Tag: Event 0

Event ID 514 — BitLocker Recovery Password Backup

PCIS Support Team Leave a comment

Event ID 514 — BitLocker Recovery Password Backup

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

Recovery information for Windows BitLocker Drive Encryption (BitLocker) can be automatically backed up to Active Directory Domain Services (AD DS). Recovery information for BitLocker includes the recovery password for each BitLocker-enabled volume, and the information required to identify which computers and volumes the recovery information applies to.

You can also configure systems to back up a binary package containing the actual keying information in an encrypted form. Recovery information is not backed up by default, but administrators can configure backup by using Group Policy settings. For more information, see “Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information” (http://go.microsoft.com/fwlink/?LinkID=67438).

Event Details

Product: Windows Operating System
ID: 514
Source: Microsoft-Windows-BitLocker-API
Version: 6.1
Symbolic Name: FVEAPIEVENT_AD_PASSWORD_BACKUP_FAILED
Message: Failed to backup BitLocker Drive Encryption recovery information to Active Directory Domain Services.Errorcode: %2Protector GUID: %1Volume GUID: %3

Diagnose

This error might be caused by one of the following conditions:

BitLocker has been configured by local policy or Group Policy to back up recovery information to AD DS, and:

  • The computer was not connected to your organization’s network.
  • The computer cannot reach a writable domain controller due to connectivity issues.
  • The computer is not a member of an AD DS domain.
  • The AD DS domain has not been properly configured to store recovery information.

The computer was not connected to your organization’s network

To back up recovery passwords to AD DS, your computer must be connected to your organization’s network (that is, the domain network) when you are enabling BitLocker. If you have enabled BitLocker while disconnected from the network, or while accessing a network outside of your domain, such as a home network, a hotel network, or “hotspot,” BitLocker will not be able to back up your recovery password.

If the computer was not connected to your organization’s network, see the section titled “Connect to your organization’s network and recreate the recovery password.”

The computer cannot reach a writable domain controller due to connectivity issues

To perform this procedure, you must have membership in Users, or you must have been delegated the appropriate authority.

To determine whether the computer can reach a domain controller:

  1. Open a Command Prompt window.
  2. Type ipconfig /all at the command prompt. Make sure that the computer has an IP address in the correct IP address range, and does not have an Automatic Private IP Addressing (APIPA) address (an IP address in the 169.254.x.x range).
  3. Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with the network adapter.
  4. Type ping ip_address, where ip_address is the IP address assigned to the computer. If you can ping the localhost address but not the local IP address, there may be an issue with the routing table or with the network adapter driver.
  5. Type ping dns_server, where dns_server is the IP address for the DNS server. If there is more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or with the network between the computer and the DNS servers. DNS servers are used to locate domain controllers.
  6. If your domain controllers are separate from your DNS servers, type ping domain_controller where domain_controller is the IP address for the domain controller. If there is more than one domain controller on your network, you should ping each one. If you cannot ping the domain controllers, this indicates a potential problem with the domain controller, or with the network between the computer and the domain controller.
  7. Type nslookup domain_controller, where domain_controller is the name of the domain controller, and then press ENTER. If the nslookup does not return an associated IP address for the domain controller, this may indicate that there is an issue with the DNS cache. To flush the DNS cache, type ipconfig /flushdns at a command prompt.
  8. You may also use a tool such as PortQry or NetDiag to test connectivity between the computer and the domain. Alternatively, try accessing other resources hosted on a known domain controller, such as the Netlogon share. For more information about using PortQry, see http://go.microsoft.com/fwlink/?LinkId=99545. For more information about NetDiag, see http://go.microsoft.com/fwlink/?LinkId=99547.

If the computer cannot reach a writable domain controller due to connectivity issues, see the section titled “Establish connectivity and recreate the recovery password”

The computer is not a member of an AD DS domain

In order for BitLocker to be able to back up recovery passwords to AD DS, the computer must be a member of an AD DS domain (or a Windows Server 2003 SP1 Active Directory Domain).

To perform this procedure, you must have membership in Users, or you must have been delegated the appropriate authority.

To determine whether the computer is a member of a domain:

  1. Click Start, right-click Computer, and then click Properties.
  2. In the Computer name, domain, and workgroup settings section, the last entry contains the name of the computer’s workgroup or domain.
  3. If the entry indicates that the computer is a member of a Workgroup, then it is not a member of a domain.

If the computer is not a member of an AD DS domain, see the section titled “Join the computer to a domain and recreate the recovery password.”

The AD DS domain has not been properly configured to store recovery information

Backing up the recovery information in AD DS requires specific configuration steps. Microsoft has published extensive guidance and tools to facilitate the configuration.

To perform these procedures, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To determine the configuration of AD DS:

  1. Review the information provided in “Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information” (http://go.microsoft.com/fwlink/?LinkId=67438).
  2. After reviewing all of the information, use a tool such as ADSIedit.msc or LDP.exe to verify that the required attributes and objects were created.
  3. Run the list-ace.vbs script as described in Appendix F and compare the reported output with the configuration described in the document.

If the AD DS domain has not been properly configured to store recovery information, see the section titled “Reconfigure AD DS and recreate the recovery password.”

Resolve

To resolve this issue, use the resolution that corresponds to the cause you identified in the Diagnose section. After performing the resolution, see the Verify section to confirm that the feature is operating properly

Cause

Resolution

The computer was not connected to your organization’s network

Connect to your organization’s network and recreate the recovery password

The computer cannot reach a writable domain controller due to connectivity issues

Establish connectivity and recreate the recovery password

The computer is not a member of an AD DS domain

Join the computer to a domain and recreate the recovery password

The AD DS domain has not been properly configured to store recovery information

Reconfigure AD DS and recreate the recovery password

Connect to your organization’s network and recreate the recovery password

Connect the computer to a domain network

First, connect to your organization’s network by using one of the following methods:

  • Establish a wired connection at a physical site operated by your organization.
  • Connect by using a wireless network provided by your organization that connects to your internal network.
  • If available, connect remotely to your organization’s network by using a virtual private network (VPN).

Then, in order to force BitLocker to back up the recovery passwords to AD DS, recreate the recovery password by using the following procedure.

Recreate the recovery password

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To create and back up a new BitLocker recovery password:

  1. Click Start.
  2. Type cmd in the Start Search box.
  3. Right-click cmd.exe in the Programs section of the search results.
  4. Click Run as administrator.
  5. If the User Account Control prompt appears, verify that the displayed action is what you requested, and then click Continue.
  6. At the elevated command prompt, type cscript manage-bde.wsf -protectors -delete c: -type recoverypassword where c: is the volume encrypted with BitLocker. This step removes any existing recovery password.
  7. At the elevated command prompt, type cscript manage-bde.wsf -protectors -add c: -recoverypassword where c: is the volume encrypted with BitLocker. This step creates a new recovery password, and if configured, causes the new recovery password to be backed up to Active Directory Domain Services.
  8. Close the Command Prompt window.

Establish connectivity and recreate the recovery password

The following procedures describe the steps to troubleshoot a network connection and then recreate BitLocker recovery passwords for backup to AD DS after connectivity has been restored.

To perform this procedure, you must have membership in Users, or you must have been delegated the appropriate authority.

Restore connectivity between the computer and the domain controllers

To restore connectivity between the computer and the domain controllers:

  1. Determine at what point connectivity is failing by using network troubleshooting steps such as the following:
    • Open a Command Prompt window.
    • Type ipconfig /all at the command prompt. Make sure that the computer has an IP address in the correct IP address range, and does not have an Automatic Private IP Addressing (APIPA) address (an IP address in the 169.254.x.x range).
    • Type ping localhost to verify that TCP/IP is installed and correctly configured on the local computer. If the ping is unsuccessful, this may indicate a corrupt TCP/IP stack or a problem with the network adapter.
    • Type ping ip_address, where ip_address is the IP address assigned to the computer. If you can ping the localhost address but not the local IP address, there may be an issue with the routing table or with the network adapter driver.
    • Type ping dns_server, where dns_server is the IP address for the DNS server. If there is more than one DNS server on your network, you should ping each one. If you cannot ping the DNS servers, this indicates a potential problem with the DNS servers, or with the network between the computer and the DNS servers. DNS servers are used to locate domain controllers.
    • If your domain controllers are separate from your DNS servers, type ping domain_controller where domain_controller is the IP address for the domain controller. If there is more than one domain controller on your network, you should ping each one. If you cannot ping the domain controllers, this indicates a potential problem with the domain controller, or with the network between the computer and the domain controller.
    • Type nslookup domain_controller, where domain_controller is the name of the domain controller, and then press ENTER. If the nslookup does not return an associated IP address for the domain controller, this may indicate that there is an issue with the DNS cache. To flush the DNS cache, type ipconfig /flushdns at the command prompt.
  2. Resolve any networking issues. If you are unable to discover or resolve the networking issue, contact your help desk or support organization for assistance.

Recreate and back up a new BitLocker recovery password

After connectivity has been restored, in order to force BitLocker to back up the recovery passwords to AD DS, recreate the recovery password by using the following procedure.

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To create and back up a new BitLocker recovery password:

  1. Click Start.
  2. Type cmd in the Start Search box.
  3. Right-click cmd.exe in the Programs section of the search results.
  4. Click Run as administrator.
  5. If the User Account Control prompt appears, verify the displayed action is what you requested, and click Continue.
  6. At the elevated command prompt, type cscript manage-bde.wsf -protectors -delete c: -type recoverypassword where c: is the volume encrypted with BitLocker. This step removes any existing recovery password.
  7. At the elevated command prompt, type cscript manage-bde.wsf -protectors -add c: -recoverypassword where c: is the volume encrypted with BitLocker. This step creates a new recovery password, and if configured, causes the new recovery password to be backed up to Active Directory Domain Services.
  8. Close the Command Prompt window.

Join the computer to a domain and recreate the recovery password

Join the computer to a domain, and then recreate the BitLocker recovery passwords for backup.

To perform these procedures, you must have membership in Administrators, or you must have been delegated the appropriate authority.

Join the computer to a domain

To join the computer to a domain:

  1. Click Start, right-click Computer, and then click Properties.
  2. Under the heading Computer name, domain and workgroup settings, click Change settings.
  3. If the User Account Control dialog box appears, verify the proposed action is correct, and then click Continue.
  4. Click Change.
  5. Select the Domain option.
  6. Type the name of the domain you want to join in the text box.
  7. Click OK.
  8. In the Windows Security dialog box, type the name and password of a domain account that has permissions to join a computer to the domain, and click OK.
  9. In the Computer Name/Domain Changes dialog box, click OK.
  10. In the next Computer Name/Domain Changes dialog box, click OK.
  11. In the System Properties dialog box, click Close.
  12. In the Microsoft Windows dialog box, click Restart Now.

Back up the BitLocker recovery password to AD DS

To create and back up a new BitLocker recovery password:

  1. Click Start.
  2. Type cmd in the Start Search box.
  3. Right-click cmd.exe in the Programs section of the search results.
  4. Click Run as administrator.
  5. If the User Account Control prompt appears, verify the displayed action is what you requested, and then click Continue.
  6. At the elevated command prompt, type cscript manage-bde.wsf -protectors -delete c: -type recoverypassword where c: is the volume encrypted with BitLocker. This step removes any existing recovery password.
  7. At the elevated command prompt, type cscript manage-bde.wsf -protectors -add c: -recoverypassword where c: is the volume encrypted with BitLocker. This step creates a new recovery password, and if configured, causes the new recovery password to be backed up to Active Directory Domain Services.
  8. Close the Command Prompt window.

Reconfigure AD DS and recreate the recovery password

Configuring your domain for backup of BitLocker recovery information involves verifying or extending your AD DS schema, correctly configuring permissions on directory objects, and configuring clients with Group Policy or local policies to back up the recovery information.

The first of the following procedures describes the resources to help you configure a domain to back up BitLocker recovery passwords, and the second procedure provides the steps to recreate BitLocker recovery passwords for backup to AD DS after the domain has been configured.

Configure AD DS to back up BitLocker recovery information

To perform this procedure, you must have membership in Domain Admins, or you must have been delegated the appropriate authority.

To configure AD DS to back up BitLocker recovery information:

  1. Review the information provided in “Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery. Information” (http://go.microsoft.com/fwlink/?LinkId=67438).
  2. Use the scripts provided to configure your domain correctly.

Note: We recommend that you first test the new configuration in a test environment.

Recreate and back up the BitLocker recovery password to AD DS

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To create and back up a new BitLocker recovery password:

  1. Click Start.
  2. Type cmd in the Start Search box.
  3. Right-click cmd.exe in the Programs section of the search results.
  4. Click Run as administrator.
  5. If the User Account Control prompt appears, verify the displayed action is what you requested, and click Continue.
  6. At the elevated command prompt, type cscript manage-bde.wsf -protectors -delete c: -type recoverypassword where c: is the volume encrypted with BitLocker. This step removes any existing recovery password.
  7. At the elevated command prompt, type cscript manage-bde.wsf -protectors -add c: -recoverypassword where c: is the volume encrypted with BitLocker. This step creates a new recovery password, and if configured, causes the new recovery password to be backed up to Active Directory Domain Services.
  8. Close the Command Prompt window.

Verify

To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.

To verify that new recovery passwords are being backed up to AD DS:

  1. Click Start, and then click All Programs.
  2. Click Administrative Tools, and then click Event Viewer.
  3. Expand Windows Logs.
  4. Click System.
  5. Review the System log for Event 513 in the Microsoft-Windows-BitLockerAPI event source, which indicates that the recovery password has been backed up.

Note: BitLocker attempts to back up recovery information only when BitLocker is turned on for a particular volume, or a new recovery password is created manually.

Related Management Information

BitLocker Recovery Password Backup

Core Security

Related:

Event ID 6273 — NPS Authentication Status

PCIS Support Team Leave a comment

Event ID 6273 — NPS Authentication Status

Updated: December 16, 2008

Applies To: Windows Server 2008 R2

When Network Policy Server (NPS) is configured as a RADIUS server, it performs authentication, authorization, and accounting for connection requests received from configured RADIUS clients. If authentication and authorization are successful, users and computers are granted access to the network resources for which they have permissions.

Event Details

Product: Windows Operating System
ID: 6273
Source: Microsoft-Windows-Security-Auditing
Version: 6.1
Symbolic Name: SE_AUDITID_ETW_NPS_RESPONSE_REJECT
Message: Network Policy Server denied access to a user.Contact the Network Policy Server administrator for more information.User:%tSecurity ID:%t%t%t%1%tAccount Name:%t%t%t%2%tAccount Domain:%t%t%t%3%tFully Qualified Account Name:%t%4Client Machine:%tSecurity ID:%t%t%t%5%tAccount Name:%t%t%t%6%tFully Qualified Account Name:%t%7%tOS-Version:%t%t%t%8%tCalled Station Identifier:%t%t%9%tCalling Station Identifier:%t%t%10NAS:%tNAS IPv4 Address:%t%t%11%tNAS IPv6 Address:%t%t%12%tNAS Identifier:%t%t%t%13%tNAS Port-Type:%t%t%t%14%tNAS Port:%t%t%t%15RADIUS Client:%tClient Friendly Name:%t%t%16%tClient IP Address:%t%t%t%17Authentication Details:%tProxy Policy Name:%t%t%18%tNetwork Policy Name:%t%t%19%tAuthentication Provider:%t%t%20%tAuthentication Server:%t%t%21%tAuthentication Type:%t%t%22%tEAP Type:%t%t%t%23%tAccount Session Identifier:%t%t%24%tReason Code:%t%t%t%25%tReason:%t%t%t%t%26

Diagnose

This error might be caused by one of the following conditions:

  • The user does not have valid credentials
  • The connection method is not allowed by network policy
  • The network access server is under attack
  • NPS does not have access to the user account database on the domain controller
  • NPS log files or the SQL Server database are not available

To perform these procedures, you must be a member of Domain Admins.

User does not have valid credentials

  1. Use the information provided in Event Viewer to determine whether the authentication method that applies to the user connection is password- or certificate-based.
  2. If a password-based authentication method is used, confirm that the user and is typing the correct credentials (user name and password). 
  3. If a certificate-based authentication method is used, examine the user or computer certificate to confirm that the user is providing the correct certificate for authentication. To examine certificates on the local computer:
    1. Click Start, click Search, type mmc, and then press ENTER. The Microsoft Management Console (MMC) opens.
    2. Click File, and then click Add/Remove Snap-in. The Add or Remove Snap-in dialog box opens.
    3. Click Certificates, and then click Add.
    4. The Certificates snap-in dialog box opens. Click Finish to add the snap-in for the user certificates store to the MMC.
    5. In the Add or Remove Snap-in dialog box, click Add. The Certificates snap-in dialog box opens. Click Computer account, click Next, click Finish, and then click OK to add the snap-in for the computer certificates store to the MMC.
    6. Double click Certificates – Current User or Certificates – Local Computer to browse the certificate store. When you locate the user or computer certificate that you want to examine, double-click the certificate to open it.
    7. Use the “Certificate Requirements for PEAP and EAP” in the NPS Help on the Windows Server 2008 Technical Library at http://go.microsoft.com/fwlink/?LinkId=101491 to make sure that the certificate meets the minimum client certificate requirements.
  4. Use the information provided in Event Viewer to check that the user or computer credentials have not expired.
  5. If valid credentials were not used, see the section titled “Provide the user with valid credentials.”

Connection method is not allowed by network policy

  1. Make sure that the user is authorized to connect to the network through a network access server that meets the requirements of network policy. For example, if the user is only allowed to connect through a wireless access point but is attempting to connect through a virtual private network (VPN) server, access will be denied. To view configured network policies:
    1. Click Start, Administrative Tools, Network Policy Server. The NPS MMC opens. 
    2. In the NPS console, double-click Policies, and then click Network Policies.
    3. In the upper details pane, double-click the network policy you want to view.
  2. If the connection method is not allowed by network policy, see the section titled “Add or change a connection method.”

Network access server is under attack

  1. Check the NPS log file to determine whether there have been a large number of authentication failures from the same network access server; this can be a symptom of an attack in which a malicious user attempts to gain access by providing different passwords with each access attempt. The default log file location is %Systemroot%\system32\LogFiles.
  2. If the server is under attack, see the section titled “Respond to a server attack.”

NPS does not have access to the user accounts database on the domain controller

  1. Check that the domain controller is online.
  2. Check that network connections between the domain controller and NPS are working. To fix network connectivity issues:
    1. Confirm that all routers, switches, and hubs between the NPS server and the domain controller are working.
    2. Make sure that Internet Protocol security (IPsec) policies are configured to allow traffic between the two servers.
    3. Confirm that the server running NPS has an IP address and is physically connected to the network.
  3. If your domain controller is running Active Directory Domain Services (AD DS) and NPS does not have access to the user accounts database, see the section titled “Enable NPS access to the user account database.”
  4. If you are using a RADIUS extension dynamic link library (DLL) and a domain controller other than AD DS, use your domain controller documentation to determine how to provide user account database access to the RADIUS extension DLL.

NPS log files or the SQL Server database are not available

  1. If NPS is configured to record accounting information in a log file on the local computer or a remote computer, check that the hard disk is not full. The default log file location is %Systemroot%\system32\LogFiles.
  2. If NPS is configured to record accounting information to a SQL Server database, check that network connections between the computer running SQL Server and NPS are working. To check the SQL Server connection in NPS:
    1. Click Start, Administrative Tools, Network Policy Server. The NPS MMC opens.
    2. In the console tree, click Accounting.
    3. In the details pane, click Configure SQL Server Logging.
    4. In SQL Server Logging, click Data Source.
    5. In Data Link Properties, click Test Connection.
  3. If NPS log files or the SQL server database are not available, see the section titled “Enable log file or SQL Server availability.”

Resolve

To resolve this issue, use the resolution that corresponds to the cause you identified in the Diagnose section. After performing the resolution, see the Verify section to confirm that the feature is operating properly

Cause

Resolution

The user does not have valid credentials

Provide the user with valid credentials

The connection method is not allowed by network policy

Add or change a connection method

The network access server is under attack

Respond to a server attack

NPS does not have access to the user account database on the domain controller

Enable NPS access to the Active Directory user account database

NPS log files or the SQL Server database are not available

Enable log file or SQL Server availability

Provide the user with valid credentials

To perform this procedure, you must be a member of Domain Admins.

To provide the user with valid credentials:

  1. If a user has forgotten his or her password, provide the user with a new, temporary password, and then allow the user to change it.
  2. If the user has an expired certificate or a certificate that is not valid for other reasons, revoke the certificate and issue a new one.

For more information, see Active Directory Domain Services documentation at http://go.microsoft.com/fwlink/?LinkId=96418 and Active Directory Certificate Services documentation at http://go.microsoft.com/fwlink/?LinkId=101450.

 

 

Add or change a connection method

If the user is attempting to connect with a connection method that is not allowed, either tell the user how to connect to the network using a supported method or provide the user with access using another method.

To add or change a network connection method in a network policy that grants access, you can configure the NAS-Port-Type condition.

To perform this procedure, you must be a member of Domain Admins.

To configure the NAS-Port-Type condition:

  1. Click Start, Administrative Tools, Network Policy Server. The NPS MMC opens.
  2. In the NPS console, double-click Policies, and then click Network Policies.
  3. In the upper details pane, double-click the network policy to which you want to add a condition, and then click the Conditions tab. Click Add.
  4. In Select condition, browse to the Gateway conditions group, click NAS Port Type, and then click Add.
  5. In NAS Port Type, specify the access media types through which you want to grant access to the user, and then click OK.

Respond to a server attack

To perform this procedure, you must be a member of Domain Admins.

To respond to a server attack:

  1. Examine NPS log files to identify the IP address of the computer that is hosting the attack on your network. The default log file location is %Systemroot%Windows\system32\LogFiles.
  2. If the computer is internal, disable it. If the computer hosting the attack is external and you can determine the owner of the server through the domain name, contact the server administrator.

For more information about protecting your network, see the security guidance provided in Security and Protection documentation at http://go.microsoft.com/fwlink/?LinkID=93803.

Enable NPS access to the Active Directory user account database

To perform this procedure, you must be a member of Domain Admins.

To enable connections between NPS and the Active Directory user account database:

  1. Ensure that the network adapter of the server running NPS is working. If the Ethernet cable is not plugged into the adapter, plug it in. If the network adapter is not working, replace it. To check if the network adapter is working:
    1. Click Start, then right-click Computer. Click Manage. The Computer Management console opens.
    2. Click Device Manager.
    3. In the details pane, browse to and double-click Network adapters to expand the list of network adapters installed in the local computer.
    4. Double-click the network adapter you want to check. The network adapter Properties dialog box opens. In Device status, if the network adapter is functioning correctly, the statement This device is working properly appears.
  2. Check that the domain controller is connected to the network.
  3. Test routers and other links and possible points of failure between the server running NPS and the domain controller.
  4. If there are hardware failures between NPS and the domain controller, replace hardware as needed and design another path between the two servers to provide connectivity failover.

Enable log file or SQL Server availability

To perform this procedure, you must be a member of Domain Admins.

To enable log file or SQL Server availability:

  1. Ensure that the network adapter for the server running NPS is working. If the Ethernet cable is not plugged into the adapter, plug it in. If the network adapter or cable are not working, replace the hardware as needed.
  2. Check that the computer running SQL Server is connected to the network and working.
  3. Test routers and other links and possible points of failure between the server running NPS and the SQL Server database.
  4. If there are hardware failures between NPS and SQL Server, replace hardware as needed and design another network path between the two servers to provide connectivity failover.
  5. If you are logging to a local hard disk and the disk is full, either delete content or install a larger hard disk to handle the accounting data. The default NPS log file location is %Systemroot%Windows\system32\LogFiles.

Verify

To verify that users can be authenticated:

  • On a computer that is configured according to network access policy, log on to the network with a valid user account and valid credentials.

Related Management Information

NPS Authentication Status

Network Policy Server Infrastructure

Related:

Begin Backup of ‘%1’ Verify: %2 Mode: %3 Type: %4

PCIS Support Team Leave a comment
Details
Product: Windows Operating System
Event ID: NTBackup
Source: ntbackup
Version: 5.0
Symbolic Name: EVENT_BKUP_BEGINBACKUP
Message: Begin Backup of ‘%1’ Verify: %2 Mode: %3 Type: %4
   
Explanation

The specified backup has started. One Begin Backup event appears in Event Viewer for each backup type created during a backup operation. For example, two Begin Backup events appear if you started a backup of your C: drive and System State.
   
User Action

No user action is required.

Related:

Unable to initialize a required Money component. Please reinstall Money from your original product disks.

PCIS Support Team Leave a comment
Details
Product: Money
Event ID: obres:5181
Source: 15.0
Version: 15.0
Symbolic Name: errComponentInit
Message: Unable to initialize a required Money component. Please
reinstall Money from your original product disks.
   
User Action
Reinstall the product.

Related:

Money cannot locate ‘%1’ or cannot open it, possibly because it is a read-only file or you do not have permission to change it or your disk drive is write protected. If you have chosen the correct file and it cannot be accessed, you will need to click OK and open your most recent backup file. If the file is being used by another application, close it in the other application and click OK to try again.

PCIS Support Team Leave a comment
Details
Product: Money
Event ID: obres:5101
Source: 15.0
Version: 15.0
Symbolic Name: errCantOpen
Message: Money cannot locate ‘%1’ or cannot open it, possibly
because it is a read-only file or you do not have permission to
change it or your disk drive is write protected. If you have
chosen the correct file and it cannot be accessed, you will need
to click OK and open your most recent backup file. If the file is
being used by another application, close it in the other
application and click OK to try again.
   
Explanation
Money was unable to open the file, either because the
file was read-only, or because the user canceled.
   
User Action
Check to see if the file is marked as read-only.

Related:

Money cannot locate ‘%1’ or cannot open it, possibly because it is a read-only file or you do not have permission to change it or your disk drive is write protected. If you have chosen the correct file and it cannot be accessed, you will need to click OK and open your most recent backup file. If the file is being used by another application, close it in the other application and click OK to try again.

PCIS Support Team Leave a comment
Details
Product: Money
Event ID: obres:2111
Source: 15.0
Version: 15.0
Symbolic Name: errAccessDenied
Message: Money cannot locate ‘%1’ or cannot open it, possibly
because it is a read-only file or you do not have permission
to change it or your disk drive is write protected. If you have
chosen the correct file and it cannot be accessed, you will need
to click OK and open your most recent backup file. If the file is
being used by another application, close it in the other
application and click OK to try again.
   
Explanation
The low-level database code was unable to open the
file and returned an access-denied value.
   
User Action
Check to see if the file is marked as read-only.

Related:

An error has occurred during report processing.

PCIS Support Team Leave a comment
Details
Product: SQL Server Reporting Services
Event ID: rsProcessingAborted
Source: Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings
Version: 8.00
Message: An error has occurred during report processing.
   
Explanation

This generic error occurs when report processing has been stopped, either by the user or as the result of an error. If processing was stopped because of an error, the rsProcessingAborted error is accompanied by the error that caused processing to stop. This error is displayed below the rsProcessingAborted error on the Reporting Services Error page.

If processing was stopped by the user, the error message is Report processing has been canceled by the user.
   
User Action

If the processing was stopped because of an error, use the information provided below the rsProcessingAborted error on the Reporting Services Error page to determine the cause of the error. For example, a common cause of the rsProcessingAborted error is the rsErrorOpeningConnection error. In this case, you would use the information for the rsErrorOpeningConnection error to resolve both the rsProcessingAborted and rsErrorOpeningConnection errors.

Related:

To continue you must provide a strong sa password.

PCIS Support Team Leave a comment
Details
Product: SQL Server
Event ID: SQLSetup90
Source: setup.rll
Version: 9.00.1291.00
Component: SQL Server Setup
Message: To continue you must provide a strong sa password.
   
Explanation

You selected Mixed Mode authentication, but did not provide a strong password.
   
User Action

Mixed Mode authentication requires that you enter a strong sa password before you can continue to the next page of the Installation Wizard. A strong password must contain six or more characters, including at least one from three of the following categories: uppercase letters, lowercase letters, numbers, and non-alphanumeric characters (such as #, %, or ^). A strong password cannot be a reserved keyword, cannot include the computer name, and cannot include the username of the person logged onto the computer. For additional information on setting strong passwords, see the “Authentication Mode” topic in Books Online.

Related:

The permissions granted to user ‘mydomain\myAccount’ are insufficient for performing this operation. (rsAccessDenied) (ReportingServicesLibrary)

PCIS Support Team Leave a comment
Details
Product: SQL Server
Event ID: rsAccessedDenied
Source: Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings
Version: 9.0
Component: Reporting Services
Message: The permissions granted to user ‘mydomain\myAccount’ are insufficient for performing this operation. (rsAccessDenied) (ReportingServicesLibrary)
   
Explanation

This error occurs when a user does not have permission to perform an action (for example, they do not have a role assignment that allows them to open a report). If the error occurred while accessing the report server directly through a URL, the exception is mapped to an HTTP 401 error. If the error occurred while using Report Manager or another tool, the error appears in an error page. If the error occurred during a scheduled operation, subscription, or delivery, the error will appear in the report server log file only.
   
User Action

Permission to access report server content and operations are granted through role assignments. On a new installation, only local administrators have access to a report server. To grant access to other users, a local administrator must create a role assignment that specifies a domain user or group account, one or more roles that define the tasks the user can perform, and a scope (usually the Home folder or root node of the report server folder hierarchy). You can use Report Manager or SQL Server Management Studio to create the role assignments. For more information and instructions on how to resolve this error, search for “Setting Permissions in Reporting Services” or “Using Role-based Security” in SQL Server Books Online.

Related:

The stream cannot be found. The stream identifier that is provided to an operation cannot be located in the report server database.

PCIS Support Team Leave a comment
Details
Product: SQL Server Reporting Services
Event ID: rsStreamNotFound
Source: Microsoft.ReportingServices.Diagnostics.Utilities.ErrorStrings.resources.Strings
Version: 8.00
Message: The stream cannot be found. The stream identifier that is provided to an operation cannot be located in the report server database.
   
Explanation

The report server supports several multi-stream formats that can be used to render a report. These formats include HTML3.2 and HTML4.0. MHTML, PDF, and Excel formats render reports in a single stream. When using the multi-stream formats, the first stream contains the HTML; subsequent streams contain images and other external resources. This error occurs when the report server cannot find a stream that contains images or external resources.
   
User Action

None.

Related: