Tag Archives: microsoft

Solution to Starting Fault of routing and remote access service (16389 (0x4005))

1. The routing and remote access service cannot be started on a Microsoft Windows 2000 Server computer or a Microsoft Windows Server 2003 Server computer.
the following error message was recorded in the system event log on the Windows 2000 server computer:

Type error:

source: service control manager

category: none

event ID 7024:

note:

routing and remote access service due to a specific service error 87 (0x57).

Type error:

source: remote access

category: none

event ID: 20152

note:

the current configuration authentication provider failed to load and initialize. The parameter is an error.

The following error messages will be logged based on the system event log on the Windows Server 2003 machine:

Type error:

source: service control manager

category: none

event ID 7024:

note:

routing and remote access service due to a specific service error 16389 (0x4005).

 

Launching Routing and Remote Access Service prompts:
Routing and Remote Access cannot be started on a local computer. Refer to the system log for reasons. If this is not a Microsoft service, contact the service vendor. And refer to the specific error code 16389.
 
The details in the event viewer are:
Routing and Remote Access service to be stopped due to a 16389 (0x4005) service error. The error ID is 7024…
 
2, the reason
This problem occurred when the Internet Authentication Service (IAS) database was corrupted. IAS and routing and remote Access services use the IAS database.
 
3. Solutions
To solve this problem, follow these steps:

    extract ias.mdb file and dnary.mdb file from Windows2000Server CD or Windows Server 2003 CD to %WinDir%/System32/Ias folder on disk. To do this, follow these steps:

      click start, click run, type CMD in open, box, and then click ok. At the command prompt, type the following line. Press Enter after each line:

      Drive:
      cd i386
      ren %windir%/system32/ias/ias.mdb %windir%/system32/ias/iasOLD.mdb
      ren %windir%/system32/ias/dnary.mdb %windir%/system32/ias/dnaryOLD.mdb
      expand ias.md_ %windir%/system32/ias/ias.mdb
      expand dnary.md_ %windir%/system32/ias/dnary.mdb
      note that in this step, driver is a dvd-rom drive containing the Windows2000Server or WindowsServer2003CD that represents the drive letter is a cd-rom drive or placeholder.

    register oledb32r.dll file and register oledb32.dll file. To do this, follow these steps:

      at the command prompt, type the following line. Press Enter after each line:

      Drive:
      cd program files/common files/system/ole db
      regsvr32 oledb32r.dll
      note that in this step, drive is a placeholder representing the ProgramFiles folder is the drive letter to store. When you receive a message indicating whether the operation was successful, click OK. At the command prompt, type the following line, and then press ENTER:

      regsvr32 oledb32.dll
      When you receive a message indicating whether the operation was successful, click OK. Type EXIT and then press ENTER to exit the command prompt.

    register vbscript.dll file. To do this, follow these steps:

      at the command prompt, type the following line. Press Enter after each line:

      Drive:
      cd %systemroot%/system32
      regsvr32 vbscript.dll
      note that in this step, driver is a placeholder representing the drive letter is stored in the System 32 folder. When you receive a message indicating whether the operation was successful, click OK. Type EXIT and then press ENTER to exit the command prompt.

    starts routing and remote access services. To do this, follow these steps:

      points to the program, points to the management tool, and starts with Services. Right-click the Routing and Remote Access service, and click Start.

 

HTTP Error 401.1 – Unauthorized:Access is denied due to invalid credentials

Phenomenon: The site is set as AD integrated authentication, but when accessing it, it is still prompted to enter the account password. An error occurred three times later.
Solution: in C: \ Inetpub \ Adminscripts run below: cscript adsutil. VBS set w3svc/NTAuthenticationProviders “NTLM” modify the authentication mechanism.
 
The text reads as follows:
http://support.microsoft.com/kb/871179
 
 
Ok when trying to Access a site that’s part of the IIS6.0 application pool, you get an Error message: “HTTP Error 401.1 – Access is denied due to Invalidcredentials” (HTTP Error 401.1 – Unauthorized:Access denied due to Invalidcredentials)
See the products this article applies to
Expand all | close all
symptoms
When you try to access a Microsoft Internet Information Service (IIS) 6.0 site configured to use only integrated Windows authentication, you are prompted for user credentials. .
When you try to access a Microsoft Internet Information Service (IIS) 6.0 site configured to use only integrated Windows authentication, you are prompted for user credentials. When you try to log in, you will receive another login prompt. After three login attempts, you receive the following error message:
HTTP error 401.1 – unauthorized: Access denied due to invalid credentials.
Back to the top
why
This problem can occur if an IIS 6.0 web site is part of an IIS application pool. The application pool runs under either a local account or a domain user account. The site is configured to use only integrated Win…
This problem can occur if:
· The IIS 6.0 site is part of the IIS application pool.
· Application pools run under local accounts or domain user accounts.
· The site is configured to use only integrated Windows authentication.
In this case, Kerberos authentication may not work when an integrated Windows authentication attempt is made to use Kerberos. To use Kerberos authentication, the service must register the service principal name (SPN) of the service under the account in the Active Directory Directory service (the account used to run the service). By default, Active Directory registers the computer name of the network’s basic input/output system (NetBIOS). Active Directory also allows the use of Kerberos for network services or local system accounts.
Back to the top
The solution
If this problem occurs while running the application pool under a local account, follow the steps in the Alternative Methods section. To resolve this problem when running the application pool under a domain user account, use the NetBIOS name and…
If this problem occurs while running the application pool under a local account, follow the steps in the Alternative Methods section. To resolve this problem when running the application pool under a domain user account, set the HTTP SPN using the NetBIOS name and the fully qualified domain name (FQDN) of the domain user account used to run the application pool. To do this, follow these steps on the domain controller:

important note: the service SPN can only be associated with one account. Therefore, if you use this suggested solution, any other application pool running under different domain user accounts cannot be used solely with integrated Windows authentication.
1. Install the setspn. exe tool. To obtain the Microsoft Windows 2000 version of this tool, visit the following Microsoft web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46& displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46& displaylang=en)
Microsoft WindowsServer 2003 version of the setspn. exe command line tool is provided in WindowsServer 2003 SupportTools (WindowsServer 2003 SupportTools) included on WindowsServer 2003 CD. To install these Tools, double-click the Suptools.msi file in the Support/Tools folder.
2. Open a command prompt window and change to setspn.exe’s installation directory.
At the command prompt, type the following command. After typing each command, press Enter:
setspn.exe -a http/IIS_computer’s_NetBIOS_nameDomainName\UserName

setspn.exe -a http/IIS_computer’s_FQDN DomainName\UserName
Note: UserName is the user account used to run the application pool.
After setting the SPN of the HTTP service to the domain user account used to run the application pool, you can successfully connect to the web site without prompting you for user credentials.
Back to the top
Alternative methods
In cases where you have multiple pools of applications running under different domain user accounts, IIS must be forced to use NTLM as an authentication mechanism to resolve this issue (if you want to use only integrated Windows…
In cases where you have multiple pools of applications running under different domain user accounts, IIS must be forced to use NTLM as an authentication mechanism (if you want to use only integrated Windows authentication) to resolve this issue. To do this, follow these steps on the server where IIS is running:
1. Open a command prompt window.
2. Locate and change the directory containing adsutil.vbs file. By default, this directory is C:\Inetpub\Adminscripts.
3. Type the following command, then press Enter:
cscript adsutil.vbs set w3svc/NTAuthenticationProviders”NTLM”
4. To verify NtAuthenticationProviders metadata attribute is set to NTLM, please type the following command, and then press Enter:
cscript adsutil.vbs get w3svc/NTAuthenticationProviders
The following text should be returned:

NTAuthenticationProviders       : (STRING) "NTLM"

Back to the top
state
This behavior is caused by design.
This behavior is caused by design.
Back to the top
For more information
If you set the SPN using only the FQDN of the server on which IIS is running, you will be prompted for user credentials after 30 minutes. Because Internet Explorer caches the domain name system…
If you set the SPN using only the FQDN of the server on which IIS is running, you will be prompted for user credentials after 30 minutes. There is a 30-minute timeout due to the way Internet Explorer caches domain name system (DNS) information. After 30 minutes, Internet Explorer will revert to the NetBIOS name. Therefore, you must also ensure that the SPN is registered using the NetBIOS name of the server on which IIS is running, so that you are not prompted for user credentials. For more information, click the article number below to view the corresponding article in the Microsoft Knowledge base:
Internet Explorer 263558 (http://support.microsoft.com/kb/263558/) how to use the cache of DNS host item
To verify the registered SPN for the user account used to run the application pool, open a command prompt window, type the following command from the setspn.exe installation directory, and then press Enter:
setspn.exe -l UserName
A list of registered SPNS for the user account is returned.

“Securityerror: error ා 2060: Security sandbox conflict: external interface caller XXX cannot access XXX”

Today, I updated my Flash Player plugin to version 10.0.42.34. Then it turns out that a DVF that was previously running locally is running today and throwing an exception. The prompt message is as follows:
SecurityError: Error # 2060: security sandbox conflict: the ExternalInterface caller file://D:/study/flex/service/bin/rainbowX.swf file://D:/study/flex/service/bin/rainbowX_Debug.html can be accessed.
at flash.external::ExternalInterface$/_initJS()
at flash.external::ExternalInterface$/addCallback()
at freeidea.rainbowX::Application()
According to the prompt of debugging information because calls the ExternalInterface. AddCallback method. I take a look at the help documentation, which describes how this method throws a security exception as follows:
trigger

Error — this container does not support incoming calls. Incoming calls are supported only in Internet Explorer for Windows and browsers that use the NPRuntime API, such as Mozilla 1.7.5 and later or Firefox 1.0 and later.
0 SecurityError 1 — ActionScript in the sandbox where you have no access has added a callback with the specified name; You cannot override the callback. To solve this problem, rewrite the ActionScript that originally called the addCallback() so that it also calls the security.allowdomain () .

SecurityError - contains the environment belongs to the calling code has no right to access security sandbox. To solve this problem, follow these steps:

    in the HTML page containing the SWF file, set the following parameters in the object tag of the file: < param name="" value="always" /> in the SWF file, add the following ActionScript: flash. System. Security. AllowDomain (sourceDomain)
    Looking at the help instructions above, I think it may be due to cross-domain access issues, as mentioned in the article author (Developer) Control that if SWF wants to communicate with HTML scripts, then the value of allowScriptAccess for the plug-in must be set to Always. And SWF to allow access to the domain. So I try to join in the SWF flash system. Security. AllowDomain (" * "); Then add < < < param name="allowScriptAccess" value="always" /> This sentence.
    but the problem is still unresolved. There's no other way to think about it. Later, I found that my DVF could be browsed in the output folder of Project (I built it with Flex), but once I moved to another directory, it was not ok. As a result, I looked up the data and saw the following article, which was called "Overview of Permission Control". This article mainly shows what the Flash Player security model looks like. Below I put up part of the content, interested friends can go to the Internet search.
    overview of permission control
    Flash Player client runtime security model is a model designed around object resources such as SWF files, local data, and Internet urls. "Resource holders" means the parties that own or use these resources. Resource holders have control over their own resources (security Settings), and each resource has four holders. Flash Player USES a strict hierarchy of rights for these controls, as shown in the figure below:


    security control hierarchy


    the figure shows that if an administrator restricts access to a resource, no other holder can override the restriction.
    administrative user control
    The administrative user of the computer (the user logging in with administrative privileges) can apply Flash Player security Settings that affect all users of the computer. In a non-enterprise environment, such as a home computer, there is usually only one user, who also has administrative access. Even in an enterprise environment, a single user can have computer administration rights.
    There are two types of administrative user control:
    MMS. CFG file "global Flash Player trust" directory
    MMS. CFG file
    on Mac OS X, the MMS. CFG file is located in /Library/Application Support/Macromedia. On Microsoft Windows system, the file is located in the system directory of the Macromedia Flash Player folder (for example, in the default install Windows XP to C:/Windows/system32/macromed/Flash/MMS CFG).
    Flash Player will read its security Settings from this file when it starts, and then use these Settings to restrict the functionality.
    The MMS. CFG file includes Settings that the administrator USES to perform the following tasks:
    data loading - restricts reading of local SWF files, prohibits file downloading and uploading, and sets storage limits on permanent Shared objects. privacy controls - disable microphone and camera access, prohibit SWF files from playing windowless content, and prohibit SWF files from accessing permanently Shared objects in domains that do not match the URL displayed in the browser window. Flash Player updates - sets the time interval to check Flash Player updates, specifies the URL to use to check Flash Player updates, specifies the URL from which to download Flash Player updates, and completely disables automatic Flash Player updates. older file support - specifies whether earlier versions of SWF files should be placed in a trusted local sandbox. local file security - specifies whether a local file can be placed in a trusted local sandbox. full screen mode - disable full screen mode.
    SWF file can be by calling the "Capabilities. AvHardwareDisable and " Capabilities. LocalFileReadDisable property to access functionality disabled some of the information. However, most of the Settings in the MMS.cfg file cannot be queried through ActionScript.
    is to enforce application-independent security and privacy policies on the computer, and only the mms.cfg file can be modified by the system administrator. The MMS. CFG file cannot be used to install the application. While an installer running with administrative permissions can modify the contents of the MS.cfg file, Adobe considers such use a violation of the user's trust and advises the creator of the installer never to modify the MS.cfg file.
    global Flash Player trust directory
    The administrative user and installation application can register the specified local SWF file as trusted. These SWF files are assigned to trusted local sandboxes. They can interact with any other SWF file or load data from anywhere (remote or local). The file is specified as trusted in the global Flash Player trust directory, the same directory as the mms.cfg file, in the location (specific to the current user) as follows:
    The Windows: the system/Macromed/Flash/FlashPlayerTrust (for example, C:/Windows/system32/Macromed/Flash/FlashPlayerTrust) Mac: App support/Macromedia FlashPlayerTrust (for example,/Library/Application support/Macromedia/FlashPlayerTrust)
    The Flash Player trust directory can contain any number of text files, with each file listing the trusted path on one line. Each path can be a single SWF file, HTML file, or directory. Comment lines start with #. For example, a Flash Player trust profile with the following text indicates that trusted status is granted to all files in the specified directory and all subdirectories:

    # Trust files in the following directories:
    C:/Documents and Settings/All Users/Documents/SampleApp

    The path listed in the trust profile should always be the local path or the SMB network path. Any HTTP path in the trust profile will be ignored; Only local files can be trusted.
    to avoid conflicts, specify a filename for each trust profile that corresponds to the installed application, and use the.cfg file extension.
    because developers distribute locally running SWF files by installing the application, you can have the installation application add a configuration file to the global Flash Player trust directory, granting full access to the files to be distributed. The installation application must be run by a user with administrative rights. Unlike the MMS.cfg file, the global Flash Player Trust directory is included to enable the installation application to grant trust permissions. Both managing users and installing applications can specify trusted local applications using the Global Flash Player Trust directory.
    after reading this article, it turns out that the project in Flex actually adds the output file from the project to the local trust sandbox. The CFG documentation for Flex was also found in the local directory specified, which does include the output folders for each project. So I also tried to add the directory where the DVF was in to the local trust sandbox. The entire folder path string is written to a text file based on the CFG file format described in the article, and then saved as a CFG file. Put it in the system/Macromed/Flash/FlashPlayerTrust. Then run the DVF again, the error message is gone, and the problem is resolved.
    in retrospect, Flash Player is really getting stricter with security. The current version is so strict even for local runs (the version I used before was 9.0, so long as You set allowScriptAccess to always in HTML). Only a thorough understanding of Flash Player's security mechanisms can help us solve the problem better. However, I use above is the management of user control method to achieve, so it is the highest level of configuration, there may be relatively large security risks, you can also try to use the ordinary user control method to add trust. The article write here, hope to be helpful to everybody.

    Network card problem: Unable to initialize Windows Sockets interface

    Yesterday, I had a problem with a computer in my company, which could not surf the Internet and could be Shared on Windows. Using the Ping gateway in the command window and 127.0.0.1 both showed the same results
    Unable to initialize Windows Sockets interface, error code 0.
    Other network Settings are normal, and there are unusually long waits in the “network connection” area when you log in to Windows.
    search on the Internet to know that this is a configuration or other software caused by the improper use of Windows system file is destroyed, download winsockfix.exe run to solve the problem
    The above method cannot be used for Win2003. Later, I found a method on the Microsoft website. However, this method is manual repair, which I have not tested:
    1. Backup and delete winsock. DLL Wsock. DLL under % Winroot % System32
    2. Backup, delete the registry key HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/Winsock2
    3. Delete the TCP/IP protocol and then uninstall the network card
    4. Reinstall the network card and TCP/IP protocol.
    Microsoft has a solution for http://support.microsoft.com/kb/288133/en-us

    About Java File.separator

    in Windows path separator and Linux path separator is different, when the absolute path is used directly, cross-platform will be exposed “No such file or diretory” exception.

    File
    File file1 = new File (“C:\ TMP \test.txt”);
    File file1 = new File (“C:\ TMP \test.txt”)

    File file2 = new File (“/ TMP /test.txt”);
    File file2 = new File (“/ TMP /test.txt”);

    if cross-platform is considered, it is best to say:
    File myFile = new File(“C:” + file.separator + “TMP” + file.separator, “test.txt”);
    File myFile = new File(“C:” + file.separator + “TMP” + file.separator, “test.txt”);

    The

    File class has several static fields that are similar to separator, which are system related and should be used as far as possible in programming.

    separatorChar

    public static final char separatorChar

    is the default name separator associated with the system. This field is initialized to the first character that contains the system property file.separator value. On UNIX systems, the value of this field is ‘/’; On Microsoft Windows, it is ‘\’.

    separator

    public static final String separator

    is the system-specific default name separator, which is represented as a string for convenience. This string contains only one character, separatorChar.

    pathSeparatorChar

    public static final char pathSeparatorChar

    is the system-dependent path separator. This field is initialized as the first character that contains the system property path.separator value. This character is used to separate filenames in a given file sequence in the form of a path list. On UNIX systems, this field is ‘:’; On Microsoft Windows, it is ‘; ‘.

    pathSeparator

    public static final String pathSeparator

    is the system-dependent path separator, which is represented as a string for convenience. This string contains only one character, pathSeparatorChar.

    ☞ warm prompt: to return to my blog index