Wednesday, December 11, 2013

User Cannot Logon - SPN Error

"The security database on the server does not have a computer account for this workstation trust relationship.". In my case, this turned out to be a duplicate computer name in Active Directory. I believe this occured when I joined a machine to the domain & the computer account was created on a DC at another site (in the default Computers OU). I could not find the computer in ADUC (most likely querying our site's DC), so I unjoined the workstation from the domain, manually created the computer in ADUC in the appropriate OU (we don't keep computers in the default Computers OU), and rejoined the workstation to the domain. Once the DCs replicated, there were now duplicate computer names in different OUs. I ran the following command on our DC: ldifde -f C:\SPNs\SPNs.txt -t 3268 -d dc=domain,dc=com -l serviceprincipalname -r (serviceprincipalname=*) -p subtree Notes: The above command failed when I tried to write the log file to the root of the C: drive (C:\SPNs.txt) probably due to Server 2008 restrictions on writing files to the root of C: (like Win7). It also failed when I added the SPNs folder name (C:\SPNs\SPNs.txt) without fisrt creating the SPNs folder. If the domain name is, the command line would be edited to: dc=acme,dc=int Once I got the command line sorted, the resulting file showed the duplicate computer account right at the top of the output file - including the OU it was in (in this case, the default Computers OU). If it isn't that obvious, search the output file for the word duplicate & then search for the name of the duplicate machine to find the second instance of it.

Thursday, September 20, 2012

Using MassLogger As A Limited User In Windows 7

I’ve come up with a procedure to get the clip download functionality working for limited users in Windows 7. Log the user off of Windows Logon to Windows as a local or domain admin Go to the Computer Management console & add (temporarily) the user’s account to the local Administrators group Logoff Windows Logon to Windows as the user (now a local admin) Run Internet Explorer as an administrator – you have to launch IE with Run As administrator for this to work Go to the applicable Masslogger url Add that site as a Trusted Site in IE Go to the Masslogger As Run Log tab, click on Extract Clip & install the Active X Control Download & Save a test clip to confirm that it works If you have more than one station, make sure you add both Masslogger urls as Trusted Sites & go through the Active X install process on both Massloggers Go to the Computer Management console & remove the user from the Administrators group Logoff Windows Log back on to Windows as the user (now back to being a limited user) Confirm that you can still download a clip from the applicable Masslogger(s).

Wednesday, May 9, 2012

Shockwave Not Working for Limited User in Windows 7

I was having issues with Shockwave & Flash elements not working in Internet Explorer 9 on Windows 7 for a limited user. An admin user worked fine. I traced the problem to this registry key: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Databse\Content Type\application/x-shockwave-flash As the limited user, I could not access that registry key to confirm that it was setup properly. I logged on as an administrator and that key had no permissions defined for users. I added the group users to the permissions and gave that group read permissions.

Thursday, October 13, 2011

Windows 7 Machine Won't Map Network Drives From Logon Script


Add a DWORD 32-bit key for EnableLinkedConnections and set its value to 1.


Thursday, April 7, 2011

Can't Join Computer To Domain

The following error occurred attempting to join the domain Access is denied

We tried several things, but the thing that fixed the issue was this command

"secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose"


Friday, March 25, 2011

Windows 7 Machine Can't Connect to Network Share

Thunder plugin for iNews doesn't work in Windows 7 because Windows 7 machines can't connect or map a drive to a network share folder on a machine not in the domain.

Click the Start button and type secpol.msc in the search function.

Browse to "Local Policies" -> "Security Options".
Now look for the entry "Network Security: LAN Manager authentication level" and open it.
Click on the dropdown menu and select:
"Send LM & NTLM - use NTLMv2 session security if negotiated".
Apply the settings.


Windows Registry Editor Version 5.00


Thursday, March 24, 2011

HP Pavilion dm1 Webcam Not Working After OS Change

After changing the operating system from 64-bit Windows Home Premium to 32-bit Windows 7 Professional, the internal webcam would not work. The HP MediaSmart Webcam software or Skype would give a error message saying:

HP MediaSmart Webcam cannot connect to your webcam (HP Webcam-50).
Skype can't connect to your webcam.

The drivers for the webcam were installed from HP's website and the Device Manager showed the webcam as working.

I found this info:

1. Open regedit
2. Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}\0000
(This should be the registry key for your webcam. If it is not, it may be at 0002, or 0003, etc.)
3. Add a new 32-bit DWORD value called "UvcFlags"
4. Set the data for this value to 10 (10 Hex, 16 Decimal)
5. Restart your computer and test the webcam


There was also a 32-bit DWORD called "KS" with a value of 1 on the original 64-bit Windows Home Premium installation.

After adding UvcFlags & KS and restarting, the webcam works fine now.

I have a 2nd HP Pavilion dm1 that I did the same OS change to & it had no issues with the webcam.