Tag Archives: windows

Solution to Starting Fault of routing and remote access service (16389 (0x4005))

1. The routing and remote access service cannot be started on a Microsoft Windows 2000 Server computer or a Microsoft Windows Server 2003 Server computer.
the following error message was recorded in the system event log on the Windows 2000 server computer:

Type error:

source: service control manager

category: none

event ID 7024:

note:

routing and remote access service due to a specific service error 87 (0x57).

Type error:

source: remote access

category: none

event ID: 20152

note:

the current configuration authentication provider failed to load and initialize. The parameter is an error.

The following error messages will be logged based on the system event log on the Windows Server 2003 machine:

Type error:

source: service control manager

category: none

event ID 7024:

note:

routing and remote access service due to a specific service error 16389 (0x4005).

 

Launching Routing and Remote Access Service prompts:
Routing and Remote Access cannot be started on a local computer. Refer to the system log for reasons. If this is not a Microsoft service, contact the service vendor. And refer to the specific error code 16389.
 
The details in the event viewer are:
Routing and Remote Access service to be stopped due to a 16389 (0x4005) service error. The error ID is 7024…
 
2, the reason
This problem occurred when the Internet Authentication Service (IAS) database was corrupted. IAS and routing and remote Access services use the IAS database.
 
3. Solutions
To solve this problem, follow these steps:

    extract ias.mdb file and dnary.mdb file from Windows2000Server CD or Windows Server 2003 CD to %WinDir%/System32/Ias folder on disk. To do this, follow these steps:

      click start, click run, type CMD in open, box, and then click ok. At the command prompt, type the following line. Press Enter after each line:

      Drive:
      cd i386
      ren %windir%/system32/ias/ias.mdb %windir%/system32/ias/iasOLD.mdb
      ren %windir%/system32/ias/dnary.mdb %windir%/system32/ias/dnaryOLD.mdb
      expand ias.md_ %windir%/system32/ias/ias.mdb
      expand dnary.md_ %windir%/system32/ias/dnary.mdb
      note that in this step, driver is a dvd-rom drive containing the Windows2000Server or WindowsServer2003CD that represents the drive letter is a cd-rom drive or placeholder.

    register oledb32r.dll file and register oledb32.dll file. To do this, follow these steps:

      at the command prompt, type the following line. Press Enter after each line:

      Drive:
      cd program files/common files/system/ole db
      regsvr32 oledb32r.dll
      note that in this step, drive is a placeholder representing the ProgramFiles folder is the drive letter to store. When you receive a message indicating whether the operation was successful, click OK. At the command prompt, type the following line, and then press ENTER:

      regsvr32 oledb32.dll
      When you receive a message indicating whether the operation was successful, click OK. Type EXIT and then press ENTER to exit the command prompt.

    register vbscript.dll file. To do this, follow these steps:

      at the command prompt, type the following line. Press Enter after each line:

      Drive:
      cd %systemroot%/system32
      regsvr32 vbscript.dll
      note that in this step, driver is a placeholder representing the drive letter is stored in the System 32 folder. When you receive a message indicating whether the operation was successful, click OK. Type EXIT and then press ENTER to exit the command prompt.

    starts routing and remote access services. To do this, follow these steps:

      points to the program, points to the management tool, and starts with Services. Right-click the Routing and Remote Access service, and click Start.

 

HTTP Error 401.1 – Unauthorized:Access is denied due to invalid credentials

Phenomenon: The site is set as AD integrated authentication, but when accessing it, it is still prompted to enter the account password. An error occurred three times later.
Solution: in C: \ Inetpub \ Adminscripts run below: cscript adsutil. VBS set w3svc/NTAuthenticationProviders “NTLM” modify the authentication mechanism.
 
The text reads as follows:
http://support.microsoft.com/kb/871179
 
 
Ok when trying to Access a site that’s part of the IIS6.0 application pool, you get an Error message: “HTTP Error 401.1 – Access is denied due to Invalidcredentials” (HTTP Error 401.1 – Unauthorized:Access denied due to Invalidcredentials)
See the products this article applies to
Expand all | close all
symptoms
When you try to access a Microsoft Internet Information Service (IIS) 6.0 site configured to use only integrated Windows authentication, you are prompted for user credentials. .
When you try to access a Microsoft Internet Information Service (IIS) 6.0 site configured to use only integrated Windows authentication, you are prompted for user credentials. When you try to log in, you will receive another login prompt. After three login attempts, you receive the following error message:
HTTP error 401.1 – unauthorized: Access denied due to invalid credentials.
Back to the top
why
This problem can occur if an IIS 6.0 web site is part of an IIS application pool. The application pool runs under either a local account or a domain user account. The site is configured to use only integrated Win…
This problem can occur if:
· The IIS 6.0 site is part of the IIS application pool.
· Application pools run under local accounts or domain user accounts.
· The site is configured to use only integrated Windows authentication.
In this case, Kerberos authentication may not work when an integrated Windows authentication attempt is made to use Kerberos. To use Kerberos authentication, the service must register the service principal name (SPN) of the service under the account in the Active Directory Directory service (the account used to run the service). By default, Active Directory registers the computer name of the network’s basic input/output system (NetBIOS). Active Directory also allows the use of Kerberos for network services or local system accounts.
Back to the top
The solution
If this problem occurs while running the application pool under a local account, follow the steps in the Alternative Methods section. To resolve this problem when running the application pool under a domain user account, use the NetBIOS name and…
If this problem occurs while running the application pool under a local account, follow the steps in the Alternative Methods section. To resolve this problem when running the application pool under a domain user account, set the HTTP SPN using the NetBIOS name and the fully qualified domain name (FQDN) of the domain user account used to run the application pool. To do this, follow these steps on the domain controller:

important note: the service SPN can only be associated with one account. Therefore, if you use this suggested solution, any other application pool running under different domain user accounts cannot be used solely with integrated Windows authentication.
1. Install the setspn. exe tool. To obtain the Microsoft Windows 2000 version of this tool, visit the following Microsoft web site:
http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46& displaylang=en (http://www.microsoft.com/downloads/details.aspx?FamilyID=5fd831fd-ab77-46a3-9cfe-ff01d29e5c46& displaylang=en)
Microsoft WindowsServer 2003 version of the setspn. exe command line tool is provided in WindowsServer 2003 SupportTools (WindowsServer 2003 SupportTools) included on WindowsServer 2003 CD. To install these Tools, double-click the Suptools.msi file in the Support/Tools folder.
2. Open a command prompt window and change to setspn.exe’s installation directory.
At the command prompt, type the following command. After typing each command, press Enter:
setspn.exe -a http/IIS_computer’s_NetBIOS_nameDomainName\UserName

setspn.exe -a http/IIS_computer’s_FQDN DomainName\UserName
Note: UserName is the user account used to run the application pool.
After setting the SPN of the HTTP service to the domain user account used to run the application pool, you can successfully connect to the web site without prompting you for user credentials.
Back to the top
Alternative methods
In cases where you have multiple pools of applications running under different domain user accounts, IIS must be forced to use NTLM as an authentication mechanism to resolve this issue (if you want to use only integrated Windows…
In cases where you have multiple pools of applications running under different domain user accounts, IIS must be forced to use NTLM as an authentication mechanism (if you want to use only integrated Windows authentication) to resolve this issue. To do this, follow these steps on the server where IIS is running:
1. Open a command prompt window.
2. Locate and change the directory containing adsutil.vbs file. By default, this directory is C:\Inetpub\Adminscripts.
3. Type the following command, then press Enter:
cscript adsutil.vbs set w3svc/NTAuthenticationProviders”NTLM”
4. To verify NtAuthenticationProviders metadata attribute is set to NTLM, please type the following command, and then press Enter:
cscript adsutil.vbs get w3svc/NTAuthenticationProviders
The following text should be returned:

NTAuthenticationProviders       : (STRING) "NTLM"

Back to the top
state
This behavior is caused by design.
This behavior is caused by design.
Back to the top
For more information
If you set the SPN using only the FQDN of the server on which IIS is running, you will be prompted for user credentials after 30 minutes. Because Internet Explorer caches the domain name system…
If you set the SPN using only the FQDN of the server on which IIS is running, you will be prompted for user credentials after 30 minutes. There is a 30-minute timeout due to the way Internet Explorer caches domain name system (DNS) information. After 30 minutes, Internet Explorer will revert to the NetBIOS name. Therefore, you must also ensure that the SPN is registered using the NetBIOS name of the server on which IIS is running, so that you are not prompted for user credentials. For more information, click the article number below to view the corresponding article in the Microsoft Knowledge base:
Internet Explorer 263558 (http://support.microsoft.com/kb/263558/) how to use the cache of DNS host item
To verify the registered SPN for the user account used to run the application pool, open a command prompt window, type the following command from the setspn.exe installation directory, and then press Enter:
setspn.exe -l UserName
A list of registered SPNS for the user account is returned.

“Securityerror: error ා 2060: Security sandbox conflict: external interface caller XXX cannot access XXX”

Today, I updated my Flash Player plugin to version 10.0.42.34. Then it turns out that a DVF that was previously running locally is running today and throwing an exception. The prompt message is as follows:
SecurityError: Error # 2060: security sandbox conflict: the ExternalInterface caller file://D:/study/flex/service/bin/rainbowX.swf file://D:/study/flex/service/bin/rainbowX_Debug.html can be accessed.
at flash.external::ExternalInterface$/_initJS()
at flash.external::ExternalInterface$/addCallback()
at freeidea.rainbowX::Application()
According to the prompt of debugging information because calls the ExternalInterface. AddCallback method. I take a look at the help documentation, which describes how this method throws a security exception as follows:
trigger

Error — this container does not support incoming calls. Incoming calls are supported only in Internet Explorer for Windows and browsers that use the NPRuntime API, such as Mozilla 1.7.5 and later or Firefox 1.0 and later.
0 SecurityError 1 — ActionScript in the sandbox where you have no access has added a callback with the specified name; You cannot override the callback. To solve this problem, rewrite the ActionScript that originally called the addCallback() so that it also calls the security.allowdomain () .

SecurityError - contains the environment belongs to the calling code has no right to access security sandbox. To solve this problem, follow these steps:

    in the HTML page containing the SWF file, set the following parameters in the object tag of the file: < param name="" value="always" /> in the SWF file, add the following ActionScript: flash. System. Security. AllowDomain (sourceDomain)
    Looking at the help instructions above, I think it may be due to cross-domain access issues, as mentioned in the article author (Developer) Control that if SWF wants to communicate with HTML scripts, then the value of allowScriptAccess for the plug-in must be set to Always. And SWF to allow access to the domain. So I try to join in the SWF flash system. Security. AllowDomain (" * "); Then add < < < param name="allowScriptAccess" value="always" /> This sentence.
    but the problem is still unresolved. There's no other way to think about it. Later, I found that my DVF could be browsed in the output folder of Project (I built it with Flex), but once I moved to another directory, it was not ok. As a result, I looked up the data and saw the following article, which was called "Overview of Permission Control". This article mainly shows what the Flash Player security model looks like. Below I put up part of the content, interested friends can go to the Internet search.
    overview of permission control
    Flash Player client runtime security model is a model designed around object resources such as SWF files, local data, and Internet urls. "Resource holders" means the parties that own or use these resources. Resource holders have control over their own resources (security Settings), and each resource has four holders. Flash Player USES a strict hierarchy of rights for these controls, as shown in the figure below:


    security control hierarchy


    the figure shows that if an administrator restricts access to a resource, no other holder can override the restriction.
    administrative user control
    The administrative user of the computer (the user logging in with administrative privileges) can apply Flash Player security Settings that affect all users of the computer. In a non-enterprise environment, such as a home computer, there is usually only one user, who also has administrative access. Even in an enterprise environment, a single user can have computer administration rights.
    There are two types of administrative user control:
    MMS. CFG file "global Flash Player trust" directory
    MMS. CFG file
    on Mac OS X, the MMS. CFG file is located in /Library/Application Support/Macromedia. On Microsoft Windows system, the file is located in the system directory of the Macromedia Flash Player folder (for example, in the default install Windows XP to C:/Windows/system32/macromed/Flash/MMS CFG).
    Flash Player will read its security Settings from this file when it starts, and then use these Settings to restrict the functionality.
    The MMS. CFG file includes Settings that the administrator USES to perform the following tasks:
    data loading - restricts reading of local SWF files, prohibits file downloading and uploading, and sets storage limits on permanent Shared objects. privacy controls - disable microphone and camera access, prohibit SWF files from playing windowless content, and prohibit SWF files from accessing permanently Shared objects in domains that do not match the URL displayed in the browser window. Flash Player updates - sets the time interval to check Flash Player updates, specifies the URL to use to check Flash Player updates, specifies the URL from which to download Flash Player updates, and completely disables automatic Flash Player updates. older file support - specifies whether earlier versions of SWF files should be placed in a trusted local sandbox. local file security - specifies whether a local file can be placed in a trusted local sandbox. full screen mode - disable full screen mode.
    SWF file can be by calling the "Capabilities. AvHardwareDisable and " Capabilities. LocalFileReadDisable property to access functionality disabled some of the information. However, most of the Settings in the MMS.cfg file cannot be queried through ActionScript.
    is to enforce application-independent security and privacy policies on the computer, and only the mms.cfg file can be modified by the system administrator. The MMS. CFG file cannot be used to install the application. While an installer running with administrative permissions can modify the contents of the MS.cfg file, Adobe considers such use a violation of the user's trust and advises the creator of the installer never to modify the MS.cfg file.
    global Flash Player trust directory
    The administrative user and installation application can register the specified local SWF file as trusted. These SWF files are assigned to trusted local sandboxes. They can interact with any other SWF file or load data from anywhere (remote or local). The file is specified as trusted in the global Flash Player trust directory, the same directory as the mms.cfg file, in the location (specific to the current user) as follows:
    The Windows: the system/Macromed/Flash/FlashPlayerTrust (for example, C:/Windows/system32/Macromed/Flash/FlashPlayerTrust) Mac: App support/Macromedia FlashPlayerTrust (for example,/Library/Application support/Macromedia/FlashPlayerTrust)
    The Flash Player trust directory can contain any number of text files, with each file listing the trusted path on one line. Each path can be a single SWF file, HTML file, or directory. Comment lines start with #. For example, a Flash Player trust profile with the following text indicates that trusted status is granted to all files in the specified directory and all subdirectories: 

    # Trust files in the following directories:
    
C:/Documents and Settings/All Users/Documents/SampleApp

    The path listed in the trust profile should always be the local path or the SMB network path. Any HTTP path in the trust profile will be ignored; Only local files can be trusted.
    to avoid conflicts, specify a filename for each trust profile that corresponds to the installed application, and use the.cfg file extension.
    because developers distribute locally running SWF files by installing the application, you can have the installation application add a configuration file to the global Flash Player trust directory, granting full access to the files to be distributed. The installation application must be run by a user with administrative rights. Unlike the MMS.cfg file, the global Flash Player Trust directory is included to enable the installation application to grant trust permissions. Both managing users and installing applications can specify trusted local applications using the Global Flash Player Trust directory.
    after reading this article, it turns out that the project in Flex actually adds the output file from the project to the local trust sandbox. The CFG documentation for Flex was also found in the local directory specified, which does include the output folders for each project. So I also tried to add the directory where the DVF was in to the local trust sandbox. The entire folder path string is written to a text file based on the CFG file format described in the article, and then saved as a CFG file. Put it in the system/Macromed/Flash/FlashPlayerTrust. Then run the DVF again, the error message is gone, and the problem is resolved.
    in retrospect, Flash Player is really getting stricter with security. The current version is so strict even for local runs (the version I used before was 9.0, so long as You set allowScriptAccess to always in HTML). Only a thorough understanding of Flash Player's security mechanisms can help us solve the problem better. However, I use above is the management of user control method to achieve, so it is the highest level of configuration, there may be relatively large security risks, you can also try to use the ordinary user control method to add trust. The article write here, hope to be helpful to everybody.

    (Windows+xrdp+ubuntu16.04) Remote server error: “password failed error-problem connecting”

    Don’t be long-winded, give the problem and solution directly.

    Problems that arise

    The solution
    Modify /etc/xrdp/sesman.ini

      open file /etc/xrdp/sesman.ini
    sudo vim /etc/xrdp/sesman.ini

    sesman.ini file contents are as follows:

    [Globals]
ListenAddress=127.0.0.1
ListenPort=3350
EnableUserWindowManager=1
UserWindowManager=startwm.sh
DefaultWindowManager=startwm.sh

[Security]
AllowRootLogin=1
MaxLoginRetry=4
TerminalServerUsers=tsusers
TerminalServerAdmins=tsadmins

[Sessions]
X11DisplayOffset=10
MaxSessions=10
KillDisconnected=0
IdleTimeLimit=0
DisconnectedTimeLimit=0

[Logging]
LogFile=/var/log/xrdp-sesman.log
LogLevel=DEBUG
EnableSyslog=0
SyslogLevel=DEBUG

[X11rdp]
param1=-bs
param2=-ac
param3=-nolisten
param4=tcp

[Xvnc]
param1=-bs
param2=-ac
param3=-nolisten
param4=tcp
param5=-localhost
param6=-dpi
param7=96
      under [Xvnc] param8= -securitytypes and param9=None
    [Xvnc]
param1=-bs
param2=-ac
param3=-nolisten
param4=tcp
param5=-localhost
param6=-dpi
param7=96
param8=-SecurityTypes
param9=None
      restart XRDP service 
    sudo service xrdp restart

    cygrunsrv: Error starting a service: QueryServiceStatus: Win32 error 1062: Solution

    Source: http://blog.csdn.net/wangxw8746/article/details/9382155

    Cause of the problem: Probably the /var/log permissions are not set correctly. First execute mkpasswd and mkGroup to regenerate the permission information, then delete the SSHD service and reconfigure
    Solutions:
    $ mkpasswd -l > /etc/passwd
    $ mkgroup -l > /etc/group
    $ cygrunsrv -R sshd
    $ ssh-host-config -y
    $ cygrunsrv -S sshd

    install sql server 2016 Error code 0x84B20001

    1.
    Try running the following command at the command prompt (as an administrator) :
    SFC/SCANNOW
    2.
    Fix a failed SQL Server installation from the installation center

      start the SQL Server installer (setup.exe) from the SQL Server installation media. After prerequisites and system validation, setup will display the SQL Server Installation Center page. Click Maintenance in the left navigation area, and then click Repair to start the repair operation.

      If the installation center is started using the Start menu, the location of the installation media needs to be provided at this point.
      Setup support rules and file routines will run to ensure that your system has the required software installed and that your computer has passed setup validation rules. Click OK or Install to continue. On the Select Instances page, select the instance that you want to fix, and then click Next to continue. The maintenance rules will run to verify the operation. To continue, click Next. The Ready to Fix page indicates that the operation is ready to proceed. To continue, click Fix. The fix progress page shows the status of the fix operation. The Finish page indicates that the action is complete.

    Fix a failed INSTALLATION of SQL Server using the command prompt
    Run the following command at the command prompt: setup.exe/Q /ACTION=Repair /INSTANCENAME= INSTANCENAME
    3.
    https://support.microsoft.com/en-gb/help/969052/how-to-restore-the-missing-windows-installer-cache-files-and-resolve-p?Wa = wsignin1.0

    When python installs pocketsphinx module (package), an error is reported: command ‘swig.exe’ failed: No such file or directory

    Today, when installing Pocket Sphinx, the error command ‘swig.exe’ failed: No such File or Directory. I found a lot of content on the Internet, and finally I succeeded.
    first of all, my computer is Windows10 system, the method is only available for Windows system, other systems do not know.
    error is due to the fact that swig is missing from your computer, so you need to download and install it. I download from the website of the latest package swig 4.0.2, website address is: http://www.swig.org/download.html.
    to unzip the downloaded files to C pan-gen directory. I want to emphasize the root directory here, because my previous attempts to put it in C:\Program Files (x86) still didn’t work (for unknown reasons). Finally, I just put it under C:\swigwin-4.0.2.
    then add a new path path to the environment variable.

    after the above steps are completed, then there is no problem with installing pocketsphinx.

    Error installing windows8 in virtual machine-HAL_INITIALIZATION_FAILED and

    HAL_INITIALIZATION_FAILED error
    Cause of the problem: this problem mainly occurs when installing windows8 in the virtual machine, mainly because windows8 has just been developed and there are still many bugs, especially when using third-party software to install the system.
    Solutions:
    1, restart the computer, most of the time can solve the problem;
    2. Update the latest version of virtual machine VMWare software;
    3. Make sure you are using the latest version of VMWare after the update is complete. Download the link
    https://www.virtualbox.org/wiki/Downloads, or you can use the QQ software management upgrade
    4. After installation, it is best to restart the computer and enter VMWare. You can see the latest interface of VM:

    2. Windows cannot read from unattended reply file during installation & LT; ProductKey> Set up the
    Reason: VMware automatically turns on the floppy disk and automatically loads the ‘autoinst.FLp’ file.   
    Solution: Close the Floppy Disk in Settings, and try again successfully!   
    Attached is the download address of windows8:
    English version:
    Download 64-bit systems here
    Click here to download 32-bit systems
    The Product Key: DNJXJ – 7 xbw8-2378 – t – X22TX – BKG7J
    Simplified Chinese version:
    Download 64-bit systems here
    Click here to download 32-bit systems
    The Product Key: DNJXJ – 7 xbw8-2378 – t – X22TX – BKG7J

    VMware Virtualcenter failed firstboot. Failed to generate Virtu when installing vCenter6.7 on Windows Server 2008R2

    VMware Virtualcenter failed firstboot. Failed to Generate Virtu appeared when Win2008R2 installed vCenter6.7

    Unable to continue installation, you can only rollback to exit the installation

    Start installing the MS17-012 patch
    http://download.windowsupdate.com/d/msdownload/update/software/secu/2017/02/windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3.msu
    MS17-010
    http://download.windowsupdate.com/c/msdownload/update/software/secu/2017/03/windows6.1-kb4012215-x64_a777b8c251dcd8378ecdafa81aefbe7f9009c72b.msu


    The installation is complete