BSOD when starting MSMQ service as domain user Windows server 2012
Hi
We have a problem with a server getting BSOD when we start a service related to MSMQ. We get the attempted execute of noexecute memory BSOD whenever we start the service as a User on the domain. When we start the service as a system local it starts without
problem. I got the crashdump here:
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Microsoft (R) Windows Debugger Version 6.3.9600.17298 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\170\120314-11828-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Built by: 9200.16912.amd64fre.win8_gdr.140502-1507
Machine Name:
Kernel base = 0xfffff800`48476000 PsLoadedModuleList = 0xfffff800`48742aa0
Debug session time: Wed Dec 3 14:41:01.892 2014 (UTC + 1:00)
System Uptime: 0 days 0:04:09.904
Loading Kernel Symbols
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
Loading User Symbols
Loading unloaded module list
* Bugcheck Analysis *
Use !analyze -v to get detailed debugging information.
BugCheck FC, {7f982e340e0, 791000010fdb1025, fffff8800485a5e0, 80000005}
Probably caused by : mqac.sys ( mqac!ACCreateQueue+a77 )
Followup: MachineOwner
1: kd> !analyze -v
* Bugcheck Analysis *
ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY (fc)
An attempt was made to execute non-executable memory. The guilty driver
is on the stack trace (and is typically the current instruction pointer).
When possible, the guilty driver's name (Unicode string) is printed on
the bugcheck screen and saved in KiBugCheckDriver.
Arguments:
Arg1: 000007f982e340e0, Virtual address for the attempted execute.
Arg2: 791000010fdb1025, PTE contents.
Arg3: fffff8800485a5e0, (reserved)
Arg4: 0000000080000005, (reserved)
Debugging Details:
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT_SERVER
BUGCHECK_STR: 0xFC
PROCESS_NAME: mqsvc.exe
CURRENT_IRQL: 0
ANALYSIS_VERSION: 6.3.9600.17298 (debuggers(dbg).141024-1500) amd64fre
TRAP_FRAME: fffff8800485a5e0 -- (.trap 0xfffff8800485a5e0)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=000007f982e0c950 rbx=0000000000000000 rcx=0000005dff1fecd0
rdx=0000005dff34e988 rsi=0000000000000000 rdi=0000000000000000
rip=000007f982e340e0 rsp=fffff8800485a778 rbp=fffff8800485ab80
r8=fffffa800e623980 r9=0000000000000521 r10=fffffa800ec547a0
r11=0000000000000006 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
000007f9`82e340e0 ?? ???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80048661ef1 to fffff800484d0540
STACK_TEXT:
fffff880`0485a408 fffff800`48661ef1 : 00000000`000000fc 000007f9`82e340e0 79100001`0fdb1025 fffff880`0485a5e0 : nt!KeBugCheckEx
fffff880`0485a410 fffff800`48588980 : fffff880`0485a5e0 ffffd8e9`9e6056e2 fffffa80`0ec547a0 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x33f2d
fffff880`0485a450 fffff800`4850aabd : fffff880`0485a500 00000000`c0000016 fffffa80`0e603b00 fffffa80`0e623980 : nt! ?? ::FNODOBFM::`string'+0x33e85
fffff880`0485a4a0 fffff800`484cdfee : 00000000`00000008 00000000`00000000 00000000`00000000 fffff880`0485a5e0 : nt!MmAccessFault+0x3ed
fffff880`0485a5e0 000007f9`82e340e0 : fffff880`00dc5297 fffffa80`0ec54770 00000000`00000000 fffff8a0`011ce7c0 : nt!KiPageFault+0x16e
fffff880`0485a778 fffff880`00dc5297 : fffffa80`0ec54770 00000000`00000000 fffff8a0`011ce7c0 fffff980`00000000 : 0x000007f9`82e340e0
fffff880`0485a780 fffff880`00dc60d7 : 00000000`00000000 0000005d`ff34e988 00000000`00000000 00000000`00000000 : mqac!ACCreateQueue+0xa77
fffff880`0485a7f0 fffff800`488ab127 : fffffa80`0e5ed520 fffffa80`0d50ecf0 00000000`00000521 00000000`00000000 : mqac!ACDeviceControl+0x62b
fffff880`0485a890 fffff800`488c02f6 : 00000000`00000000 fffff8a0`00000080 00000000`00000000 00000000`00000000 : nt!IopXxxControlFile+0x7e5
fffff880`0485aa20 fffff800`484cf553 : 00000000`00000000 00000000`0000000c fffff6fb`7dbed078 fffff6fb`7da0ff30 : nt!NtDeviceIoControlFile+0x56
fffff880`0485aa90 000007f9`8a702c1a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13
0000005d`ff34e928 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x000007f9`8a702c1a
STACK_COMMAND: kb
FOLLOWUP_IP:
mqac!ACCreateQueue+a77
fffff880`00dc5297 85c0 test eax,eax
SYMBOL_STACK_INDEX: 6
SYMBOL_NAME: mqac!ACCreateQueue+a77
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: mqac
IMAGE_NAME: mqac.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5010abc2
IMAGE_VERSION: 6.2.9200.16384
BUCKET_ID_FUNC_OFFSET: a77
FAILURE_BUCKET_ID: 0xFC_mqac!ACCreateQueue
BUCKET_ID: 0xFC_mqac!ACCreateQueue
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:0xfc_mqac!accreatequeue
FAILURE_ID_HASH: {d1daca31-6256-358c-65b5-69af54392880}
Followup: MachineOwner
Hi,
For BugCheck FC, it indicates that an attempt was made to execute non-executable memory. For more details,
please refer to following article.
Bug Check 0xFC: ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
à
whenever we start the service as a User on the domain
. When we start the service as a system local it starts without problem
Did you mean that just use a standard domain user account to start the service, then encounter the issue? If
configure Log on as Local System account, will no BSOD issue occurred? Just a confirmation, thanks for your understanding.
Please check if you install all necessary Windows Updates on the server.
In addition, as you know, troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. However, it is
not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
To obtain the phone numbers for specific technology request, please refer to the web site listed below:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
Hope this helps.
Best regards,
Justin Gu
Similar Messages
-
WinX missing for domain users (Windows Server 2012/R2, Windows 8/8.1)
Hi,
I recently created a discussion about a Winx (Right Click) issue that I have in my environment. For windows servers 2012/2012 R2 and windows 8/8.1, I don't have the right click menu.
I don't use roaming profiles. The workaround is to manually copy the Winx folder for each user who log on but I would like to understand why it doesn't work.
Here is the previous discussion I created.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/4e80c369-242f-47ba-bd22-aafb9b0a6072/winx-missing-for-domain-users?forum=winserverManagement#ab6deeb2-cbcd-4147-a871-4c76d4cb37af
I really appreciate your help.
ThanksHi,
I could not reproduce the issue.
When i log in the Windows Server 2012 with domain user, the WinX folder already exists ans the Right Click is ok.
So you could create a new domain user to check the result.
Regards.
Vivian Wang -
When will ADMT/PES be available for Windows Server 2012?
Having upgraded to Windows Server 2012 I would like to trash the AD and take users and their passwords across to a new domain. The main reason for this is that the AD still has a load of hacks in it from Exchange 2007 to segregate address
books. I want to tidy things up ready for Exchange 2013 so I'm building a new domain.
To get the passwords across I need to run PES on the old domain with a key generated on the new domain. ADMT 3.2 will not support this.
So my question is when is ADMT 3.3 (guessing) and PSE for Win2012 going too be released?Hi,
Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
TechNet Subscriber Support
If you are
TechNet Subscription
user and have any feedback on our support quality, please send your feedback
here.
Yan Li
TechNet Community Support -
I have a Windows Server 2012 setup with SQL 2012 SP1 installed. I have tried to install Sharepoint Foundation 2013 and also full blown Sharepoint version...but during the wizard setup I always get 'Cannot find the object 'proc_createNewAppSiteDomainIds',
because it does not exist or you do not have permission.
The install created my db in sql 'team1p-vm' but that is it.
What am I missing?
During the install I have tried both Complete and Stand-alone as the Server Type.
When it gets to the product configuration wizard I use:
Create a new server farm
I enter my database server name: team1p-vm
Database name: SharePoint_Config
I enter my db access account
I enter a farm security settings passphrase
I use 17012 as my port number, select NTLM
I see my configuration settings...
Click Next and I get the error on task 3 of 10.
here is the dump of the application Log: At least some of it.
An exception of type System.Data.SqlClient.SqlException was thrown. Additional exception information: Cannot find the object 'proc_createNewAppSiteDomainIds', because it does not exist or you do not have permission.
System.Data.SqlClient.SqlException (0x80131904): Cannot find the object 'proc_createNewAppSiteDomainIds', because it does not exist or you do not have permission.Can you see if there is anything in the SQL ERRORLOG on the SQL Server that may help at the time you see this error?
Does your user account (the user you're installing SharePoint with) have the sysadmin fixed role in SQL Server?
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Is there a way to change the Windows Update service startup type on Windows Server 2012 R2?
We have a number of newly built 2012 R2 servers that we have HP Operations Manager agent running on that monitors the status of several services and reports if they are "stopped". One of these services is Windows Update. Every day we
get at least one alert saying:
"Service "Windows Update" is not started. Current state is stopped"
Checking the event logs shows that the Windows Update service stops, then a while later it just starts again. Not an error, just an information event.
In Windows 2012 R2 the Windows Update service is set to "Automatic (Trigger Start)", where in previous versions we run (2012/2008R2) it would be set to just "Automatic" or "Automatic (Delayed Start)"
I have come to understand that this behaviour is normal for Windows 2012 R2, and that Trigger Start services by design stop themselves after a period of inactivity. I was unable to find any info on how this works. Our client would like this to
be changed and the Windows Update service stay running all the time, understanding that this impacts performance.
Is there a way to change the Windows Update service in Server 2012 R2 to the old Automatic startup behaviour so that it stays running all the time instead of stopping and starting periodicall? There is no option to do this via the services mmc
gui.
So far I have tried:
Removing the Triggers using the command: sc triggerinfo wuauserv delete
This works temporarily, the service then shows as just Automatic in the services console, however if you restart the server or restart the service it goes right back to being Automatic (Trigger Start).
Any kind of help would be appreciated.This one might help.
Allow configuration of Automatic Updates in Windows 8 and Windows Server 2012
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
Rename forest domain name windows server 2012 R2
I have single DC windows server 2012 R2 ex:abc.local i want to change forest domain name to ab.local?
Hello,
is that an already running domain or is the server just installed?
If the latter demote and promote with the new name again.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights. -
Auto start a program without logon on Windows Server 2012
I develop a software that starts at server startup without login, it works fine with older versions of Windows Server (2003, 2008) with 2012 my executable program that starts only when a session is opened (administrator or user).
My program uses a 32bit architecture it is found in:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Wow6432Node \ Microsoft \ Windows \ CurrentVersion \ Run
How can i make my program starts automatically after any system reboot without logon?
Thank you for your cooperationMake it a service and configure it to start automatically.
.:|:.:|:. tim -
Return 504 Gateway TimeOut when access exchange service by domain/user and password
hi,
here is the scenario: a user of our app is in ntdev domain, and his exchange server located at apj.cloudmail.microsoft.com. our backend api is deployed at the Azure servers at US West.
our api get 504 Gateway Timeout when calling the
FindFolders API of exchangeService. does anyone know how to fix this issue? the following is the core code:
var
service = newExchangeService(ExchangeVersion.Exchange2010);
service.Credentials =
newNetworkCredential(username,
password, domain);
service.AutodiscoverUrl(emailAddress, RedirectionUrlValidationCallback);
service.FindFolders(
WellKnownFolderName.Root,
newFolderView(1));That doesn't sound like its an EWS issue more an issue with the Network path your trying to traverse to the Exchange Server. My suggestion is that you test EWS using the EWSeditor
https://ewseditor.codeplex.com/ (eg it sounds like you may have proxy server that expecting authentication etc.).
Cheers
Glen -
Hi,
I am not able to see drop down menu in report manger, have loaded the internet explorer as administrator still it doesn't pop-up drop down menu in Windows Server 2012 platform and SQL Server 2012, can someone please help me out here, whether any settings
need to be made?
Thanks,
HarishHi Omar,
Thanks for the response, after getting some online help was able to fix the issue, I am using SSRS 2012, below link helped me to resolve the issue in IE 10.0 version
http://answers.microsoft.com/en-us/ie/forum/ie10-windows_8/set-desktop-ie10-to-always-use-compatibility-view/f09597f0-9c3b-437f-9d33-18b5e1ba078d
Thanks,
Harish -
I have an error when join pc's to domain windows server 2012 r2
Hello everyone
I have a problem to join computers to the domain.
I'm doing the procedure is as follows.
1.'ll properties pc
2. I click Change to join the domain.
3. I request the domain administrator credentials
4. I get the window that has joined the domain correctly and then click accept gives me the following error:}
This error message me with all computers that attempt to join the domain.
I have reviewed forums, I have already set the WINS part and for the network adapter. Not if it's a problem with the server version domain is Windows Server 2012 R2.
I appreciate your help.
regards
Miguel SolanoHello everyone
I have a problem to join computers to the domain.
Well I can not understand Spanish but I guess it is related to RPC. :D
In that case, you need to make sure your DNS entries are correct in clients NIC. Similar threads here:
"RPC Server Unavailable" while attempting to Join domain
Windows
Server Troubleshooting: "The RPC server is unavailable"
Mahdi Tehrani |
|
www.mahditehrani.ir
Please click on Propose As Answer or to mark this post as
and helpful for other people.
This posting is provided AS-IS with no warranties, and confers no rights.
How to query members of 'Local Administrators' group in all computers? -
New Windows Server 2012 unable connect to Netlogon Service or update DNS records
Hi everybody, all of my Windows Servers 2012 decided to collapse after innocuous group policy update that was meant to make user passwords more secure.
The AD and DNS seem to be functioning "normally", I am able to add new Windows7 and Windows Server 2008 machines to the domain, I can see them in listed in the AD and DNS record are update correctly, however, as soon as I try to join Windows Server
2012 it breaks.
The event log is littered on the new server with:
The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
Adapter Name : {DB7F73CE-E011-4F3C-BEBC-2CE7A871DF51}
Host Name : CHEETAH
Primary Domain Suffix : somedomain.com
DNS server list :
192.168.0.5
Sent update to server : <?>
IP Address(es) :
192.168.0.15
The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running
at this time.
You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
and
Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.somedomain.com. timed out after none of the configured DNS servers responded.
When I try to ping the primary DC (WS2003) it fails, the Secondary DC (WS2012) responds.
The >nltest /sc_query:somedomain.com on Windows Servers 2012 returns:
Flags: 0
Trusted DC Name
Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully
yet it works on all other machines.
I tried removing 2012 servers from the domain and rejoining - without success. The cookie crumbled when I added two new installations of Windows Server 2012 & 2008 and 2008 worked fine but 2012 showed same symptoms.
There is one peculiar thing that I had noticed on all Windows 2012 machines, it constantly showing "Workplace Connection - Connecting" in the networks pane on the right side of the screen, which I can't say i ever noticed before.
Unfortunately, the secondary DC is a multihoming server with Direct Access role - I am not sure if this may play some part but our existing configuration worked for a year now without any problems. Issue appeared when I changed the password complexity rule,
which boggles the mind. I wonder if there has been some other changes in GPO that did not propagate from years ago and finally comeback to break things.
Any suggestions would be really appreciated.
wminHello Ace, i wish you a Happy New Year! I hope your break was enjoyable and filled with cheer.
In the end I had to bite the bullet and reinstall all troublesome servers. Your recommendations from above removed some serious problems with the DA and DNS resolution.
I was able to attach new server to the domain without any problems and begin painful process of rebuild.
I have promoted TIGER to full DC controller role, but having some issues with replication. Although running >repadmid /showrepl gives positive
feedback, the sysvol folder on the secondary DC is empty.
Also there is a couple of warnings in the event log:
Event ID 4012
Log Name: DNS Server
Source: DNS-Server-Service
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial
synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server
for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
- which has not repeated since 3rd of Jan.
These events occur on the primary DC every few minutes:
Event ID 1030
Source: Userenv
Log Name: NT AUTHORITY\SYSTEM
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Event ID 1058
Source: Userenv
Log Name: NT AUTHORITY\SYSTEM
Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=somedomain,DC=com. The file must be present at the location <\\somedomain.com\sysvol\somedomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The network name cannot be found. ). Group Policy processing aborted.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Should sysvol folder be shared on the secondary DC? Another interesting thing to point out is that
\\somedomain.com\sysvol\somedomain.com\Policies\ can be access
from all other machines except the DC1.
Cheers!
kind regards,
wmin -
Not working properly Computer Browser service in Windows Server 2012
Good afternoon.
Migrated from 2003 to 2012 Active Directory, all is good, but the service Computer Browser in Windows Server 2012 is not working properly.
Online, there are several hundred computers, one network, no segments. PDC is the Master Browser, it is in my list of all the computers, but gives customers or Backup Browser computers only part, and in alphabetical order, giving the first 70 computers and
all.
Looked packet sniffer:
Microsoft Windows Lanman Remote API Protocol
Entry Count: 70
Available Entries: 251
So on Master Browser shows 251 computer, and the client 70.
If disabled on Windows Server 2012 Service Computer Browser, Master Browser is a computer running Windows Server 2003. He gives all computers.
What is the problem, how to get Windows Server 2012 to work correctly as a Master Browser?More info. I have high lighted in bold where the issue is. This is a massive headache for me at the moment
Frame: Number = 377, Captured Frame Length = 182, MediaType = ETHERNET
- Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-13-72-52-6E-A1],SourceAddress:[00-1E-0B-2B-68-DD]
- DestinationAddress: Dell Inc. 526EA1 [00-13-72-52-6E-A1]
Rsv: (000000..)
UL: (......0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
- SourceAddress: 001E0B 2B68DD [00-1E-0B-2B-68-DD]
Rsv: (000000..)
UL: (......0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
EthernetType: Internet IP (IPv4), 2048(0x800)
- Ipv4: Src = 10.44.46.101, Dest = 10.44.44.14, Next Protocol = TCP, Packet ID = 14025, Total IP Length = 168
- Versions: IPv4, Internet Protocol; Header Length = 20
Version: (0100....) IPv4, Internet Protocol
HeaderLength: (....0101) 20 bytes (0x5)
- DifferentiatedServicesField: DSCP: 0, ECN: 0
DSCP: (000000..) Differentiated services codepoint 0
ECT: (......0.) ECN-Capable Transport not set
CE: (.......0) ECN-CE not set
TotalLength: 168 (0xA8)
Identification: 14025 (0x36C9)
- FragmentFlags: 16384 (0x4000)
Reserved: (0...............)
DF: (.1..............) Do not fragment
MF: (..0.............) This is the last fragment
Offset: (...0000000000000) 0
TimeToLive: 128 (0x80)
NextProtocol: TCP, 6(0x6)
Checksum: 0 (0x0)
SourceAddress: 10.44.46.101
DestinationAddress: 10.44.44.14
- Tcp: Flags=...AP..., SrcPort=65372, DstPort=NETBIOS Session Service(139), PayloadLen=128, Seq=1910965363 - 1910965491, Ack=580319796, Win=252 (scale factor 0x8) = 64512
SrcPort: 65372
DstPort: NETBIOS Session Service(139)
SequenceNumber: 1910965363 (0x71E70473)
AcknowledgementNumber: 580319796 (0x2296FA34)
- DataOffset: 80 (0x50)
DataOffset: (0101....) 20 bytes
Reserved: (....000.)
NS: (.......0) Nonce Sum not significant
- Flags: ...AP...
CWR: (0.......) CWR not significant
ECE: (.0......) ECN-Echo not significant
Urgent: (..0.....) Not Urgent Data
Ack: (...1....) Acknowledgement field significant
Push: (....1...) Push Function
Reset: (.....0..) No Reset
Syn: (......0.) Not Synchronize sequence numbers
Fin: (.......0) Not End of data
Window: 252 (scale factor 0x8) = 64512
Checksum: 0x6F65, Disregarded
UrgentPointer: 0 (0x0)
TCPPayload: SourcePort = 65372, DestinationPort = 139
- Nbtss: SESSION MESSAGE, Length =124
PacketType: SESSION MESSAGE, 0(0x00)
- Flags: Add 0 to Length
Reserved: (0000000.)
Extension: (.......0)Add 0 to Length
Length: 124(0x7C)
- SMB: C; Transaction, Remote Administration Protocol, FileName = \PIPE\LANMAN
Protocol: SMB
Command: Transaction 37(0x25)
- NTStatus: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS
Code: (................0000000000000000) (0) STATUS_SUCCESS
Facility: (...0000000000000................) FACILITY_SYSTEM
Customer: (..0.............................) NOT Customer Defined
Severity: (00..............................) STATUS_SEVERITY_SUCCESS
- SMBHeader: Command, TID: 0x2001, PID: 0x276C, UID: 0x3801, MID: 0x0140
- Flags: 24 (0x18)
LockAndRead: (.......0) LOCK_AND_READ and WRITE_AND_UNLOCK NOT supported (Obsolete) (SMB_FLAGS_LOCK_AND_READ_OK)
NoAck: (......0.) An ACK response is needed (SMB_FLAGS_SEND_NO_ACK[only applicable when SMB transport is NetBIOS over IPX])
Reserved_bit2: (.....0..) Reserved (Must Be Zero)
CaseInsensitive: (....1...) SMB paths are case-insensitive (SMB_FLAGS_CASE_INSENSITIVE)
Canonicalized: (...1....) Canonicalized File and pathnames (Obsolete) (SMB_FLAGS_CANONICALIZED_PATHS)
Oplock: (..0.....) Oplocks NOT supported for OPEN, CREATE & CREATE_NEW (Obsolete) (SMB_FLAGS_OPLOCK)
OplockNotify: (.0......) Notifications NOT supported for OPEN, CREATE & CREATE_NEW (Obsolete) (SMB_FLAGS_OPLOCK_NOTIFY_ANY)
FromServer: (0.......) Command - SMB is being sent from the client (SMB_FLAGS_SERVER_TO_REDIR)
- Flags2: 51207 (0xC807)
KnowsLongFiles: (...............1) Understands Long File Names (SMB_FLAGS2_KNOWS_LONG_NAMES)
KnowsEas: (..............1.) Understands extended attributes (SMB_FLAGS2_KNOWS_EAS)
SmbSecuritySignature: (.............1..) Security signatures enabled (SMB_FLAGS2_SMB_SECURITY_SIGNATURE)
Compressed: (............0...) Compression Disabled for REQ_NT_WRITE_ANDX and RESP_READ_ANDX (SMB_FLAGS2_COMPRESSED)
SecuritySignatureRequired: (...........0....) Security Signatures are NOT required (SMB_FLAGS2_SMB_SECURITY_SIGNATURE_REQUIRED)
Reserved_bit5: (..........0.....) Reserved (Must Be Zero)
IsLongName: (.........0......) DO NOT use Long File Names (SMB_FLAGS2_IS_LONG_NAME)
Reserved_bits7_9: (......000.......) Reserved (Must Be Zero)
ReparsePath: (.....0..........) NOT a Reparse path (SMB_FLAGS2_REPARSE_PATH)
ExtendedSecurity: (....1...........) Aware of extended security (SMB_FLAGS2_EXTENDED_SECURITY)
Dfs: (...0............) NO DFS namespace (SMB_FLAGS2_DFS)
Paging: (..0.............) Read operation will NOT be permitted unless user has permission (NO Paging IO) (SMB_FLAGS2_PAGING_IO)
NTStatus: (.1..............) Using 32-bit NT status error codes (SMB_FLAGS2_NT_STATUS)
Unicode: (1...............) Using UNICODE strings (SMB_FLAGS2_UNICODE)
PIDHigh: 0 (0x0)
SecuritySignature: 0x0
Unused: 0 (0x0)
TreeID: 8193 (0x2001)
ProcessID: 10092 (0x276C)
UserID: 14337 (0x3801)
MultiplexID: 320 (0x140)
- CTransaction:
WordCount: 14 (0xE)
TotalParameterCount: 32 (0x20)
TotalDataCount: 0 (0x0)
MaxParameterCount: 8 (0x8)
MaxDataCount: 4200 (0x1068)
MaxSetupCount: 0 (0x0)
Reserved: 0 (0x0)
- Flags: Do NOT disconnect TID
Disconnect: (...............0) Do NOT disconnect TID
NoResponse: (..............0.) Server response to the client
Reserved: (00000000000000..) Reserved
Timeout: 5000 milli sec(s)
Reserved2: 0 (0x0)
ParameterCount: 32 (0x20)
ParameterOffset: 92 (0x5C)
DataCount: 0 (0x0)
DataOffset: 0 (0x0)
SetupCount: 0 (0x0)
Reserved3: 0 (0x0)
ByteCount: 61 (0x3D)
- RemoteAPIBuffer:
- FileName: \PIPE\LANMAN
- Align: 1 Bytes
AlignBytes: Binary Large Object (1 Bytes)
Name: \PIPE\LANMAN
Pad1: Binary Large Object (2 Bytes)
- RAPRequest: NetServerEnum2 Request, InfoLevel = 1, SV_TYPE_ALL: All in NSNET
RAPOpcode: NetServerEnum2
- ParameterDescriptor: WrLehDz; 4 send, 1 receive parameter
Param: (W) WORD (send parameter, 16 bit integer)
Param: (r) Receive buffer (format in data descriptor) (receive data, 0 bit integer)
Param: (L) Receive buffer length (send/receive parameter, 16/16 bit integer)
Param: (e) Entries read (receive data, 0 bit integer)
Param: (h) WORD (receive parameter, 16 bit integer)
Param: (D) DWORD (send parameter, 32 bit integer)
Param: (z) ASCIIZ (send parameter, 8 bit integer)
Param: ASCII NUL (string terminator)
- DataDescriptor: B16BBDz; data bytes send: 0, receive: 34
- Datum: (B) BYTE[16] (receive data, 8 bit integer)
Datum: (B) BYTE (receive data, 8 bit integer)
Digit: 1
Digit: 6
Datum: (B) BYTE (receive data, 8 bit integer)
Datum: (B) BYTE (receive data, 8 bit integer)
Datum: (D) DWORD (receive data, 32 bit integer)
Datum: (z) ASCIIZ* (receive data offset, 32 bit integer)
Datum: ASCII NUL (string terminator)
- NetServerEnum2: SV_TYPE_ALL: All in NSNET
InfoLevel: (1) SERVER_INFO_1
ReceiveBufferSize: 4200 (0x1068)
- ServerType: SV_TYPE_ALL: All
Workstation: (...............................1) All workstations
Server: (..............................1.) All computers with the server service running
Sqlserver: (.............................1..) All running Microsoft SQL Server
DomainCtrl: (............................1...) All primary domain controllers
DomainBakctrl: (...........................1....) All backup domain controllers
TimeSource: (..........................1.....) All Time servers
AFP: (.........................1......) All Apple File Protocol servers
Novell: (........................1.......) All Novell servers
DomainMember: (.......................1........) All LAN Manager 2.x domain members
PrintqServer: (......................1.........) All print servers
DialinServer: (.....................1..........) All dial-in servers
ServerUnix: (....................1...........) All Unix/Xenix servers
NT: (...................1............) All Windows NT workstations or servers
WFW: (..................1.............) All Windows for Workgroups servers
ServerMFPN: (.................1..............) All Microsoft File and Print for NetWare servers
ServerNT: (................1...............) All non-domain controller servers
PotentialBrowser: (...............1................) All servers that can run the browser service
BackupBrowser: (..............1.................) All backup browsers
MasterBrowser: (.............1..................) All master browsers
DomainMaster: (............1...................) All domain master browsers
Reserved1: (..........11....................)
Windows: (.........1......................) All Windows 95 or later
DFS: (........1.......................) All DFS root servers
ClusterNT: (.......1........................) All NT Clusters
Terminalserver: (......1.........................) All Terminal Servers
ClusterVSNT: (.....1..........................) All NT Cluster Virtual Server Names
DCE: (....1...........................) AllIBM DSS (Directory & Security Services)
Reserved2: (...1............................)
AlternateXport: (..1.............................) Return list for alternate transport
LocalListOnly: (.1..............................) Return local list only
DomainEnum: (1...............................) Enumerate primary domain
Domain: NSNET
Then the reply;
Frame: Number = 378, Captured Frame Length = 1514, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-1E-0B-2B-68-DD],SourceAddress:[00-13-72-52-6E-A1]
+ Ipv4: Src = 10.44.44.14, Dest = 10.44.46.101, Next Protocol = TCP, Packet ID = 27036, Total IP Length = 1500
+ Tcp: Flags=...A...., SrcPort=NETBIOS Session Service(139), DstPort=65372, PayloadLen=1460, Seq=580319796 - 580321256, Ack=1910965491, Win=253 (scale factor 0x8) = 64768
+ Nbtss: SESSION MESSAGE, Length =2013
+ SMB: R; Transaction, Remote Administration Protocol
- RAPResponse: NetServerEnum2 Response, Count = 31
Win32ErrorCode: 0x00000000 - ERROR_SUCCESS - The operation completed successfully.
Converter: 2251 (0x8CB)
- NetServerEnum2: Count = 31
EntriesReturned: 31 (0x1F)
EntriesAvailable: 31 (0x1F)
+ NetServerInfo1: APOLLO
+ NetServerInfo1: ARTEMIS
+ NetServerInfo1: ASKLEPIOS
+ NetServerInfo1: CASTOR
+ NetServerInfo1: DCC4503-131L
+ NetServerInfo1: DCC4503-155L
+ NetServerInfo1: DCC4503-157L
+ NetServerInfo1: DCC4503-161L
+ NetServerInfo1: DCC4503-171L
+ NetServerInfo1: DCC4503-172L
+ NetServerInfo1: DCC4503-175L
+ NetServerInfo1: DCC4503-177L
+ NetServerInfo1: DCC4503-183L
+ NetServerInfo1: DCC4503-184L
+ NetServerInfo1: DCC4503-185L
+ NetServerInfo1: DCC4503-188L
+ NetServerInfo1: DCC4503-196L
+ NetServerInfo1: DCC4503-197L
+ NetServerInfo1: DCC4503-199L
+ NetServerInfo1: DCC4503-202L
+ NetServerInfo1: DCC4503-203L
+ NetServerInfo1: DCC4503-205L
+ NetServerInfo1: DCC4503-210L
+ NetServerInfo1: DCC4503-213L
+ NetServerInfo1: DCC4503-219L
+ NetServerInfo1: DCC4503-220L
+ NetServerInfo1: DCC4503-228L
+ NetServerInfo1: DCC4503-233L
+ NetServerInfo1: DCC4503-234L
+ NetServerInfo1: DCC4503-236L
+ NetServerInfo1: DCC4503-241L
StringData: Binary Large Object (586 Bytes) -
Adding second domain controller in Windows server 2012 R2
Hello, our primary domain controller is currently on a machine that has Windows Server 2008 R2 Standard. We are planning to setup a second domain controller as a failover to our primary domain controller. My question is, can we have a secondary domain
controller on a Windows Server 2012 R2 even if our primary domain controller is on a machine that has Windows Server 2008 R2?I think I found the answer to my question.
http://technet.microsoft.com/en-us/library/dd464018(v=ws.10).aspx
"In Windows Server 2012, Adprep.exe is integrated into the AD DS installation process and runs automatically as needed. For example, when you install the first domain controller that runs Windows Server 2012 into an existing domain and forest, then adprep
/forestprep and adprep /domainprep automatically run and report the results of the operations.
Some organizations may prefer to run Adprep.exe separately in advance of an AD DS installation. For this reason, Adprep.exe is also included in the \Support\Adprep folder of the operating system disk.
In Windows Server 2012, there is only one 64-bit version of Adprep.exe. It can be run remotely from any server that runs a 64-bit version of Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012. The computer where you run it can be either
domain-joined or in a workgroup.
The version of Adprep.exe in Windows Server 2012 includes new syntax and parameter options in order to run it remotely. For more information, see
Adprep."
For more information about the objects and containers that are created when the schema is extended to support Windows Server 2012, see
Windows Server 2012: Changes to Adprep.exe. -
On Windows Server 2012 R2 the option "Show my desktop background on Start" is disabled
Since this thread is
inactive, I am starting a new one.
On windows server 2012 R2, under the taskbar properties, the option to display desktop background on start is disabled and I have not found a way to enable the same.
Please suggest, how this can be enabled.
With regardsYou should take a look at this thread. They still haven't figured it out yet though, I don't believe it is possible at the moment on server 2012 even with desktop experience installed.
http://social.technet.microsoft.com/Forums/windowsserver/en-US/9e26b0d5-e586-45b6-91bf-540a72dd36fc/on-windows-server-2012-r2-the-show-my-desktop-background-on-start-is-grayed-out?forum=winservergen
http://WrinkleFreeIT.com/ -
ACS 4.1 support with Windows Server 2012 Domain controller
I am upgrading my Domain Controller / Active Directory from Windows Server 2003 to Windows Server 2012.
In my environment, I am using Cisco ACS 4.1 which is integrated with Windows Server 2003 Active Directory.
Will ACS4.1 will work fine with my new domain controller (Windows server 2012) or I need to upgrade my ACS too?
Regards,
JunaidJunaid,
ACS 4.x code doesn't even support Windows 2008 R2. Your best bet is to migrate the ACS from 4.x to ACS 5.4 Patch 2 or stay with windows 2003 or 2008 (Non-R2).
ACS 5.4 patch 2 supports Windows 2012 AD.
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/release/notes/acs_54_rn.html
Regards,
Jatin
**Do rate helpful posts**
Maybe you are looking for
-
Unable to edit the document in sharepoint2010
Hi, I am unable to edit the document in sharepoint2010 with IE-10 while editing i am getting the error like "The form cannot be displayed in the browser because the use of session cookies has been disabled in the current browser settings.In order to
-
Windows 7 64bit timed out when d/l my purchases
Tried everything turned of firewall turned off virus protection hooked directly into modem. All my other programs connect with no problem.What happen was i bought a new computer downloaded the 64 bit version of itunes no problem accessing itunes or l
-
On a Mac, can you navigate menus with one handed key strokes like Windows?
On a Mac, is there anyway to navigate menus with one handed keyboard strokes like you can in Windows? My girlfriend is a graphic designer and switched from Windows to Mac. She misses being able to use the Alt key and make menu selections. On Windows
-
I am unable to sign up through the BT website for their free 3 month offer of Onlive. It says my line doesn't meet minimum speed requirement. According to the Onlive FAQ a minimum of 3 meg is needed and 5 meg is recommended. I currently sync at 6.7 m
-
To convert the values in the column from upper case to Camel Case.
Hi All, I have requirement to convert the column values(Data in the Columns) from upper case to camel case in pivot table view. For Eg: I have Table Name:Billing_Transaction under Billing_Transaction table i Have column Comment_Text Data in Comment_T