SSPI handshake failed with error code 0x80090308, state 14

Problem

You cannot login to SQL Server, and see the following error in the logs:

SSPI handshake failed with error code 0x80090308, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure.  [CLIENT: [IP ADDRESS]].

Solution

There can be several reasons for this error, so rather than listing them all, read the following useful links:

--Show details of all connections
select auth_scheme, * from sys.dm_exec_connections

The trust relationship between this workstation and the primary domain failed

Scenario

You’ve just reverted to a previous snapshot using VMware vSphere 5.1, and the next time you try to login, you get the following error:

The trust relationship between this workstation and the primary domain failed

Solution

Unjoin then rejoin the computer to the domain.

You can also change some settings in GPO for computer passwords.

Configuring the Password Expiry

Contrary to user account password policy, the machine account password is managed by two options:

  • The change interval specified the time between forced changes of the machine account password.
  • The expiry defines whether machine account password expires at all.

Both options are configured through group policies under the following node:

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options

  • Domain member: Disable machine account password changes
  • Domain member: Maximum machine account password age

Both options are not configured by default.

Best Practices in Virtual Environments

In virtualised environments, machine account password changes should be disabled. By preventing machines from changing this password automatically, domain synchronization issues are effectively remedied.

By default, a machine account password is changed every 30 days. When a virtual machine has been in use for more than 30 days and is then reset to an earlier state, the snapshot contains an outdated password causing the machine to loose its connection to the domain.

Source

Task Scheduler failed to start task for user. Additional Data: Error Value: 2147943645

Problem

You scheduled a task, but it failed to run with Error Value: 2147943645
Task-Scheduler-Failed-2147943645_001

Log Name: Microsoft-Windows-TaskScheduler/Operational
Source: Microsoft-Windows-TaskScheduler
Date: 17/01/2013 04:00:00
Event ID: 101
Task Category: Task Start Failed
Level: Error
Keywords:
User: SYSTEM
Computer: [removed]
Description:
Task Scheduler failed to start “\ServerReboot” task for user “DOMAIN\user”. Additional Data: Error Value: 2147943645.

Solution

This error occurs when the user which the task is run under only has permission to run it when logged in.

To allow the task to run when the user is logged on or not, select Run whether user is logged on or not, on the General Tab in the Task Properties:
Task-Scheduler-Failed-2147943645_002

The Microsoft SQL Server Express Edition installer returned error code 2064843076

Scenario

You’ve just tried to install VMware vCenter with the option to use SQL Server Express, but the installation fails with the following error:

The Microsoft SQL Server Express Edition installer returned error code ‘2064843076’

Solution

  1. Click Explore Media to open an Explorer window:
  2.  Right-click autorun.exe and select Run as administrator:
  3. Every process that is started from the autorun screen will now have full admin rights, so SQL Server will install fine.

When good Domain Controllers go bad!

Scenario

It’s a pleasant day and all is well with the world. Colleagues are skipping around the office with smiles on faces…until…duh duh daaa! One by one, services start failing:

  • Printers go offline:
    • First, for Win7 users
    • Then for all clients
    • Can still print from server though
  • File shares go offline
  • Active Directory replication fails
  • DNS console will not open

Basically, your main Domain Controller (DC) has just taken a dump…and so have you!

These are the steps I took to troubleshoot the issues and get everything back online.

[Read more…]

Service Accent Error – Please wait a few minutes as another workstation is updating your database

Scenario

You’ve just tried to login to Service Accent, only to be greeted with this message:

Please wait a few minutes as another workstation is updating your database

This is what a helpful Support Guru called Chris (from Vantage Computing) did to fix it.

[Read more…]

Relocate virtual machine The operation is not allowed in the current connection state of the host

Scenario

You’ve just tried to migrate a VM to a different datastore, and got the following error:

Relocate virtual machine: The operation is not allowed in the current connection state of the host.
Time: 01/06/2012 08:38:26
Target: WSMDC02
vCenter Server: WSMVCSA

A similar error occurs when trying to turn on a VM:

Power On virtual machine:The operation is not allowed in the current connection state of the host.
Time: 01/06/2012 10:24:09
Target: WSMAPP02
vCenter Server: WSMVCSA

You’ve also noticed the CPU and Memory usage is 0 for the ESXi host:

Here is how to fix it:

[Read more…]

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile

Problem

Several users were recently getting the following error when logging into one of our Terminal Servers:

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff.

Solution

Go into the Group Policy Editor on the Terminal Server (gpedit.msc) Computer Config > Admin Templates > System > User Profiles > Only Allow Local Profile – Enable.

The synchronization with the upstream server or Microsoft Update was cancelled – WSUS Error

When initially setting up WSUS, you may get the following error when trying to synchronize with Microsoft for the first time:

“The synchronization with the upstream server or Microsoft Update was canceled”:

It took a while, but I finally fixed the problem!

[Read more…]

Exchange 2007 Error: Microsoft.Exchange.Data.Storage.StoragePermanentException

I got the following error whilst trying to log into a user’s mailbox via Outlook Web Access:

Request
 Url: https://mail.domain.local:443/owa/lang.owa
 User host address: 123.123.123.123
Exception
 Exception type: Microsoft.Exchange.Data.Storage.StoragePermanentException
 Exception message: There was a problem accessing Active Directory.
Call stack
Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostLocally(OwaContext owaContext, OwaIdentity logonIdentity, CultureInfo culture, String timeZoneKeyName, Boolean isOptimized)
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchLanguagePostRequest(OwaContext owaContext)
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.PrepareRequestWithoutSession(OwaContext owaContext, UserContextCookie userContextCookie)
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.InternalDispatchRequest(OwaContext owaContext)
 Microsoft.Exchange.Clients.Owa.Core.RequestDispatcher.DispatchRequest(OwaContext owaContext)
 System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
 System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
Inner Exception
 Exception type: Microsoft.Exchange.Data.Directory.InvalidADObjectOperationException
 Exception message: Property Languages cannot be set on this object because it requires the object to have version 0.1 (8.0.535.0) or later. Current version of the object is 0.0 (6.5.6500.0).
Call stack
Microsoft.Exchange.Data.Directory.PropertyBag.set_Item(PropertyDefinition key, Object value)
 Microsoft.Exchange.Data.Directory.ADObject.set_Item(PropertyDefinition propertyDefinition, Object value)
 Microsoft.Exchange.Data.Directory.ADObject.StampCachedCaculatedProperties(Boolean retireCachedValue)
 Microsoft.Exchange.Data.Directory.ADObject.ValidateWrite(List`1 errors)
 Microsoft.Exchange.Data.Directory.Recipient.ADRecipient.ValidateWrite(List`1 errors)
 Microsoft.Exchange.Data.Directory.Recipient.ADUser.ValidateWrite(List`1 errors)
 Microsoft.Exchange.Data.Directory.ADSession.Save(ADObject instanceToSave, IEnumerable`1 properties)
 Microsoft.Exchange.Data.Storage.ExchangePrincipal.Save()

Turns out a mailbox attribute version was wrong:

Exchange Server 2007 and Exchange Server 2010 both use the msExchVersion attribute to determine the version of Exchange Server with which user objects are associated. If the version value is less than 0.1, Exchange Server 2007 or Exchange Server 2010 considers the user object as Read-only.

Find out the attribute version by running:
Get-Mailbox [username] | format-list ExchangeVersion

And fix by running:
Set-Mailbox [username] -ApplyMandatoryProperties

Find out more here: http://support.microsoft.com/kb/941146