I'm facing a problem which causing thousands of successful 4776 events on DCs. I figured out that some kind of network printer enumeration causing it. Every refreshing or opening printers in word for example, triggers a lot of 4776. It takes place even when user doesn't use computer so it is locked. Any idea why it works like that? I suspect that it is caused by opening printer named pipe, I see in ProcMon create, close file on pipe\spools printer path. Server is W2K8 R2 , client W10
Thanks in advance
This problem "Thousands of 4776 events" usually occurs every time that a credential validation occurs using NTLM authentication. It shows successful and unsuccessful credential validation attempts.
Only for the authoritative accounts this error occurs. For domain
accounts, the domain controller is authoritative. For local accounts,
the local computer is authoritative. This event also generates when a workstation unlock event occurs.
Obtain the source workstation address from 4776 event log and please check below steps:
Try checking whether the user is entering wrong credentials to run scheduled tasks, start services etc.
Try checking the credential management to know if there are any old credentials present in cache.
While mounting the network disk check whether you have entered wrong password.
Check if there are any third-party programs that cache the user's wrong password.
References:
4776(S, F) The computer attempted to validate the credentials for an account. (Windows 10) - Windows security | Microsoft Docs.
Event ID 4776 / 0xc00006a - Microsoft Q&A.
Since 12h the website (Wordpress website) that is hosted on Google Cloud Platform has a time out issue. After 60 seconds of trying to load the website, the following message appears "The connection has timed out".
When trying to connect with SFTP, same issue.
What should I do to resolve this?
Since two different services stopped to work at the same time it
sounds like a networking issue. There is a timeout, therefore there is the server not answering at all to the requests.
What to do?
I would proceed with this general troubleshooting steps, if you want you can upload your question with the result of these commands/question to proceed with the troubleshooting.
First of all I would check if you are able to ping the
external/public IP of the instance.
I would check if the firewall rules allows TCP80/TCP443 and TCP22, Notice that on GCP you need to create the rule and assign the TAG to the machine from its detail page if the the rule does not apply to the whole network.
Are you able to ssh into the instance?
I would check if the processes are actually listening netstat -tuplen
If you are able when logged into the machine do you have access to the internet? Are you able to ping external IP? If not whats about internal IP?
I would go to the "activity" page of your Google Cloud Console to check which actions have been taken while the instance was still running.
I would check as well the history of the Linux machine to check if you run some commands acting on the network configuration of the machine.
Note that if you cannot SSH into the machine you can always access through serial console setting a password for your username through a startup script.
UPDATE
I had the possibility to take a look into the project, the machine was stopped due to issue with the billing account (it was closed) after the free trial period ended.
I would suggest you to go again trough the documentation regarding the upgrade of the billing account
If you have still some doubts or question after you perform this operations you can file a case at this link with the billing team and they will help you to solve the issue.
I'm new to the Hyperion Essbase and I'm using "Hyp 6.5". Whenever I login to the Excel it shows "Essbase System Login screen". So each time I've to enter
Server Name
User Name
Password
Application/Database
Is it possible to set those values as default. So it's not prompting again and again? or is there is any plug-in's to resolve this.
Thanks in advance.
There is a utility developed by the group at IN2HYPERION called "Excel Essbase Add-in Ribbon" that will store this information. It works as an Excel add-in and will store the server, app, database, and password for connections. I'm not affiliated in any way to the site but I've used the tool for a couple years and find it to be useful and reliable. You'll need to check if it works with your version of Essbase.
Unfortunately, there is no password caching like you want. The only thing that it will store is the most recently used servers, but other than that you have to type in your user namne and password, and then it will pull up the list of Applications and Databases.
I have an ASP.NET MVC application that I'm working on. I've been developing it on Windows Server 2003 with IIS6 and SQL 2008 Express, and everything was working great. I recently decided to try out the Windows 7 beta, so now I'm using IIS7, and have run into a problem with connectivity to my database that I can't seem to figure out.
I can run/debug the app just fine, but whenever I try to access a page that needs to access the database, I get the following error:
"Cannot open database "MyDatabaseName" requested by the login. The login failed.
Login failed for user 'IIS APPPOOL\MyApplicationName'."
I've obviously got some security configuration setup incorrectly, but I can't seem to find any good documentation on how to set it up correctly. I've tried giving NETWORK SERVICE permissions on the database, but that didn't seem to work. Anyone know what I need to do to give "IIS APPPOOL\MyApplicationName" permissions to this database? Am I missing something obvious?
Thanks...
If you are NOT using Active Directory, then ignore all of the other solutions mentioned here. The confusion stems from the new ApplicationPoolIdentity setting default in IIS 7.5+ (MS keeps changing the identity mechianisms)
Open SQL Management Studio, connect to your local machine as an admin.
Expand the Security branch.
Right click on Logins and select New Login
Into the Login Name field, type "IIS APPPOOL\MyApplicationName". Do NOT click the search button. The user profile dosn't actually exist on the local machine, it's dynamically created on demand.
While you're looking at it, don't forget to add the user to a database or a server role.
The error means the web application doesn't have access to your database. On Windows 7 / IIS 7, by default each application pool has its own user. It seems the idea is to improve security by restricting what that web application can do (in case it gets compromised and controlled from the outside). You can change what user the application pool is running under but that will defeat its own purpose. A better way seems to give the pool's user the needed permissions (and not a bit more).
On the SQL Management Studio connect to the server you want your web app to connect (tested with SQL server 2008). Go to
Security -> Log ins
right click, New Log in. In the form that comes up leave everything as default except username, where you have to type whatever username the web app is trying to use, in this case 'IIS APPPOOL\MyApplicationName'. Note that the search function of that dialog fails to find or check as valid that user, but nevertheless it works.
Still on the SQL Management Studio connected to the server go to
Databases -> *YOUR-DATABASE* -> Security -> Users
right click and New User. I'm not sure if the user name field there has any effect, I just set it the last part of the username, like MyApplicationName. Then I've set the login name to IIS APPPOOL\MyApplicationName. You can click on the ... button and use the check and search, this time it works. If you don't do the previous step, the user will not be present here. Then give it whatever permissions you want to this user, like db_datareader.
And that's it, you've given permission. If lack of permissions was your problem, then it should be solved (or at least, I've just solved it that way).
I have a total amount of 2hs of experience with IIS and about three weeks with SQL Server and less than two months with Microsoft technologies so take my advice with a grain of salt, I can be totally wrong. (If another person can confirm these are the right steps, feel free to remove the last warning).
Here is an article that explains why AppPoolIdentities are in use; basically, it's about enhanced security: http://learn.iis.net/page.aspx/624/application-pool-identities/
(That article claims I can use these virtual accounts just like any regular account but on my Windows Server 2008 that does not seem to be possible; adding e.g. IIS AppPool\DefaultAppPool just produces an error: "The following object is not from a domain listed in the Select Location dialog box, and is therefore not valid.")
Erick Falsken is right, however he is missing the User Mappings. So right click on the new
IIS APPPOOL/DefaultAppPool, click on Properties and then check boxes for:
1) databases master and yourdatabase
2) db_owner and public
This error usually means that the user that your site is running as (or more to the point the application pool), does not have permissions to use the DB. You can either check in IIS what user the pool is running under and give them permissions, or instead change your SQL connection string to not use trusted authentication and supply the credentials of a user that does have permission in the connection string.
Edit:
If you right click on the pool Identity section and go to properties, it should come up with a box that lets you either choose from 3 builtin system accounts, or specify your own account. Either give one of the builtin accounts permission for the DB, or use an account that has permission. Or leave it as is and change your connection string.
Well...changing the ApplicationPoolIdentity property and setting it to NETWORK SERVICE seems to have fixed my problems. Not sure if that's the "right" way to do things or not (as in, I'm not sure if that's the recommended way to do things in IIS7 or not), but it seems to at least be working and has gotten me past this hang-up for now. Thanks.
I'm familiar with the idea of giving permissions to the user that the application is running under...my problem is that in IIS7, the "user" seems to be virtual or something strange like that. Prior to me changing the "Identity" property of the Application Pool properties to NETWORK SERVICE, it was set to "ApplicationPoolIdentity", and the error I was getting was that "IIS APPPOOL\MyApplicationName" didn't have access to the database. When I attempted to add the "IIS APPPOOL\MyApplicationName" user to the database, it didn't appear to exist...not that I could find anyway.
So my ultimate problem is not understanding or being able to find any good documentation on how the IIS7 security model works. When I created the application, it seemed to create an AppPool with the same name just for this application. I don't know exactly what changes I need to make to give the application and/or the user it runs under privileges to the database, considering the fact that the user that the AppPool runs as doesn't appear to actually exist.
As I mentioned, changing the Identity of the AppPool to NETWORK SERVICE seems to have worked for now, but I'm trying to find out what the best practice is for this kind of thing under IIS7. Thanks.
leave the hard problems for someone else -
create a sql user and use SQL Auth. :D
If you follow Mr. Fernández' advice, you will get everything working. This is the new way of giving least privilege to a site.
So don't do the easy, less secure thing (NETWORK SERVICE). Do the right thing. Scroll up. ;)
Using Trusted Connection in Windows Authenticated Mode:
OS: windows 7 32 bit
IIS 7, Sql Server 2008 R2 Express
Connection String:
cn.open "Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=test;Data Source=mycomputername\sqlexpress;" (if instance name is sqlexpress or whatever instance name you have used)
If you are not able to connect sql server using windows mode authenticated connection to sql server 2008.
NT AUTHORITY\IUSR Account might not have permission in sql server to authorize connection with database.
Connect Sql server using windows authentication mode.
Expand Security node.
Select NT AUTHORITY\IUSR (IF NOT THERE THEN ADD NEW LOG IN FOR THAT)
Click on "User Mapping" under Select a page at Log-in properties window.
Select the database that you are trying to connect.
Select following permissions from "Database role membership for:......"
1. db_datareader 'this allows to open connection
2. db_datawriter 'this allows to fetch data records from datatable
The first step is to verify which account your website is running under. Create a simple aspx page with:
<%# Page Language="C#" %>
<% Response.Write(System.Security.Principal.WindowsIdentity.GetCurrent().Name); %>
If you're using windows authentication the WindowsIdentity account will need to have a login in your SQL Server. Under Security -> Logins -> Login New you'll want to add whatever name that was displayed by WindowsIdentity and make sure Windows authentication is selected.
If you ever happen to move your database to a separate machine you'll have to create a domain account and use impersonation in your web.config. Google <identity impersonate="true"> for more info.
If you look in the description of the field it states that running under "Network Services" account is the recommended account to use. Not sure why in Win7 it defaults to the ApplicationPoolIdentity setting.
I have the exact same issue. I'm running Windows 7 RC. When I'm trying to usa a .mdf file (located in App_Data), there is now way to make that thing work. I did try to change the AppPool's identity for LocalSystem, but it simply won't work.
If I use a "standard" database, then it will work if I'm using LocalSystem, but it won't work with the famous 'IIS APPPOOL\DefaultAppPool'.
I find it a bit disturbing not to find any information on that matter, it seems that the 'IIS APPPOOL\DefaultAppPool' user is totally useless if you are using a database of any kind...
I have it running, but I'm also bit frustrated not to understand the security model, as stated by ryexley.
yes, the app pool identity method doesn't work like they say (not in IIS7 anyway) it's supposed to. I think there are hackers at MS who make this security convoluted on purpose so you take the path of least resistance and leave your system less secure (so they can hack into it later). - just kidding, but really, their security model is pure insanity, no straightforward (step by step) instructions anywhere on MSDN - nada, zip!
I faced same problem between (SQL2008 that is installed on standalone Win-server2003 server) and (IIS6 with ASP.NET3.5 that are installed on standalone Win-server2003 server).
Where, IIS tries to access SQL2008 using some user in the domain "domain\username".
I removed following option out of connectionstring, and every thing works fine now.
Integrated Security=True;
Open SQL Management Studio, connect to your local machine as an admin.
Expand the Security branch.
Right click on Logins and select New Login
Into the Login Name field, type "IIS APPPOOL\MyApplicationName". Do
NOT click the search button. The user profile dosn't actually exist
on the local machine, it's dynamically created on demand.
Select Database in User Mapping
Select sysadmin in Server Roles
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I often connect to my work TFS instance over VPN. Becasue my home computer is not on the domain, I'm forced to enter my userid/password for each tf.exe command. Is there a way to cache or save this locally?
You can definitely do it! I am running off the domain on Windows XP. A coworker of mine just showed me how. Here are the steps:
Open up Control Panel.
Open up User Accounts.
Select Change an Account and then choose your current account.
On the left, under Related Tasks, select Manage my network passwords That will launch the Stored User Names and Passwords dialog.
From here, you click the Add button and type in the full server path of the TFS server (server.abc.xyz), the full username (ABC\username) and password to use for TFS access.
That should do the trick for you. I hate TFS a little less now. ;)
In Win7 with VS2010, I was able to do the following when connected to my VPN,
Go to Control Panel\User Accounts and Family Safety\Credential Manager
Add a Windows credential
Enter your TFS server name (mine was "http://tfs:8080", I entered "tfs")
Enter username qualified with the domain (e.g., mycompany\jdoe)
Exit Control Panel when done, and restart VS2010
Though I can't solve your problem completely, I can make half of it go away (this command is set up to run SSMS, not VS, though you can change it):
%windir%\system32\runas.exe /netonly /user:DOMAIN\UserID "C:\Program Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe"
The "/netonly" switch on RUNAS.exe authenicates it at the destination, meaning that you can give it a username and password that you don't currently have access to the DC for. We use it to run SSMS and login using Integrated Authentication to a SQL Server that sits on a different domain. Even though I can't see to DC for that domain from my computer, this command still allows me to pass my username and password for that domain to that server.
You could set a shortcut to this command and it would only prompt you for your password when you launch VS, which makes this a little easier, as you don't have to type in your Domain\Username every time anymore.
Have you tried setting your username and password to exactly the same as your work environment? I seem to recall that this works for file shares because it passes the hashed credentials along and as long as they match it succeeds.