- Remove From My Forums
-
Question
-
OS: Windows Server 2008 R2
—————————
Services
—————————
Windows could not start the Telnet service on Local Computer.Error 1297: A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
—————————
OK
—————————I want to run telnet service with specific user, user is member of Administrators, TelnetClients and Users. I am using custom script for user profile. I tried some of the available similar solutions. e.g. http://support.microsoft.com/kb/982261
I also tried with Administrator account but same error. If I use Log On —> Local System Account it’ll work.
Any Idea how to resolve this?
मनोज कुमार जांगिड
Problem
The “Active Directory Federation Service” service doesn’t start and gives Error 1297:
Windows could not start the Active Directory Federation Services service on Local Computer Error 1297: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
Solution
To solve this, start secpol.msc and add the AD FS Service account to the Generate security audits policy.
In my case this problem occured after the AD FS Server, previously also a Domain Controller, was demoted to a member server.
Please answer the following
If it is a terminal issue then please go through wiki
https://github.com/PowerShell/Win32-OpenSSH/wiki/TTY-PTY-support-in-Windows-OpenSSH
«OpenSSH for Windows» version
((Get-Item (Get-Command sshd).Source).VersionInfo.FileVersion)
7.7.0.0
Server OperatingSystem
((Get-ItemProperty "HKLM:SOFTWAREMicrosoftWindows ntCurrentVersion" -Name ProductName).ProductName)
Windows 10 Pro
Client OperatingSystem
Windows 10 Pro
What is failing
Executing service results in error 1297 even though the sshd user has both the «log on as a service» and «replace a process level token» rights.
Note — if executing sshd directly from the command line as the sshd user (using «run as») then it works.
Expected output
C:>net start sshd
The command completed successfully.
Actual output
C:>net start sshd
System error 1297 has occurred.
A privilege that the service requires to function properly does not exist in the service account configuration.
You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
- Remove From My Forums
-
Question
-
I have a lab configured with a single domain controller and one client server. Both servers are Windows Server 2008 R2 Standard and the functional level of the domain is Windows Server 2008 R2. After I promoted the domain controller, I did not
make any changes to the default domain policy GPO. My problem is this: I created a Managed Service Account and a regular user account and tried to use both of these accounts as logon accounts for the «Disk Defragmenter» service on my
client server and domain controller. Each time it failed with the following error:
In the system event log:
I also tried moving the client server into a custom OU and blocked inheritance of all parent GPOs, but this did not work either…same error.
I’m assuming the problem lies with the Default Domain group policy and Default Domain Controllers group policy, I’m just not sure which setting. I’m at a complete loss, so any help is greatly appreciated.
jason
UPDATE: after further testing, I am receiving the same errors even when the server is not joined to a domain. After a fresh install of Windows Server 2008 R2, I created a local user and used that account as the logon account for several services.
When I started the services, I received the same error.-
Edited by
Thursday, March 7, 2013 3:03 PM
-
Edited by
Answers
-
Hi Jason,
The service is possibly missing one of the required privileges and/or the privilege list is incomplete. The required set of priviledges is defined in registry:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesdefragsvcRequiredPrivilegesSeChangeNotifyPrivilege
SelmpersonatePrivilege
SelncreaseWorkingSetPrivilege
SeTcbPrivilege
SeSystemProfilePrivilege
SeAuditPrivilege
SeCreateGlobalPrivilege
SeBackupPrivilege
SeManageVolumePrivilegeThese privileges should contain LOCAL SERVICE in them.
You can check that using secpol.msc. Make sure each of the above listed privileges has LOCAL SERVICE listed in them.
Open secpol.msc -> drill to Local policies -> User Rights Assignment, find the corresponding privileges and make sure LOCAL SERVICE is listed in them.Hope it helps.
Regards,
Cicely-
Marked as answer by
Cicely Feng
Friday, March 22, 2013 2:22 AM
-
Marked as answer by
Using telnet to troubleshoot connectivity…. and watch Star Wars
So the teaser I’ll lead off with is, at the end of this post you’ll know how to watch Star Wars A New Hope in ASCII art form (i.e. text based graphics)… So let’s begin.
Recently I found myself working on a legacy application such that I had to redeploy the multi-node application into in Infrastructure running in Azure. Two of the models communicate via a WCF binding over net.tcp. While I was operating under the impression that the firewall had been opened up to allow the communication I was a bit stuck on how to validate that the communication was working. So I wandered up to the networking area to chat with our Network Architect. As I often find, chatting with those who have an expertise different than your own requires patience and effort in the area of translation. Even though we both work in the IT field we each have our jargon to deal with, but the price of admission is well worth it.
In just a few minutes of explaining my challenge I had been provided with an excellent means of confirming that, from a networking perspective, communication was possible. Enter telnet. Telnet, if you may not know is a protocol that has come and gone in terms of it’s heyday. Also to be clear, telnet is NOT secure and should NOT be left running, but in our case it’s helpful as a tool for a short period of time.
As originally stated I need to confirm communication via net.tcp between two nodes in a network was working, so how can one accomplish this «easily», well what we want to do is emulate the communication, so you can use telnet on the same port as the net.tcp listener and if you get a blank screen you’ve got connectivity. When a telnet client calls out to the target server over a port that is listening for traffic, say for an HTTP or NET.TCP request the response will come back and the telnet client won’t know what to do other than show a blank screen. BUT it proves that the communication is working on that port. So the primary question is answered.
So to the example of how this work and on to watching Star Wars.
Enable Telnet Client
BE SURE TO DISABLE TELNET WHEN YOU ARE DONE WHICH I’LL MENTION AT THE END.
— Open a PowerShell command as Admin
— Enter the command
Enable-WindowsOptionalFeature -Online -FeatureName «TelnetClient»
— Close PowerShell
— Open command prompt
— Enter the command replacing your info as needed
Telnet [IP or DNS] [Port for net.tcp listener]
Example: Telnet google.com 443
If you get a blank screen then an application is listening on the target port and communication is possible via NET.TCP (or HTTPS, etc).
if you get the error «Could not open connection to the host, on port xxx: connect faild» then you might need to go back to the Firewall to see if something else is blocking.
What about Star Wars
As promised, if you have enabled telnet and are done troubleshooting you can check out Star Wars via telnet by opening a telnet connection as follows.
telnet towel.blinkenlights.nl
Disable Telnet Client
— Open a PowerShell command as Admin
— Enter the command
Disable-WindowsOptionalFeature -Online -FeatureName «TelnetClient»
Popular posts from this blog
.NET MSTest and DeploymentItem Attribute
I was recently reminded that order of operation can byte you when trying to troubleshoot intermittent unit test failures. First, I’ll be the first to admit that if you want to avoid problems with unit testing it’s best to avoid any dependency outside of your actual code base, things like databases, API and even the file system are best avoided in execution of your unit tests. That last one, the file system, in some applications is really hard to avoid. If you happen to be using MSTest, a helpful attribute for your test is DeploymentItem. This particular attribute allows you to define a file within your unit test project assuming it’s marked as “Copy Always”. With this attribute in place you can then combine this with TestContext.DeploymentDirectory to find this sample file and then do what you need to do. In my particular case I was having an issue with the unit tests failing on the build machine but not locally. After stumbling around for a bit I finally feel back to t
Example of using LazyInitializer.EnsureInitialized
When looking at making systems more efficient it’s helpful to think about being lazy. A helpful tool in the .NET tool belt is the static class under the System.Threading namespace LazyInitializer. In particular this class contains a method EnsureInitialized This method is very simple to use and provides a convenient way to ensure that an initialization is called only once based on the value of the target property already being populated. For example, if you need to load a file as part of the setting of values in an application you can use the EnsureInitialized method. The following is a derived example of using the class to illustrate the usage pattern. If you are having trouble viewing the below code you can use this link to view the gist github. https://gist.github.com/briannipper/ac2778ccd0d15b4ab217083331419ae7 using System; using System.Collections.Generic; namespace Example.EnsureInitialized { class Program { static void Main(string[] args)