SiteCore" which requires you to delete the old eventsource and create a new one.
So it sounds like your installation routine is creating a different EventSource from the one that your application is actually using.
If that doesn't help, then I would suggest enabling internal logging for Log4net (but obviously not to the eventlog) which will probably give you more information.
Giving full permission to the registry key is not enough.
According to Microsoft
To create an event source in Windows Vista and later or Windows Server 2003, you must have administrative privileges.
The reason for this requirement is that all event logs, including security, must be searched to determine whether the event source is unique. Starting with Windows Vista, users do not have permission to access the security log; therefore, a SecurityException is thrown.
Starting with Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. To execute the code that accesses the security log, you must first elevate your privileges from standard user to administrator. You can do this when you start an application by right-clicking the application icon and indicating that you want to run as an administrator.
I think, contrary to the Apache documentation, log4net DOES need write access to the registry – or at least it does in my case. To prove this, I backed up the registry on the server where it wasnt working and granted IIS administrator privileges before spinning up sitecore. Sure enough it started logging away to the eventlog nicely and then when I exported the registry again to run a diff, there WAS a difference.
The value for the eventlogmessage file on my event source had been updated from:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
To
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\EventLogMessages.dll
So I assumed that merely changing this value in the registry by hand would work.
But it didn’t.
So I ran procmon on the two servers I have: A=the working one, B=the failing one. Sure enough, on server B I have a line which says:
Operation: RegOpenKey, Path: HKLM\System\CurrentControlSet\Services\EventLog, Desired Access:Read/Write, Result: ACCESS DENIED.
I’ve traced through with Server A and in exactly the same place, the key is requested with Desired Access:Read.
Conclusion:
It seems unavoidable that I will need to grant my app pool identity administrator privileges in production for at least enough time to programatically do the necessary registry writes the first time from within log4net. I dont know why administrator; I have tried granting Full permissions to the entire eventlog node in the registry for my custom app to no avail. It seems to do something which I cannot identify or pin down. I will then revoke this privilege immediately after it starts to log and monitor whether subsequent installs knock out the functionality afterwards. (Hopefully not).
If anyone has any insight into this behaviour it would be greatly appreciated.
I am currently working on an ASP.NET application in VB.NET and one of its functions is to use the Windows Task Scheduler. The application will need pretty much full control over this as it needs to Create, Modify, Delete and Run tasks.
I found this library to help with the whole thing and it works well but only locally on my Windows XP machine. As soon as I deploy the application to IIS6 on Windows Server 2003 and access pages that use my Scheduler object I get the following error.
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
I have looked for various solutions on the net that include giving specific users (and even Everyone) permissions to %windir%\Tasks using CACLS which didn't work and also using impersonation and adding the IUSER to the Backup Operations User Group which won't work as the Application MUST use Windows Integrated Authentication.
One thing that is confusing me about the whole situation is that the User I am logged in as when testing the application can quite happily remote desktop and login to the server and muck about with the Task Scheduler. Also, if I run the application locally in Visual Studio (still under the same User) and point the application at the Task Scheduler of the server it works fine. Further to this, If I run the application from the server and point it at my local Task Scheduler I get the same "Access Denied" error. All of that makes me think it is not a Task Scheduler permissions thingy but something to do with permissions on some components that the Task Scheduler Library is trying to use.
Does any one know what I could do to resolve this or even just a pointer in the right direction as this has been driving me crazy for over a day now. I must say I am a bit of a newbie when it comes to IIS Issues, Impersonation and Windows Server Security.
Thank you very much
Hey there i kno i may be late what you can do is either set the task to run under the NT AUTHORITY\SYSTEM for that use this
(C#)
string NULL = null ;
task.SetAccountInformation("", NULL);
and to set it for the current user give the username
string username = "your xp username";
or
string username = System.Security.Principal.WindowsIdentity.GetCurrent().Name ;
string NULL = null ;
task.SetAccountInformation(username, NULL);
that will work for you i hope !!!! and let me know how it was !!!
I cannot find the translated file after running the solution in BizTalk 2006 Tutorial Lesson 3: Run the EDI-to-XML Solution.
It should be placed in the c:\Program Files\Microsoft BizTalk Server 2006 \EDI\Adapter\Getting Started with EDI\Northwind\In folder.
The Base EDI adapter picks up the file in c:\Documents and Settings\All Users\Application Data\Microsoft\BizTalk Server 2006 \EDI\Subsystem\Documents\PickupEDI folder, but I cannot find the translated file in the X-12 4010 850 document format.
I'm not immediately familiar with the tutorial you mention, but below are steps to find where any document has gone to in BizTalk.
First two places to check are in the event viewer and in the BizTalk Server Administration Console.
Check you have no errors in the event viewer.
In the admin console, click on the BizTalk Group in the left hand window and you should see two columns in the right hand pane, Work in Progress and Suspended Items. Click on Running service instances and Suspended service instances. Check that you message is not delayed for any reason (a Send Port being turned off perhaps).
Next, from Start -> All Programs -> Microsoft BizTalk Server 2006 select the Health and Activity Tracking (HAT) tool.
In HAT, select Queries -> Most recent 100 service instances. Find the pipeline that will have wrote out your file, right click the service instance and select Message Flow. In the message flow view you should see in the URL the disk location where your file was written to.
(You can also look in the admin console to check where the send port is pointing)
Thanks for your suggestion regarding how to troubleshoot an issue of BizTalk Server from generic point of view. It did help. I have resolved this problem by reading error logs.
Here is the error:
Access denied. The client user must be a member of one of the following accounts to perform this function.
SSO Administrators: SSO Administrators
SSO Affiliate Administrators: SSO Affiliate Administrators
Application Administrators: BizTalk Server Administrators
Application Users: BizTalk Application Users
It works now after adding a service account to "SSO Administrators" and restart all BizTalk related services.