NS as a Domain Controller, local user folder access problem


(Enrico Lorenzi) #1

Hi everybody,

I’m using NS as Domain controller with 5 windows client (7/8/10). I have some little issue with some app like google chrome and dropbox. With chrome I’ll lose user settings every time I reboot the machine, and dropbox doens’t start, should be folder permission error.

[get_extra_trace_info failed]
Traceback (most recent call last):
File “dropbox\client\main.pyo”, line 630, in boot_error
File “dropbox\client\main.pyo”, line 4390, in get_dropbox_path
AttributeError: ‘NoneType’ object has no attribute ‘get_dropbox_path’

Original traceback:

Traceback (most recent call last):
File “dropbox\client\main.pyo”, line 4698, in main_startup
File “dropbox\client\main.pyo”, line 1848, in run
File “dropbox\client\main.pyo”, line 875, in startup_low
File “dropbox\client\multiaccount\instance_database.pyo”, line 842, in init
File “dropbox\client\mapreduce.pyo”, line 59, in init
File “dropbox\client\mapreduce.pyo”, line 105, in new_user_key
File “dropbox\keystore\keystore_win32.pyo”, line 73, in store_versioned_key
File “dropbox\keystore\keystore_win32.pyo”, line 80, in _store_versioned_key
File “dropbox\keystore\keystore_win32.pyo”, line 160, in _encrypt_payload
File “pynt\helpers\crypt.pyo”, line 30, in protect_data
FormattedWindowsError: [Error 0x80090345] Impossibile completare l’operazione richiesta. Il computer deve essere trusted per la delega e l’account utente corrente deve essere configurato per consentire la delega.


(Alessio Fattorini) #2

That’s odd, no problems joining windows domain? @Ctek or @nrauso may are able to help here.


(Enrico Lorenzi) #3

I know. No problem at all joining domain. The same problem on all pc, but only with domain users.


(Bogdan Costin) #4

Not really sure but I think that the last line in the trace can provide some info.
The computer is not trusted to delegate.

Check that the computer(s) are correctly joined in Samba.
When you have logged into one of the machines with the domain account check that the profile is correct and pointing to the correct folders. Also check that the permissions for the users are correct in that folder.

Try to create a document / folder and see if it is replicated on the server. Could be more to this but perform this steps for now and come back with info.

Also please tell us if the apps from the computers are available for all the users. (re-install them with a domain admin account)


(Marc) #5

Here’s a link which may help.
@enrilor, are you using Roaming Profiles?

Edit: Original Source seems to be the Microsoft KB3000850 article, which has workarounds to known issues caused by some Windows updates.

After you install security update 2992611 or update 3000850, domain users who log on to domain-joined Windows 8.1 computers experience the following issues:

  • Adding new account in Windows Live Mail 2012 fails with error 0x80090345.
  • Saving RDP passwords fails with no apparent error.
  • Opening Credential Manager fails with error 0x80090345.
  • Explorer hangs when encrypting a file.

Workaround
To work around this problem, set the value of the ProtectionPolicy registry entry to 1 to enable local backup of the MasterKey instead of requiring a RWDC in the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb


(Enrico Lorenzi) #6

No I didn’t use roaming profiles.

Thanks dnutan, problem solved.