Error: “Cannot log on using smart card” on StoreFront

Solution 1

You can use a Windows PowerShell command to find certificates that are put in the Trusted Root Certification Authorities store incorrectly on the local computer. The following command compares the “Issuer” property and the “Subject” property of each certificate in the store, and then outputs details of certificates that do not meet the criteria of a self-signed certificate:

Get-Childitem cert:LocalMachineroot -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:computer_filtered.txt”.

The sample output

PSPath : Microsoft.PowerShell.SecurityCertificate::LocalMachineroot27AC9369FAF25207BB2627CEFACCBE4

EF9C319B8

PSParentPath : Microsoft.PowerShell.SecurityCertificate::LocalMachineroot

PSChildName : 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8

PSDrive : Cert

PSProvider : Microsoft.PowerShell.SecurityCertificate

PSIsContainer : False

EnhancedKeyUsageList : {}

DnsNameList : {Go Daddy Secure Certificate Authority – G2}

SendAsTrustedIssuer : False

EnrollmentPolicyEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty

EnrollmentServerEndPoint : Microsoft.CertificateServices.Commands.EnrollmentEndPointProperty

PolicyId :

Archived : False

Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid,

System.Security.Cryptography.Oid, System.Security.Cryptography.Oid…}

FriendlyName :

IssuerName : System.Security.Cryptography.X509Certificates.X500DistinguishedName

NotAfter : 5/3/2031 3:00:00 AM

NotBefore : 5/3/2011 3:00:00 AM

HasPrivateKey : False

PrivateKey :

PublicKey : System.Security.Cryptography.X509Certificates.PublicKey

RawData : {48, 130, 4, 208…}

SerialNumber : 07

SubjectName : System.Security.Cryptography.X509Certificates.X500DistinguishedName

SignatureAlgorithm : System.Security.Cryptography.Oid

Thumbprint : 27AC9369FAF25207BB2627CEFACCBE4EF9C319B8

Version : 3

Handle : 767400550640

Issuer : CN=XXXX, O=”XXX”, L=XXX, S=XXX, C=XXX

Subject : CN=XXX – G2, OU=XXX,O=”XXX, Inc.”, L=XXX, S=XXX, C=US

The certificate “{Go Daddy Secure Certificate Authority – G2}” in this case from the above output was put incorrectly in the Trusted Root Certificate Authorities, we removed the certificate from the StoreFront Server to resolve the issue.

Solution 2

Ensure that on the firewall, both inbound and outbound HTTP (80) ports are open.

Related:

  • No Related Posts

App Layering error “A failure occurred while publishing the Layered Image: “Failed scanning a directory for files” because of Microsoft.MicrosoftOfficeHub

Recommended Solution: This issue has now been fixed in versions 4.6+ of App Layering. The simplest way to resolve this issue is to upgrade the latest version of the App Layering appliance.

* Update: This issue can also be caused by apps that use invalid windows file names. One example is CON.<anything>. CON is a reserved file name. In one case, CygWin was used to install a package which included /cygwin64/usr/share/avogadro/crystals/zeolites/CON.cif. The ELM will fail to copy this file because it is not a valid name. The only current solution is to delete the file.

For historical purposes, here is the original fix for those who are still using versions 4.5 or earlier of the App Layering product:

This error is most frequently caused by Microsoft OfficeHub. The “Program FilesWindowsAppsMicrosoft.MicrosoftOfficeHub” directory has a new type of reparse point that was recently invented by Microsoft, and ntfs-3g is currently unable to handle it. Thus, there is no way for our Linux virtual appliance (App Layering ELM) to correctly recognize these files. So we will need to remove them before working in App Layering. There is no negative effect to removing the OfficeHub files, as these files will be rebuilt automatically on end-user desktops.

The fix needs to be done in the VM or layer where the problem files are present. If the error occurs while publishing a VM (App Layering versions 4.x) or during desktop creation (versions 2/3.x), or while editing/creating layers, then you will need to execute the fix on the specific layer that is causing the issue. Usually, the problem is in the OS layer, so you would need to execute the solution on a new version of the OS layer. However, it is also possible that the offending files are on an application layer or the platform layer, so you may need to experiment to determine which layers the files are located on. If you cannot find them in file explorer for any of the layers, you should open a Technical Support case, and one of our engineers will be able to make that determination.

Solution 1: PowerShell

On the OS layer, running the following two PowerShell commands (from the command prompt as administrator) might be able to remove the folders without manually setting permissions and deleting them Sometimes, manually deleting the folders can be a long and painful process. Make sure to run the PowerShell commands as the admin that originally created the image. It is possible that OfficeHub may already be staged for the original user, and will deny removal from the following script if that is the case.

powershell -command "& {Get-AppxPackage -name Microsoft.MicrosoftOfficeHub -AllUsers | remove-appxpackage}"powershell -command "& {Get-AppxProvisionedPackage -online | Where-Object {$_.DisplayName -like "*Microsoft.MicrosoftOfficeHub*"} | remove-AppxProvisionedPackage -online}

Solution 2: Manually changing the file permissions, and then deleting them

Make sure that the files are located in the “Program FilesWindowsAppsMicrosoft.MicrosoftOfficeHub” directory. The files will need to be deleted out of this folder, and typically you’ll need to take ownership and change permissions in order to remove them.

Additionally, on Windows 10 Enterprise machines, you may also need to check and remove the OfficeHub directory from “usersAdministratorappdatalocalpackagesMicrosoft”

Lastly, make sure Program Files/WindowsApps/Deleted/Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbweb6a07f30-3c9c-4a53-867e-42e7a1f58db8* is empty.

In extreme cases, the $recycle.bin may also need to be completed deleted.

The following command will delete the $RECYCLE.BIN – then the OS will refresh and recreate it automatically, without any artifacts from OfficeHub.

RD /S /QDrive-Letter:$Recycle.bin

Related:

  • No Related Posts

Unable to Import Windows 10 Gold Image into App Layering ELM: “Failed scanning a directory for files” because of Microsoft.MicrosoftOfficeHub

Recommended Solution: This issue has now been fixed in versions 4.6+ of App Layering. The simplest way to resolve this issue is to upgrade the latest version of the App Layering appliance.

For historical purposes, here is the original fix for those who are still running versions 4.5 or earlier of the App Layering product:

This error is most frequently caused by Microsoft OfficeHub. The “Program FilesWindowsAppsMicrosoft.MicrosoftOfficeHub” directory has a new type of reparse point that was recently invented by Microsoft, and ntfs-3g is currently unable to handle it. Thus, there is no way for the our Linux virtual appliance (App Layering ELM) to correctly recognize the files. So we’ll need to remove them before working in App Layering. There is no negative effect to removing the OfficeHub files, as the files will be rebuilt automatically on end user desktops.

The fix needs to be executed in the Gold VM that we are trying to import.

Old Solution 1: PowerShell

On the OS layer, running the following two PowerShell commands (from command prompt as administrator) might be able to remove the folders without manually setting permissions and deleting them Sometimes, manually deleting the folders can be a long and painful process. Make sure to run the PowerShell commands as the admin that originally created the image. It is possible that OfficeHub may already be staged for the original user, and will deny removal from the following script if that is the case.

powershell -command "& {Get-AppxPackage -name Microsoft.MicrosoftOfficeHub -AllUsers | remove-appxpackage}"powershell -command "& {Get-AppxProvisionedPackage -online | Where-Object {$_.DisplayName -like "*Microsoft.MicrosoftOfficeHub*"} | remove-AppxProvisionedPackage -online}

Old Solution 2: Manually changing the file permissions, and then deleting them

Check to make sure the files are located in the “Program FilesWindowsAppsMicrosoft.MicrosoftOfficeHub” directory. The files will need to be deleted out of this folder, and typically you’ll need to take ownership and change permissions in order to remove them.

Additionally, on Windows 10 Enterprise machines, you may also need to check and remove the OfficeHub directory from “usersAdministratorappdatalocalpackagesMicrosoft”

Lastly, make sure Program Files/WindowsApps/Deleted/Microsoft.MicrosoftOfficeHub_17.8010.5926.0_x64__8wekyb3d8bbweb6a07f30-3c9c-4a53-867e-42e7a1f58db8* is empty.

_______________________________________________________________________________________________

In extreme cases, the $recycle.bin may also need to be completed deleted.

The following command will delete the $RECYCLE.BIN – then the OS will refresh and recreate it automatically, without any artifacts from OfficeHub.

RD /S /QDrive-Letter:$Recycle.bin

Related:

  • No Related Posts

Symantec Blocking Outlook Rule Powershell Script.

I need a solution

I have a Outlook client rule running on a virtual machine that runs a VB script upon receiving mail. This script calls a powershell script that writes data from specific emails to a database. This worked great without fail for about a year. I’m not sure what exactly triggred the problem, probably an upgrade to the Symantec client or definitions I’m guessing, but now this script gets blocked by Symantec client. I have added exclusions to the file powershell.exe, but this does not seem to solve the problem. My only solution thus far has been to actually disable the Symantec client on that machine, and maybe that’s ultimately the final solution. I realize there are a lot of dangers going around with malicious powershell scripts and Outlook which is probably the reasoning behind this heightened security, but I am careful with this one box that has these rules, and really need this script to function. Is there any way to green light powershell scripts or specific ones without disabling Symantec entirely?

0

Related:

  • No Related Posts

Meltdown and Spectre patch report – need some help

I need a solution

Ok so first is first..

thank you @Brandon in this thread https://www.symantec.com/connect/forums/meltdown-p…

which he recommends custom inventory from here https://www.symantec.com/connect/forums/invaexosqu…

​This works… for windows 7. Works great… BUT Windows 10 and other Server O/S – it wont work.
 

During my searching I hit this article… http://www.thewindowsclub.com/check-windows-update…

​Now it is awesome.. the top part didnt bring all i needed but if you follow down farther… he has code to query the update history. This is great…

I ran it but it didnt go back far enough so I changed his 0,50 to 0,550 and now the patch shows!!!!
2018-01 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4056890)

so.. now the help I need…

​How does one take a powershell script and create variables that can be then inventoried in via Altiris?

​I have done custom inventories but always using vbs to query registry, etc…
​Any guidance on this as I bet it will help many others!!!!

****************************
​try it –  put the following into powershell ise
​****************************
 

# Convert Wua History ResultCode to a Name # 0, and 5 are not used for history # See https://msdn.microsoft.com/en-us/library/windows/desktop/aa387095(v=vs.85).aspx
function Convert-WuaResultCodeToName
{param( [Parameter(Mandatory=$true)]
[int] $ResultCode)
$Result = $ResultCode
switch($ResultCode)
{2
{$Result = “Succeeded”}
3
{$Result = “Succeeded With Errors”}
4
{$Result = “Failed”}}
return $Result}
function Get-WuaHistory
{
# Get a WUA Session
$session = (New-Object -ComObject ‘Microsoft.Update.Session’)
# Query the latest 1000 History starting with the first recordp
$history = $session.QueryHistory(“”,0,550) | ForEach-Object {
$Result = Convert-WuaResultCodeToName -ResultCode $_.ResultCode
# Make the properties hidden in com properties visible.
$_ | Add-Member -MemberType NoteProperty -Value $Result -Name Result
$Product = $_.Categories | Where-Object {$_.Type -eq ‘Product’} | Select-Object -First 1 -ExpandProperty Name
$_ | Add-Member -MemberType NoteProperty -Value $_.UpdateIdentity.UpdateId -Name UpdateId
$_ | Add-Member -MemberType NoteProperty -Value $_.UpdateIdentity.RevisionNumber -Name RevisionNumber
$_ | Add-Member -MemberType NoteProperty -Value $Product -Name Product -PassThru
Write-Output $_}
#Remove null records and only return the fields we want
$history |
Where-Object {![String]::IsNullOrWhiteSpace($_.title)} |
Select-Object Result, Date, Title, SupportUrl, Product, UpdateId, RevisionNumber}

Then run this…
Get-WuaHistory | Format-Table

0

1526499238

1255181

Related:

  • No Related Posts

Symantec DLP 15 not applied a policy via an AD group until restart the agent

I need a solution

Hi guys, i made a policy to block all user’s action if it made 2+ incident per 10 minutes.

what i’ve done: i made a DLP policy, and linked it with AD Group

Then i’ve made powershell scrypt which check our information mailbox, and if there are 2 or more messeges per sender in 10 minutes (scrypt’s schedule), it’ll add user’s account to AD group which i’ve add to policy “BLOCK ALL” 

And it works, but only after PC’s agent restart. I tried to wait 2 days, and nothing, but if my scrypt add user to AD group, and then i restart agent it works now.

how to made quick work, without agent restart. 

Also if i add user via Enforce Server it works in a 2-3 minutes without agent restart

0

Related:

  • No Related Posts

How to Configure XenDesktop for SQL Database Mirroring

Configuring a Site for Use with a Mirrored Database

To configure a XenDesktop site for use with a mirrored SQL Server database, complete the following steps:

  1. Create an empty database on the principal with the “Latin1_General_100_CI_AS_KS” collation sequence.

    Note: If you plan to change the location of your secondary databases (Configuration Logging and Monitoring databases), you can create two more empty databases as above.

  2. Configure the mirror and notice that it starts mirroring. For more information, see How to: Prepare a Mirror Database for Mirroring (Transact-SQL)

  3. Deploy Desktop Studio using Advanced Deployment in one of the following ways:

    1. Create the database automatically; mirroring is detected without user intervention.

    2. Create the database manually; two scripts are generated: one to be executed on the principal and one to be executed on the mirror. If you are executing the scripts using SQL Server Management Studio, enable the SQLCMD mode before executing the scripts. After executing the scripts, test the database connection by clicking Test connection and continue through the remainder of the wizard.

To verify mirroring after the wizard has completed, run the PowerShell cmdlet get-configdbconnection and ensure that the Failover Partner is set in the connection string to the mirror.

Note: If you created separate database locations for the Secondary databases, you can follow the instructions at http://docs.citrix.com/en-us/xenapp-and-xendesktop/7-5/cds-install-config-intro/cds-change-db-location.html to change the location of Configuration Logging and Monitoring database. At this point the main database along with the secondary databases are in the same location.

Joining a Controller

To join a XenDesktop controller to an existing site that is configured to use a mirrored SQL server database, run the Join Existing Site wizard in one of the following ways:

  • Update the database automatically; mirroring is detected without user intervention.

  • Update the database manually; two scripts are generated: one to be executed on the principal and one to be executed on the mirror. If you are executing the scripts using SQL Server Management Studio, enable the SQLCMD mode before executing the scripts.

To verify mirroring after the wizard has completed, run the PowerShell cmdlet get-configdbconnection and ensure that the Failover Partner has been set in the connection string to the mirror.

Removing a Controller

To remove a XenDesktop controller from an existing site that is configured to use a mirrored SQL server database, run the Remove Controller wizard in one of the following ways:

  • Update the database automatically; mirroring is detected without user intervention.

  • Update the database manually; two scripts are generated: one to be executed on the principal and one to be executed on the mirror. If you are executing the scripts using SQL Server Management Studio, enable the SQLCMD mode before executing the scripts.

Related:

  • No Related Posts

Windows 10 1803 Update Symantec must be manually uninstalled.

I do not need a solution (just sharing information)

This is going to be a long post.  it is to fix issues with Windows 10 1803 getting notification that Symantec must be manually uninstalled.

First you have to be at SEP Client 14.0.3 for Windows 10 1803 update of this to work. My version is 14.0.3929.1200.105 on server and most of my clients.

Script is saved as .txt and attached (I think) on this post,

Bottom of post has the text of the powershell script.

Some suggested fixes that did not work:

Cleanwipe will not resolve this issue, I tried that.

Re-installing windows also will not work unless you delete everything on the drive or format the drive during install.

Causes:

Essentially, what happened is that Symantec install is sent by a zipped package that has the executables in it.

Once you unzip the package, the executables that Windows update looks for is found in the install folder.

Windows 1803 update does not look everywhere, but will look anywhere that the system can access.

So if you are deploying with SCCM, there is an install package in ccmcache from the last install.

If you contacted support on a previous version and they sent you a 7zip exe to extract, then the exe’s are somewhere else.

If you deployed using SCCM then the exe’s will be in a subdirectory under the c:windowsccmcache directory.

If you deployed using a single exe, then it extracted somewhere and you may have the exe’s there.

I called support for a script to fix this.  Got nowhere.  That is anothe story, best left out.

My Solution

I made a powershell script to find and rename the 2 executables if they are outside of Program Files or Program Files (x86)

For SCCM to be able to use this, the .ps1 probably needs to be signed.

Attached is a sample of the script.

<#
This Script is to look for any Symantec Endpoint Protection files that prevent Windows 10 Update to 1803
If a computer has any install folder for an older version these files will exist in the install folder.  Windows update checks the version.
ccsvchst.exe Version 13.3.1.14
smc.exe Version 14.0.3929.1200
Windows Update to 1803 gives error that 2 Symantecs must be uninstalled, 1 for each file.
To find the offending file names look in this folder (after the update has failed or they will not be listed.)
C:$WINDOWS.~BTSourcesPanthersetupact.log
Search for ‘Manual uninstall required’ (no tick marks.)
References:
https://www.symantec.com/connect/forums/solved-windows-10-1709-cant-update-and-clean-wipe-cant-full-remove-endpoint-protection

Point of contact, Brian VanTassel
Agency for Persons with Disabilities, Florida.

Notes:  This has to be signed to run through SCCM
Built for deployment through SCCM Task Sequence.

#>

Script renames either ccsvchst.exe Version 13.3.1.14 or smc.exe Version 14.0.3929.1200 if version is less than what is shown

In this script, change ‘SomeServerName’ in the line to your share path.  Create the folders for the path.  The script writes results to the file.  The results are attempted.  Depending on system rights, it may not be the case.  This indicates the steps ran, but you should test it.

$outfile=”\SomeServerNameDeployLogsSymantecWin10-1803RenameFixWin10-FilesRenam_Status-Apps.txt

This is where the accumulated log is written to.  Domain users and Domain Computers will need read and write to this share.

You will also need a share for deploy files.  This will need to be read for domain users and domain computers.

Sign the script using a code signing certificate (another story there.)

Example of results shows Computer name, path to file, version information and what was attempted:

ComputerName-10;;C:Program Files (x86)SymantecSymantec Endpoint Protection14.0.3929.1200.105BinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:Program Files (x86)SymantecSymantec Endpoint Protection14.0.3929.1200.105BinSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:Program Files (x86)SymantecSymantec Endpoint ProtectionSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:ProgramDataSymantecSymantec Endpoint Protection14.0.3929.1200.105DataCached InstallsProgram FilesSymantecNameVersionBinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:ProgramDataSymantecSymantec Endpoint Protection14.0.3929.1200.105DataCached InstallsProgram FilesSymantecNameVersionBinSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:ProgramDataSymantecSymantec Endpoint ProtectionCurrentVersionDataCached InstallsProgram FilesSymantecNameVersionBinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:ProgramDataSymantecSymantec Endpoint ProtectionCurrentVersionDataCached InstallsProgram FilesSymantecNameVersionBinSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:UsersAll UsersSymantecSymantec Endpoint Protection14.0.3929.1200.105DataCached InstallsProgram FilesSymantecNameVersionBinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:UsersAll UsersSymantecSymantec Endpoint Protection14.0.3929.1200.105DataCached InstallsProgram FilesSymantecNameVersionBinSmc.exe;14.0.3929.1200;Not Modified
ComputerName-10;;C:UsersAll UsersSymantecSymantec Endpoint ProtectionCurrentVersionDataCached InstallsProgram FilesSymantecNameVersionBinccSvcHst.exe;13.3.1.14;Not Modified
ComputerName-10;;C:UsersAll UsersSymantecSymantec Endpoint ProtectionCurrentVersionDataCached InstallsProgram FilesSymantecNameVersionBinSmc.exe;14.0.3929.1200;Not Modified

To deploy the script in SCCM I used a Task Sequence, with 2 run command steps.

it will probably work with one step, but I copy the script to a folder I use on the computers for local install logs.

Most of my Task Sequences create this folder if it does not exist:  “C:ProgramDataCM_Install_logs”

Copy Command line: 

cmd.exe /c copy /y “\ServerNameDeploy File ShareScriptsWin101803SymFileRenamFix.ps1″ “C:ProgramDataCM_Install_logs”

Run powershell cmd:

cmd.exe /c PowerShell.exe -executionpolicy unrestricted -file “C:ProgramDataCM_Install_logsWin101803SymFileRenamFix.ps1”

Powershell Script (was named Win101803SymFileRenamFix.ps1) Start below this line

<#
This Script is to look for any Symantec Endpoint Protection files that prevent Windows 10 Update to 1803
If a computer has any install folder for an older version these files will exist in the install folder.  Windows update checks the version.
ccsvchst.exe Version 13.3.1.14
smc.exe Version 14.0.3929.1200
Windows Update to 1803 gives error that 2 Symantecs must be uninstalled, 1 for each file.
To find the offending file names look in this folder (after the update has failed or they will not be listed.)
C:$WINDOWS.~BTSourcesPanthersetupact.log
Search for ‘Manual uninstall required’ (no tick marks.)
References:
https://www.symantec.com/connect/forums/solved-windows-10-1709-cant-update-and-clean-wipe-cant-full-remove-endpoint-protection

Point of contact, Brian VanTassel
Agency for Persons with Disabilities, Florida.

Notes:  This has to be signed to run through SCCM
Built for deployment through SCCM Task Sequence.

#>
$outfile=”\SomeServerNameDeployLogsSymantecWin10-1803RenameFixWin10-FilesRenam_Status-Apps.txt

#$env:COMPUTERNAME
#Get-Childitem –Path C: -Include ccsvchst.exe,smc.exe -File -Recurse –force -ErrorAction SilentlyContinue | Select *
#$Paths2Files = Get-Childitem –Path “C:” -Include ccsvchst.exe,smc.exe -File -Recurse –force -ErrorAction SilentlyContinue | Select name,Fullname
$Paths2Files = Get-Childitem –Path “C:” -Include ccsvchst.exe,smc.exe -File -Recurse -ErrorAction SilentlyContinue | Select name,Fullname
foreach ($file in $Paths2Files){

$VersionInfo = (Get-Item $file.fullname).VersionInfo
    $FileVersion = (“{0}.{1}.{2}.{3}” -f $VersionInfo.FileMajorPart,
    $VersionInfo.FileMinorPart,
    $VersionInfo.FileBuildPart,
    $VersionInfo.FilePrivatePart)

#Write-Host $file.fullname $fileversion

If ($file.fullname -like “*Program Files*SymantecSymantec Endpoint Protection*”) {$action=”ProgramFiles Not Modified”}
ElseIf ($file.name -eq “ccsvchst.exe”) {
If ($FileVersion -lt “13.3.1.14”) {$action=”renamed”
Rename-Item -Path $file.fullname -NewName “ccsvchst.ex_”}
ElseIf ($FileVersion -eq “13.3.1.14”) {$action=”Not Modified”}
}

ElseIf ($file.name -eq “smc.exe”) {
If ($FileVersion -lt “14.0.3929.1200”) {$action=”renamed”
Rename-Item -Path $file.fullname -NewName “smc.ex_”}
ElseIf ($FileVersion -eq “14.0.3929.1200”) {$action=”Not Modified”}
}

Write-Host $file.fullname $fileversion $action
$out2file=$env:COMPUTERNAME+”;”+$date+”;”+$file.fullname+”;”+$fileversion+”;”+$action
$out2file | out-file -filepath $outfile -append
}

# SIGNATURE BLOCK WAS HERE
# End signature block WAS HERE

End of script above this line

    File Attachments:
    0

    Related:

    • No Related Posts

    A Citrix XenApp/XenDesktop Controller Service failed to connect to the database with current connection settings

    Check database connection settings and user permissions.

    To check the database connection settings:

    1. On the Delivery Controller, open a PowerShell command window.

    2. Type `asnp Citrix*`.

    3. Type `Get-AdminDBConnection` to generate the database server hostname.

    4. Confirm that the server hostname is valid. If mirroring is used, confirm that the failover partner is correct.

    To check database user permissions, refer to the topic [Determining Effective Database Engine Permissions] https://docs.microsoft.com/en-us/sql/relational-databases/security/authentication-access/determining-effective-database-engine-permissions on the Microsoft web site for more information.

    Related:

    • No Related Posts

    Re: REST API Auth with PHP

    I’m hoping to see if I can get some guidance on how to auth against appsync with PHP. After reading through the documentation, and tearing apart what I saw from another post in powershell I wrote up a simple script in php- however when I attempt to complete the auth it returns the following message:

    starting…

    CAS is Unavailable

    There was an error trying to complete your request. Please notify your support desk or try again.

    done!

    The “starting…” and “done!” are just echo’d statically for my sanity. Not sure where to debug as this is within CAS, within Appsync so any help would be great!

    The code is as follows:

    <?php

    echo “starting…”;

    $appsyncServer = “myserver”;

    $LoginUri = https://.$appsyncServer.“:8444/cas-server/login?TARGET=https://.$appsyncServer.“:8445/appsync/”;

    $ch = curl_init($LoginUri);

    curl_setopt($ch, CURLOPT_TIMEOUT, 60);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    curl_setopt($ch, CURLOPT_COOKIEJAR, ‘-‘);

    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

    $curl_response = curl_exec($ch);



    echo “<br />”;

    if ($curl_response === false) {

    $info = curl_getinfo($ch);

    $error = curl_error($ch);

    curl_close($ch);

    echo “<br /> The error: <br />”;

    print $error;

    echo “<br /> More details <br />”;

    die(‘error occured during curl exec. Additional info: ‘ . var_export($info));

    }

    $login_arr = array(“username” => “myuser” , “password” => “mypassword”);

    $ch = curl_init($LoginUri);

    curl_setopt($ch, CURLOPT_TIMEOUT, 60);

    curl_setopt($ch, CURLOPT_POST, 1);

    curl_setopt($ch, CURLOPT_POSTFIELDS, $login_arr);

    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);

    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);

    $curl_response = curl_exec($ch);



    curl_close($ch);

    print_r($curl_response);

    echo “<br />done!”;

    ?>

    Thanks in advance!

    Related:

    • No Related Posts