Page 1 of 2 12>
Topic Options
#196497 - 2009-10-27 06:28 PM Kix 4.61+ INGROUP + Windows 7
kaffee Offline
Fresh Scripter

Registered: 2009-10-26
Posts: 5
Loc: Paris
HI,
I am migrating to Kix 4.61 and some WK7.
I am starting to have a headache with Windows 7 + Kix 4.61 and the INGROUP command.
Just it is not working *- i have serach a lot in the net and forums and nothing a part the post #196185

Anyone can tell if INGROUP (4.61) on windows 7 (32 and 64 bits) works if yes how ?

Ps. INGROUP (4.61) works fine on XP, Windows Server 2008 Enterprise Edition 64 bits

 Code:
IF INGROUP("ADMINS") = 1
	AT (17,9) "Connexion \\SVRXSL02\CONSOLES              "
	USE W: /D /PERSISTENT
	USE W: \\SVRXSL02\CONSOLES
	sleep 1
ENDIF


Thanks
Kaffee


Edited by Mart (2009-10-28 09:07 AM)
Edit Reason: Please use code tags when posting code.

Top
#196499 - 2009-10-27 09:50 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: kaffee]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4549
Loc: USA
Try this and post back your results.
 Code:
? "kix:" + @kix
IF INGROUP("ADMINS")
  ? "In the group"
  USE W: /D /PERSISTENT
  ? @result
  ? @serror
  USE W: "\\SVRXSL02\CONSOLES"
  ? @result
  ? @serror
else
  ? "Not in Group"
ENDIF


Also, check the Eventlog for any errors that might be of use. Make sure your group name is spelled correctly.

Top
#196504 - 2009-10-28 11:39 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Allen]
kaffee Offline
Fresh Scripter

Registered: 2009-10-26
Posts: 5
Loc: Paris
Hi,

Result of the script
Kix : 4.61
Not in Group

There is an event error log see below (in french) but event ID is 1789
the error is on W7 32 bits and 64 bits

The speeling name is correct as it works on XP, Windows 2008 Server
and for information our Active Directory is Windows 2000 DC's

I think that someting is missing to get a trust membership between the Server and Station

Thanks for any suggestion
Rgds,
Kaffee



Nom du journal :Application
Source : KIXTART
Date : 28/10/2009 11:20:51
ID de l’événement :1789
Catégorie de la tâche :Aucun
Niveau : Erreur
Mots clés : Classique
Utilisateur : N/A
Ordinateur : AdminSel-Win7.Xsl.Schneider-Electric.com
Description :
La description de l’ID d’événement 1789 dans la source KIXTART est introuvable. Le composant qui a déclenché cet événement n’est pas installé sur l’ordinateur local ou l’installation est endommagée. Vous pouvez installer ou réparer le composant sur l’ordinateur local.

Si l’événement provient d’un autre ordinateur, les informations d’affichage doivent être enregistrées avec l’événement.

Les informations suivantes étaient incluses avec l’événement :

GetPrimaryGroup failed Error : La relation d’approbation entre cette station de travail et le domaine principal a échoué. (0x6fd/1789)

Top
#196508 - 2009-10-28 11:59 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: kaffee]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4673
Loc: The Netherlands
This came up in the past but no fix was mentioned. This does not seem to be a kix issue.

http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=193933#Post193933
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#196509 - 2009-10-28 01:32 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Mart]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4549
Loc: USA
If you find a solution, please post back. Looks like you are the 2nd or 3rd person with this problem.
Top
#196510 - 2009-10-28 02:45 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Allen]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4673
Loc: The Netherlands
The OP of the link I posted was also on a Win2K AD so it might be some kind of compatibility issue between Win7 and Win2K AD. As Win2K AD was a baby, Win2K3 went to kindergarten and Win2K8 AD is a teenager I can imagine that some backwards compatibility between Win7 and Win2K AD is lost. Should not be but everything is possible.

Edited by Mart (2009-10-28 02:45 PM)
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#196516 - 2009-10-29 09:42 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Mart]
kaffee Offline
Fresh Scripter

Registered: 2009-10-26
Posts: 5
Loc: Paris
Hi,

Sorry for taking some time for reply du to tests and work.

So, In my case
Kix version : 4.61
W2K DC + Windows 2000 AD -
Clients : Windows XP, Windows Vista, Windows 7, Windows 2008 Srv : all 32 and 64 bits

My simple script is to check if some users are in a goup :

 Code:
? "kix:" + @kix
IF INGROUP("ADMINS")
  ? "In the group"
  USE W: /D /PERSISTENT
  ? @result
  ? @serror
  USE W: "\\SVRXSL02\CONSOLES"
  ? @result
  ? @serror
else
  ? "Not in Group"
ENDIF


It work for all clients except for : Windows 7 32 and 64 bits

The Microsfot KB 262958 doesnot resolve the issue
http://support.microsoft.com/default.aspx?scid=kb;en-us;262958

But i have found something intersting:

If I do use the BuiltIN Groups : (Domain Local Groups) - IT WORKS
But NOT for Global Groups

BuitIn group List (In French)
Accès compatible Pre-Windows 2000
Administrateurs
Duplicateurs
Invités
Opérateurs de compte
Opérateurs de sauvegarde
Opérateurs de serveur
Opérateurs d'impression
Utilisateurs

Well, It is not working but i did progress a bit.
I will continue in investigating if someone has a clue i take it.



Rgds
Kaffee













Edited by Mart (2009-10-29 10:59 AM)
Edit Reason: Please use code tags when posting code.

Top
#196517 - 2009-10-29 10:25 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: kaffee]
kaffee Offline
Fresh Scripter

Registered: 2009-10-26
Posts: 5
Loc: Paris
Hi again,

I have created a new DOMAIN GROUP , insert users in it and test : IT WORKS

In my case, I cannot test the Universal Groups

In conclusion for my part for Windows 7 : INGROUP doesnot work for Global Groups

If anyone has a solution for Global Groups.

Rgds,
Kaffee

Top
#196543 - 2009-11-01 12:48 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: kaffee]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
Just a few notes:
1. Make sure if you added the user you are testing the INGROUP with, that that user has logged of and logged on again so his token is updated.
2. run kix32 -f (Flush tokencache) to make sure there are no errors there.

I'm also on Windows 7 and with a 2000 AD and I have no problems so far. But I'll check monday and test a few things.

Top
#196545 - 2009-11-01 04:00 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Arend_]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4549
Loc: USA
I've been doing some googling on this myself. From what I can tell this 1789 Error has been around for a long while showing itself in different places (XP, Vista) and it appears that no one knows exactly what causes the error. Rejoining the domain seemed to be the most common answer given, but did not fix the problem most times. I did find an article or two that suggested that improperly configured DNS could play a role. One solution was given that they had used their firewall as the DNS Server and changing it to the AD DNS Server fixed the problem. Someone else suggested running ADPrep.exe (located on Server 2008 CD) to add the new properties to your 2000 AD.

@Arend, please do post back on this. Glad to find someone here who has this environment.

Top
#196546 - 2009-11-02 09:53 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Allen]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
Rejoining the Domain doesn't provide the answer.
The trust relationship is good. I suspect KiX handling this in a different way but I'm gonna see what I can come up with.
So far this is the Case:

Domain Local groups succeed.
Universal groups fail.
Global groups fail.

Different 1789 messages though:
Failed to resolve SID(s) Error : The trust relationship between this workstation and the primary domain failed. (0x6fd/1789)

GetPG: LookupAccountSid failed Error : The trust relationship between this workstation and the primary domain failed. (0x6fd/1789)

GetPrimaryGroup failed Error : The trust relationship between this workstation and the primary domain failed. (0x6fd/1789)

I'll play around some more.

Top
#196548 - 2009-11-02 10:19 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Arend_]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
Alright, update.
It's definately the way KiX looks it up.
If you try it using LDAP it works fine. for instance:
 Code:
Dim $objSysInfo, $objUser, $objGroup
$objSysInfo = CreateObject("ADSystemInfo")
$objUser = GetObject("LDAP://"+$objSysInfo.userName)
$objGroup = GetObject("LDAP://CN=Domain Admins,CN=users,DC=mydomain,DC=local")
If $objGroup.IsMember($objUser.AdsPath)
  ? "Global Test Succeeded"
Else
  ? "Global Test Failed"
EndIf

Top
#196550 - 2009-11-02 12:28 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Arend_]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
ok as my post in the Beta group reflects, PStools's PSGetSID generates the same errors as kixtart.
This concludes that it is not KiXtart that is generating this problem.
It is the way Windows 7 talks to the AD apparantly.
As my XP clients don't have this problem.
Also, Vista and 2008 (NOT R2) don't have this problem.
I do assume that a Windows 2008 R2 server will have the same problems because it has the same core as Windows 7.

Top
#196560 - 2009-11-03 09:09 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Arend_]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
ok WinNT test passes as well:
 Code:
Dim $objGroup
$objGroup = GetObject("WinNT://"+@LDOMAIN+"/Domain Admins")
$objGroup.GetInfo
If $objGroup.IsMember("WinNT://"+@LDOMAIN+"/"+@USERID) = -1
  ? "Global Test Succeeded"
Else
  ? "Global Test Failed"
EndIf

Top
#196561 - 2009-11-03 09:14 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Arend_]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
Since the GetSID fails in the psTools I figured I'll test my own Name2SID udf (as can be found in the UDF section). And all those tests pass, which means WMI works fine too.
 Code:
? Name2SID(@USERID)
? Name2SID("Domain Admins")

Function Name2SID(Optional $userid,Optional $domain)
  If $userid = "" $userid = @USERID EndIf
  If $domain = "" $domain = @LDOMAIN EndIf
  Dim $objWMIService
  $objWMIService = GetObject("winmgmts:\\.\root\cimv2")
  $Name2SID = $objWMIService.Get("Win32_Account.Name='"+$userid+"',Domain='"+$domain+"'").SID
  If @ERROR EXIT @ERROR EndIf
EndFunction


So I can conclude the following:
When talking to the AD;
LDAP works fine.
WinNT works fine.
WMI works fine.

So I can't seem to figure out how kixtart is talking to the AD.

Top
#196583 - 2009-11-04 10:47 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Arend_]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1895
Loc: Hilversum, The Netherlands
Does someone besides Ruud have any insights on how KiX actually does the Ingroup checking ?
Top
#196584 - 2009-11-04 11:20 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Arend_]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4549
Loc: USA
Has anyone else tested kix on Win 7 verses 2003 and 2008 AD? (I will be doing this in a few weeks) This information might be useful/relevant to Ruud. I sent him an email regarding this thread, so lets hope maybe he can come by and take a look.
Top
#196585 - 2009-11-05 04:00 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Allen]
Glenn Barnas Administrator Offline
KiX Supporter
*****

Registered: 2003-01-28
Posts: 4396
Loc: New Jersey
Well, I just upgraded a bunch of our workstations to Windows 7 during this week. These are fresh installs, not "upgrades". So far, I have a pretty even mix of 32b Pro, 32b Ultimate, and 64b Ultimate. We have a Windows 2008 Native mode domain. At this point, I've not experienced any InGroup issues.

Glenn
_________________________
Actually I am a Rocket Scientist! \:D

Top
#196596 - 2009-11-05 10:03 PM Re: Kix 4.61+ INGROUP + Windows 7 [Re: Glenn Barnas]
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11624
Loc: CA
I'm wondering though if it has anything to do with some of the offered (not critical) updates that Microsoft has offered for policy stuff.

I would not expect a Native 2008 AD to have any issues, but what others appear to be seeing is due to AD 2000, 2003 which is very old even for Vista let alone Windows 7

Maybe Microsoft just missed the boat on this and it slipped by in testing.

Top
#196607 - 2009-11-09 10:50 AM Re: Kix 4.61+ INGROUP + Windows 7 [Re: NTDOC]
Ruud van Velsen Moderator Offline
Developer
*****

Registered: 1999-05-06
Posts: 391
Loc: Amsterdam, The Netherlands
Hi everyone,

just to let you know that I am looking into this issue. It is definitely a generic Windows 7 <--> Windows 2000 issue (as is apparent from the PsGetSid tests). KiXtart uses the LookupAccountSid API's, just like PsGetSid.

I'll let you know if/when I find a workaround.

Ruud

Top
Page 1 of 2 12>


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 761 anonymous users online.
Newest Members
Timothy, Jojo67, MaikSimon, kvn317, kixtarts2025
17874 Registered Users

Generated in 0.139 seconds in which 0.085 seconds were spent on a total of 14 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org