Advanced Audit Policy in Windows 2008R2

Hi,
This is in regards to Advanced Audit Policy configurations in Windows 2008R2.
1. What is the correct way to configure the Audit policies if we have to audit mix of settings from both Legacy & Advanced policies..? For example I would like to audit Account lockouts from Advanced policy along with existing Legacy settings.
2. When I tried last time, the moment I enable Account lockout setting, none of the Legacy settings are applying to the DC.
3. Ned has confirmed this behaviour in his article but his suggestion in such case is to DISABLE the setting “Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings”
http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
3. If we DISABLE the specified security setting - both the settings from Legacy & Advanced policies will get applied as long as there is no conflict, but in case of a conflict, Legacy policy will take precedence over Advanced policy. Is my understanding
correct..?
Thanks in advance for your help!
Ashok

Hi Ashok,
Yes, you understand this policy correctly.
By default, if you define a value for a policy in one of the top-level categories—either in the computer's Local Security Policy or in an applicable GPO—then that top-level
policy will usually override any configurations that you make at the subcategory level with the auditpol command. In other words,  setting audit policy by using basic audit policy categories will override the subcategory audit policy
settings in Advanced Audit Policy Configuration. Enabling the
Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings policy setting allows audit policy to be managed by using subcategories without requiring a change to Group Policy. 
Regards,
Lany Zhag

Similar Messages

  • Domain advanced audit policy not taking effect on DC.

    Hi.
     I'm having a strange problem getting an advance audit policy to take effect on one of my domain controllers, we'll call it DC1. I have two DCs on this network, and both are in the same OU, however behave wildly differently with the same policy.
    For example, on DC1 when I run group policy results wizard from GPMC, I can see the local policy/audit policy settings, but no settings for advanced audit configuration are shown. However, if I log into DC1 itself and look at local security policy,
    it shows settings in both areas.
    No matter what changes I made to either area in the domain policy nothing would change in the local security policy on the system when refreshing group policy on the DC. It was as if it were stuck somehow. If I used the auditpol /get /category:* command
    it showed default audit settings, and that's it.
    I figured I would try to clear them and set them manually, and so I did an auditpol /clear, and now it says No Auditing for all categories. In addition to this, I did a gpupdate /force and it still said no auditing in all cagegories after displaying them
    with auditpol /get /cagories:*. On DC2 which is in the same OU, when running the group policy result wizard, it shows both advance audit, and basic auditing settings being applied.
    If I look in the local security policy it shows no auditing for all basic audit settings, and all the advanced audit settings as being set. Which should be the case when Audit: force audit policy subcategory settings is set (which it is). However, unlike
    DC1, instead of showing No auditing, it shows all of the advanced audit configuration settings when I type auditpol /get /categories: * at the command prompt, and it's gpresults look good. I even cleared the audit policy off of DC2, and got it to show "no
    auditing" before doing a gpupdate, and all it's settings came back. Not so with DC1. DC1 seems to apply all other group policy settings without issue.

    Hi,
    Based on your description, we can use the command auditpol/clear to remove all audit settings, find the audit.csv file existing in the GPOs in which we configured audit settings,
    delete the audit.csv file, and then configure the audit setting via group policy to see if it works as expected.
    The path for the audit.csv file:
    %systemroot%\Sysvol\sysvol\domainname\Policies\GPOs\Machine\
    Microsoft\Windows NT\Audit
    In addition, regarding audit policy, the following blog can be referred to for more information.
    Getting the Effective Audit Policy in Windows 7 and 2008 R2
    http://blogs.technet.com/b/askds/archive/2011/03/11/getting-the-effective-audit-policy-in-windows-7-and-2008-r2.aspx
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
    Best regards,
    Frank Shen

  • Auditing with advanced audit policy

    I'm looking into advanced audit policy and recommendations.  
    What is the difference between "advanced audit policy configuration" and "auditpol.exe?"
    Once advanced audit policy is configured, where can I check the logs? Event Viewer?
    Should the advanced audit policy be configured on the Default Domain Policy or a separate policy on specific OUs?

    Hi,
    The basic security audit policy settings in Security Settings\Local Policies\Audit Policy and the advanced security audit policy settings in
    Security Settings\Advanced Audit Policy Configuration\System Audit Policies appear to overlap, but they are recorded and applied differently. When you apply basic audit policy settings to the local computer using Local Security Policy, you
    are editing the effective audit policy, so changes made to basic audit policy settings will appear exactly as configured in Auditpol.exe.
    There are a number of additional differences between the security audit policy settings in these two locations.
    There are nine basic audit policy settings under Security Settings\Local Policies\Audit Policy and 53 settings under
    Advanced Audit Policy Configuration. The settings available in
    Security Settings\Advanced Audit Policy Configuration address similar issues as the basic nine settings in
    Local Policies\Audit Policy but allow administrators to be more selective in the number and types of events to audit. For example, where basic audit policy provides a single setting for account logon, advanced audit policy provides four. Enabling
    the single basic account logon setting would be the equivalent of setting all four advanced account logon settings. In comparison, setting a single advanced audit policy setting does not generate audit events for activities you are not interested in. In addition,
    if you enable success auditing for the basic Audit account logon events setting, only success events will be logged for all account logon–related behaviors. In comparison, you can configure success auditing for one advanced account logon
    setting, failure auditing for a second advanced account logon setting, Success and failure auditing for a third advanced account logon setting—or no auditing, depending on the needs of your organization.
    The nine basic settings under Security Settings\Local Policies\Audit Policy were introduced in Windows 2000, and therefore are available to all versions of Windows released since then. The advanced audit policy settings were introduced in
    Windows Vista and Windows Server 2008. The advanced settings can only be used on computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008.
    For more information, please refer to the below link:
    Advanced Security Auditing FAQ
    http://technet.microsoft.com/en-us/library/ff182311(WS.10).aspx#BKMK_2
    Best Regards,
    Yan Li
    Yan Li
    TechNet Community Support

  • Reverting from advanced audit policies back to basic

    Hey,
    I'm trying to revert back to basic audit policies after using advanced polies. The policy is set locally on the DC server 2012. I've tried doing this:
    http://support.microsoft.com/kb/921468. There are no advanced polices set. When I set the basic policies they are good until the next gupdate, then they revert "no configured"
    So what ever reason my firewall can only pull signed on users from the basic audit policies and not advanced. Any idea how to revert this?

    Ok, so I got it figured out.
    For anyone else to reference:
    http://technet.microsoft.com/en-us/library/ff182311(v=ws.10).aspx
    In this document they mention:
    How can I roll back security audit policy from Advanced Audit Policy to basic audit policy?
    Applying advanced audit policy settings replaces any comparable basic security audit policy settings. If you subsequently change the advanced audit policy setting to Not configured, you will need to complete the following steps to restore the original
    basic security audit policy settings:
    Set all Advanced Audit Policy sub-categories to Not configured.
    Delete all audit.csv files from the %SYSVOL% folder on the domain controller.
    Reconfigure and apply the basic audit policy settings.
    Unless you complete all of these steps, the basic audit policy settings will not be restored.
    But my issue was a local policy and not in sysvol. I found 2 file locations.
    C:\Windows\security\audit\audit.csv
    C:\Windows\System32\GroupPolicy\Machine\Microsoft\Windows NT\Audit\audit.csv
    Once I renamed those files. Then I could use basic audit policies again.

  • Is it possible for Windows 2008R2 Domain Controllers to audit when a programs are installed/uninstalled on clients and send alerts to Admins?

    We have a program called Audit Wizard that we used with Windows 2003 that monitored all clients and alerted my department when a program was installed/uininstalled. since upgrading to windows server 2008R2, the program no longer works correctly.
    So we are wondering if it is possible for Windows 2008R2 Domain Controllers, running at a 2008R2 forest and domain level) to be able to audit when a programs are installed/uninstalled on clients and send alerts to our Admins?
    If so, How?
    Thanks in advance for your help!
    Pete Macias

    Hi Pete,
    >>So we are wondering if it is possible for Windows 2008R2 Domain Controllers, running at a 2008R2 forest and domain level) to be able to audit when a programs are installed/uninstalled on clients and send alerts to our Admins?
    As far as I know, group policy can't help us do this. If you are interested, we can take a look at System Center Operation Manager and ask for suggestions in the following SCOM forum.
    Operations Guide for System Center 2012 - Operations Manager
    https://technet.microsoft.com/en-us/library/hh212887.aspx
    System Center Operation Manager
    https://social.technet.microsoft.com/Forums/systemcenter/en-US/home?category=systemcenteroperationsmanager
    Best regards,
    Frank Shen 
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Audit logs on Windows 2008 works different when file is modified from UNC path

    Hello All,
    Here i have a strange situation with the generation of audit logs when folders\files are changed locally(my computer) on the server (vs) from the UNC path
    (\\servername\drive$\folder\....).
    File Server : Windows 2008 R2.
    Audting enabled and SACL set on the folder level.
    Enabled advanced auditing for Audit Object Access and enabled the force sub category audit settings on vista \ window 2008 policy via GPO and also verified that the sub category is set.
    also set SACL on one folder on the R drive. (\\servername\r$\<folder>\<audited folder>
    auditpol /get /category:"Object Access"
    Object Access : File System                            
    Success and Failure
    Situation : 1
    When i make any manipulations (traversing \ listing \ adding or deleting folder or files) on the server locally from my computer ---> . r drive --> folder --> audited folder , i get the event id generated (4663) with all the correct
    information.
    For ex: created a new txt file.
    Object: Object Server: Security, Object Type: File, Object Name: R:\Audits1\folder1\New Text Document.txt, Handle ID: 0xcb4
    Process Information: Process ID: 0x1bac , Process Name: C:\Windows\explorer.exe
    Access Request Information: Accesses: WriteData (or AddFile) AppendData (or AddSubdirectory or CreatePipeInstance) , Access Mask: 0x6
    Situation : 2
    When i make the same  manipulations (traversing \ listing \ adding or deleting folder or files) on the server or remotely via the UNC path \\servername\r$\folder\audited folder or DFS share or \\servername\<sharename>
    , i dont get the event id generated (4663) with the needed information.
    For ex: created a new txt file.
    Object: Object Server:      
    Security , Object Type:File ,         
    Object Name:         
    R:\Audits1\folder1\New Rich Text Document (3).rtf , Handle ID:  
    0xa3c
    Process Information: Process ID: 0x4, Process Name:
    Access Request Information: 
    Accesses: WriteData(or addfile), Access Mask: 0x100
    In the second situation process name is empty (for the file events) and also found that the logs generated are very less compared to the first situation.
    Please suggest if there is any fix with this.
    Thanks,

    Enable the following auditing on the server either through domain
    policy or local policy:
    Audit logon events - Success
    Audit Object Access  - Success
    On the Auditing tab, add Everyone with the following audit settings.

  • Purpose of Retention Policy Recovery Window and Redundancy

    Hi,
    Good Evening,
    I have some queries regarding the RMAN Retention Policy Recovery Window and Redundancy.
    1. Any condition is there to set the Retention Policy Recovery Window and Redundancy and control_file_record_keep_time?What is the relationship between these 3 parameters?
    2. Explain the scenario if i set the control_file_record_keep_time=4 Redundancy=3 and Recovery Window=7?
    3. If i set the Redundancy=3 and Recovery Window=7 means my backup place only have 3 copies of backup based on the redundancy then what is the purpose of Recovery Window=7 please give some example.
    4. If i change the values for Recovery Window=3 and Redundancy=7 what will happened, how many days backup will be available in my FRA location?Explain with one scenario?
    Thanks in advance.
    Vijay.

    Hi,
    Take a look of the above doc contents:
    Configuring the Backup Retention Policy
    As explained in "Backup Retention Policies", the backup retention policy specifies which backups must be retained to meet your data recovery requirements. This policy can be based on a recovery window or redundancy. Use the CONFIGURE RETENTION POLICY command to specify the retention policy.
    so  you have option to choose either  recovery windows or redundancy based you can set the configuration like
    read in the Doc What it said for both:
    Recovery Window-Based Retention Policy ==>RMAN does not consider any full or level 0 incremental backup as obsolete if it falls within the recovery window.  Additionally, RMAN retains all archived logs and level 1 incremental backups that are needed to recover to a random point within the window.
    Redundancy-Based Retention Policy==>The REDUNDANCY parameter of the CONFIGURE RETENTION POLICY command specifies how many full or level 0 backups of each datafile and control file that RMAN should keep. If the number of full or level 0 backups for a specific datafile or control file exceeds the REDUNDANCY setting, then RMAN considers the extra backups as obsolete. The default retention policy is REDUNDANCY 1.
    RMAN> show RETENTION POLICY;
    using target database control file instead of recovery catalog
    RMAN configuration parameters for database with db_unique_name DDTEST are:
    CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    RMAN> CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
    old RMAN configuration parameters:
    CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    new RMAN configuration parameters:
    CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
    new RMAN configuration parameters are successfully stored
    RMAN> show RETENTION POLICY;
    RMAN configuration parameters for database with db_unique_name DDTEST are:
    CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
    RMAN> CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    old RMAN configuration parameters:
    CONFIGURE RETENTION POLICY TO REDUNDANCY 3;
    new RMAN configuration parameters:
    CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    new RMAN configuration parameters are successfully stored
    RMAN> show RETENTION POLICY;
    RMAN configuration parameters for database with db_unique_name DDTEST are:
    CONFIGURE RETENTION POLICY TO RECOVERY WINDOW OF 7 DAYS;
    CONTROL_FILE_RECORD_KEEP_TIME:This parameter applies only to records in the control file that are circularly reusable (such as archive log records and various backup records) ref Doc:CONTROL_FILE_RECORD_KEEP_TIME
    1. Any condition is there to set the Retention Policy Recovery Window and Redundancy and control_file_record_keep_time?What is the relationship between these 3 parameters?
    2. Explain the scenario if i set the control_file_record_keep_time=4 Redundancy=3 and Recovery Window=7?
    3. If i set the Redundancy=3 and Recovery Window=7 means my backup place only have 3 copies of backup based on the redundancy then what is the purpose of Recovery Window=7 please give some example.
    4. If i change the values for Recovery Window=3 and Redundancy=7 what will happened, how many days backup will be available in my FRA location?Explain with one scenario?
    so i believe you can get the Answer from Your Question from Above details.
    HTH

  • Error installing 11g RAC on windows 2008r2 on VMWare ESXi 5

    I am a beginner and am intalling oracle 11g r2 rac for first time . i am stuck during the installaiton I am using windows 2008r2 on VMWare.
    we have attached 500 GB Disk from the NetApp Storage to these hosts.
    no logs are generated at the grind home to see the errors
    in rootcrs_rie_oradbn1_vm.log. i can see an error
    - March 19, 2012 6:17:45 PM GMT+04:00 [Customer Problem Description]
    Problem Description: [INS-20802] Grid Infrastructure Configuration failed.2012-03-19 16:45:29: Creating or upgrading Oracle Local Registry (OLR)
    2012-03-19 16:46:45: Command return code of 255 (65280) from command: E:\app\11.2.0\grid\bin\ocrconfig -local -upgrade arg\sapadmin
    2012-03-19 16:46:45: E:\app\11.2.0\grid\bin\ocrconfig -local -upgrade failed with error: 255
    2012-03-19 16:46:45: Failed to create or upgrade OLR
    I am following the oracle rac intallation document .
    Kindly help
    thanks,
    rajesh.

    923293 wrote:
    I am a beginner and am intalling oracle 11g r2 rac for first time . i am stuck during the installaiton I am using windows 2008r2 on VMWare.
    we have attached 500 GB Disk from the NetApp Storage to these hosts.
    no logs are generated at the grind home to see the errors
    in rootcrs_rie_oradbn1_vm.log. i can see an error
    - March 19, 2012 6:17:45 PM GMT+04:00 [Customer Problem Description]
    Problem Description: [INS-20802] Grid Infrastructure Configuration failed.2012-03-19 16:45:29: Creating or upgrading Oracle Local Registry (OLR)
    2012-03-19 16:46:45: Command return code of 255 (65280) from command: E:\app\11.2.0\grid\bin\ocrconfig -local -upgrade arg\sapadmin
    2012-03-19 16:46:45: E:\app\11.2.0\grid\bin\ocrconfig -local -upgrade failed with error: 255
    2012-03-19 16:46:45: Failed to create or upgrade OLR
    I am following the oracle rac intallation document .
    Kindly help
    thanks,
    rajesh.Its expect to be BUG in 11.2.0.1 if you are installing(11.2.0.1), SO i suggest you to install 11.2.0.2 or 11.2.0.3 on windows 2008r2. Remember you can directly download and install 11.2.0.2 or 11.2.0.3 without base release i.e. 11.2.0.1
    Bug 10142893: GRID INFRASTRUCTURE CONFIGURATION FAILED      
    Bug 9166347: GRID INSTALLATION ROOT.SH AND DEINSTALL FAIL WITH HOTSPOT VIRTUAL MACHINE SIGSEG      
    Also run the Clusterverification utility to know any issues in advance.
    ./runcluvfy.sh stage -pre crsinst -n node1,node2 (specify nodename)

  • Reboot domain controller changes audit policy on Default Domain Controller Policy

    This has been happening for a long time no matter whether my DCs were running Windows Server 2003 or, as they are now, are running Windows Server 2012 R2. It happens on DCs in one particular site, but the policy change it causes is domain-wide.
    I have 2 DCs at that site, every time one of them is rebooted, the following policy is turned off, from Success and Failure to No auditing:
    Default Domain Controllers Policy - Computer Configuration - Policies - Windows Settings - Security Settings - Local Policies/Audit Policy.
    I have monitoring application relying on this policy being turned on, and if it's off, it's being reported. The monitoring application knows the change, but it doesn't know how the change was made.
    All my DCs are running Windows Server 2012 R2, DFL 2008 R2.
    Thanks and regards.

    Hi,
    >>I have 2 DCs at that site, every time one of them is rebooted, the following policy is turned off, from Success and Failure to No auditing:
    Did we try to run command gpresult/h report.html with admin privileges to collect group policy result report to check how the policy setting was  applied after rebooting?  Besides, we can also try to run command
    auditpol /get / category:* from an elevated command prompt to check what audit settings are applied.
    Best regards,
    Frank Shen
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

  • Not Understanding Audit Policy with SCM 8.1 Baseline

    We want to configure Audit Policy on all standalone Windows 8.1 computers to log Success and Failure for Logon attempts.
    The Beta Baseline for Windows 8.1 contains a setting for this, but it is read only and you cannot change it.  Why?
    When that baseline is put into effect on the computer with the LocalGPO tool from the command line, Logon attempts are logged.   However what is bizarre is that both SecPol.msc and GPEdit.msc fail to see this setting for Audit policy.  Why?
    Equally bizarre, if you modify the settings for Audit Policy in SecPol.msc and GPEdit.msc, they show as modified, but as soon as you quit and restart those tools, the settings are lost and the items show up as not configured again.
    So, I'm not understand the behavior at any level here, which looks quite different than other settings in the Baseline.  For other settings, we are able to edit them in the Baseline, and further the local SecPol and GPEdit tools are able to change them.
    Will

    Turns out this question is actually fairly complicated to answer.   The historical "audit policy" contains fewer options than what Windows Vista or later can express.  So, for example, instead of just auditing Logon and Logoff with a single setting,
    later versions of Windows are able to audit Logon and Logoff through separate settings.
    The SCM baseline for 8.1 and the GPEdit both have access to a setting to affect whether Windows uses the historical audit behavior or the newer finer-category "subcategory" settings.  Under local policies | security options there is a setting "Audit:
    Force audit policy subcategory settings"   When this is enabled, your attempts to use the historical audit settings will not change behavior on the computer, and when you quit GPEdit and restart your changes to the historical settings will simply have
    disappeared.
    Will

  • Audit Policy and Event Viewer

    Hi everyone,
    I'm a junior IT auditor seeking for answers about audit policy and event viewer.
    First of all I would like to know what are the difference of log that we obtain from audit policy and event viewer?
    I would like to know that can event viewer show these logs:
    Audit account logon events
    Audit account management
    Audit directory service access
    Audit logon events
    Audit object access
    Audit policy change
    Audit privilege user
    Audit process tracking
    Audit system events
    Thanks in advanced :)

    Hi sally_scrubb,
    As you said, if you configure audit policy, it can provide broad security audit capabilities for client computers and servers. And if you configure this policy, you will find the related events in the Event Viewer.
    For your information, please refer to the following article:
    Audit Policy Settings Under Local Policies\Audit Policy
    In this article, you can find the several links which deliver more detailed information about the items which were listed in your post. From the links, you can learn how to configure the item, what you can get from the item, and the related events about
    the item.
    Hope that helps!
    Regards,
    Lany Zhang

  • SAP GUI Compatibility issue with Windows 2008R2 64 Bit

    Hi Gurus
    Is anyone experienced connectivity issue with SAP GUI (32bit)  on Windows 2008R2 64bit? Except base version of 7.3 every Service Pack failing
    to connect, Strange thing was it was working with SP5 in WINDOWS 7 64bit.
    Your inputs greatly appreciated.
    -giri

    Hi Giri
    Yes, You can do the normal installation on windows 2008 / 2008 R2 systems. we are using in our environment. is this any error message while installation or SAPGUI execution time?
    Refer the SAP Note  66971 - Supported SAP GUI platforms
    BR
    SS

  • How to Delete Non-System State Backups in Windows 2008R2

    Hello,
    I am running a Windows 2008R2 server which uses Windows Server Backup to do the backups. We are using the backup-tool to create non-system state backups of the data-directories on this machine. The backup is done on a dedicated disk connected through iscsi
    (to a Synology box). This backup disk has become too small and we have now replaced the Synology box with a bigger one. Here i created a new LUN again for the backup purposes.
    Now for my question; The wbadmin.exe tool supplied with W2008R2 does not offer a way to delete the old backups. I know that in Win2012 (which we we also have running) I could add the new iscsi location and then (when enough backups are available on the new
    target) use wbadmin.exe delete backup  to delete the old non-system state backups; e.g.
     wbadmin delete backup -version:08/07/2013-21:00
    This (very undocumented) feature of Windows 2012 and higher works quite nice and is exactly what i am searching for on the W2008R2 machine; a way to delete the old backups (and under the hood delete the corresponding snapshots)
    I've done quite a bit of research and it should be possible to do something similar in 2008 but then manually, The howto is described in the following link: http://blogs.technet.com/b/filecab/archive/2009/06/22/backup-version-and-space-management-in-windows-server-backup.aspx .
    Basically it describes that you should use DiskShadow.exe to remove e.g. the oldest snapshot with a  command like :
    Delete shadows OLDEST \\?\Volume{7fc1871b-2e1f-11dd-a339-001e4fb7af35}
    Windows Server backup (wbadmin) should then on the next run 'see' this deletion and update its list of available backups:
    "You can perform the same steps manually to delete backups on demand. However, the backup catalog update cannot be done manually and it will happen instead during
    the next backup."
    I've done this on our box and it indeed removes the shadows from the list. However, in the Windows Backup 'dashboard' it still lists the backups as available. Also after a new backup has finished (according the the article this is when it should 'update'
    its backup catalog). When I try to restore a backup from a date that i just removed it gives a nice message that this is impossible because the snapshot is not available (duh :)) ;
    Unable to browse Local disk. The shadow copy of the backup stored on the backup destination cannot be found.
    So it seems that the aforementioned method works; it removes the snapshot and frees diskspace, but it doesn't update the Windows Backup catalog. As a result the management tool (GUI) still lists the backups which are no longer available! How can i change
    this? Is there any way to do this? I found one article which mentions that the Dashboard bases its screen on the Windows Logs and not on the actual VSS snapshots available:
    http://forum.wegotserved.com/index.php/topic/23757-start-afresh-with-server-backup/ (WHS) In my situation however this seems unlikely because i don't have any logs that date back as far as my backups go.
    In my opinion this is a real bug and it leaves us with a in-consequent backup schema. Does anyone have similar situations or even a solution to my problem?
    Kind Regard, Martin

    Hi Mandy,
    Yes! I think i got my answer and I now get how windows backup works in Windows 2008 :-) It turns out that I dismissed some suggestions a bit too soon. The answer lies in the command mentioned earlier : 
    Wbadmin delete catalog
    This command does delete all the backups from a perspective of the Windows Backup UI, but leaves the VSS snapshots intact. This means that the backups are still available, but you just can't restore them with the User Interface. In order to 'update' the
    UI with the current available snapshots (which you can list with diskshadows list shadows all), you have to re-add the existing media on which the backups took place using the Wizard of the UI. It will then inform you that existing backups are available and
    if you want to keep these for restore purposes. If you click 'yes', and THEN perform a backup ... All the current available backups will be shown in the User Interface :-) 
    So for my steps taken to change from one iscsi (iscsi1) to another (iscsi2):
    - Add the 2nd iscsi target with the Windows Backup UI
    using Backup schedule , Modify backup -> [desired options] => Add more backup destinations -> iscsi2
    - Remove the 1st iscsi target with the Windows Backup UI
    using Backup schedule , Modify backup -> [desired options] => Remove current backup destinations -> iscsi1
    - Run some backups on the new destination. Old restore points are now still available. When enough restore points are available on the new volume iscsi2 start deleting old data from iscsi1 as follows:
    - Run diskshadow
    diskshadow
    - list all the current snapshots
    list shadows all
    - remove all the snapshots of iscsi1  (repeat until all shadows are gone of iscsi1)
    delete shadows oldest \\?\volume{yourvolumeid}\
    - delete the windows backup catalog
    wbadmin delete catalog
    - Restart the windows backup UI and re-add your schedule on the new volume iscsi2. It will now ask if you want the keep the existing data for restore purposes; click yes. 
    - After the next backup only the backups of volume iscsi2 will be listed and everything is fine ! 
    I Hope my post will help others with similar questions. It was quite a search before I understood the way it works. Basically as long as your VSS snapshots are still available and listed by diskshadow you still have the backups and you will be able to get
    this in sync with the steps above (delete schedule and re-add originating targets containing the snapshots). After the next backup the UI will update itself. 
    (In my case someway along the way I lost my originating snapshots, but because I already had my new backup set it didn't bother me; It kept me from having to delete all 510 old backups :) with diskshadow)
    Regard, Martin

  • SSRS 2012 SP2 - Windows 2008R2 - Microsoft.ReportingServices.ReportProcessing.RenderingObjectModelException: A generic error occurred in GDI+

    Hi,
    I have built new SQL 2012 SSRS SP2 with Windows 2008R2 and BAR reports are not showing (just "x" mark in the left corner).
    Following is the log file information. I have gone through other forums and all are with windows 8 or windows 2012. Your help is much appreciated.
    library!ReportServer_0-15!d7c!08/13/2014-10:52:17:: i INFO: RenderForNewSession('/ProductionReporting/PlantProduction')
    reportrendering!ReportServer_0-15!d7c!08/13/2014-10:52:18:: e ERROR: Throwing Microsoft.ReportingServices.ReportProcessing.RenderingObjectModelException: , Microsoft.ReportingServices.ReportProcessing.RenderingObjectModelException: A generic error occurred
    in GDI+. ---> System.Runtime.InteropServices.ExternalException: A generic error occurred in GDI+.
       at System.Drawing.Image.Save(Stream stream, ImageCodecInfo encoder, EncoderParameters encoderParams)
       at Microsoft.Reporting.Chart.WebForms.Chart.Save(Stream imageStream, ChartImageFormat format)
       at Microsoft.ReportingServices.OnDemandReportRendering.ChartMapper.GetImage(ImageType imageType)
       --- End of inner exception stack trace ---;
    Thanks,
    Vel
    Vel Thavasi

    Hi Vel,
    According to the error message, the issue is related to GDI+. Based on my research, it is a known issue that the GDI+ need to be updated on Windows Server 2008 R2. If we want to know what version of GDI+, we can do a file search for Gdiplus.dll.
    To fix this issue, please install the hotfix for your Windows Server 2008 R2 from the following kb:
    http://support.microsoft.com/kb/2495074
    There following thread about the similar issue is for your reference:
    http://social.msdn.microsoft.com/Forums/sqlserver/en-US/50c071db-b4fc-4a2e-a9f4-e10e833c97d2/report-not-rendering-charts-in-pdf-a-generic-error-occurred-in-gdi?forum=sqlreportingservices
    If there are any other questions, please let me know freely.
    Regards,
    Katherine Xiong
    Katherine Xiong
    TechNet Community Support

  • Intel processor bug causes Windows 2008r2 guest to blue screen

    We recently purchased several B200-M3 blades with E5-2680v2 processors.  Our UCS infrastructure and blade firmware is at 2.2(1d).  ESXi hosts are at 5.5u1.
    From my reading of the Release Notes, this makes the new blades vulnerable to Caveat CSCuo30572 which is a bug in the v2 processors that can cause Windows 2008R2 guests to blue screen.
    VMware KB2073791 also deals with this bug
    The Intel Erratum is C135
    Updating the firmware (2.2(1d) probably to fixed version 2.2(3d)) is a relatively long process in our environment.
    Has anyone experienced this bug?  Do the guests blue screen at any particular time; e.g. when booting?  Are Windows 2012 guests impacted?  One of our new v2 blades was running Windows 2008R2 guests for about a week without any known problem.  It has since been taken out of production.
    The Release Notes (2.2) description for CSCuo30572 is:  "Intel v2 processors no longer cause PSOD with Microsoft Windows 2008 R2 VM guests."  Should the PSOD (ESXi crash) actually be BSOD (Microsoft crash)?  Or can ESXi purple screens be caused also, crashing the entire host?
    The Release Notes also indicate that the Caveat is resolved in release 2.2(2c)A.  Does the A indicate that an Infrastructure update is all that is needed?  That does not seem like it would supply the fixed microcode to the processors via BIOS.
    I'm basically looking for some insight before proceeding with another FW update.  Thank you.

    Yes, it refers to Infrastructure (UCS Manager, FI and IOM). You could just upgrade the infrastructure to 2.2.3d and leave your Servers at 2.2.1d 
    Table 2 Mixed Cisco UCS Releases Supported
    of the release notes.
    CSCuo30572
    Intel v2 processors no longer cause PSOD with Microsoft Windows 2008 R2 VM guests.
    2.1(3a)A
    2.2(2c)A

Maybe you are looking for

  • "Cannot be read from or written to"

    HELP!!!! My iPod can charge and everything, it plays fine. I have had it since Nov. 2006, and recently when i connect my ipod to my computer and try to sync it, it says "attempt to copy to Emily's ipo failed. Disk could not be read from or written to

  • Video not automatically downloading in Photo Dowloader

    With my past Canon cameras, including the Canon 880IS, the videos taken with the camera would automatically download with the Photo Downloader of Photoshop Elements 6.0 without any special settings.  My new cameras, Canon D10 and Canon 7D, the videos

  • XML to IDOC : Hierarchy mapping help needed

    Hi All, I am trying to complete graphical mapping for an XML to IDOC structure. Both structures are EXACTLY same, but data is not populating in IDOC as desired. My incoming XML structure and IDOC structure is Header Data_header  (1 -- 999)   |_Data_i

  • ECATT: Dynamic target system for pattern REF possible?

    Hello I am using eCATT on a Solution Manager (NetWeaver 700). I have to run the test scripts on several different SAP systems. Therefore, I would like to know whether it is possible to set the target system within the pattern <b>REF </b>(<i>executes

  • Access Restrictions

    I just upgraded my firmware for my router to the lates and my access restictions no longer function like they did under my old firmware (wrt54g v2.2) currently I have my access restrictions set up like this 1 allow ip:100 24/7 2 allow ip:101 24/7 wit