We have a computer that may have been stolen and am trying to find the activity on the System Center Configuration Manager. I was able to see who the last person logged in was, but there are other dates showing but not sure what they are representing.
Here are my questions: When looking at the Client Activity Details under "Assets and Compliance," it's showing a "Policy Request" as 9/27/2017.
Is the policy request originating from the SCCM server or the client?
Does the client computer have to be actively connected to the network in order to process the request?
Screenshot from Configuration Console Manager
Thank you for any assistance, please let me know if you need any further details.
Related
We're experiencing issues with a third-party application running on Windows 2016 that uses Kerberos and SSPI (Windows Security Support Provider interface) where the vendor has suggested this could be related to Kerberos authentication failures. The service runs as a domain service account. In the Windows 2016 domain controller security logs we're seeing Event ID 5071 failure audits with the description:
Key access denied by Microsoft key distribution service
This all worked in the past and similar configuration works in other parts of our system (different service accounts, servers, domain controllers). In fact, we have a full hardware level clone of our setup as a test system and the issue doesn't exist there.
There is limited information online that we've been able to find on this particular event. We are in the process of performing all the normal Kerberos advanced troubleshooting so don't need assistance from that angle. We have a ticket open with Microsoft so will post their response here.
Has anyone encountered this event previously and has any insight into the potential cause(s)?
I am trying to publish a very simple workflow from SharePoint Designer 2013 to SharePoint Online.
The following error appears:
Microsoft.SharePoint.SPPrincipalManagementException: An error occurred
while attempting to execute a principal management operation. Please
contact your administrator. --->
System.ServiceModel.FaultException`1[Microsoft.Online.Administration.WebService.PropertyValidationException]:
Invalid property specified
Server stack trace: at
System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime
operation, ProxyRpc& rpc) at
System.ServiceModel.Channels.ServiceChannel.Cal
How can I handle this?
You can try create a new sub-site from your site collect then upload your workflow to see if its viable.
If not, you can check whether the Central Admin > Manage Service Application-> “App Management Service” is started.
Also heck whether the “Configure service application associations”, ”App Management Service” is already associated.
Then check whether the “Manage Services on server” and the “App Management Service” is started.
In addition, try to re-register Workflow Service.
If the issues still exists, please follow the steps in the Steps to Verify that Server Is Correctly Set Up. After you verified that the server is correctly set up, follow the steps in the Steps to Troubleshoot Workflow Management Service and Troubleshooting the Service Bus for Windows Server then retry your action.
If all above doesn't solve problem, then you should create a service request to Microsoft in SharePoint Online Admin Portal directly. Since issue is more likely related to SharePoint Online Server Back end.
I am trying to build a automation powershell script on azurE whiCh can give me email alerts, by using network watchers new feature i.e connectivity check, the script can test out and send the alert whenever the vm is not reachable, can somebody explain mE how to do it or any article which I Can follow
For now, Azure network watcher connectivity check does not support send mail to users.
As a workaround, maybe we can set Alert rules to monitor Azure VM.
For example, we can set Metric to Network In, and the Threshold to 1, then enable Email owners, contributors and readers, and add the email address. In this way, when the VM receive network traffic less than 1 bytes over the last 5 minutes, we will get email. Settings like this screenshot:
More information about set metric alerts, please refer to this official article.
I can see the message using network capture tool Microsoft Message Analyzer. I can see the I receive Kerberos error "KDC_ERR_C_PRINCIPAL_UNKNOWN: Client not found in Kerberos database".
I can see all parts of the message, I have been searching online and tried a few things and did not work.
But in order to understand the problem, what does the "client" mean here?
- Is it the Server / Computer that is requesting
- Is it the Application that is requesting
The error is for KRB_TGS_REQ which means that its requesting for a token.
Would be great if anyone could help understand, which I believe can lead to a resolution.
Added more Details:
We have a SharePoint farm setup with SQL Reporting Services (SharePoint Integrated mode) and Excel Services. We have a datasource defined in Sharepoint which are used in SSRS Reports and Excel Reports. We use Windows Authentication from Sharepoint to SQL. When we test connection on Sharepoint datasource we get an error which says Cannot convert Windows token to Claims token. On opening the reports in SSRS we also receive error.
Strange part is that it works for some users which is why I'm not sure how to tackle this issue. If its SQL Server previlage issue, we have assigned sys admin role, this user also added as admin in SSRS. If AD or SPN issue it must not work for all users not for individual users.
I can see successful KRB_TGS_REQ for an admin user but fails for a normal user. No clue what to look for.
Kerberos Message :
KRB_TGS_ERROR, KDC_ERR_C_PRINCIPAL_UNKNOWN: Client not found in Kerberos database, Cname: nothing, Realm: SUB.DOMAIN.COM, Sname: SP_SVC_ACT
Does this mean that the delegation is not working?
I am trying to get connection logs from exchange online via powershell.
I have managed to log in to exchange online with powershell, but do not know any cmdlets that would allow me to obtain a list of connections made. What I am trying to achieve is to see a log entry when someone has logged in to their mailbox and downloaded their emails. Ideally I am looking for their IP.
get-logonstatistics no longer works (exchange 2013).
Any help at all would be greatly appriciated!
For On-Premise Exchange you are looking forMailbox Transport service logs which sit in
%ExchangeInstallPath%TransportRoles\Logs\Mailbox\Connectivity
but you have to explicitly enable them first.
This article will get you started
http://technet.microsoft.com/en-us/library/bb124500(v=exchg.150).aspx
You can't really do that in O365 without raising a ticket with MS, the only available cmdlets are:
http://help.outlook.com/en-us/140/dd575549.aspx