Powered by Blogger.
RSS

CrashPlan 3.4.1 and above stuck on "Waiting for Crashplan to Start" Mac

In case anyone runs across this, after CrashPlan 3.3 likes like the folks at Code42 compiled their code using Java 6.

 

I have an old Mac server running 10.5.8, after the upgrade the application got stuck at “Waiting for the CrashPlan ProE Server to Start”

 

You have to get Java 6 on that machine and then update the LaunchDaemon to point to the 1.6.0 directory.

 

I installed Java 6 using this link:

http://stackoverflow.com/questions/7731268/java-version-shows-as-1-5-after-java-6-installed-on-mac-os-x-10-5-8

 

Then had to edit your LaunchDaemon to point to the new directory.

http://tapestryjava.blogspot.com/2012/06/getting-crashplan-to-work-on-mac-after.html

 

--mando

 

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS

Cisco CUCM 8.6.5 with AD LDS for Multi forest environment

This was a huge pain… worth posting J
 
I’ve got two domains that we are consolidating over to just one.  One is running AD 2003, and has three child domains. The other is a 2008 AD, and the new domain is 2008 R2. For the sake of this post, I will be calling the domains AD2003, AD2008, AD2008R2.
 
I have a brand new CUCM 8.6.5 cluster I’m bringing up, and need to authenticate users on all three domains until my migration is complete. I have a root CA already configured on my new AD2008R2 domain, so LDAP over SSL is the way I’ll be configuring this.
 
First off, I’d like to post the websites and give the people who wrote them thanks for doing so. I would be completely lost without their help.
 
How to Configure Unified Communications Manager Directory Integration in a Multi-Forest Environment
 
https://supportforums.cisco.com/docs/DOC-16356 by Greeshma Bernad and edited by Gabriel Sroka
 
AD LDS 101 – Part 4 – MS-AdamSyncConf.XML: A Detailed Look
 
Merging & Syncing multiple Active Directory databases into one ADAM instance
 
Using SSL with ADAM (AD LDS)
 
THANKS ALL!!
 
Firstly, Greeshma on the Cisco KB pretty much lays it out as to how to do this, however, there’s a lot that is not covered and of course would be impossible to cover every single deployment scenario for this. So I’m just going to cover how my deployment went and what I needed to do to make it work. I’ll shorthand a bunch of it and refer back to the links above, but will include some screenshots on stuff that isn’t covered.
 
All was pretty much good for me on the KB until,
 
     One thing I didn’t understand from step 8 on this procedure was that the partition name is a brand new partition. The KB names the partition the same as the host AD DC domain. For me a more descriptive “DC=Multiforest,DC=local” works better.
 
     For the Service Account, I created a new account on the domain I was hosting it on
       AD2008R2\ADAMMultiforest is the account I used. I think it prompted me to give the user rights to start the service and I went ahead and clicked yes on that. I rebuilt this AD LDS a few times, so I don’t know if it just didn’t prompt me anymore, or if it was a different installation that gave me that prompt…
 
    AD LDS Administrators, I chose AD2008R2\Domain Admins for my instance.
 
 
Now for the next section:
 
CoreLAN team does a great job explaining exactly what you are doing. Definitely a good read if you need some more info on this.
 
    Referencing the Cisco KB article, I ran steps 1-7 for my first domain AD2008R2. Please remember that step 3 references your target schema which is the standard AD on each domain (going through LDAP port 389) and the base schema is the new AD LDS on port 50000.
   Ran Step 8 (simple,) and ran step 9 for the first domain AD2008R2.
   Now we need to rerun steps 1-7 for my next domain, AD2008. Then you can skip step 8, and run step 9.
     One thing to note here is that I got an error on step 9 for the second domain. So I ran the ldife command with a “-k” to ignore the errors and keep processing the other entries. I tried updating the schema using ADSI and then restarting the Multiforest AD LDS instance, but I still got that error on the third domain too. Not sure what that exact error is there, or if it even matters.
 
ldifde -i -s localhost:50000 -c CN=Configuration,DC=X #ConfigurationNamingContext -f diff-schema.ldf -j c:\windows\adam\logs -k
 
 
   I then finally ran steps 1-7 from the Cisco KB for my third domain, and ran step 9 with the –k switch.
 
That’s it. My new AD LDS instance includes all the schema extensions from my other domains, so now we are ready to import users.
 
In the Cisco KB, extending the AD LDS Schema with User-Proxy is pretty simple, just download the file and run the command mentioned. No need to change anything.
 
After that we configure the system to import users using the KBs procedure:
 
    Since Greeshma used the same AD name on his AD LDS instance, I got a bit confused here. Doug from www.thegeekispeak.com cleared things out for me. His detailed look at MS-AdamSyncConf.XML is of great help.


   There’s really just 4 lines that need to be modified, see the www.thegeekispeak.com post I mentioned earlier for a “detailed look”
 
 For my setup this was the first config file. I have a IT OU that I’m only synching in this case.
 
<?xml version="1.0"?>
<doc>
<configuration>
<description>Sample ADAMSync Config File</description>
<security-mode>object</security-mode>
<source-ad-name>AD2008R2.local</source-ad-name>
<source-ad-partition>dc=AD2008R2,dc=local</source-ad-partition>
<source-ad-account></source-ad-account>
<account-domain></account-domain>
<target-dn>dc=Multiforest,dc=local</target-dn>     
  <query>           
   <base-dn>OU=IT,dc= AD2008R2,dc=local</base-dn>
  
 
 Now here’s the tricky part that got me on the target DN. For the second domain AD2008, it needs to look like this. In my case I also added a source-ad-account and domain. When I ran the sync, just put in the switch “/passprompt” (see CoreLAN link)
 
<?xml version="1.0"?>
<doc>
<configuration>
<description>Sample ADAMSync Config File</description>
<security-mode>object</security-mode>
<source-ad-name>AD2008.local</source-ad-name>
<source-ad-partition>dc=AD2008,dc=local</source-ad-partition>
<source-ad-account>USER1</source-ad-account>
<account-domain>AD2008</account-domain>
<target-dn> dc=Multiforest,dc=local</target-dn>     
  <query>           
   <base-dn>OU=CorpUsers,dc= AD2008,dc=local</base-dn>
  
 
 From here, I’m sure you know what I did for my third domain.
 
Here are my commands that I ran:
 ADAMSync /install localhost:50000 AdamSyncConfAD2008R2.xml
 ADAMSync /sync localhost:50000 "dc=Multiforest,dc=local"
 
 ADAMSync /install localhost:50000 AdamSyncConfAD2008.xml /passprompt
 ADAMSync /sync localhost:50000 "dc=Multiforest,dc=local"
 
 ADAMSync /install localhost:50000 AdamSyncConfAD2003.xml /passprompt
 ADAMSync /sync localhost:50000 "dc=Multiforest,dc=local"
 
     After the config setup above, just run steps commands from the Cisco KB on this section, and you should be good. Create the appropriate BAT file for and that ends this section.
 
The next section, is pretty much as is.
 
For the LDAP over SSL certificate use the following links to get yourself all set up.
 
 
One thing that the above link didn’t include a screenshot of was the subject name config on the template. Please see below for that. I went with DNS name for the Subject name format.
 
 
Here’s another link from Microsoft.
 
One thing I would like to mention is that I had to create the certificate under the “Local Computer” personal store, then I had to move it to my Multiforest instance personal store. I tried exporting it but it wouldn’t work.
 
Also don’t forget to set the appropriate permissions under the C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys directory
 
 
 
Then after you’ve restarted you AD LDS instance, verify LDAP over SSL works by using the ADSIedit or another LDAP tool, such as Softerra.
 
Once it’s been verified, upload your RootCA and Intermediates to the Cisco Cluster under Tomcat_Trust (very important step, took me a while to find this one, had to open a TAC case and the guy from some support cases on the forums pointing me to this.)
 
Here are some screenshots that the Cisco KB was missing when I went through it. After that just followed the rest of the KB and it worked for me.
 
Figure 47
 
 
Figure 48
 
 
--mando
 

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • RSS