Unable to add new Veeam proxy server with the error: “Failed to install deployment service.”

Problem

You attempt to add a new Veeam proxy server that is located in your DR site that will be used as a target proxy for replication but receive the following error:

[serverName] Failed to install deployment service.

Access is denied.

--tr:Failed to create persistent connection to ADMIN$ shared folder on host [IP Address].

--tr:Failed to install service [VeeamDeploymentService] was not installed on the host [IP address].

The service account you’re using is a local account on the proxy server that is a part of the local administrators group.

Solution

This error ended up being more Windows related than Veeam as when I tested connectivity to the server, I was able to RDP but could not UNC to the admin$ or c$ administrative shares.  What I realized after troubleshooting the issue was that UAC was turned on for the proxy server with Windows 2008 R2 as the operating system and this was denying access for accounts that try to remotely access these shares.  There are 2 ways to correct this:

1. Turn off UAC
2. Modify a registry key to allow remote access

I ended up opting for turning off UAC since this environment has most servers configured as such.

Remote Desktop Web Access (RD Web Access) published RDP connection to a workstation throws the error: “Windows cannot start the RemoteApp program. The following RemoteApp program is not in the list of authorized programs:”

Problem

You’ve published a Remote Desktop Connection to a desktop with the /v:<desktopFQDN> switch but you notice that you are unable to connect to it when you launch the connection through the RemoteApps programs and you are presented with the following error message:

Windows cannot start the RemoteApp program.

The following RemoteApp program is not in the list of authorized programs:

<desktopName>

For assistance, contact your system administrator.

You’ve verified that you’ve configured the Remote Desktop Connection Authorization Policies (RD CAPs) and Remote Desktop Resource Authorization Policies (RD RAPs) has been configured properly.

Solution

The solution to this problem I encountered at a client’s office ended up being a small typo in the Alias field for the published application which surprisingly caused the published remote desktop connection to stop working.  The environment had 2 session host servers and while combing through the configuration we noticed that the configuration for the published application on both of the hosts were identical aside from the Alias field as shown in the following screenshot:

Note that the Alias we wanted to use was RDP_WKS-GAADP01 so the window on the left has the incorrect alias.  Once we updated the session host server with the proper matching Alias, the error went away.

Initiating an Enterprise Voice call with Lync Server 2013 configured with a SIP trunk to an Avaya PBX generates the error: "Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here"

Problem

You’ve configured a SIP trunk between your Lync Server 2013 and Avaya PBX then proceed to try making a call but it fails.  A trace and review of the snooper logs reveal the following messages:

TL_INFO(TF_PROTOCOL) [0]101C.3494::07/02/2013-19:27:24.622.00200ea4 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:2387.idx(196))[1942010897] $$begin_recordTrace-Correlation-Id: 1942010897
Instance-Id: 47CF0E
Direction: incoming
Peer: 10.50.1.37:50518
Message-Type: request
INVITE sip: +14413243428@domain.com;user=phone SIP/2.0
Start-Line: INVITE sip:+14413243428@domain.com;user=phone SIP/2.0
From: <sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
To: <sip:+14413243428@domain.com;user=phone>
Call-ID: 534e05e8aa1b44708dc434c65085e9bb
CSeq: 1 INVITE
Contact: <sip:tluk@domain.com;opaque=user:epid:aZDoBPYY6F-Y6_eBHuLUJQAA;gruu>
Via: SIP/2.0/TLS 10.50.1.37:50518
Max-Forwards: 70
Content-Length: 3266
Content-Type: multipart/alternative;boundary="----=_NextPart_000_0092_01CE7741.08E3A7C0"
Message-Body:

TL_INFO(TF_PROTOCOL) [0]16CC.49F8::07/02/2013-19:27:24.652.00204a6f (S4,SipMessage.DataLoggingHelper:1823.idx(752))[2278930503]
<<<<<<<<<<<<Incoming SipMessage c=[<SipTlsConnection_36A13A7>], 10.1.1.66:5070<-10.1.1.66:54529
INVITE sip:+14413243428@10.3.6.210:5070;user=phone;maddr=svrlyncstd02.domain.internal SIP/2.0
FROM: "Luk, Terence"<sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
TO: <sip:+14413243428@domain.com;user=phone>
CSEQ: 1 INVITE
CALL-ID: 534e05e8aa1b44708dc434c65085e9bb
MAX-FORWARDS: 69
VIA: SIP/2.0/TLS 10.1.1.66:54529;branch=z9hG4bK8747CA4E.AB3C8956D2CD766C;branched=TRUE
VIA: SIP/2.0/TLS 10.50.1.37:50518;ms-received-port=50518;ms-received-cid=1250700
RECORD-ROUTE: <sip:SVRLYNCSTD02.domain.internal:5061;transport=tls;opaque=state:T;lr>;tag=510C2D779CC0040DA76277F02F7E55EE
CONTACT: <sip:tluk@domain.com;opaque=user:epid:aZDoBPYY6F-Y6_eBHuLUJQAA;gruu>
CONTENT-LENGTH: 3266
SUPPORTED: ms-dialog-route-set-update
SUPPORTED: timer
SUPPORTED: histinfo
SUPPORTED: ms-safe-transfer
SUPPORTED: ms-sender
SUPPORTED: ms-early-media
SUPPORTED: 100rel
SUPPORTED: replaces
SUPPORTED: ms-conf-invite
USER-AGENT: UCCAPI/15.0.4481.1000 OC/15.0.4481.1000 (Microsoft Lync)
CONTENT-TYPE: multipart/alternative;boundary="----=_NextPart_000_0092_01CE7741.08E3A7C0"
ACCEPT-LANGUAGE: en-US
ALLOW: INVITE, BYE, ACK, CANCEL, INFO, UPDATE, REFER, NOTIFY, BENOTIFY, OPTIONS
P-ASSERTED-IDENTITY: "Luk, Terence"<tel:+14413243445>
ms-application-via: SIP;ms-urc-rs-from;ms-server=SVRLYNCSTD02.domain.internal;ms-pool=svrlyncstd02.domain.internal;ms-application=ad894dc3-55e0-44bf-a07e-3c073aaa4a57
ms-application-via: ms-udc.cdr%3Dae53fde938cbac02468226ebea4f0a60%3A1%3Barch%3Dae53fde938cbac02468226ebea4f0a60%3A1;ms-pool=svrlyncstd02.domain.internal;ms-application=http%3A%2F%2Fwww.microsoft.com%2FLCS%2FUdcAgent;ms-server=SVRLYNCSTD02.domain.internal
Ms-Conversation-ID: Ac53QI9wCGXHUXoVQ+mYkXqLrnRsZQAAAmqgAAACNxAAACJckAAGPPNgAAADOQA=
ms-keep-alive: UAC;hop-hop=yes
ms-subnet: 10.50.1.0
ms-endpoint-location-data: NetworkScope;ms-media-location-type=Intranet
ms-routing-phase: from-uri-routing-done
ms-pai: "Luk, Terence"<sip:tluk@domain.com>,<tel:+14413243445>
ms-privacy: id
ms-obr-normalized-uri: <sip:+14413243428@domain.com;user=phone>
ms-from: "Luk, Terence"<sip:+14413243445@domain.com;user=phone>
ms-user-data: ms-publiccloud=TRUE;ms-federation=TRUE

TL_INFO(TF_PROTOCOL) [0]16CC.3F30::07/02/2013-19:27:25.554.002087ff (S4,SipMessage.DataLoggingHelper:1823.idx(774))[2278930503]
>>>>>>>>>>>>Outgoing SipMessage c=[<SipTlsConnection_36A13A7>], 10.1.1.66:5070->10.1.1.66:54529
SIP/2.0 488 Not Acceptable Here
FROM: "Luk, Terence"<sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
TO: <sip:+14413243428@domain.com;user=phone>;tag=e9ae58741f;epid=7A239EA1A1
CSEQ: 1 INVITE
CALL-ID: 534e05e8aa1b44708dc434c65085e9bb
VIA: SIP/2.0/TLS 10.1.1.66:54529;branch=z9hG4bK8747CA4E.AB3C8956D2CD766C;branched=TRUE,SIP/2.0/TLS 10.50.1.37:50518;ms-received-port=50518;ms-received-cid=1250700
CONTENT-LENGTH: 0
P-ASSERTED-IDENTITY: <sip:+14413243428@domain.com;user=phone>
SERVER: RTCC/5.0.0.0 MediationServer
ms-diagnostics: 10407;source="SVRLYNCSTD02.domain.internal";reason="Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here";GatewayFqdn="10.3.6.210;trunk=10.3.6.210"
ms-diagnostics-public: 10407;reason="Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here"
ms-trunking-peer: 10.3.6.210;trunk=10.3.6.210;User-Agent="AVAYA-SM-6.2.0.0.620120"
ms-endpoint-location-data: NetworkScope;ms-media-location-type=intranet

 

TL_INFO(TF_PROTOCOL) [0]101C.4008::07/02/2013-19:27:25.556.002089ce (SIPStack,SIPAdminLog::ProtocolRecord::Flush:2387.idx(196))[2869572326] $$begin_record
Trace-Correlation-Id: 2869572326
Instance-Id: 47CF1D
Direction: incoming
Peer: svrlyncstd02.domain.internal:5070
Message-Type: response
Start-Line: SIP/2.0 488 Not Acceptable Here
FROM: "Luk, Terence"<sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
TO: <sip:+14413243428@domain.com;user=phone>;tag=e9ae58741f;epid=7A239EA1A1
CALL-ID: 534e05e8aa1b44708dc434c65085e9bb
CSEQ: 1 INVITE
VIA: SIP/2.0/TLS 10.1.1.66:54529;branch=z9hG4bK8747CA4E.AB3C8956D2CD766C;branched=TRUE,SIP/2.0/TLS 10.50.1.37:50518;ms-received-port=50518;ms-received-cid=1250700
CONTENT-LENGTH: 0
ms-diagnostics: 10407;source="SVRLYNCSTD02.domain.internal";reason="Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here";GatewayFqdn="10.3.6.210;trunk=10.3.6.210"
ms-diagnostics-public: 10407;reason="Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here"

 

TL_INFO(TF_PROTOCOL) [0]16CC.4480::07/02/2013-19:27:25.559.002090bb (S4,SipMessage.DataLoggingHelper:1823.idx(774))[3101263875]
<<<<<<<<<<<<Incoming SipMessage c=[<SipTlsConnection_36A13A7>], 10.1.1.66:5070<-10.1.1.66:54529
ACK sip:+14413243428@10.3.6.210:5070;user=phone;maddr=svrlyncstd02.domain.internal SIP/2.0
FROM: "Luk, Terence"<sip:tluk@domain.com>;tag=19ff1e0ea0;epid=c3c51f41cf
TO: <sip:+14413243428@domain.com;user=phone>;tag=e9ae58741f;epid=7A239EA1A1
CSEQ: 1 ACK
CALL-ID: 534e05e8aa1b44708dc434c65085e9bb
MAX-FORWARDS: 70
VIA: SIP/2.0/TLS 10.1.1.66:54529;branch=z9hG4bK8747CA4E.AB3C8956D2CD766C;branched=FALSE
CONTENT-LENGTH: 0
SERVER: http%3A%2F%2Fwww.microsoft.com%2FLCS%2FOutboundRouting
ms-application-via: SIP;ms-urc-rs-from;ms-server=SVRLYNCSTD02.domain.internal;ms-pool=svrlyncstd02.domain.internal;ms-application=ad894dc3-55e0-44bf-a07e-3c073aaa4a57
ms-application-via: ms-udc.cdr%3Dae53fde938cbac02468226ebea4f0a60%3A1%3Barch%3Dae53fde938cbac02468226ebea4f0a60%3A1;ms-pool=svrlyncstd02.domain.internal;ms-application=http%3A%2F%2Fwww.microsoft.com%2FLCS%2FUdcAgent;ms-server=SVRLYNCSTD02.domain.internal
ms-routing-phase: from-uri-routing-done
ms-diagnostics-public: 5012;reason="ACK is being generated on receipt of a failure final response for an INVITE forked by application";AppUri="http%3A%2F%2Fwww.microsoft.com%2FLCS%2FOutboundRouting"

One of the error messages that catches your eye is the following:

"Gateway responded with 407 Proxy Authentication Required";component="MediationServer";SipResponseText="Not Acceptable Here"

Solution

After troubleshooting the issue with the PBX engineer, we noticed that we actually had a port mismatch between what was configured on his end and what was configured on my end.  The gateway listening port I had configured on my end was set to 5060:

While his end in the Avaya Aura System Manager 6.2 was set to 5068:

Small mistake which was fixed after I changed my TCP port to 5068:

Cisco UCS Manager reports the error: “VLAN default is error-misconfigured because of conflicting vlan-id with an fcoe-vlan”

Problem

You’ve recently updated your UCS infrastructure’s firmware to 2.0 or higher and noticed the following errors reported in the UCS Manager:

VLAN default is error-misconfigured because of conflicting vlan-id with an fcoe-vlan

Description: VLAN default is error-misconfigured because of conflicting vlan-id with an fcoe-vlan

ID: 10637116

Cause vlan-misconfigured

Code: F0833

Solution

The reason why this error is being reported is because Cisco no longer allows overlapping VLAN IDs for LAN and FCoE.  This usually isn’t a problem if the UCS firmware began with 2.0 or higher as the FCoE storage port native VLAN uses VLAN 4048 by default but if you’re upgrading from an earlier firmware, the default will most likely be set to 1 which overlaps with the LAN default VLAN as shown here:

As shown in the following documentation for firmware 2.0:

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/gui/config/guide/2.0/b_UCSM_GUI_Configuration_Guide_2_0_chapter_010110.html#task_BECC98E803CB4DE39D256F525C556D89

… you must change the FCoE VLAN ID to a different value that is unique within the UCS infrastructure.  

**Note that changing the FCoE VLAN ID may cause a temporary outage of traffic on the SAN (until the VLAN re-converges) so schedule this small change after hours.

Note that the error immediately goes away once the overlapping FCoE VLAN has been corrected.

Logging onto a desktop immediately logs the user off with event ID 1542 “Windows cannot load classes registry file. DETAIL - The system cannot find the file specified.” logged in the application logs

Problem

You’ve received a complaint that when a user attempts to log onto their desktop, they immediate get kicked off.  Logging onto the desktop with another account appears to be fine and the following errors are found in the event logs:

Event ID 1532:

Windows cannot load classes registry file.

DETAIL - The system cannot find the file specified.

Event ID 502:

Failed to apply policy and redirect folder "Pictures" to "\\file-03\RedirectedFolders$\someUser\Pictures".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

Event ID 502:

Failed to apply policy and redirect folder "Favorites" to "\\file-03\RedirectedFolders$\someUser\Favorites".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

Event ID 502:

Failed to apply policy and redirect folder "Documents" to "\\file-03\RedirectedFolders$\someUser\Documents".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

Event ID 502:

Failed to apply policy and redirect folder "Desktop" to "\\file-03\RedirectedFolders$\someUser\Desktop".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

Event ID 502:

Failed to apply policy and redirect folder "Start Menu" to "\\file-03\RedirectedStartMenu".

Redirection options=0x9020.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

Event ID 502:

Failed to apply policy and redirect folder "RoamingAppData" to "\\file-03\RedirectedFolders$\someUser\AppData\Roaming".

Redirection options=0x1210.

The following error occurred: "Failed to get folder redirection capabilities".

Error details: "The system cannot find the file specified.

".

Event ID 4098:

The user 'CCD' preference item in the 'Redirected Folders & User Customizations {0DABB54B-B804-4C83-B05F-379DC99D1F62}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

Event ID 4098:

The user 'Dispatch Client' preference item in the 'Redirected Folders & User Customizations {0DABB54B-B804-4C83-B05F-379DC99D1F62}' Group Policy object did not apply because it failed with error code '0x80070002 The system cannot find the file specified.' This error was suppressed.

Solution

The environment I was troubleshooting this issue in was a VMware View 5.1 infrastructure with non persistent pooled desktops that used a mix of Active Directory Folder Redirection and Persona Management to manage user profiles.  The error messages appeared to suggest that the redirected folders were the problem so the first troubleshooting step I did was to make sure those folders were accessible (they were) then I tried renaming the user’s redirected folder’s folder so that it would get created but that did not correct the problem.  What ended up correcting the issue was when I renamed the user’s VMware View Persona Management profile folder which contained everything that the Redirected Folder GPO did not roam (i.e. \AppData\Local).  After renaming the Persona Management folder and having it recreated, the user was then able to log in so I would say that the user’s profile must have somehow got corrupted.

Logging onto Cisco UCS Manager throws the error: “Login Error: java.net.SocketTimeoutException: Read timed out”

Problem

You attempt to log into the Cisco UCS Manager via the VIP of your clustered 6100 series Fabric Interconnects but receive the following error:

Logging onto Cisco UCS Manager throws the error: “Login Error: java.net.SocketTimeoutException: Read timed out”

Solution

I’ve come across this several times in the past as well as received quite a few calls over the past months so I thought I’d write a post about this in case anyone is searching this on the internet.

One of the reasons why this error would be presented while you log into the UCS Manager is if there is a switchover in progress between the 2 clustered 6100 series fabric interconnects.  To determine whether this is the case, you can either console or SSH into the fabric interconnect and execute the following command:

show cluster state

Note how in the above screenshot that both of the fabric interconnects has the status of:

Management services: SWITCHOVER IN PROGRESS

In the event that both fabrics are stuck in this state for a long time, one of the ways to fix this is to actually reboot both fabrics one after another giving enough time in between (say 5 minutes) so that the first fabric that you reboot becomes the primary fabric.

Maximum allowed partnerships exceeded for Exchange 2010 ActiveSync devices

Problem

You attempt to activate an iPhone or Android device with Exchange ActiveSync but receive the following error message:

You have 10 phone partnerships out of the maximum allowed 10 partnerships. After you reach the maximum, you can't create additional partnerships until you delete existing ones from your account. To do so, sign in to Outlook Web App, click Options > Phone > Mobile Phones, and delete any unused partnerships.

The account setup on the iPhone completes but mail does not sync while Android devices display the following message:

You have reached the maximum number of devices allowed in your device network

Solution

The reason why these messages are being displayed is because by default, Exchange 2010 actually has a limit on how many devices you can set up with ActiveSync and the default is 10 devices.  This usually isn’t a problem with regular users but if you’re an administrator that regularly sets up devices for users, you may find that you will quickly exceed the limit.

The way around this is to either delete some devices via the following instructions in OWA:

Sign in to Outlook Web App, click Options > Phone > Mobile Phones, and delete any unused partnerships.

Or use the Set-ThrottlingPolicy with the EASMaxDevices switch as shown in the following TechNet article to increase the maximum amount of ActiveSync devices allowed:

http://technet.microsoft.com/en-us/library/dd298094(v=exchg.141).aspx