Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, April 11, 2016 7:28 PM | 1 vote
In a windows 7 environment, all the rsat tools are able to manage untrusted domains by using the runas /netonly command to launch said tools and connect to the domain.
In windows 10 however, the Administrative Center crashes when it is launched by this command. I haven't been able to find a solution as of yet. Event viewer points to .Net being the issue but I am not 100% certain
I have attempted the following ways to launch the administrative center and each time the same results happen.
runas /netonly /user:domain\username dsac.exe
runas /netonly /user:domain\username "dsac.exe /server=servername.fqdn"
runas /netonly /user:domain\username ServerManager.exe
Launch Administrative Center from Server Manager.
runas /netonly /user:domain\username cmd.exe
From new command line window run dsac.exe
Does anyone have any ideas on how to launch this specific tool to manage an untrusted domain?
All replies (5)
Tuesday, April 12, 2016 7:32 AM | 1 vote
Hi CrypticSage,
Could you please explain a bit about the untrusted domain you mentioned here?
If dsac.exe crashed, there would be related event logs in the Event Viewer.
By the way, what is your Windows 10 current version?
Try the command below and see if it would make any difference:
SFC /SCANNOW
Dism /Online /Cleanup-image /Restorehealth
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Tuesday, April 12, 2016 1:43 PM | 2 votes
We have two domains. Domain A and Domain B. No trust relationship is allowed between the two domains.
All our workstations are joined to domain A. We are trying to manage domain B for a specific user base.
Two events are created dsac crashes. The first is a .NET Runtime Error, the second is an Application Error. We created a test windows 10 system with a fresh install. No customization or group policy applied to it for testing and to try to find a fix. Even on a fresh install the issue occurs. I've even done some testing on an insider preview release to see if it's an issue that is fixed in future releases.
I'll add that only the Administrative Center (dsac.exe) crashes. MMC and Server Manager will launch fine when using runas with the netonly attribute.
.NET Error
Application: dsac.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
Exception Info: System.Security.Authentication.InvalidCredentialException
at System.Net.Security.NegoState.ProcessReceivedBlob(Byte[], System.Net.LazyAsyncResult)
at System.Net.Security.NegoState.StartSendBlob(Byte[], System.Net.LazyAsyncResult)
at System.Net.Security.NegoState.StartSendBlob(Byte[], System.Net.LazyAsyncResult)
at System.Net.Security.NegoState.ProcessAuthentication(System.Net.LazyAsyncResult)
at System.Net.Security.NegotiateStream.AuthenticateAsClient(System.Net.NetworkCredential, System.String, System.Net.Security.ProtectionLevel, System.Security.Principal.TokenImpersonationLevel)
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider+WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(System.IO.Stream, System.ServiceModel.Security.SecurityMessageProperty ByRef)
Exception Info: System.ServiceModel.Security.SecurityNegotiationException
Server stack trace:
at System.ServiceModel.Channels.WindowsStreamSecurityUpgradeProvider.WindowsStreamSecurityUpgradeInitiator.OnInitiateUpgrade(Stream stream, SecurityMessageProperty& remoteSecurity)
at System.ServiceModel.Channels.StreamSecurityUpgradeInitiatorBase.InitiateUpgrade(Stream stream)
at System.ServiceModel.Channels.ConnectionUpgradeHelper.InitiateUpgrade(StreamUpgradeInitiator upgradeInitiator, IConnection& connection, ClientFramingDecoder decoder, IDefaultCommunicationTimeouts defaultTimeouts, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.SendPreamble(IConnection connection, ArraySegment`1 preamble, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.DuplexConnectionPoolHelper.AcceptPooledConnection(IConnection connection, TimeoutHelper& timeoutHelper)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage, System.Runtime.Remoting.Messaging.IMessage)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(System.Runtime.Remoting.Proxies.MessageData ByRef, Int32)
at Microsoft.ActiveDirectory.WebServices.Proxy.Resource.Get(System.ServiceModel.Channels.Message)
at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(Microsoft.ActiveDirectory.Management.ADSearchRequest)
Exception Info: System.Security.Authentication.AuthenticationException
at Microsoft.ActiveDirectory.Management.AdwsConnection.ThrowAuthenticationRelatedExceptionIfAny(System.ServiceModel.CommunicationException)
at Microsoft.ActiveDirectory.Management.AdwsConnection.SearchAnObject(Microsoft.ActiveDirectory.Management.ADSearchRequest)
at Microsoft.ActiveDirectory.Management.AdwsConnection.Search(Microsoft.ActiveDirectory.Management.ADSearchRequest)
at Microsoft.ActiveDirectory.Management.ADWebServiceStoreAccess.Microsoft.ActiveDirectory.Management.IADSyncOperations.Search(Microsoft.ActiveDirectory.Management.ADSessionHandle, Microsoft.ActiveDirectory.Management.ADSearchRequest)
at Microsoft.ActiveDirectory.Management.ADObjectSearcher.GetRootDSE(System.Collections.Generic.ICollection`1<System.String>, Boolean)
at Microsoft.ActiveDirectory.Management.Commands.GetADRootDSE.GetADRootDSEBeginCSRoutine()
Exception Info: Microsoft.ActiveDirectory.UI.Exceptions.ADMuxAuthenticationException
at Microsoft.ActiveDirectory.UI.PowerShellHosting.PshHostingEngine.Invoke(System.Management.Automation.PSCommand, System.Collections.Generic.IEnumerable`1<System.Management.Automation.PSObject>)
at Microsoft.ActiveDirectory.UI.PowerShellHosting.Commands.PshCommand.Invoke(System.Management.Automation.PSCommand)
at Microsoft.ActiveDirectory.UI.PowerShellHosting.Commands.PshCommand.InvokeCommand(System.Management.Automation.PSCommand)
at Microsoft.ActiveDirectory.UI.PowerShellHosting.Commands.GetADRootDSEPshCommand.Execute(System.Object)
at Microsoft.ActiveDirectory.UI.ObjectModel.ADCommand.GetADRootDSE()
at Microsoft.ActiveDirectory.UI.Common.DCConnection.RetrieveConnectionProperties()
at Microsoft.ActiveDirectory.UI.Common.DCConnection.Open()
at Microsoft.ActiveDirectory.UI.Common.DCConnectionFactory.Open(System.String, Microsoft.ActiveDirectory.UI.Security.ADCredential, Microsoft.ActiveDirectory.UI.Common.ConnectionMode)
at Microsoft.ActiveDirectory.UI.Caches.CacheManager.GetCacheForServer(System.String)
at Microsoft.ActiveDirectory.UI.Caches.CacheManager.Initialize()
at Microsoft.ActiveDirectory.UI.App.GetData(System.Object, System.ComponentModel.DoWorkEventArgs)
at System.ComponentModel.BackgroundWorker.OnDoWork(System.ComponentModel.DoWorkEventArgs)
at System.ComponentModel.BackgroundWorker.WorkerThreadStart(System.Object)
Exception Info: Microsoft.ActiveDirectory.UI.Exceptions.ADMuxException
at Microsoft.ActiveDirectory.UI.App.PrepareDataComplete(System.Object, System.ComponentModel.RunWorkerCompletedEventArgs)
at System.ComponentModel.BackgroundWorker.OnRunWorkerCompleted(System.ComponentModel.RunWorkerCompletedEventArgs)
at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
at System.Threading.ThreadPoolWorkQueue.Dispatch()
Application Error
Faulting application name: dsac.exe, version: 10.0.10585.0, time stamp: 0x563180db
Faulting module name: KERNELBASE.dll, version: 10.0.14316.1000, time stamp: 0x5700c87e
Exception code: 0xe0434352
Fault offset: 0x0000000000048658
Faulting process id: 0x13ec
Faulting application start time: 0x01d194c06c9faf4e
Faulting application path: C:\WINDOWS\system32\dsac.exe
Faulting module path: C:\WINDOWS\system32\KERNELBASE.dll
Report Id: 99b0058e-2d7c-4983-891d-56cc17c3fc02
Faulting package full name:
Faulting package-relative application ID:
Thursday, April 14, 2016 7:40 AM
Hi crypticSage,
The .Net error are all pointed to Authentication issue.
For the application error, it should be app crash, which is dsac.exe.
Could you please share us the full error message here?
By the way, I tried to use dasc.exe to manage Servers in the same domain, and it works without any issue. And, what would you like dasc.exe to achieve through remote controls, couldn't it be possible just through ADUC?
For your situation, as Server Manager and MMC works fine, would it be possible to add the dsac.exe as a Snap-in under MMC console?
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Friday, April 15, 2016 9:41 PM
Hi crypticSage,
The .Net error are all pointed to Authentication issue.
For the application error, it should be app crash, which is dsac.exe.
Could you please share us the full error message here?
By the way, I tried to use dasc.exe to manage Servers in the same domain, and it works without any issue. And, what would you like dasc.exe to achieve through remote controls, couldn't it be possible just through ADUC?
For your situation, as Server Manager and MMC works fine, would it be possible to add the dsac.exe as a Snap-in under MMC console?
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Managing the domain it is a member of is not an issue with my system either. The problem happens when trying to use the command as stated above to manage an untrusted domain. Did you try to connect to a remote domain to replicate the issue?
I posted both errors in the reply above. One was related to a .NET error and the other to the application error dsac.exe. No other errors are generated.
DSAC.exe is not a management console so it isn't capable of being loaded into mmc. It is it's own self contained executable that runs over powershell.
Thursday, April 21, 2016 2:36 AM
Hi CrypticSage,
Apologize for the late response.
Currently I haven't tested with untrusted domain. I will share the results soon.
Meanwhile, I will try to involve others who are familiar with this part and see what they would share on this topic.
Regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].