Can i add a windows 2008 domain controller in a open directory  ?

Similar Messages

• CERT_TRUST_IS_NOT_SIGNATURE_VALID when installing a 3rd-party cert in Windows 2008 Domain Controller

  Hello,
  I'm facing with a problem while trying to install a 3rd-party digital certificate on a Windows 2008 Domain Controller.
  Basically, I'm following this TechNet
  http://technet.microsoft.com/en-us/library/cc783835(v=ws.10).aspx
  1) I did create the file Reqdccert.vbs on the Domain Controller
  2) then I did generate the inf file
  cscript reqdccert.vbs DomainController E
  3) and then I generated a certificate request
  certreq -new AD.inf AD.req
  4) also I've imported RootCA and SubCA into the Certificate Store of the DC
  5) I got a signed certificate from our 3rd-party CA running on Windows 2000
  6) when importing the certificate I get the below error
  C:\>certreq -ACCEPT ad.p7c
  Certificate Request Processor: The signature of the certificate cannot be verifi
  ed. 0x80096004 (-2146869244)
  Here is the verbose log from CAPI2:
  + System 
    - Provider 
     [ Name]  Microsoft-Windows-CAPI2 
     [ Guid]  {5bbca4a8-b209-48dc-a8c7-b23d3e5216fb} 
     EventID 11 
     Version 0 
     Level 2 
     Task 11 
     Opcode 2 
     Keywords 0x4000000000000003 
    - TimeCreated 
     [ SystemTime]  2014-06-13T09:33:02.604870500Z 
     EventRecordID 304 
     Correlation 
    - Execution 
     [ ProcessID]  1700 
     [ ThreadID]  3032 
     Channel Microsoft-Windows-CAPI2/Operational 
     Computer ad.eac.igs 
    - Security 
     [ UserID]  S-1-5-21-4171312682-976198474-2692596432-500 
  - UserData 
    - CertGetCertificateChain 
    - Certificate 
     [ fileRef]  4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer 
     [ subjectName]  ad.eac.com 
    - AdditionalStore 
    - Certificate 
     [ fileRef]  691847ADD248AEB8579462249B063A1555716B21.cer 
     [ subjectName]  SubCA 
    - Certificate 
     [ fileRef]  4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer 
     [ subjectName]  ad.eac.com
    - Certificate 
     [ fileRef]  0175DDA12776ED8CA4657E921E9AE3C6B0698F71.cer 
     [ subjectName]  RootCA 
     ExtendedKeyUsage 
    - Flags 
     [ value]  0 
    - ChainEngineInfo 
     [ context]  user 
    - AdditionalInfo 
    - NetworkConnectivityStatus 
     [ value]  1 
     [ _SENSAPI_NETWORK_ALIVE_LAN]  true 
    - CertificateChain 
     [ chainRef]  {0B005F9F-F15B-4FE2-A630-7BBEE6AB5C0A} 
    - TrustStatus 
    - ErrorStatus 
     [ value]  8 
     [ CERT_TRUST_IS_NOT_SIGNATURE_VALID]  true 
    - InfoStatus 
     [ value]  0 
    - ChainElement 
    - Certificate 
     [ fileRef]  4DA02894B4AFB76F8D6B8722A96A3444041573C6.cer 
     [ subjectName]  ad.eac.com 
    - SignatureAlgorithm 
     [ oid]  1.2.840.113549.1.1.11 
     [ hashName]  SHA256 
     [ publicKeyName]  RSA 
    - PublicKeyAlgorithm 
     [ oid]  1.2.840.113549.1.1.1 
     [ publicKeyName]  RSA 
     [ publicKeyLength]  2048 
    - TrustStatus 
    - ErrorStatus 
     [ value]  8 
     [ CERT_TRUST_IS_NOT_SIGNATURE_VALID]  true 
    - InfoStatus 
     [ value]  4 
     [ CERT_TRUST_HAS_NAME_MATCH_ISSUER]  true 
    - ApplicationUsage 
    - Usage 
     [ oid]  1.3.6.1.5.5.7.3.1 
     [ name]  Server Authentication 
    - Usage 
     [ oid]  1.3.6.1.5.5.7.3.2 
     [ name]  Client Authentication 
    - Usage 
     [ oid]  1.3.6.1.4.1.311.20.2.2 
     [ name]  Smart Card Logon 
     IssuanceUsage 
    - ChainElement 
    - Certificate 
     [ fileRef]  691847ADD248AEB8579462249B063A1555716B21.cer 
     [ subjectName]  SubCA 
    - SignatureAlgorithm 
     [ oid]  1.2.840.113549.1.1.5 
     [ hashName]  SHA1 
     [ publicKeyName]  RSA 
    - PublicKeyAlgorithm 
     [ oid]  1.2.840.113549.1.1.1 
     [ publicKeyName]  RSA 
     [ publicKeyLength]  2048 
    - TrustStatus 
    - ErrorStatus 
     [ value]  0 
    - InfoStatus 
     [ value]  101 
     [ CERT_TRUST_HAS_EXACT_MATCH_ISSUER]  true 
     [ CERT_TRUST_HAS_PREFERRED_ISSUER]  true 
    - ApplicationUsage 
     [ any]  true 
     IssuanceUsage 
    - ChainElement 
    - Certificate 
     [ fileRef]  0175DDA12776ED8CA4657E921E9AE3C6B0698F71.cer 
     [ subjectName]  RootCA 
    - SignatureAlgorithm 
     [ oid]  1.2.840.113549.1.1.5 
     [ hashName]  SHA1 
     [ publicKeyName]  RSA 
    - PublicKeyAlgorithm 
     [ oid]  1.2.840.113549.1.1.1 
     [ publicKeyName]  RSA 
     [ publicKeyLength]  2048 
    - TrustStatus 
    - ErrorStatus 
     [ value]  0 
    - InfoStatus 
     [ value]  10C 
     [ CERT_TRUST_HAS_NAME_MATCH_ISSUER]  true 
     [ CERT_TRUST_IS_SELF_SIGNED]  true 
     [ CERT_TRUST_HAS_PREFERRED_ISSUER]  true 
    - ApplicationUsage 
     [ any]  true 
    - IssuanceUsage 
     [ any]  true 
    - EventAuxInfo 
     [ ProcessName]  certreq.exe 
     [ startTime]  2014-06-13T09:32:53.369Z 
     [ endTime]  2014-06-13T09:33:02.604Z 
     [ duration]  PT9.232850S 
    - CorrelationAuxInfo 
     [ TaskId]  {A8DC7725-FEE9-4E09-905A-FEFF7FAE9B8B} 
     [ SeqNumber]  27 
    - Result The signature of the certificate cannot be verified. 
     [ value]  80096004 
  Any idea what the problem is?
  Thanks in advance,
  Davide.

  One common reason for that error is that the wrong SubCA certificate had been imported accidentally - e.g. an earlier 'version' of that SubCA with the same Subject CA name but a different key. In this case the validating client will try to build a chain
  based on name only but finally the signature check fails.
  Could you cross-check if the extension Authority Key Identifier in your DC certificate is the same as the field
  Subject Key Identifier of the SubCA certificate? (These are typically hashes of the keys though it is not standardized - it should be a unique string characteristic for the CA)
  For the client cert. CERT_TRUST_HAS_NAME_MATCH_ISSUER is indicated in your log - thus Isser name in client cert. matches Subject Name in CA cert, but we don't know about SKI/AKI.
  Elke

• Issue with Installing Oracle 10g R2 on a Windows 2008 Domain Controller

  I'm assigned a evaluation task for my company. The task invoke to install oracle in my Domain Controller Server.
  I got "ORA-12560: TNS:protocol adapter error" when I installed ORACLE 10g R2 for Win2K8 on my Windows 2008 (a Domain Controller Server). It happened in the create predefined database period.
  I tried to google and noted that there are some RUMOS say "We cannot deploy ORACLE on a Domain Controller, It's impossible"
  Is this true? Please, Please advise!
  Thansk,

  This is a link to a same issue
  Creating instance oracle 10.2.0.4 on Windows 2008 32bit

• Windows 2012 Domain Controller: Failed to open the runspace pool. The Server Manager WinRM plug-in might be corrupted or missing

  Hi all,
  We have been battling a problem for the last couple of days when we try to add the first windows server 2012 DC to an already existing Domain.
  The Server installation goes smoothly and we can add the computer to the domain and its all green.
  After we promote the server to a domain controller the WinRM service starts acting up (not responding anymore).
  The server manager console shows Remote Management as disabled, and when we try to enable it via the console or Powershell it freezes up.
  The AD DS part of the console is saying that there are post-promotion tasks that need to be completed but once we click on the task it takes us to the promotion wizard again, that basically complains that: Failed to open the runspace pool. The Server Manager
  WinRM plug-in might be corrupted or missing.
  In the Remote Management Event log we see the following entry: "The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)" Event ID 138
  We are unable to do anything with the server (demote, add roles, remotely manage...). We tryed the following already:
  1. Recreate from scratch
  2. Checking the GPOs to see if there is anything setup about RM -> came up with nothing
  We just ran out of ideas so HELP PLEASE !
  BR
  Tomaz Praprotnik

  Hi Cicely,
  Yes the error from the Windows Remote Management event log contains (I took out the User and FQDN of the Computer):
  Log Name:      Microsoft-Windows-WinRM/Operational
  Source:        Microsoft-Windows-WinRM
  Date:          3/29/2013 1:38:53 PM
  Event ID:      138
  Task Category: Response handling
  Level:         Error
  Keywords:      Client
  User:         
  Computer:     
  Description:
  The client got a timeout from the network layer (ERROR_WINHTTP_TIMEOUT)
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
      <EventID>138</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>10</Task>
      <Opcode>0</Opcode>
      <Keywords>0x4000000000000002</Keywords>
      <TimeCreated SystemTime="2013-03-29T12:38:53.786357100Z" />
      <EventRecordID>6876</EventRecordID>
      <Correlation ActivityID="{18FCFBD2-2B38-0003-D261-FD18382BCE01}" />
      <Execution ProcessID="1084" ThreadID="2924" />
      <Channel>Microsoft-Windows-WinRM/Operational</Channel>
      <Computer></Computer>
      <Security UserID="" />
    </System>
    <EventData>
    </EventData>
  </Event>
  There is also another entry that sometimes comes up:
  Log Name:      Microsoft-Windows-WinRM/Operational
  Source:        Microsoft-Windows-WinRM
  Date:          3/29/2013 1:36:34 PM
  Event ID:      142
  Task Category: Response handling
  Level:         Error
  Keywords:      Client
  User:         
  Computer:     
  Description:
  WSMan operation Invoke failed, error code 2150859046
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" />
      <EventID>142</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>10</Task>
      <Opcode>2</Opcode>
      <Keywords>0x4000000000000002</Keywords>
      <TimeCreated SystemTime="2013-03-29T12:36:34.076973400Z" />
      <EventRecordID>6869</EventRecordID>
      <Correlation ActivityID="{18FCFBD2-2B38-0001-F328-FD18382BCE01}" />
      <Execution ProcessID="4888" ThreadID="4392" />
      <Channel>Microsoft-Windows-WinRM/Operational</Channel>
      <Computer></Computer>
      <Security UserID="" />
    </System>
    <EventData>
      <Data Name="operationName">Invoke</Data>
      <Data Name="errorCode">2150859046</Data>
    </EventData>
  </Event>
  Best regards
  Tomaz Praprotnik

• Server 2008 Domain Controller won't sync with domain for time

  Hi,
  I have a Windows Server 2008 Domain Controller, a physical machine. When I run w32tm /query /status it shows the source as: Local CMOS clock. What ever I seem to try I cannot get it to look at the PDC to sync for time. Using RsOP I can see the correct policy
  is in place, pointing to the correct server. I have checked the registry key and the correct server is in there under \HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Paramaters.
  I have tried various w32tm commands such as seeting the /manualpeerlist to the correct server, /syncfromflags:DOMHIER. I have also used w32tm /config /update, making sure to restart the w32time service.
  But whatever I do I cannot get it to sync from the network, it always shows Local CMOS clock. The time on the server is starting to drift now. When I use w32tm /resync /rediscover I get an error message:  "The computer did not resync because no time
  data was available". There is no firewall between the 2 servers blocking port 123.
  Any ideas why this is happening?
  Thanks

  see:
  http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-1/
  http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-2/
  http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-3/
  http://jorgequestforknowledge.wordpress.com/2010/09/26/configuring-and-managing-the-windows-time-service-part-4/
  <o:p></o:p>
  Cheers,<o:p></o:p>
  (HOPEFULLY THIS INFORMATION HELPS YOU!)
  Jorge de Almeida Pinto | MVP Identity & Access - Directory Services
  * This posting is provided "AS IS" with no warranties and confers no rights!
  * Always evaluate/test yourself before using/implementing this!
  * DISCLAIMER: http://jorgequestforknowledge.wordpress.com/disclaimer/
  ################# Jorge's Quest For Knowledge ###############
  ###### BLOG URL: http://JorgeQuestForKnowledge.wordpress.com/ #####
  #### RSS Feed URL: http://jorgequestforknowledge.wordpress.com/feed/ ####
  -------------------------------------------------------------------------------------------------------<o:p></o:p>
  "akira251" wrote in message news:[email protected]...
  Hi,
  I have a Windows Server 2008 Domain Controller, a physical machine. When I run w32tm /query /status it shows the source as: Local CMOS clock. What ever I seem to try I cannot get it to look at the PDC to sync for time. Using RsOP I can see the correct policy
  is in place, pointing to the correct server. I have checked the registry key and the correct server is in there under \HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Paramaters.
  I have tried various w32tm commands such as seeting the /manualpeerlist to the correct server, /syncfromflags:DOMHIER. I have also used w32tm /config /update, making sure to restart the w32time service.
  But whatever I do I cannot get it to sync from the network, it always shows Local CMOS clock. The time on the server is starting to drift now. When I use w32tm /resync /rediscover I get an error message:  "The computer did not resync because no time
  data was available". There is no firewall between the 2 servers blocking port 123.
  Any ideas why this is happening?
  Thanks
  Jorge de Almeida Pinto [MVP-DS] (http://jorgequestforknowledge.wordpress.com/)

• Mac os x 10.7 joining to windows 2008 domain

  I recently started a project to understand MAC functionality in a tradtional WIndows domain. I seeking instruction to add my MacBook Pro to our Windows 2008 domain. Thanks in advance!
  -r1cw3b

  I have verified every required settings closely and had it cross checked over and over again with the network administrator himself, every settings was in place but when i tried to bind with the domain it returns server not found.
  I also ping the server and it works....i verified the RJ45 cable...all is fine.
  i tried updating from 10.7.3 to 10.7.4 but the problem persists.
  Infact originally i had to bind the Mac OS X 10.7.3 and 10.7.4  to a Windows Server 2008 Standard SP2, it didn't worked then afterwards i tried to bind them to a Windows Server 2008 R2....it worked on 2 but on the third it didn't.
  So does anybody have an idea or can anyone confirm me if Windows Server 2008 Standard SP2 is compatible with Mac OS X 10.7.4???

• Arch Samba - Windows 2008 Domain

  I have made the thread bellow thinking i solve my problem giving access on FTMG...but unfortunately nope...
  https://bbs.archlinux.org/viewtopic.php?id=107350
  My Situation:
  3 Servers on Windows 2008 Domain (Example: 192.168.1.1 / 2 / 3)
  1.1 - DC
  1.2 - Exchange
  1.3 - ISA FTMG (Gateway to all servers)
  1 Arch Server for Backup (Samba Share PUBLIC) - 192.168.1.4
  And my problem is annoying at least, i go to one of my windows 2008 servers and push on explorer \\192.168.1.4\Backup and sometimes fully work without any problem... and another times (let's say 5 minutes after i push again) and:
  Network path could not be found
  or
  xx.xx.xx.xx is not setup to establish a connection on port "File and Print Sharing (SMB)"
  BUT FROM THIS WINDOWS 2008 SERVER IT PINGS 192.168.1.4
  AND
  TRACERT GO DIRECTLY TO 192.168.1.4
  And if i try and try eventually it will work again.....can't damn understand what's going on with this.....
  On ISA I gave FULL ACCESS to my servers to go where the hell they want and even so......
  Thanks in advance for all the help....yep i need it.
  Sniff

  KimTjik wrote:
  I'm sorry I didn't know that this wasn't covered in the Wiki. When I get some time I'll probably add something about. No neither of those links are correct. You already have one DC, a native Windows server, and the second one isn't necessary (you don't need to join the whole Linux workstation to the domain, just the Samba service; the Samba service will with hostname be recognized as a stand-alone server).
  In lack of an appropriate Wiki entry Samba's own How-to is better: http://www.samba.org/samba/docs/man/Sam … ember.html
  Look for this section: "Joining an NT4-type Domain with Samba-3"
  Even that How-to might be confusing since it covers all kinds of configurations at the same time. What you need, as far as I can understand your description, is only what's written in that section.
  Start with the strings in smb.conf for domain, password server (in your case probably the DC itself) and  security set to domain. Restart samba and the you need to know an administrator account (user and password) and fill it in to the command example shown, e g "net rpc join -S DOMPDC -UAdministrator%password". If everything works you should get confirmation about it. You could also double-check the AD on the DC and see if the Samba server is added.
  See if you get this to work.
  OK, sorry for the delay in my answer but i was traveling and couldn't test the above in the production environment.
  I have add the backup server to the domain successfully but that was not the problem.
  Now i have full details and maybe you could give your opinion:
                                           FTMG (Forefront Threat Management Gateway)
                                                                 SWITCH LAYER 3
                    SERVER BACKUP----------------------SERVERDC---------------------------SERVEREXCHANGE
  THE PROBLEM is that if the DC have a share or exchange, everything works ok \\dc or \\exchange, but if you try to connect to the share archserver the connection drop quite often \\archserver
  WHY? Because after some trace in FTMG, the microsoft firewall consider that the archserver is doing spoofing, yes is on the same network as all servers, same domain as above help, trusted...etc.
  SOLUTION? First i give permissions on the firewall to the archserver (ALLOW ALL /PROTOCOLS ETC), but even so the FTMG was intercepting all the requests to the archserver and still consider him spoofing...odd enough no??!! By the way the FTMG Server control all network, is the gateway to all servers and switching.
  Are you thinking to change the gateway to archserver or just don't put any....yep same result, FTMG catch archserver still.
  I gave up and come with my actual solution (VLAN or BACKUP NETWORK), all servers with a extra ethernet card dedicated to the backup network or vlan just to backup without the firewall going there to trace anything.
  And that's it....
  But my question to you all is, everytime that we have a linux server (share) together with FTMG in same network do you have the same result, it seems to me like FTMG have something like: IT'S LINUX / GET BLOCKED.
  Thanks for your help and patience regarding my answer.
  TD (Sniffer)

• Adding Administrative Templates (.admx) for Windows 8 and Windows Server 2012 to my Windows 2008 domain

  Hi,
  We have a Windows 2008 domain, and now we need to configure IE 10 options, so we have to import the Windows 8 / 2012 ADMX files. Can we just do the following:
  1. Download
  http://www.microsoft.com/en-us/download/details.aspx?id=36991
  2. Unzip it and copy the .admx files to c:\Windows\Sysvol\<domain>\policies and create a directory called policydefinitions
  3. Then just re-open Group Policy Management ?
  Correct way or not? Will this have any implication on network or any old GPO.
  Thanks for reply
  /Regards Andreas

  > But i cant seem to find "Check for publisher`s certificate revocation",
  > so how can i disable this. I did see a url to create a ADML file, but
  > this was very old.
  Doesn't exist - only "Server certificate". The old URL might still be valid.
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• SCEP 2012 Client in Windows 8 / 2012 - in Windows 2008 Domain- Not Syncing -/ Not Compatiable

  Dear All ,
  With lots of Hardship I had installed SCEp 2012 in Windows 2012 Virtual machine in WIndows 2008 Domain.
  SCCM 2012 Server in Windows 2008 Server with Sql 2008 was - performing well and there was no issues until our COmpany planned to Convert the Windows 2008 Server to  Windows 2012 Server ( AD is 2008)
  WSUS is not Fully synching with SCCM 2012 ( previously it was )
  Software Updates not pushing properly and to top all the SCEP client is not compatible with win 8.1 pro or win 2012 server
  Error: Failed to download content id 16787046. Error: Access is denied.
  Package:
    Success: The software updates were placed in the existing package:
  •     Deployment Package(JUN2014)
  Software updates that will be downloaded from the internet
    Error: Update for Forefront Endpoint Protection 2010 Client - 4.1.522.0 (KB2780435)
  Errors
      Failed to download content id 16787046. Error: Access is denied.
  Language Selection:
   English
  But the service account has full access - administrative rights and the administrator of the system
  please advise on this

  Hi,
  All the software updates downloaded failed?
  Are there any errors in PatchDownloader.log? If you use Automatic deployment rule, please also check ruleengine.log.
  Please add the account with Full rights to the source share (both NTFS and Share permissions) where the Deployment Package is located.
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Does Oracle 10G R2 support installation on Windows 2003 Domain Controller?

  Does Oracle 10g R2 support installation on Windows 2003 Domain Controller? I remember that 10g R1 had issues with the DC? Is it still the case. Does it work now?
  Any help is appreciated.
  Regards,
  Raghav

  We have Oracle 10g R2 running on a Windows 2003 domain controller. It was not a domain controller when Oracle was installed. The domain was created after installation. (I don't recommend that procedure. I spent a long day fixing the installation after they configured the domain.) If Oracle is unhappy with being on a domain controller, it has not shown it yet.

• 10g Express Edition on Windows 2008 Enterprise R2 x64 with Active Directory

  I have successfully installed the 10g Express Edition on Windows 2008 Ent. r2 x64 with Microsoft Active Directory Domain Controller but i could not be able to run http://127.0.0.1:8080/apex
  Although i have run the http://127.0.0.1:8080/apex on my another Windows 2008 R2 x64 ant WITHOUT Active Directory Domain Controller Role.
  i think its related with AD Domain server role of my server, because i run that on same config and operation without Active Directory Domain Controller role.
  Can anyone help about this issue?
  thanks in advance

  I have experienced the same problem - running 10g Express on a Win 2008 (32-bit). When not being a Domain controller, the install was fine. When installing after the server had been given the Domain Controller role (+the required DNS), it failed. NO FIREWALLS are involved on the server. Seems like Oracle Express has problems being installed in this kind of environment - independent of x32 or x64 bit OS.
  Edited by: 811504 on Nov 17, 2010 11:44 PM

• Error determining whether the target server is already a domain controller: Failed to open the runspace pool

  Hi there , i already have some others DC running w2k12 R2 on the env, but when i was promoting another new DC running w2k12 R2 on the middle of the AD sync , the server encounter an error and rebooted it self ; after the server came back online , it keep
  saying that a configuration is required for AD Domain Services , like the step when you are about to promote the server , but when you try to promote it , the error "Error determining whether the target server is already a domain controller: Failed
  to open the runspace pool. The server manager winrm plug-in might be corrupted or missing."

  Hi,
  Thanks for your post.
  Please waitting for the replication is finished and rerun the domain prep command  to check the result.
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Solaris nis client can't connect to Windows 2008 NIS Server across subnets

  I have been using Microsoft Windows Server for NIS for years to centralize some accounts accessing Solaris and Linux OS.
  Windows 2003 R2 Indentity Management for UNIX version of Server for NIS was last working version with Solairs.
  After upgrading Domain to Windows 2008 all Solaris clients that are on different subnets fail to bind and connect to NIS servers now.
  These servers already were setup using ypinit -c to manually add the NIS servers to connect to and prior to Windows 2008 this worked.
  Now no Solaris nis clients on different subnets (no firewall between) can connect , but other Unix/Linux OS connect fine.
  Is this a known issue and can we get a resolution as it seems only Solaris is affected?

  Hi Mid.Hudson-IT,
  Before we begin ,we should ensure we have configured the printer server correctly .
  Here is a link for reference of configuring the printer server .
  Print server role: Configuring a print server
  https://technet.microsoft.com/en-us/library/cc775791(v=ws.10).aspx
  "I can map all of the printers on the network to the print server as-well as install the drivers correctly and I can resolve the IP and server name via DNS"
  From this sentence ,I can`t figure out whether you have tried to ping the server both with the IP adress and name adress from the client ?
  If we can ping the print server from the client,we can ensure the connection to the printer server is good .
  Then we can try to install the printer driver directly to have a check .In the adress bar of Windows Explorer ,input "\\server name \the printer name"
  If we cannot ping the print server ,we should troubleshoot the network issue firstly.
  We also can check the event viewer for more information to troubleshoot this issue .
  Best regards

• Migration windows 2003 domain controller

  how to migrate windows server 2003 domain controller to windows server 2008/2012 

  Generally you would stand up the new server, join it to existing domain, dcpromo it and transfer the roles over.
  You can follow along on Meinolf's page.
  http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Windows 2012 Domain Controller NETLOGON error

  We have Sonicwall
  firewall user authentication System active since last two months. We have Windows 2012 Active directory server setup
  with around 1400 user account created. These accounts were created by using following PowerShell scripts
  Import-Module ActiveDirectory
  #Import CSV
  $csv = @()
  $csv = Import-Csv -Path C:\Users\Administrator\Desktop\"College User Ac Password Details"\FE\civil.csv
  FOREACH ($Person in $csv) {
  $name = $Person.UserName
  $displayname = $Person.Name
  $path = "OU=FE,DC=comp,DC=com"
  $password = $Person.Password
  $enabled = $True
  $changePW = $False
  $description="CIVIL"
  new-ADUser -SamAccountName $name -Name $name -Description $description -DisplayName $displayname -Path $path -AccountPassword (ConvertTo-SecureString $password -AsPlainText -force) -Enabled $enabled -ChangePasswordAtLogon $changePW -PassThru}
  Above script reads an CSV file with username and passwords and create user accounts on Active Directory.
  But since today we are facing issue during authentication process. We are unable to logon to Directory server. When Sonicwall firewall tries to authenticate an user, it logged-out same user. When I checked Event logger on Windows Active Directory server it
  shows following message.
  The dynamic registration of the DNS record 'ForestDnsZones.comp.com. 600
  IN A 192.168.0.12' failed on the following DNS server:
  DNS server IP address: 216.37.64.6
  Returned Response Code (RCODE): 5
  Returned Status Code: 9017
  For computers and users to locate this domain controller, this record must be registered in DNS.
  USER ACTION
  Determine what might have caused this failure, resolve the problem, and initiate
  registration of the DNS records by the domain controller. To determine what might have
  caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and
  Support Center. To initiate registration of the DNS records by this domain
  controller, run 'nltest.exe /dsregdns' from the command prompt on the domain
  controller or restart Net Logon service. Or, you can manually add this record to DNS,
  but it is not recommended.
  ADDITIONAL DATA
  Error Value: DNS bad key.
  Above log entry talks about DNS issue. But I did non configured any DNS server on this machine.Authentication was working fine for last
  two months , but suddenly from today we are facing above issue. Kindly help me out in resolving this issue.

  hi,
  Im not sure of you setup and don't understand where your sonic wall comes in.
  The error with the DNS is that the server is trying to register its DNS entries in the server with the public IP address
  216.37.64.6  which I am assuming is your ISP's DNS server?
  How is the DNS configured on your domain controller? The domain controller should point to it'self as it's preffered DNS server.
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  Blog: http://www.windows-support.co.uk 
  Twitter:   LinkedIn: