Active Directory RPC Ports - Server 2012 R2

Similar Messages

• Upgrade from Windows Server 2012 Active Directory to Windows Server 2012 R2 Active Directory

  We are currently running Windows Server 2012 Active Directory and would like to upgrade to Windows Server 2012 R2 AD. Is it OK to just do an in-place upgrade, or is it advisable to build new domain controllers on R2? Are there any guides or articles anyone
  can recommend?

  Hi Ginandtonic,
  To upgrade DC(Domain Controller) from windows server 2012 to windows server 2012 r2, please refer to these articles:
  Upgrade from windows Server 2012 to 2012 R2                                 
  Upgrade Active Directory from 2012 to 2012 R2
  I hope this helps.
  Best Regards,
  Anna

• How to create two domains name in one active directory domain service .server 2012 ??

  Hi there 
  I want to try sharepoint foundation and office web apps server .
  I installed server 2012 sharepoint found 2013 sql server 2012 and create a new forest on active directory domain sevice 
  now I want to install office web apps server 2013 but when I run the setup said me can't install office web apps server on the domain name that installed sharepoint .
  how can I create second domain name on this active directory domain service to install office web apps server ?
  help me please I'm new and just want to try sharepoint and office web apps server .
  mostly I need to create MS access custom web app and I need the web place to run my access custom web app on this server and because I live in iran can't create and sign up for office 365 and sharepoint online so i'm forced to run them on my system .help
  me to complete ths server ?
  Greate Regards :
  Raha
  whit the best regard : Raha

  Hi,
  For how to Use Office Web Apps with SharePoint 2013, the below links should be what you want to refer to:
  Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431687.aspx
  Video: Configure Office Web Apps for SharePoint 2013
  http://technet.microsoft.com/en-us/library/dn455088.aspx
  How Office Web Apps work on-premises with SharePoint 2013
  http://technet.microsoft.com/en-us/library/ff431685.aspx
  In addition, for further assistance for Sharepoint, I suggest you post in the SharePoint forum.
  Regards,
  Yan Li
  Regards, Yan Li

• Active Directory Administrative Center (Server 2012 R2) crashes when running global search

  When running a global search in ADAC using the Server 2012 R2 version, it always without fail crashes when initiating a search using the global search option. This occurs when running natively on a server or using RSAT on Windows 8.1. The error seems
  to be due to the .NET Runtime.
  Has anyone else experienced this or found a fix/workaround?

  Just to keep this problem alive... ADAC on Windows 8.0 was running fine (Global search was the best part) and it was super fast when comparing with Windows 7 ADAC version. The problem occured with Windows 8.1 Preview and continued with Windows 8.1.
  It seems the problem lies with some powershell library, because it is also impossible to uninstall RSAT tools because of the "API and Powershell cmdlets" part of WSUS remote server tools. I tried removing this package through DISM commands and it always
  fails. CBS log file show some error about registry entry being deleted. When I've checked TiWorker.exe execution during DISM removal, the problem occure while checking for a particular registry entry about Microsoft.Update.Administration or something, which
  is present as a registry entry and also as a file in the WinSxS folder, so it remains a mistery why this error occure.
  What I've notices is that ADAC crashes also when trying to change DC. The error is the same, but when debugged, it seems that the application is trying to remove the previous PSDrive, which does not exist.
  My assumption is that someone erroneusly tried to connect the console just with the DC with Windows Server 2012 R2 OS, and then made a mistake not to check within the code if the PSDrive was connected. This is the only thing that make sense.

• Server 2012 restrict active directory dynamic ports

  Hello,
  Has anyone encountered issues with restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012?  I have followed the added the typical registry entries as described below but I still see my RDS gateway in the DMZ trying to communicate
  to my internal DC over other ephemeral ports (49158).  I have rebooted the DC after the registry changes and still no effect.  Are the reg entries the same in 2012?  Any help would be appreciated.  Thank you
  Registry key 1 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters 
  Registry value: TCP/IP Port 
  Value type: REG_DWORD 
  Value data: 49152 (This value needs to be specified in decimal format)
  Registry key 2 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters 
  Registry value: DCTcpipPort 
  Value type: REG_DWORD 
  Value data: 49153 (This value needs to be specified in decimal format)
  Eddie Espino | Secure Data Solutions | Miami, Florida | Microsoft Partner

  Hi,
  There are at least two options that can be used to allow replication when there are network traffic filters (aka firewall) in the network, across two DCs:
  1. Use registry keys on the DCs to force communication over specific ports
  2. Use IPsec to restrict the traffic to two ports only (IP 50 and IP 51)
  I tried to find some relevant documents, but could not find support for restricting the Active Directory dynamic ports for Netlogon and NTDS in Server 2012. You could refer to the following article, it may help you to solve your issues:
  Restricting AD Replication Traffic between DCs to only a few ports
  http://blogs.technet.com/b/luistog/archive/2012/05/08/restricting-ad-replication-traffic-between-dcs-to-only-a-few-ports.aspx
  Regards,
  Mandy Ye

• MS Active Directory as LDAP Server - Email & Group variables do not pickup values

  Hello Experts
  We have OBIEE 10.1.3.4.2 using MS Active Directory as LDAP Server. Init Block "Authentication" (4 variables setup - USER, DISPLAYNAME, EMAIL and GROUP) seems to work fine, but when you do a "Test" and supply userid and password , only USER and DISPLAYNAME showup. Email and Group variables are blank.
  Please help .  Thanks  lot in advance.
  Regards.

  Hello Srini
  Just USER and DISPLAYNAME variables get populated and I think they are coming from MSAD. However, the Email and Group membership information from MSAD does not flow back to OBIEE Server.
  Regards

• Configuring Microsoft ACtive Directory in WebLogic server 10.3.3

  Hi,
  I am working on configuring Microsoft ACtive Directory in WebLogic server 10.3.3. After configuration I couldn't see any AD users in myrealm-users.
  If there is any document / step-by-step tutorial available please provide me.
  Thanks
  MC

  Just check the product documentation ;-) The Guide Securing WebLogic Server might be of interest for you.
  Here is a link to start with: http://download.oracle.com/docs/cd/E14571_01/web.1111/e13707/atn.htm#SECMG175
  --olaf                                                                                                                                                                                                                                                                                                                                                                                                                                                               

• Dynamics CRM 2015 Install requires Active Directory on VM Windows 2012 R2 Server

  Hello,
  I'm trying to install Dynamics CRM 2015 on a standalone VM not connected to a domain (it's running under WIndows 8.1 Professional). The VM was configured using WIndows Server 2012 R2. I'm getting an error message shortly into the install process stating
  it needs to access Active Directory.
  How can I get around this issue - I just want to Install this CRM on the VM without getting into complicate network/AD issues.
  Can you please advise ?
  SO many thanks,
  John

  CRM requires AD no way around that so the most likely solution is to install it on that server or on a VM not connected to your other networks
  Jason Lattimer
  My Blog -  Follow me on Twitter -  LinkedIn

• Active Directory Dynamic Ports clarification

  Hi All,
  Please enlighten me about my question:
  Scenario:
  We have a Windows server 2008R2 Standard edition running Active directory services in a windows server 2003 forest functional level
  (we use 2003 FFL because some of our client computers were on XP and we're running MS dynamics)
  Question:
  Does the dynamic port setup will depend on the version of windows server solely or will it affect by the windows servers' forest functional level?
  Sorry for this question, but I strongly knew that dynamic ports setup will depend on windows server version itself, but I just want to make it sure. :D
  My reference:
  http://blogs.technet.com/b/askds/archive/2007/08/24/dynamic-client-ports-in-windows-server-2008-and-windows-vista-or-how-i-learned-to-stop-worrying-and-love-the-iana.aspx

  Hiya,
  it's based on the O/S and not related to domain architecture.
  Basically it is the server that "decides" which RPC port range it will be using. As the article states, it has been changed for 2008 and up.

• How to handle SQL connection if password Active directory always change? (Connection using Active directory via network SQL 2012 )

  I have 3 server (Web server, database sql 2012 server and Active directory). I'm using sqlsvr version 3.0,  PHP version 5.3 ,IIS version 7 and windows server 2008.
  Right now my php connection to SQL 2012 using AD id, so How to handle if password on active directory change?

  Solved : Using Kaberos

• Active directory management pack and 2012 R2

  I'm getting the following alert from SCOM 2012 R2:
  "Alert description: AD Op Master Response : The script 'AD Op Master Response' could not determine the PDC Op Master.The error returned was: 'LDAP://server01.domain.local/RootDSE' (0x8007203A)"
  DCDiag shows no errors.
  The error did not show up when we were running 2012 DC:s.

  Resolution: Logged into the server, attempted to open Active Directory Domains and Trusts and received the message: “The configuration information describing this enterprise is not available. The server is not operational.” Debugging, rebooting the server.
  After reboot the issue opening Active Directory Domains and Trusts no longer occurred. Closed the alerts generated to see if they would recur
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• DNS and Active Directory error 4000 server 2008

  Hello all,
  My network skills aren't very good and I'm facing a dilemma. First off we have two Windows servers on the network. The newest is 2008 Standard (named Vader) and the other is 2000 (dells3). Obviously I'd like to get rid of the 2000, but the people in charge
  of my budget haven't given me the option to do so and it's the only back up we have.
  Earlier in the week we had lots of problems. One of our nas boxes locked everyone out who was mapped to it and it would only let me log in through the web portal. Two of our Macs our marketing department uses suddenly locked up and wouldn't let them back
  in (both were part of the Active Directory). A second nas box won't let certain people map to it and for awhile I had issues logging into Vader itself.
  I believe all of these problems are connected to some issues on Vader and possibly in conduction with dells3. In Server Manager under DNS I get error 4000 "The DNS server was unable to open Active Directory. 
  This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and reload the zone. The event data is the error code."
  Then under Active Directory Domain Services I get error 2042 "It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded
  the tombstone lifetime. Replication has been stopped with this source."
  Followed by more text I can post if needed.
  Under File Services error 1202 "The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the
  next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues."
  And finally if I try to open Active Directory Domains and Trusts "The configuration information describing this enterprise is not available. The server is not operational."
  I'm not sure where to start or what to post that might help. Any and all help is appreciated.
  Edit: Also I can only add dells3 as the DNS on Vader in the DNS Manager if I try to add Vader to itself I get an error.

  It's the other way around.  Overall, I'm advising ripping the 2008 server out of AD and adding it back . Let's look at this as a series of steps:
  1.) You do a force demote of the 2008 server because it's tombstoned.  This means the 2008 server is no longer a DC. You are doing a force because it doesn't have the ability to replicate.  If it could replicate, we'd just do a graceful demotion
  and be done with it.
  2.) Once the 2008 server is demoted, we go to the 2000 server which holds the only good copy of AD.  From that server we run a metadata cleanup using the ntdsutil utility.  We use that utility to clean out references to the 2008 server which is
  no longer a DC.
  3.) Once you have a clean AD, you can then promote the 2008 server back into Active Directory.  Make sure Vader is pointing to Dells3 as its primary DNS server before promoting or you'll run into issues.
  Hopefully that clarifies things. 

• SAP R/3 Enterprise 4.7 Sync with Active Directory on Win2k3 server

  All,
  I'm having a nightmare with this and I'm hoping someone can either confirm my problem or solve it for me.
  We are running R/3 Enterprise 4.7 (Web AS 6.20) and would like to sync the users with Micsoroft Active Directory 2003.
  We are exploring the option of using full Active Directory schema expansion for the SAP sync.  i.e. so we have all SAP related fields in AD.
  According to the SAP notes, I need the WEB AS 6.10 installation CD so that I can run R3SETUP to perform the Active Directory schema modifications.
  I have tried to download this from the SWDC with no luck.
  So I guess my questions are:
  1, Do I really need the 6.10 install cd (it seems it's only the ADSINIT.R3S file).
  2, If I do, where can I get it from?, do I need to order it through our SAP contract manager?
  In the meantime, I have tried performing the manual schema extension using the RSLDAPSCHEMAEXT report, uploading this to the AD server and running "ldifde" command.
  This has extended the schema (or so it says), but I can't see any SAP icon in the AD tree.  Have I missed something?
  Any help appreciated.
  Thanks,
  Darryl

  Rainer,
  Thanks for that.
  I have been re-reading note 793191 and question 14 says exactly that.
  I will checkout JXplorer.
  I have found a couple of MS technet articles on how to add your own context menus to the snap-in but it seems like a lot of effort for no real gain.
  Thanks again.
  ps. awarded points

• SAP R/3 Authentication with Active Directory on Win2k server.

  Hello list ,
  We are running SAP R/3 4.7 with WebAS 6.2 on Solaris and a Windows 2000 Active Directory domain. Our users access SAP in 3 ways
  1) SAP GUI .
  2) SAP BW
  3) Travel & Expense - a java application that records users travel details and posts a transaction to SAP using the SAP userid and password.
  Wish to implement SSO for all our users.
  Some research we have done suggests
  1) Using Kerberos for authentication. while it appears that microsoft krb 5 implementation will work only on windows servers, it is not clear how well are other krb implementations supported by SAP. OSS note # 150380 and link http://help.sap.com/saphelp_nw2004s/helpdata/en/44/0ebf6c9b2b0d1ae10000000a114a6b/content.htm
  2) OSS note # 352295 suggest there could be some issue using KRB 5 shipped with unixes.
  "All of the major Unix vendors seem to be shipping a version of Kerberos 5 these days. These implementations should be wire-interoperable with each other and with Microsoft W2K (not necessarily W2K3!), however they may not be interoperable with SAP's shared library interface to GSS-API v2 mechanisms."
  3) There are some commercial solutions like - CyberSafe that provides krb based SSO at a fee. Has anyone tried this software ?
  I have created an OSS ticket but we are still in a queue since 5 days already.
  Has any one from the list implemented a similar solution ? What are the best practices and way to go for a robust solution.
  4) Another option that we have is to start with user synchronization. Where in Users created in Active Directory get synchronized with SAP .
  What is mandatory for us is that Users marked disabled in Active Directory should be blocked in SAP by synchronizing user information at regular interval. If anyone has implemented this solution I will appreciate if they give me some pointers.
  Thanks in advance.
  Harsh Busa

  Tim,
  you are perfectly right: that Vintela product is not certified (as SNC solution).
  But you are not quite right regarding the separate treatment. The major difference between that product and the SNC certified products (such as CyberSafe, Entrust, ...) is: Vintela uses different SNC libraries on the client side (=> our Windows SSPI wrappers, see <a href="http://service.sap.com/~iron/fm/011000358700000431401997E/352295">SAP note 352295</a>) and the server side (=> their own SNC library, not certified). And that is actually also one reason why that solution cannot be certified ...
  Well, those Windows SSPI wrappers provided by SAP (=> gsskrb5.dll, for example) are also not "SNC certified", but SAP provides support (being in contact with Microsoft). Well, as some people might know, there are also some interoperability issues between different Microsoft OS versions ... - resulting in reactive patches of our SSPI wrappers.
  I really do <u>not</u> want to promote <u>any</u> product - neither the one of Quest Software Inc., nor the one of <a href="http://www.cybersafe.ltd.uk/">CyberSafe Ltd</a>, nor <a href="http://www.entrust.com">Entrust Inc.</a>, nor <a href="http://www.secude.com/">SECUDE IT Security GmbH</a>, nor ...
  I do not even want to disencourage anyone from implementing his own Kerberos-based solution (or any other solution which provides an GSS API), provided that this person is able to help himself. Reason: if products of different vendors are used and interoperability problems occur the usual finger-pointing will start. In the end you'll not get support by anyone ... - as long as you are aware of this (and capable of helping yourself) you can go ahead. Some (known) universities are belonging to that group ... - but it might not be appropriete to the vast majority of customers.

• Adding printer in active directory- in windows server 2008 r2

  Is that addition will enhance the printing and the scanning management capability ? how ? and to which extent ?
  by example please !!
  thank you in advance

  When publishing a shared printer to active directory, the machine sharing the printer creates a PrintQueue AD container with information about the print share and the print driver capabilities.  There is absolutely no information regarding
  the scan capability of the device.  AD printqueue objects are not printers, the objects contain the data needed to create a connection to the share.
  Alan Morris Windows Printing Team