Certificate Authority Windows 2008 to 2012 R2 - Clean up and Migration

Similar Messages

• Windows Server 2008 R2 Standard "Certificate Authority Service" / Exchange Server 2010 EMC not starting and no AD connectivity for authentication.

  Hello,
  I am a new IT Manager at this company and need assistance big time. Their environment looks as follows:
  Server 1. Domain Controller Server (Windows Server 2008 R2 Standard) running active directory.
  Server 2. Email Server (Windows Server 2008 R2 Standard) running Exchange Server 2010 .
  * Note. No back ups to work with aside from whats mentioned below.
  DC had a virus infection causing a lot of issues on the shared network drives 2 days ago locking up all the files with a crypto ransom virus. Running Avast suppressed the infection. Had to recover the file shares which luckily had a back up. 
  The issue is that the Exchange Server 2 post this lost connectivity with the AD Server 1. Exchange Server 2 when launching EMC could not launch the console stating the following:
  "No Exchange servers are available in any Active Directory sites. You can’t connect to remote
  Powershell on a computer that only has the Management Tools role installed."
  Shortly after I found that it is possible the EMC launcher was corrupt and needed to be reinstalled following another blog post. I deleted the exchange management console.msc  per instructions only to discover I couldnt relaunch it because there was
  no way how. So I copied another msc file that happened to be on the DC Server 1  back to Exchange Server 2 and got it to launch again. 
  Another post said that it might be an issue with the Domain Account for the Computer, so to delete it in the AD Server 1 only to find that rejoining it from Exchange Server 2 using Computer>Properties> Chage Settings > Change is greyed out because
  it is using the Certificate Authority Service.
  I tried manually re-adding the computer in AD and modeling permissions after another server in group settings but no go. After this I was unable to login to the Exchange Server 2 with domain accounts but only local admin, receiving the following Alert:
  "The Trust Relationship between this workstation and primary domain failed."
  I tried running the Power Shell tools on Exchange Server 2 to rejoing and to reset passwords for domain accounts as noted in some other blogs but no luck as the Server 2 could not make the connection with Server1 or other errors it kept spitting out.
  I also during the investigation found the DNS settings were all altered on both the Server 1 and Server 2 which I luckily was able to change back to original because of inventorying it in the beginning when I started. 
  I need help figuring out if I need to rejoin the Exchange Server 2 manually by disabling the Certificate Authority Service (or removing the CA as listed here:
  https://social.technet.microsoft.com/Forums/exchange/en-US/fb23deab-0a12-410d-946c-517d5aea7fae/windows-server-2008-r2-with-certificate-authority-service-to-rejoin-domain?forum=winserversecurity
  and getting exchange server to launch again. (Mind you I am relatively fresh to server managing) Please help E-Mail has been down for a whole day now!
  Marty

  I recommend that you open a ticket with Microsoft Support before you break things more.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Clean install and migration of only one or two program

  How does one do a clean install and migrate only one or two applications.

  I don't believe there is a "clean install" on the Snow Leopard disk if you launch the install from your standard system boot. I believe you need to:
  1) Put the SL disk in the machine drive.
  2) Restart your machine.
  3) Hold down the 'c' key during startup, to boot from the SL disk.
  4) Once the system boots up, it starts the Snow Leopard install process. However, you have a menu bar where you can run several system utilities, such as Disk Utility.
  5) Run Disk Utility and erase/reformat the main system harddisk. This will give you a "clean" disk to install Snow Leopard on.
  6) After Disk Utility finishes, proceed with the install process.
  7) After intallation of Snow Leopard, restore any apps/data you want from backups and/or original installation packages.
  Hope this helps,
  j0hn

• Update Windows Root Certificates in Windows 2008 R2 Disconnected Environment using WSUS

  Hi all, I need to update the root certs on all my WIndows 2008 R2 servers. They have no internet connectvity. I am aware of the issue described by
  KB931125 but I am not affected by it. My issue is that I would like the 2008R2 servers to update the roots certs form my WSUS servers. Is this possible?

  I would suggest that you identify the few individual root certificates that you need, and import them individually to those servers where they are needed.
  It is NOT possible to update root certificates from a WSUS server, except in the case of workstations that are being configured to install KB931125.
  Do NOT install KB931125 to a server operating system.
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Does Oracle EBS 11.5.x/12.0/12.1 have certificate with Windows 2008?

  Is anyone know whether Oracle EBS 11.5.x/12.0/12.1 are certificated with windows 2008?

  Hi;
  Is anyone know whether Oracle EBS 11.5.x/12.0/12.1 are certificated with windows 2008?If you mean IE8 answer yes for r12,but for ebs11 answe is no
  please follow:
  Recommended Browsers for Oracle E-Business Suite Release 12 (Note 389422.1)
  Regard
  Helios

• Windows 2008 R2 Sp1 Blue Screen Error and solution

  Hi Guys its been like the 5th time i keep on getting this error on my exchange server which is hosted under Windows 2008 R2 Sp 1 this is the error below please help
  Problem signature:
    Problem Event Name:    BlueScreen
    OS Version:    6.1.7601.2.1.0.274.10
    Locale ID:    1033
  Additional information about the problem:
    BCCode:    4a
    BCP1:    000000007719133A
    BCP2:    0000000000000002
    BCP3:    0000000000000000
    BCP4:    FFFFF880094B2CA0
    OS Version:    6_1_7601
    Service Pack:    1_0
    Product:    274_3
  Files that help describe the problem:
    C:\Windows\Minidump\061714-141960-01.dmp
    C:\Users\Asger\AppData\Local\Temp\WER-292189-0.sysdata.xml
  Read our privacy statement online:
    http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409
  If the online privacy statement is not available, please read our privacy statement offline:
    C:\Windows\system32\en-US\erofflps.txt
  Regards
  Asger
  Regards, Asger

  Hi Asger,
  Would you please let me confirm whether this BSOD issue occurred suddenly? If you can reproduce the problem, please perform a
  clean boot and check if this issue still persists.
  For this BSOD issue, we may need to analyze the crash dump file to narrow down the root cause of it. Please refer to following article and check if can help you to analyze
  the dump file.
  How to read the small memory dump file that is created by Windows if a crash occurs
  How to Debug Kernel Mode Blue Screen Crashes
  (for beginners)
  You got a B.S.O.D. (Blue Screen
  of Death, known as Bug Checks), now what?
  By the way, it is not effective for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service
  and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
  To obtain the phone numbers for specific technology request, please refer to the web site listed below:
  http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
  Hope this helps.
  Best regards,
  Justin Gu

• Windows 2008 R2 Folder assign permission "Read and Write" problem with *.doc file

  Hello All,
  I am a new one here,
  I am sorry for any mistakes and also my english is so poor.
  M Brother company runing Windows 2008 R2 as Active Directory...
  We have folder Name: Admin
  and in this folder, there are alot documents files as : *.doc, *.dwg, *.txt etc.....
  All user accesing to these files and they can open to edit and save...
  One day my brother want me to set Admin folder for all users just"Read and Write.." mean they still can open files to edit and save... but can't delete..
  I did success with this..
  But only one thing happen.. when they open *.doc file to edit and attempting to save, the message alert" access denide " and they can only "SAVE AS"...We don't want "Save as"
  Could you show me how can we fix error with *.doc file while they trying to save? because it allow only save as.. but other files as *.text file or *.dwg they can save without problem..
  Could expert here ever face this issues and fix by yourself, please share me with this..
  Please help me..
  Best regards,

  Hi,
  Office programs are specific. They will create a temp file when edit, then the temp file will be deleted when close. So Delete permission is needed for users to saving Office files like Excel/Word.
  For more detaile information, please refer to the thread below:
  Special Permissions - User cannot save files
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/721fb2f1-205b-46e5-a3dc-3029e5df9b5b/special-permissions-user-cannot-save-files
  Best Regards,
  Mandy 
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Windows 2008 R2 OS Clock runs fast and gains 2-3 seconds in a day

  I have got many servers running Windows 2008 R2 Ent 6.1.7601 Service Pack 1 Build 7601 on HP DL 360 gen7 servers. The problem is that the clock being maintained by the OS runs fast. NTP is being used to mitigate the issue but need to identify the root
  cause of the problem. I have verified that the hardware clock is not at fault as after running the system for 5 days the clock went ahead by nearly 12 seconds and when the server was rebooted the OS clock showed nearly accurate time. NTP was turned off completely
  on this server for this testing. As at power-on the OS picks the time from the BIOS/Hardware clock this proves that the hardware clock is working fine and once the OS is up and running, the timer/function that it is using to maintain the system clock is not
  functioning properly. The systems are not under any kind of load and no temperature fluctuations have been observed. Enabling HPET also did not help.
  Please do not answer saying, "use w32tm or ntp" as that mitigates the problem but does not solve it. The server is not a DC. The OS is running directly on the server, no VM involved.
  Thanks

  Hello,
  the Windows time services was and is never built for high accurate time. So you have the need for special devices.
  http://blogs.technet.com/b/askds/archive/2007/10/23/high-accuracy-w32time-requirements.aspx
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Windows Live Mail 2012 Ovi Mail settings and delet...

  Hello
  Does anybody know the correct settings for Ovi Mail in Windows Live Mail 2012?
  And is it possible to recover deleted e-mails from your Ovi Mail?
  Lars

  Does this help?
  LVT89 wrote:
  Is it possible to recover deleted e-mails from your Ovi Mail?
  Does this help » Folder » Trash?

• Clean install and migration

  Yesterday I installed Leopard clean on an empty partition on an external drive, and used migration assistant to bring over all my accounts and apps. It worked flawlessly, and only one app had transfer problems (missing sync), which leopard warned me of at the end of the install. No sweat.
  So far, no problems at all, and I have to say that on this G5 imac, leopard is certainly faster than tiger. I'm pleasantly surprised. No problems with internet connection, mail, etc., and I have my kids banging away trying to find any problems. If all goes well, I'm not sure if I'll clone back to the internal, or erase and install on the internal and use migration assistant to bring over the accounts and apps from the external. Any suggestions?

  If the current installation meets all of your expectations, then I suggest cloning the Tiger volume to another partition on the external (for use if anything screwy eventually pops up—I still have Panther backed up), checking it out, and just cloning the new Leopard to the internal. Just my 2¢

• Slow printing on windows 2008 std, R2 and windows 2012

  Hi All,
  I have a print server which is configured on windows 2008 R2. We are experiencing slow printing when printing directly from the server or from a client through the server. Small sized files prints fast, anything which has image takes a long time. All the
  printers in our organization are Xerox Colorqube 9303. When installed the driver directly on to windows 7 32 bit PC, it prints without any delay. Also, when prints from the server a 2 MB file becomes 15 MB or more while sending. We have tried PCL6 and PS drivers.
  To replicate it, i have installed a windows 2012 server ended up with the same result. Installed windows 2008 standard 32 bit with SP2 and the result remains same. Also tried it on windows 8, 64 bit without any luck. So effectively, it works fine only when
  directly installed on a windows 7 PC. I have disabled all three: disabling TCP Chimney Offload, RSS, Receive Window Auto-Tuning .
  After shooting the print, if you observe the printer properties, it sends data at a very low rate which results a 10 MB documents prints take around 10 minutes. At the same time, file copying from the server to and fro is working normally. All these servers
  are directly connected to the cisco 6509 core switch. All the above tests were performed on the same physical switch. The server and clients are on the same network (subnet).
  Have anybody come across to a similar issue. Any useful suggestions would deeply appreciated.
  Thanks,
  Prince Mathew

  Hi Prince Mathew,
  Based on your description, this issue seems that it’s related to this specific model printer (Xerox
  colorqube 9303). Please install the latest version of the driver and the firmware from Xerox website, and then check if this issue still exists.
  If it still persists, please clear Printer Spooler Files and enable the Spooler Service again.
  For details, please refer to.
  1. Click Start, run "Services.msc" (without the quotation marks).
  2. In Services list, please double click "Printer Spooler". Then click
  Stop, and then click OK.
  3. Please locate to: "%WINDIR%\system32\spool\printers", delete all files in this folder.
  4. Click Start, run "Services.msc" (without the quotation marks). In Services list, double click
  "Printer Spooler". Click on Start. In the Startup Type list, make sure that "Automatic" is selected and click OK.
  Then check if this issue can be solved.
  Hope this helps.
  Best regards,
  Justin Gu

• Upgrade from windows 2008 R2 to windows 2012 and Quorum

  Dear Sir.
  I am going to upgrade hyper-v cluster of 4 nodes 2008 r2 to windows 2012 hyper-v cluster.
  i am going to evict tow node and build new cluster.
  should I configure new quorum for new cluster or can i use the the quorum from old system ?
  thanks

  Hi,
  Base on my experience, you need create a new cluster when you choose migrate the cluster, so you need the new witness disk.
  The
   related article:
  Best practices for migration of cluster windows 2008 R2 / 2012 - As melhores Praticas para migrar um Cluster de Windows 2008 para Windows 2012
  http://blogs.technet.com/b/hugofe/archive/2012/12/06/best-practices-for-migration-of-cluster-windows-2008-r2-2012-as-melhores-praticas-para-migrar-um-cluster-de-windows-2008-para-windows-2012.aspx
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Certificate Authority w/ NDES-SCEP

  Hello,
  I am embarking on a project that I would like to get some feedback on.
  We are in the process of implementing iPhones into our network. The iPhone is going to run a VPN. Most likely, we will run the Anyconnect VPN client. I have this
  and it is working fine.
  However, we have to manually connect to the VPN, put in the domain password, and connect before we can check our email. This is cumbersome. So, I am trying to use
  certificate based authentication and the iPhones “connect on demand” feature.
  I have read about a number of people using a Windows Server and running Certificate Services & Network Device Enrollment Service. This uses a protocol called
  SCEP – Simple Certificate Enrollment Protocol. The idea is that the iPhone would be issued a certificate by the windows server. Then, when it went to connect to the VPN, it would present the certificate as credentials to the ASA. The ASA would send the
  certificate to the windows server and the windows server would tell the ASA if it’s good. If the windows server said it was good, the ASA would then allow the VPN to connect.
  I have the Certificate Authority (windows server 2008 R2) installed and running. However, I am encountering some trouble getting the iPhone to get the certificate
  from it.
  I have read a number of white papers and forum postings from Microsoft, Cisco, and Apple. Some indications are that it’s feasible, but I am crossing a lot of
  technologies that are new to me and I am not sure if I am working uphill or what.
  My questions are…
  1). Is this is known configuration? Have you seen this configuration before? Was it successful?
  2). Does this sound feasible? Is there a more feasible way to provide VPN connectivity? The goal is to open the VPN from the phone when they open the email application,
  without having any user interaction.
  3). Within the Microsoft Certificate Services server, am I going to be able to manage the certificates individually and identify jim’s certificate separate
  from sally’s certificate? Or, sally’s iphone certificate separately from sally’s ipad certificate? Also, what is made to prevent anyone from enrolling a device with the server?
  4). Do you know of any good documentation on this? I have read a number of articles and white papers. But, for some reason, there still seems to be something lacking.
  Seems like all the established documentation only addresses one aspect of this.
  At any rate, any comments or suggestions in regards to the above would be much appreciated. I appreciate that this is a Microsoft forum. So, I don't expect much commentary
  in regards to the Cisco / Apple side of this. But, whatever you can conribute from the windows server perspective would be great.

  Hello,
  it will be better to ask in Security Forums: http://social.technet.microsoft.com/Forums/fr-FR/winserversecurity/threads
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Microsoft
  Student Partner 2010 / 2011
  Microsoft Certified
  Professional
  Microsoft Certified
  Systems Administrator: Security
  Microsoft Certified
  Systems Engineer: Security
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft Certified
  Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft Certified
  Technology Specialist: Windows 7, Configuring
  Microsoft Certified
  IT Professional: Enterprise Administrator

• Windows Mobile 5.0 not connecting to files on servers hosted on Windows 2008

   We recently upgraded our servers from Windows server 2003 to windows server 2008 and 2012. While on WM server 2003, we were using a PDA system that operates on Windows Mobile 5.0, since  our upgrade, we  are not able to connect
  to any files on the servers using Windows 2008 or 2012.
  Through a ping test of the server's IP address, it shows that the mobile device is connected to the server but it cannot communicate/access the folder/files in that server.
  Is this a firewall or security issue ?
  Is this is a compatiblily issue of Windows Mobile 5.0 and Windows server 2008/ 2012?
  What are the possible solutions for this issue?
  Thanks,

  Hi,
  Thank you for posting in Windows Server Forum.
  Sorry to inform you but as per my research, Windows Mobile 5.0 doesn’t allow the connection to server 2008\2012. 
  Thanks for your understanding and support!
  Regards.
  Dharmesh Solanki

• Office 2013 and Windows 2008 R2 SP1 AD RMS

  Hi All,
  I have installed Windows 2008 R2 SP1 AD RMS service, and it works well with Office 2010/2007, does not however work with office 2013, below is the error I get:
  sorry, something went wrong opening information rights management protected content. the request is not supported
  I have added the  AD RMS cluster URL and the AD RMS licensing URL to the loacl Intranet security zone (http://realercheng.wordpress.com/2013/01/23/office-2013-failed-to-create-and-consume-protected-content-with-connect-to-digital-rights-mangement-services-and-get-template/),
  however, I still get the same error.
  Does Office 2013 work with Windows 2008 AD RMS, and if it does what is the issue here and how do I go about sort it?
  KimaniBob

  Hi,
  Im am using server 2008 r2 sp1 and users are using windows 7 enterprise, office 2010 pro. plus. They can see right policy
  template with office 2010. 
  But now I have installed office 2013 pro. plus and added new admx files to new gpo for office 2013 also enabled this policy
  "Enter Permission Policy Default Server for Quick Access Toolbar" and this is writing in the policy \\serverhostname But I cant receiving ad rms templates from my outlook? 
  Is server 2008 r2 sp1 ad rms compatible with office 2013 or am I have to install server 2012 ad rms for office 2013?
  How can I fix this problem?
  Thanks.