Should I go to a domain environment?

Similar Questions

• Profile Manager - failed to install the remote access profile in the domain environment & multi-Active Network Directory

  Hi all

  I am a COMPUTER administrator for a college and I am trying to fix what seems to be the last hurdle in getting the Profile Manager works correctly.

  I worked for a while now trying to get the Profile Manager capable of pushing the device and profiles for Mac in our group network environment. I was able to operate intermittently, but not often. Most of the time I'm unable to install the remote management profile.

  When you try to install the remote management profile, I give myself one of the two errors-

  The first error is:

  The Installation of the profile failed.

  The «TeleManagement (com.apple.config. » profile (Server.FQDN.mdm:GUID) "could not be installed because of an unexpected error < MDMResponseStatus:500 >

  (Obviously server.fqdn and GUID are placeholders for their actual values)

  

  The second mistake is:

  The Installation of the profile failed.

  Failed to contact the Protocol SCEP server to ""http://server.fqdn: 1640/CEP / "."

  

  The server Mac OS X 10.11.4 works

  OS X Server is version 5.1

  Client Mac is for most running 10.10.4

  Here's a quick run down on the environment and the steps I have already taken to solve the problem.

  • The network is an Active Directory with several networks multi-domain environment. I mainly work with two different networks, each associated with one of the two areas.
  • The Mac server hosting the Profile Manager is a Mac Pro. The two network cards is used, each on one of the two networks. The Mac server is joined to the domain in the primary forest.
  • I opened all the ports and IP ranges for Apple's Push Notification service for two on our firewall and tested networks between the two networks to ensure that the AFN is accessible.
  • I created a static DNS entry for the server in the DNS zone for the main domain. I also have a separate DNS zone for the DNS record for the interface on the secondary network. I also confirmed that Macs see the correct IP address of the Mac server for their network.
  • I tried to change the settings for network access for the Profile Manager. The first error seems to happen when the Profile Manager are restricted to the network the Mac client is not connected. This same error also occurs if I open Manager profile access to "all networks".
  • I have experiemented with the different certificate types. In general, I use the self-signed certificates that are generated automatically. In this scenario, I install the profile Trust first (which works seamlessly regardless of network or domain). I also tried to use a certificate for Code signing signed with our own CA to sign the profile of remote management. The same errors will occur no matter what certificates are used.
  • The second error occurs when the access profile manager is limited to the same network that is connected to the Mac client
  • I ran Wireshark captures on several client computers, as well as on the Mac server interfaces and haven't seen any traffic blocked or rejected that seemed related to the Profile Manager
  • I've deleted and rebuilt my OD master
  • I also scoured newspapers for clues Profile Manager and haven't found much
  • In addition, I have also studied the problem and error codes/etc widely and have not found a lot of useful information
  • I don't know there are any other troubleshooting steps I took as well, but I've been question bout this for awhile and I don't remember everyone.

  That's a strange thing - I had it working for Mac on the main network and the domain. However, I discovered that the Mac on the secondary network and the field was unable to download the profile of remote management. This is when I started to change the Profile Manager, access network, which eventually introduce the problem on Macs connected to the primary/field of experimentation network. Change access return settings in Profile Manager does not restore functionality for pimps who worked.

  Another thing odd in this test scenario all - Mac on the network high school/area would not install remote profile unless management I temporarily moved it to the main network (I do not untie / reassign to one the main domain on these Macs) I could get the profile of remote management to install and then pushing profiles has worked. Even more strange, it's the Mac that I had to move temporarily secondary network to the main network to allow remote management profile install only works always as long as the Profile Manager are restricted to the secondary network and 'the Mac'. However, Macs in the same room, on the same network in the same field, using the exact image even get the errors described above.

  The only thing I have not yet done is delete/reconstruction Profile Manager. I would really like to avoid this if possible. Solutions that involve something like Casper or other software integration AD for Macs are also a non-starter.

  I'm happy to elaborate if necessary. I appreciate the help.

  Okay, I think I can find the root cause.

  Before this discovery, I had completely rebuilt Profile Manager. Now, I managed by pushing the management profile remote for Mac in the two fields/networks. However, many of them still refuse to install remote management profile.

  Macs who encounter the problem are all were imaged using NetRestore using an image captured from an another similar iMac. IMac even that was used to build the image has now been reassigned in a test of Mac. I found that when you attempt to register one of the Mac who had received this image it shows already as "registered" when you go to "mydevices" on my Mac server. I also noticed that they all have the serial number of the test Mac when viewing their "register". Among the issues of Macs, I activated the lock of the device from the page "mydevices" for the so-called problematic Mac registered (showing the serial number of the iMac used to create the image) and it locked the iMac used to create the image - not the Mac issue.

  This tells me that the CID (or Mac equivalent) is set on the Mac CID used to create the image for all of the Mac said image was deployed to. If it's a Windows box I have a sysprep prior to deployment or could perform a rearm after the fact. I am unaware of how to perform similar functions in OS X.

  I tested also since on some Macs that do not have this image, and they are able to register and install the profile of Managing remotely with success.

  If anyone has any suggestions on how to reset the CID (the computer ID) under OS X, I'd appreciate it. Thank you.

• Working in a domain environment, a printer, XP machine only 10 people can connect to it at the same time

  Currently, I am working in a domain environment. And with an XP based PC, a HP Laser jet 2015 printer is attached. about 90 users printer mentioned. Problem is that only 10 people could make connection with this PC, everyone else remains in the queue and wait there turn. The manual solution to disconnect all sessions (my computer (right click)-> manage-> to connect to a remote computer-> shared-> sessions folder-> disconnect all sessions. but now I'm looking for a mechanism that must disconnect all ideal sessions after a determined time interval.)
  * original title - how do I resolve this issue *.

  From what I understand, WHAT XP allows only 10 concurrent sessions or anything of the sort... you need to install an operating system server to accept more. Not sure if windows 7 or vista no longer accepts.

  Can't really help with a "time out" on the sessions.

• Remote support unsolicited in the non domain environment

  Suppose you have two Windows 7 or machines in home network. Is it possible to configure * spontaneous * Remote Assistance? I tried, but I can't adjust properly authorized list of helpers * gpedit.msc*, since each tutorial that I saw added a domain group or domain user in the list and I don't use the field. It is even possible to configure this feature for non-domain environment?

  Hello

  Welcome to the Microsoft community.

  You can check out the following link and check if it helps.

  Connect to another computer using Remote Desktop connection

  If the problem persists, I'd recommend posting your query in the TechNet Forums. TechNet is watched by other computing professionals who would be more likely to help you.

  TechNet Forum

  http://social.technet.Microsoft.com/forums/Windows/en-us/home?category=w7itpro

  Hope this information is useful.

• Update creative cloud in the domain environment

  Dear support,

  We are in the domain environment and have about 40 computers with installation of creative cloud. In the past, all users have been defined to them as local administrator so domain users were able to first update, but due to the change in company policy, the local administrator permission is removed soon so IT admin must attend each machine to make the creative cloud or upgrading components if they are available. We are keen to know if Adobe has any suggestion to deal with similar scenario in order to minimize the effort of the system administrator.

  Thank you.

  See you soon,.

  LT

  You don't describe your organization, so this can not help but read Government accounts https://forums.adobe.com/thread/1483694 for ideas

• I can't connect you on some client computers on a domain environment unless I have remove the network cable.

  I have almost five machines on my LAN that cannot log on to the domain, unless I have remove the network cable and then it connects.
  Please advise?

  On the domain controller or problems by communicating with the domain controller, when you remove the network cable, you connect with that caching of credentials.  Also look at the DNS settings on the RODC, the RODC DNS should point to itself, make sure that the machines are all on the same subnet.

  John

• VPN connection before user logon in the domain environment

  I took a huge project, but managed to set up a comprehensive network for an organization not-for-profit.  Is only a single obstacle, but the answer is completely referring me.
  I installed a Windows 7 Ultimate in a test environment.  The server is standard 2012 and are located off site.  I have configured VPN and can connect, but remains one of the limitations...
  THE SITUATION
  ... the computer, I am preparing in aura production environment users and will be on the field.  They have shut down the computer during the night and on weekends.  During my tests, I found that VPN will NOT connect automatically.  I don't want a users to this remote location with access to the local office any longer.  Everyone must sign their credentials of domain only, and I'll be locking the local office with identifying information has changed.
  With the help of Google, I found several ways to automate so-called VPN connection, but every article I've read so far says that it happens as a script at logon Windows.  Who defeated the purpose here.  I wish the VPN to be connected at startup, BEFORE the opening of the session, so that users can sign on the field immediately after the power of the computer.  I had considered just giving a directive to leave the PC on 24/7, but in case of crash or regular updates of Windows, which would put us back to the start.
  DEMAND
  Can I do so that the VPN connects automatically TO a user on a desktop computer log?
  THE SPECS
  The clients are on Windows 7 Ultimate Edition
  Connection VPN set up in windows (no third party software)
  Windows Server 2012 with Active Directory server-side
  Before someone says, yes I know that Server 2012 has called DirectAccess, however even if it is installed, it is not an option with my setup because I won't drag desktop through the city to connect to the domain when I can use VPN just as easily without the risk of damaging the material.
  I appreciate the answers and eager to solve this.  It must be possible, as I hear from companies doing this all the time for satellite facilities.  Have a good night :)

  Hello Christopher,

  The question you have posted is linked to the virtual private network (VPN), and the right place for you to contact would be TechNet support.

  I suggest you to check with TechNet support for more information.

  http://social.technet.Microsoft.com/forums/en-us/newThread?category=WindowsServer&Forum

• Office creative cloud in a domain environment

  OK, I've been everywhere in Google and the forums here and have not yet found a solution. I will elaborate on our current issue.

  Currently, we run a mixed environment domain and not domain systems. All systems to communicate through the firewall even border. However, CCP (Creative Cloud Packager) and CCD (Creative Cloud Desktop) only work on non-domaine systems. On the systems in the domain, we can install both applications, however after installation, they simply clock when booting, or in the case of the CCP, we get the error "please connect to the Internet and try again. We have disabled the firewall and AV on these systems (even if both executed on systems not domain without any problem) nothing works. Similarly, we connected and used a local administrator account on these systems in domain (both install and run), still with no luck. It seems as if something to do with the domain, or the domain security systems preventing these products Adobe works fine, but we were unable to understand what he.

  Anyone know, or have experience with this problem or similar problems?

  Thank you in advance.

  Rob

  After a repair for the last week I finally understood that (a weekend away from work wonders makes auditing your head). It occurred to me that I became the security certificate prompt when starting of the CCD on field systems, but was not getting the prompt on systems not to a domain. This thread look at me the certificate and the certificate stores on the two systems. It turns out, put into service the first time, CCD wants to add a third party automatically trusted root certificate. However, it was not possible on the systems in domain as trust of third-party root certificates installation is disabled by domain group policy. The work around was to export the certificate from a non-domaine system and import manually in the domain system (requires administrative access). After manually import the certificate, CCD (CCP) starts and works very well.

• Horizons in a domain environment.

  We support a medical center with multiple locations. Ideally, we would like to do a group policy to force a background to all the jobs for all users. The servers are two with 2012R, one with 2008 and the other with 2003. All positions work on domains are Windows 7 Pro. I had set up a group strategy for the bottom (shared file) in the server and it does not change through. Background stays black, even after completely disconnect, restart and the connection back.

  I also tried turning off group policy and to connect to roaming profiles to set the background.  Once connected, I'm on the site (in Firefox), right-click on the icon and save it as background. The background appears correctly. However, once I have disconnect, then reconnect, the background is all black back. I googled to no end and have found no answers as to why it is not working properly. Help?

  This issue is beyond the scope of this site (for consumers) and to be sure, you get the best (and fastest) reply, we have to ask either on Technet (for IT Pro) or MSDN (for developers)

  *

  http://social.technet.Microsoft.com/forums/en-us/home s/fr-U.S./Accueil
  http://social.msdn.Microsoft.com/Forum

• Install Windows Store Apps in a domain environment

  I work in the 8th largest school district in the nation and we are moving forward with Windows8. We are going to develop some applications of Win8 (LOB) and we are clear on their distribution to our users. But we also want our users to be able to install Win8 Store apps on the Windows Store.

  My question is how can our users install apps from the store without giving them or forcing them to have a Microsoft ID account? Nothing against the Microsoft Account ID (we are in the middle with Win8) but we have 25,000 employees and we do not know how to handle this? Someone has encountered this situation or know the best way to handle this?

  Hi Denny,

  Please post this question in the following TechNet forums link, because they are better equipped to help you:

  http://social.technet.Microsoft.com/forums/Windows/en-us/home?Forum=w8itprogeneral

  If you have questions about Windows operating systems, help us on this forum.

• VCenter should be joined to the domain?

  Is there a reason to join vCenter in the field? I don't want Windows Server it works on but in vCenter itself? Windows Server is already part of the field. I just took the VMware class and remember it being a setting in vCenter to reach the field or something similar, but I can't. Can someone tell me where this setting is and what exactly its used for?

  See http://kb.vmware.com/kb/1021970 for more details

• Mobile environment to the new Windows domain

  We are moving our environment to a new Windows domain. Of course, it is a change in working capital, so some servers/clients will be moved while for once, others will remain. I'm looking for advice on when should I change the new domain VMware hosts, but also the Virtual Center. Do I have to have all guest operating system moved into the new field, before moving the hosts VMware and virtual center? I know it's a DNS issue that issue area... the new domain using different IP addresses for the DNS as the old.

  You can simply configure a DNS zone in the new field that passes to the DNS servers of the old domain, or create records for the esx hosts in the new DNS domain before you migrate their?

  Guests will work regardless of the host servers as long as they can see the appropriate domain / DNS servers, so you should be able to make them as and when you need.

  Kind regards

  Scott

• domain user account cannot log on

  Hello

  I m using the field network.server 2008 domain and windows 7 clients computer computers.one customer can connect server account by using alt + ctrl + del.but create temporary account (TEMP) .this account name David Williams.but create TEMP.then name cannot access some network programs in my network.computer reboot but once again create Temp account.this area remove the computer and connect to new domain.but same problem.what should I do.please help.

  Thank you

  Haribit64

  Hello

  According to the description of the problem you are working on Windows server 2008 in a domain environment. We have a dedicated forum that addresses these issues. So try to repost your query on the TechNet Forum and hope that you will get a quick response from there.

  Keep us.

  Kind regards

• We require domain administrator rights to make backup

  Dear team,

  In our environment, we have symentec netbackup 7.5 to take VM backup using the backup user id. Backup ID user who has domain administrator rights.

  We have a check in our environment I just want confirm to take VM backup should we provide backup user domain administrator rights.

  Need your urgent help on the same.

  Note: In VC backup user added to the backup role.

  concerning

  Mr. VMware

  Why should you provide backup user domain administrator credentials? Domain administrator rights must be limited as much as possible.

  Backup user must have sufficient rights on vCenter, to what it communicates.

  If it helps, check out the link below.

  http://www.Symantec.com/business/support/index?page=content&ID=TECH130493

• AD domain multiple access

  We are a Windows 2 k 3/2 k 8 and shop VDI View 5.0.1, having recently taken over a sister agency with their own AD domain. We would like to set up our view environment to allow this new group to connect to their own AD domain within our VDI environment. We have recently set up a trust AD successful between the two primary AD domains. Given that this trust has been created, I now see a red alert in my view of dashboard the IUG view under "other components\Domains".

  Red status...

  • "The trust relationship could not be determined."
  • "Error detected domain status. Administrator display is unable to perform operations related to the field. »

  However, outside of the view, access of trust on the workstations within each area properly. In addition, the view client does not allows you to select a different domain.

  What else do I need to do in the many components of the view to allow access of the VDI in this another AD domain?

  Thanks in advance...

  Scott

  Hillsborough County SA

  
  

  You may need to add the Domain NETBIOS name and the FQDN field via the vdmadmin utility:

  Open a command prompt of your servers from brokers/connection and run the following commands:

  vdmadmin-N fields-include - domain domain the domain to add FULL name - add

  Output should look like this: "full domain FQDN name has been added to the list for inclusion to the cluster."

  vdmadmin-N fields-include - domain Domain NETBIOS add name - add

  Output should look like this: "the Domain NETBIOS name has been added to the list for inclusion to the cluster."

  vdmadmin - N-domains-list - active

  Output should be something like this:

  Domain information ()

  ===================================

  Main area: FULL domain name domain name

  Domain: NETBIOS domain DNS:FQDN domain name

  Domain: NETBIOS domain DNS:FQDN domain name

  Domain: NETBIOS domain DNS:FQDN domain name

  Thank you

  Jason D.