Yearly Archives: 2013

Lync 2010 - Cannot impersonate user for data source 'CDRDB'. (rsErrorImpersonatingUser) error

3 Replies

Symptom: You receive the following error when browsing to the following page in the Reports Viewer: https://mymachine.mydomain/ReportServer/Pages/ReportViewer.aspx?%2fLyncServerReports%2fReports+Home+Page&rs:Command=Render  Alternatively, you receive this error when you go to https://mymachine.mydomain.com/Reports/ and click on LyncServerReports and then Reports Home Page.

Note: the solution below applies to the QMSDB as well.

  • An error has occurred during report processing. (rsProcessingAborted)
    • Cannot impersonate user for data source 'CDRDB'. (rsErrorImpersonatingUser)
      • Log on failed. Ensure the user name and password are correct. (rsLogonFailed)
        • For more information about this error navigate to the report server on the local server machine, or enable remote errors

Solution: For whatever reason, my service account I created actually had the incorrect password to login to the 'CDRDB' data source.  To fix/troubleshoot this, follow the steps below:

  • Head over to https://myserver.mydomain/Reports (myserver being the server with the reporting services on it)
  • Click on LyncServerReports
  • Click on Reports_Content
  • Click on CDRDB
  • Under Credentials stored securely in the report server, type in the username/password are want to use to connect to the SQL server, and then click the Test Connection button.  If you should see a Connection created successfully. message, you are good to go.  If you see a Log on failed. Ensure the user name and password are correct. message, ensure that the account you setup has the correct username/password in active directory, is Unlocked in Active Directory (due to bad password attempts), and that it has permissions to the databases mentioned in the Connection string on the same page.

Lync 2010 - The feature: "Customizing security roles" is not supported in this edition of Reporting Services.

Leave a reply

Symptom: You receive the following log/error when on the Deploying Monitoring Server Reports step for Lync 2010.

> Deploying Monitoring Server Reports... This might take a few minutes.

The Monitoring Server is using SQL instance "mysqlserver.mydomain".

The data source is using SQL instance "(local)".

The following URL will be used for deployment: https://myserver.mydomain:443/ReportServer

SQL Server logon credentials for "MYDOMAIN\MYUSER" already exist. Use the existing logon credentials.

"[QoEMetrics]" role "[ReportsReadOnlyRole]" has already assigned to "MYDOMAIN\MYUSER".

"[LcsCDR]" role "[ReportsReadOnlyRole]" has already assigned to "MYDOMAIN\MYUSER".

Start to deploy reports...

Report: Monitoring Dashboard published successfully with no warnings

Report: Call Detail Report published successfully with no warnings

Report: Call List Report published successfully with no warnings

Report: Reports Home Page published successfully with no warnings

Report: Media Quality Summary Report published successfully with no warnings

Report: Media Quality Metrics Distribution Report published successfully with no warnings

Report: Media Quality Comparison Report published successfully with no warnings

Report: Device Report published successfully with no warnings

Report: Server Performance Report published successfully with no warnings

Report: Call Leg Media Quality Report published successfully with no warnings

Report: Call Leg Media Quality Trend Report published successfully with no warnings

Report: Server Media Quality Trend Report published successfully with no warnings

Report: QoE Call Detail SubReport published successfully with no warnings

Report: Location Trend Report published successfully with no warnings

Report: Location Report published successfully with no warnings

Report: Peer-to-Peer Voice and Video Report published successfully with no warnings

Report: Peer-to-Peer IM Report published successfully with no warnings

Report: Conference Activity Report published successfully with no warnings

Report: PSTN Conference Summary Report published successfully with no warnings

Report: Conference Summary Report published successfully with no warnings

Report: Peer-to-Peer Activity Summary Report published successfully with no warnings

Report: User Activity Report published successfully with no warnings

Report: Peer-to-Peer Session Detail Report published successfully with no warnings

Report: Conference Detail Report published successfully with no warnings

Report: Diagnostic Report published successfully with no warnings

Report: User Registration Report published successfully with no warnings

Report: Failure Distribution Report published successfully with no warnings

Report: Top Failures Report published successfully with no warnings

Report: Failure List Report published successfully with no warnings

Report: Peer-to-Peer Activity Diagnostic Report published successfully with no warnings

Report: Conference Diagnostic Report published successfully with no warnings

Report: Call Admission Control Report published successfully with no warnings

Report: P2P Summary SubReport published successfully with no warnings

Report: Conference Summary SubReport published successfully with no warnings

Report: Call Diagnostic Summary Report published successfully with no warnings

Report: IP Phone Inventory Report published successfully with no warnings

Report: Response Group Usage Report published successfully with no warnings

Report: Response Group Call List Report published successfully with no warnings

The feature: "Customizing security roles" is not supported in this edition of Reporting Services. ---> Microsoft.ReportingServices.Diagnostics.Utilities.OperationNotSupportedException: The feature: "Customizing security roles" is not supported in this edition of Reporting Services.

An error occurred when deploying Monitoring Server Reports. For details, see the log. 

Solution: Make sure the SQL server is running at least Standard or Enterprise.

To find out which version of msSQL you are running (version and 32-bit or 64-bit), follow this guide here: http://jackstromberg.com/2013/01/how-do-i-find-out-if-my-sql-server-is-32-bit-or-64-bit/

To find out how to upgrade your msSQL instance/server, follow this guide here:

SQL Server 2008 R2 - Updating a msSQL instance/server

1 Reply

Scenario: You have accidentally installed SQL Server 2008 R2 Workgroup and you need SQL Server 2008 R2 Standard.  Obviously, you don't want to rebuild your server from the ground up and have extended downtime, so an upgrade option would be sweet.  Luckily, Microsoft has come to the rescue with an easy way to update your msSQL server/instances.

Solution: Go to the Microsoft Licensing center or grab your SQL Server disk/installation media of the correct version.  I.e. if I was running standard, I would grab the enterprise disk to upgrade.  Once you have the disk, follow these steps:

  1. Find your installation media and double click on Setup.exe
  2. When the SQL Server Installation Center window comes up, click on Maintenance
  3. Click on Edition Upgrade
  4. On the SQL Server 2008 R2 SetupSetup Support Rules window, click OK
  5. Click Next > on the Upgrade the Edition for SQL Server 2008 R2 window
  6. Click Next > on the Enter a product key: page.
  7. Click I accept the license terms. and then click Next >
  8. Select the instance of the SQL Server you wish to upgrade and then click Next >
  9. Click Next >
  10. Click Upgrade

To verify your SQL Server upgraded, follow this guide here to pull your msSQL version: http://jackstromberg.com/2013/01/how-do-i-find-out-if-my-sql-server-is-32-bit-or-64-bit/

How do I find out if my SQL server is 32-bit or 64-bit?

2 Replies

Want to know what version of SQL server your have running? All we need to do is execute one SQL command and away we go 🙂

  1. Go to your SQL server
  2. Open up the Microsoft SQL Server Management Studio
    1. Start->All programs->Microsoft SQL Server 2008 R2->SQL Server Management Studio
  3. Login with your user
  4. Click the New Query button
  5. Execute the following query
    1. SELECT SERVERPROPERTY('edition')

SQL Server 2008 R2 - Reporting Services Configuration Manager - The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Leave a reply

Symptom: When installing the Monitoring Agent for Lync 2010, I was receiving the following information in the "log" file:

> Deploying Monitoring Server Reports... This might take a few minutes.
The Monitoring Server is using SQL instance "myserver.mydomain".
The data source is using SQL instance "(local)".
The following URL will be used for deployment: https://myserver.mydomain:443/ReportServer
SQL Server logon credentials for "mydomain\myuser" already exist. Use the existing logon credentials.
"[QoEMetrics]" role "[ReportsReadOnlyRole]" has already assigned to "mydomain\myuser".
"[LcsCDR]" role "[ReportsReadOnlyRole]" has already assigned to "mydomain\myuser".
Start to deploy reports...
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
An error occurred when deploying Monitoring Server Reports. For details, see the log.

Turns out this was because I had accidentally forgot to add in the common name to my SSL certificate as a SAN address.  Bottom line, the issue is that your SSL certificate is bad.

Solution:

  1. Request a new SSL certificate
    1. Start->mmc
    2. Add in the Certificates snap-in
    3. Select Local Computer
    4. Expand Certificates->Personal->Certificates
    5. Right click, All Tasks->Request new Certificate...
    6. Next
    7. Next
    8. Select your policy
    9. Enter in the information you would like.  Note, if you are adding a SAN address for the short name, make sure you add both the FQDN and the short name as DNS entries in the Alternative name box.
    10. Click on the Private Key tab, expand the little arrow and check Make private key exportable
    11. Click OK
    12. Click Enroll
  2. Click Start->All Programs->Microsoft SQL Server 2008 R2->Configuration Tools->Reporting Services Configuration Manager.
  3. Click Connect
  4. Click Web Service URL
  5. Under SSL Certificate, select the appropriate certificate and click Apply
  6. At this point, you either saw a bunch of green check marks and you are good to go, or else you probably hit the dreaded "rouge SSL cert" error.  To fix that, please see this link: http://jackstromberg.com/2013/01/sql-server-2008-r2-reporting-services-configuration-manager-create-certificate-binding-failed-hresult-0x80040238/

SQL Server 2008 R2 - Reporting Services Configuration Manager - Create certificate binding failed - HRESULT: 0x80040238

3 Replies

Symptom: When changing an SSL certificate inside of the SQL Server 2008 R2 Reporting Services Configuration Manager, you receive the following error:

Create certificate binding.

When you click on "Tell me more about the problem and how to resovle it." you receive the following:

Microsoft.ReportingServices.WmiProvider.WMIProviderException: An SSL binding already exists for the specified IP address and port combination. The existing binding uses a different certificate from the current request. Only one certificate can be used for each IP address and port combination. To correct the problem, either use the same certificate as the existing binding, or remove the existing SSL binding and create a new binding using the certificate of the current request.

---> System.Runtime.InteropServices.COMException (0x80040238): Exception from HRESULT: 0x80040238
--- End of inner exception stack trace ---
at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.ThrowOnError(ManagementBaseObject mo)
at Microsoft.ReportingServices.WmiProvider.RSWmiAdmin.CreateSSLCertificateBinding(String application, String certificateHash, String ipAddress, Int32 port)
at ReportServicesConfigUI.WMIProvider.RSReportServerAdmin.CreateSSLCertificateBinding(UrlApplication app, String certificateHash, String ipAddress, Int32 port)

This error really sucks and the reason behind it is that Microsoft just didn't do a good job removing/unbinding SSL certificates from an interface.  Luckily, I have the solution to get you up and going...

Solution:

  1. Download the Windows Server 2003 Support Tools from Microsoft
    1. http://www.microsoft.com/en-us/download/details.aspx?id=7911
  2. Install the tools on your local machine or on the server.  You may get a warning about incompatibility if you install it on your Windows 7 machine.  I ignored this and things seem to work fine 😛  Just note if you do this, you will need to copy the following folder from your local machine to the server with SQL Server Reporting Services Configuration Manager: C:\Program Files (x86)\Support Tools
  3. Open up a command prompt with Administrator privileges on the server with SQL Server 2008 R2 Reporting Services Configuration Manager
  4. Navigate to the following directory (if you copied the folder from your local machine, browse to the appropriate directory you copied the support tools to):
    1. cd "C:\Program Files (x86)\Support Tools"
  5. Launch SQL Server 2008 R2 Reporting Services Configuration Manager
    1. Start->All Programs->Microsoft SQL Server 2008 R2->Configuration Tools->
      Reporting Services Configuration Manager
  6. Click on Web Service URL
  7. Click on the Advanced... button
  8. Remove any items listed inside of the "Multiple SSL Identities for the Report Server Web Service" box.
  9. Click OK
  10. Go back to your command prompt with the Administrator privileges and execute the following commands to unbind the old SSL certificate
    1. netsh http delete sslcert ipport=[::]:443
      1. You should see something like "SSL Certificate successfully deleted" -- If not, that is fine
    2. httpcfg delete ssl /i 0.0.0.0:443
      1. You should see something like "HttpDeleteServiceConfiguration completed with 0." -- If not, that is fine as long as the command above said it removed a certificate
  11. Go back to the Reporting Services Configuration Manager and select your SSL certificate in the  SSL Certificate dropdown.
  12. Click Apply

At this point, your certificate should have bound to the interface successfully.

Hope this helps someone!

Lync 2010 - Publishing the topology error: Missing Machine

3 Replies

Symptom: When you publish something to the topology in Lync 2010, you receive the following error:

The following machines from the topology you are publishing were not found in Active Directory and will result in errors during Enable-CsTopology as it tries to prepare Active Directory entries for the topology machines.  If you choose to publish this topology Enable-CsTopology will have to be re-run once the missing machines are domain-joined:

mymachine.mydomain

Solution: Exit out of the topology builder and relaunch it.  However, when you relaunch the topology builder, right click on it and Run as different user.  Type in your domain admin credentials.  You should now be able to successfully publish your topology.

UserAccountControl Attribute/Flag Values

7 Replies

Here is a comprehensive list of UserAccountControl attribute/flag values I have come across when working on LDAP projects.

Property Flag Value In Hexadecimal Value In Decimal Not Officially Documented
SCRIPT 0x0001 1  
ACCOUNTDISABLE 0x0002 2  
HOMEDIR_REQUIRED 0x0008 8  
LOCKOUT 0x0010 16  
PASSWD_NOTREQD 0x0020 32  
PASSWD_CANT_CHANGE 0x0040 64  
ENCRYPTED_TEXT_PWD_ALLOWED 0x0080 128  
TEMP_DUPLICATE_ACCOUNT 0x0100 256  
NORMAL_ACCOUNT 0x0200 512  
Disabled Account 0x0202 514 x
Enabled, Password Not Required 0x0220 544 x
Disabled, Password Not Required 0x0222 546 x
INTERDOMAIN_TRUST_ACCOUNT 0x0800 2048  
WORKSTATION_TRUST_ACCOUNT 0x1000 4096  
SERVER_TRUST_ACCOUNT 0x2000 8192  
DONT_EXPIRE_PASSWORD 0x10000 65536  
Enabled, Password Doesn't Expire 0x10200 66048 x
Disabled, Password Doesn't Expire 0x10202 66050 x
Disabled, Password Doesn't Expire & Not Required 0x10222 66082 x
MNS_LOGON_ACCOUNT 0x20000 131072  
SMARTCARD_REQUIRED 0x40000 262144  
Enabled, Smartcard Required 0x40200 262656 x
Disabled, Smartcard Required 0x40202 262658 x
Disabled, Smartcard Required, Password Not Required 0x40222 262690 x
Disabled, Smartcard Required, Password Doesn't Expire 0x50202 328194 x
Disabled, Smartcard Required, Password Doesn't Expire & Not Required 0x50222 328226 x
TRUSTED_FOR_DELEGATION 0x80000 524288  
Domain controller 0x82000 532480  
NOT_DELEGATED 0x100000 1048576  
USE_DES_KEY_ONLY 0x200000 2097152  
DONT_REQ_PREAUTH 0x400000 4194304  
PASSWORD_EXPIRED 0x800000 8388608  
TRUSTED_TO_AUTH_FOR_DELEGATION 0x1000000 16777216  
PARTIAL_SECRETS_ACCOUNT 0x04000000 67108864  

Property flag descriptions (Copied from KB Article)

  • SCRIPT - The logon script will be run.
  • ACCOUNTDISABLE - The user account is disabled.
  • HOMEDIR_REQUIRED - The home folder is required.
  • PASSWD_NOTREQD - No password is required.
  • PASSWD_CANT_CHANGE - The user cannot change the password. This is a permission on the user's object. For information about how to programmatically set this permission, visit the following Web site:
  • ENCRYPTED_TEXT_PASSWORD_ALLOWED - The user can send an encrypted password.
  • TEMP_DUPLICATE_ACCOUNT - This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. This is sometimes referred to as a local user account.
  • NORMAL_ACCOUNT - This is a default account type that represents a typical user.
  • INTERDOMAIN_TRUST_ACCOUNT - This is a permit to trust an account for a system domain that trusts other domains.
  • WORKSTATION_TRUST_ACCOUNT - This is a computer account for a computer that is running Microsoft Windows NT 4.0 Workstation, Microsoft Windows NT 4.0 Server, Microsoft Windows 2000 Professional, or Windows 2000 Server and is a member of this domain.
  • SERVER_TRUST_ACCOUNT - This is a computer account for a domain controller that is a member of this domain.
  • DONT_EXPIRE_PASSWD - Represents the password, which should never expire on the account.
  • MNS_LOGON_ACCOUNT - This is an MNS logon account.
  • SMARTCARD_REQUIRED - When this flag is set, it forces the user to log on by using a smart card.
  • TRUSTED_FOR_DELEGATION - When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service. To enable a service for Kerberos delegation, you must set this flag on the userAccountControl property of the service account.
  • NOT_DELEGATED - When this flag is set, the security context of the user is not delegated to a service even if the service account is set as trusted for Kerberos delegation.
  • USE_DES_KEY_ONLY - (Windows 2000/Windows Server 2003) Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
  • DONT_REQUIRE_PREAUTH - (Windows 2000/Windows Server 2003) This account does not require Kerberos pre-authentication for logging on.
  • PASSWORD_EXPIRED - (Windows 2000/Windows Server 2003) The user's password has expired.
  • TRUSTED_TO_AUTH_FOR_DELEGATION - (Windows 2000/Windows Server 2003) The account is enabled for delegation. This is a security-sensitive setting. Accounts that have this option enabled should be tightly controlled. This setting lets a service that runs under the account assume a client's identity and authenticate as that user to other remote servers on the network.
  • PARTIAL_SECRETS_ACCOUNT - (Windows Server 2008/Windows Server 2008 R2) The account is a read-only domain controller (RODC). This is a security-sensitive setting. Removing this setting from an RODC compromises security on that server.

UserAccountControl values

These are the default UserAccountControl values for the certain objects:

  • Typical user : 0x200 (512)
  • Domain controller : 0x82000 (532480)
  • Workstation/server: 0x1000 (4096)

Official Microsoft KB Article: http://support.microsoft.com/kb/305144

How to install Python via command line on Linux

Leave a reply

At the time of writing this, Python 2.7.3 is the latest build of the 2.7 builds. You can simply replace the wget url with the Python 3.x build you wish to download if you want to use those releases instead.

  1. Download the tarball
    1. wget http://www.python.org/ftp/python/2.7.3/Python-2.7.3.tgz
  2. Extract the contents
    1. tar -xzf Python-2.7.3.tgz
  3. Navigate to the extracted folder
    1. cd Python-2.7.3
  4. Configure/Install Python
    1. ./configure
    2. make
    3. sudo make install

VMware vSphere - Can't install VMware Tools

Leave a reply

Are you running into the issue where you click VM->Guest->Install/Upgrade VMware tools? I have found that if I try creating a VM with the VMXNETv3 adapter and am using an older version of Windows, the DVD drivers aren't picked up properly and VMware tools won't install.

That being said, the only way I have found to get things working is to manually install VMware tools... yep! You VMware does offer the ability to download any version of VMware tool's ISO files.
Head on over to http://packages.vmware.com/tools/esx/index.html and download the version you would like and simply mount the tools as you would with any other disk. For whatever reason, mounting the disk manually by clicking on the "Disk with a wrench icon" and selecting an ISO connected to my local machine, seems to work and gets me back in business.

Hope this helps!