Bit locker on Windows 2012 r2 AD And Win 8.1 Client
Can anyone give guidelines/articles for configuring Bit locker on Windows 2012 r2 AD With Win 8.1 Client
I am looking for detailed directions on backing up Bit Lo. & TPM recovery key to AD
Hello,
please start with
https://technet.microsoft.com/en-us/library/dn383581.aspx and
https://technet.microsoft.com/en-us/library/jj592683.aspx?f=255&MSPPError=-2147217396
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:
Similar Messages
-
I have a Macbook Air 2011. Can i run Bit-locker in Windows 7 Ultimate without any problems?
I have a Macbook Air 2011. Can i run Bit-locker in Windows 7 Ultimate without any problems?
montana girl wrote:
I purchased a MacBook AIr Nov. 2011 11" and current OS X 10.7.5. I read that I needed to update to Snow Leopard before I can update to Maverick, ...
Whatever you read was incorrect. You can upgrade directly to Mavericks. It is in the App Store and is free.
Snow Leopard predates the operating system you already have. That's the reason it will not install on your MacBook Air. You spent $20 needlessly for it, but it's yours to resell if you wish. -
Has anyone not been able to get the iTunes installer to load properly and get a message like this: This iTunes installer is intended for 32 bit versions of windows. Please download and install 64 bit iTunes installer instead. I have tried repeatedly to get this to load, I have uninstalled iTunes completely and reinstalled and still get the same message. I have windows XP and a brand new ipod touch which I am trying to load.
Yes, it's come up a number of times. If you look to the right under "more like this", you'll find threads that may offer useful suggestions.
Regards. -
While installing latest version of iTunes error "This iTunes installer is intended for 32-bit versions of Windows. Please download and install the 64-bit iTunes installer instead" how to deal with it ?
Doublechecking. What's the filename of the installer you've been downloading? (The 32-bit installer is called iTunesSetup.exe, and the 64-bit installer is called iTunes64Setup.exe.)
-
Pre-Provisioning Bit Locker in MDT 2012 SP1 while using MBAM 2.5 - No Pin Required
Does anyone have some step by step instructions for Pre-Provisioning Bit Locker. Through task sequences, we are currently able to bit locker the computers but it's the last set of tasks. I would like to Bit Locker the computer while no data is on the
disc so it's faster and then as its imaging, the files are already encrypted.
Currently:
Creates BIOS Password
TPM turned on and enabled (using CCTK)
Remove Password
Registry changes
Installing MBAM 2.5
Removing Registry Entries
Any help would be appreciated!
Thanks
RickBitlocker Pre-Provisioning is available by default on MDT Litetouch...
If you just want to pre-provision the drive without letting MDT LiteTouch enable any protectors (let MBAM do that) then just run the following command after the "FOrmat and PArtition" step in the Task Sequence:
x:\windows\system32\Manage-BDE.exe c: -used
(OR whatever drive letter OS exists on in WinPE)
AS an alternative, I would add a step just before the "ENable Bitlocker (offline)" step in the task sequence:
BDEInstallSuppress=NO
isBDE=YES
then after the "Enable Bitlocker (offline)" step in the Task Sequence, I would set the following:
isBDE=NO
Keith Garner - Principal Consultant [owner] -
http://DeploymentLive.com -
Turning off Opportunistic Locking in Windows 2012 Server?
I have recently switched my database hosting and am having trouble with "Hour Glass" for about 20-30 seconds when trying to save files. I have contacted my application company (Resumate..........database,CRM built on an ACCESS type platform)
and we are brainstorming solutions.
One solution is to turn off opportunistic locking as Windows might actually be locking the file (We have five users using the same file connecting using Remote Desktop Services). Our system has worked seemlessly with our other hosting
option but this delay when trying to save files is not acceptable.
SO, HOW DO WE TURN OFF OPPORTUNISTIC LOCKING IN WINDOWS SERVER 2012 R2?
Thanks Phil H. Charlotte, NCHi,
As you may notice that we cannot disable Opportunistic locking in using SMB2 or SMB3.
See:
https://login.live.com/kb/296264/en-us
The opportunistic locking registry keys are valid only for traditional SMB (SMB1). You cannot turn off opportunistic locking for SMB2.
From your description it is the limitation of the application - SMB2 comes with Windows Vista /Windows 2008, which means the vendor of the application did not recommend to use SMB2 or the application is released for earlier systems while SMB2 is not available
at that time.
If there is no update version, you can try to disable SMB2/3 on server to workaround it. Please run this cmdlet:
Set-SmbServerConfiguration -EnableSMB2Protocol $false
More information please refer to:
How to enable and disable SMBv1, SMBv2, and SMBv3 in Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, and Windows Server 2012
http://support.microsoft.com/kb/2696547
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Windows 2012 answer file and DVD drive letter
Hi
my question is about applying unattend XML file into a Wim file. I have read other thread here but still I can't get it to work. so here is the situation:
I have installed windows 2012 then I have SYSPREPed it and then I created a WIM file with DISM tool and then I have a very simple answer file. I use DISM to mount the image and then use DISM /apply-unattend to push my answerfile into my WIM file. now
the issue is, when I load this image into a VM using DISM tool, everything goes fine and when the server comes up for the first time I see the language setting page asking for "Country or region" and "App Language" and "keyboard layout"
when I hit next , it asks for license agreement and after confirming that one, I can login to windows. How I can hide those 2 windows. my small answer files is :
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
<WillShowUI>Never</WillShowUI>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserData>
<AcceptEula>true</AcceptEula>
</UserData>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TimeZone>Mountain Standard Time</TimeZone>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TimeZone>Mountain Standard TIme</TimeZone>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/win2012/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
can somebody please let me know what am I doing wrong? I was assuming after applying unattanded xml file, when I do DISM /apply-image it gonna use my answer file....
I have one more question as well:
in 2012, I change DVD drive letter from D to Z and then I sysprep it. in target VM when I load my image, DVD drive is D again.
I guess when sysprep generalize everything, DVD drive get detected again and windows assign first available letter to it. my second question is : is there any way to make drive letter setting stays the same in target computer?
Your help is much appreciated!Hi,
Where did you put the answer file? Windows has several places to check the files, you can refer to the following article, notice Implicit Answer File Search Order.
Windows Setup Automation Overview
http://technet.microsoft.com/en-in/library/hh824950.aspx
For DVD drive letter, I think you can assign it via a script with diskpart command:
Assign, change, or remove a drive letter
http://technet.microsoft.com/en-in/library/cc757491(v=ws.10).aspx#BKMK_CMD
Include a Custom Script in a Windows PE Image
http://technet.microsoft.com/en-us/library/cc766521(v=ws.10).aspx
Hope this helps. -
Change license to Windows 2012 R2 Essentials and Windows 2012 R2 Standard
Hi,
I'm working for a small company (10 users). We have 2 servers; 1 is a normal file server, domain controller etc.; the second is dedicated for running a financial application. We bought and installed new hardware but with so called 'Technet licenses'.
Obviously we need to buy proper licenses. I have 2 questions :
1. Am I correct in buying 1 Windows 2012 R2 Essentials license, 1 Windows 2012 R2 Standard license and 10 CALs ?
2. Can I just install these licenses 'over' the existing 'Technet licenses' ?
Any help will be greatly appreciated.
Ronald RuijtenbergI would purchase one Server Standard license, install it as a hypervisor on the server, then add to VMs. First one is Server with the Essentials role, the second to run your financial application. You can do this on one physical box and you
only have to purchase one copy of Server Standard.
Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit. -
Windows 2012 storage server and tier with external SSD disks
Hi
My query is in case I have one SAN storage with SSD and FC disks connected to Windows 2012 storage server, will Windows be able to manage Tier between two types of disks if the volumes are properly assigned and formated?
RegardsHi
My query is in case I have one SAN storage with SSD and FC disks connected to Windows 2012 storage server, will Windows be able to manage Tier between two types of disks if the volumes are properly assigned and formated?
Regards
Short answer: No, not automatically. Long answer: Yes, it can be done but with some tricks. First you'll have to make your SAN export LUs built from flash and from spindles. At least one of each (see URL below). Then you'll have to build storage spaces (even
clustered but that's not officially supported for non-SAS disks) from them.
See:
Configure Tiering with Windows Server 2012 R2
http://blogs.technet.com/b/askpfeplat/archive/2013/10/21/storage-spaces-how-to-configure-storage-tiers-with-windows-server-2012-r2.aspx
Both LUs would have non-SSD type reported so you'll have manually assign types with PowerShell what's flash and what's spindle.
"Notice that the SSD devices were detected as SSD media. However, in this case the physical drives show as unknown.
If yours are not detected like in this example, they should be set correctly which can be done using PowerShell. "
Hope this helped :)
StarWind VSAN [Virtual SAN] clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts. -
Bit Locker on windows 2008 R2 Virtual machine
Hello there !
We have a a number of Windows 2008 R2 machines and we wish to provide an encryption mechanism for each Virtual machine.
It's a VMware environment and all the VM files go into NFS drives.
Do you think , Bitlocker will help ?
Is Bitlocker supported on Virtual machines ?
In my opinion , Bitlocker is to safeguard against any "physical" threat to a machine.
But I wanted a second opinion here.
Please help me.VMs don't have a Trusted Platform Module (TPM) available to store the Full Volume Encryption Key (FVEK) used for BitLocker, but you can still use Hyper-V by storing the necessary information on a floppy drive. Use the command line:
cscript c:\Windows\System32\manage-bde.wsf -on C: -rp -sk A:
BitLocker is now enabled within the VM.
VMs don't have a Trusted Platform Module (TPM) available to store the Full Volume Encryption Key (FVEK) used for BitLocker, but you can still use Hyper-V by storing the necessary information on a floppy drive. Use the command line:
cscript c:\Windows\System32\manage-bde.wsf -on C: -rp -sk A:
BitLocker is now enabled within the VM.
Hyper-V Security How to: Use BitLocker to Protect Your VMs
http://blogs.technet.com/b/tonyso/archive/2008/07/01/hyper-v-security-how-to-use-bitlocker-to-protect-your-vms.aspx
for VMeare VMs you have to check with VMware and these links may help you
How to Encrypt VMware VM running Windows 2008 R2 with Microsoft Bitlocker
http://www.christowles.com/2010/10/how-to-encrypt-vmware-vm-running.html
http://www.networknet.nl/apps/wp/archives/395
Mohamed Fawzi | http://fawzi.wordpress.com -
Windows 2012 - SYSVOL replication and NETLOGON share
After reading 100 tons of articles and links i decided to open this thread.
I know today is 1st of april, but unfortunately for me this is not a joke.
given:
two 2003 DC's - physical servers
two 2008 DC's - VM's on ESX 5.1 hosts
two 2012 DC's - VM's on ESX 5.5 hosts
domian fucntional level 2003
situation:
we plan to decom the 2003's.
The 2008 DC's are in place since a while and working ok.
We plan to upgrade to 2012 and here it is where the trouble starts.
Firstly, I couldn't, by any means, to promote 2012 as DC's until i moved all the FSMO roles from the 2003 DC's to the 2008 DC's.
After lots of work with the network team we made all the right connections opened the firewalls, made the DCDIAG and DNS tests and the only problem reported are the SYSVOL replication and NETLOGON share.
I tried all the tools out there to check the replication and the last one is Microsoft's AdRplstatus Tool which made me think that either Microsoft makes fun of me, either i'm the dumbest windows admin on this planet.
This tool reports that there are NO ERRORS in replicating SYSVOL, but when i run the command 'net share' the 'domain.com\sysvol\scripts' is not there. Further more checking, i try to access '\\domain.com\sysvol' - directory under which i must find the 'policies'
and 'scripts' folders and, Sysvol is empty - obviously these are present when i do this check from the 2008 DC's or 2003 DC's.
Is there a known issue for these problems regarding 2012 and ESX 5.5 ? - still, i doubt it.
DCDIAG /TEST:DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc-p01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: dc-p01
Starting test: Connectivity
......................... dc-p01 passed test Connectivity
Doing primary tests
Testing server: dc-p01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... dc-p01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: dc-p01.domain.com
Domain: domain.com
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record i
n zone domain.com
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 184.134.0.97 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 184.134.0.97
dc-p01 PASS
PASS PASS PASS WARN PASS n/a
......................... domain.com passed test DNS
The PTR record query for 1.0.0.127 is still there but i will change it manually, my DNS is set as primary to point to the server itself by it's IP and not 127.0.0.1.
still, that DNS server with that error is a linux DNS, but all my DC's have DNS role on and fully replicating and working, including the 2012's.
DCDIAG:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc-p01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: dc-p01
Starting test: Connectivity
......................... dc-p01 passed test Connectivity
Doing primary tests
Testing server: dc-p01
Starting test: Advertising
......................... dc-p01 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... dc-p01 passed test FrsEvent
Starting test: DFSREvent
......................... dc-p01 passed test DFSREvent
Starting test: SysVolCheck
......................... dc-p01 passed test SysVolCheck
Starting test: KccEvent
......................... dc-p01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... dc-p01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... dc-p01 passed test MachineAccount
Starting test: NCSecDesc
......................... dc-p01 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\dc-p01\netlogon)
[dc-p01] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... dc-p01 failed test NetLogons
Starting test: ObjectsReplicated
......................... dc-p01 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
dc-p01: Current time is 2014-04-01 10:25:09.
DC=ForestDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
DC=DomainDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
CN=Schema,CN=Configuration,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
CN=Configuration,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:25:50
DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
......................... dc-p01 passed test Replications
Starting test: RidManager
......................... dc-p01 passed test RidManager
Starting test: Services
......................... dc-p01 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:26:35
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:27:52
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID fdc (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:31:14
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:32:13
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:32:53
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID c18 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:35:33
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:37:54
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 950 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:42:54
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 5c4 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:47:55
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID ee0 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:52:56
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID e48 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:53:30
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:57:57
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID a20 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:02:58
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 1bc (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 10:06:04
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:07:58
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 14c (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:12:59
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 90c (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:18:00
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 558 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:23:01
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID f00 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 10:23:56
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
......................... dc-p01 failed test SystemLog
Starting test: VerifyReferences
......................... dc-p01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : mydomain
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Running enterprise tests on : domain.comn
Starting test: LocatorCheck
......................... domain.comn passed test LocatorCheck
Starting test: Intersite
......................... domain.comn passed test Intersite
in Active DIrecotry Sites adn Services when i try to replicate FROM a valid SYSVOL Domain Controller towards my 2012 DC i get this:
The following error ocurred during the attempt to contact the domain controller dc-p01:
Directory object not found
i cannot upload picture yet because Ms ...didn t verified me.Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\dc-p01\netlogon)
[dc-p01] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... dc-p01 failed test NetLogons
Starting test: ObjectsReplicated
......................... dc-p01 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
dc-p01: Current time is 2014-04-01 10:25:09.
DC=ForestDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
DC=DomainDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
To perform non-authoritative restore of sysvol, you set the Burflag value & system will automatically tries to sync contents of sysvol with its replicating partner DC. Its not mandatory to select any particular DC for sysvol replication becasue in a
same domain, all DC's shares the same sysvol content.
Sometime, if initialization of FRS doesn't start, you have to follow the below article. Its also applicable to windows 2008 even as long as your using FRS for replication.
http://support.microsoft.com/kb/290762/en-us
To force the replication of sysvol using cmdline, refer below link.
http://blogs.technet.com/b/justinturner/archive/2007/04/27/quick-tip-force-frs-replication.aspx
Its better to find out what went wrong with the overall AD domain infra that sysvol has not been able to contact its partner for sysvol replication using depth assessment of the domain. It can be the network,firewall,antivirus or in-built firewall port issues
which might have broken sysvol replication.
http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights. -
Windows 2012 Domain Controllers and RC4
We are using Qualysguard as our vulnerability scanner, and we are getting QID 38601, "SSL/TLS use of weak RC4 cipher". While we have created a GPO to disable RC4 on the 2008/2012 servers, we have 4 Domain Controllers that we haven't included in
the GPO yet. I'm wondering if disabling RC4 on 2012 Domain Controllers will cause problems that I'm not forseeing right now.
Does someone out there have any knowledge of this through experience or otherwise?
Thanks in advance.
Hi,
As far as I know, disable RC4 cipher usage in SSL/TLS wouldn’t affect Kerberos related services on Domain Controller, since Key Distribution Center (KDC) just use the available encryption type to encrypt tickets that requested from our clients with
RC4_HMAC_NT.
More information for you:
Disabling RC4 Cipher KB2868725 relation to Kerberos
https://social.technet.microsoft.com/Forums/sqlserver/en-US/836eba80-a070-486d-98b2-69b6325cb40e/disabling-rc4-cipher-kb2868725-relation-to-kerberos?forum=winserversecurity
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Windows 2012 R2 DFSR and backlog for Read only Server
Hi All
I have strange situation - i have 2 servers running Win2012R2 with 2 folders replicated by DFSR ( + Deduplication Enabled on both servers). Second Server folders set to ReadOnly. But second server showing high backlog waiting replication to Server1 -
in the same time Staging Folder is empty. When i'm disabling membership for this server, and enabling back - some time it is showing 0 backlog - all is ok, but then it resumes to show hight backlog again. How i can fix it?
Best Wishes, Andrew GolubenkoffHi,
Is there any error message in the Event Log? Since the got the status 5 ( "5: In Error" ), you could try to rebuild the DFSR database to resolve the issue.
For more detailed information, you could refer to the thread below:
DFSR - Database Corrupt
https://social.technet.microsoft.com/Forums/windowsserver/en-US/b69839aa-f050-419c-9344-6b7bf067c318/dfsr-database-corrupt?forum=winserverfiles
Best Regards,
Mandy
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Server 2012 Kms Host and Server 2008 r2 client.
I have deployed a Server 2012 Kms host.
Windows 7, and 8 are activating just fine, and Office 2010 is working.
The issue I'm having is activating Server 2008 and Server 2008 r2.
It seems I have missed a step that would allow me to activate those clients.
Can someone please guide me as to what possibly needs to be done to allow these clients to activate?Hi,
The following steps are needed to set up Volume Activation Services in a Windows Server 2012 test lab:
1. Step 1: Set up the base test lab configuration
2. Step 2: Install the Volume Activation Services server role
3. Step 3: Configure Active Directory-based Activation
4. Step 4: Verify that Active Directory-based Activation works
5. Step 5: Configure Key Management Services (KMS)
6. Step 6: Verify that KMS volume activation works
At same time KMS volume activation requires
a minimum threshold of 25 computers before activation quests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host. However, unless the activation threshold
is reached, the verification will take the form of an error message rather than a confirmation message.
The related KB:
Test Lab Guide: Demonstrate Volume Activation Services
http://technet.microsoft.com/en-us/library/hh831794.aspx
Hope this helps.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
XP as server, and Win 7 as client
I have a windows XP desktop and a Thinkpad on Windows 7. I want to turn my desktop into a server and access the hard drive from my laptop when im at work. Is there any way to do this from within in windows? or a way to do this for free? I only want to give permission to my laptop, i dont want to make it a public thing, obviously. Thanks in advance if anyone know how to this this.
T400
Intel® Core™2 Duo T9400 2.53 GHz__Windows 7 Professional__3GB Memory__160GB, 7200RPM Hard Drive__14.1” WXGA+TFT-CFL__ATI Mobility Radeon™ HD 3470--
Solved!
Go to Solution.http://www.realvnc.com/products/free/4.1/download.html + http://www.dyndns.com/
IPnaSh
First Spanish Community Guru - Colaborador ad honorem
Maybe you are looking for
-
Am getting daily messages from Safari warning me that I am on a website with an unknow certifying authority and my personal information may be at risk. Happens when in Cox webmail and when I am visitying a legitimate site, and I have typed in address
-
Closed Caption text not working correctly
I have set Closed Caption up in Premire but when i do a test output embeded into a QT file the first block of text does not show up, the 2nd and 3rd do but not the first. the first starts on 00:00:00:20. Any help would be apreciated.
-
Apple tv 2 starts up and shows apple logo then resets over and over
apple tv 2 starts up and shows apple logo then resets over and over
-
Editing clips = changed timeline?
Hello all! I am new to Premier Elements (11), so please excuse the newbie question. I'll appreciate whatever help you can give! I'm in the process of editing a short commercial that has many clips with several layers. When I edit a clip to make it lo
-
Concurrent modification exception inside fully synchronized code
Hello, We have a private list private LinkedList<ConnectionChannel> channels = new LinkedList<ConnectionChannel>();that is accessed by multiple threads. One is traversing the items and operating on them, while another thread is adding and removing it