Cross forest Windows 2008 to Windows 2012 R2 migration... no ADMT?

Similar Messages

• SCCM 2012 R2 cross forest with one-way trust feasible?

  We are planning to replace our existing SMS 2003 server with SCCM 2012 R2 (running on Windows server 2012 R2).
  Our requirements are to support client our Windows 7 client PC's in Domain A and also support Xen Desktop clients in a separate domain (Domain B) and forest. We have a one way trust established (Domain B trusts Domain A). The SCCM 2012 R2 server will be
  in Domain A the same as our current SMS 2003 server.
  What we want to do, at a minimum, using SCCM is:
  Client inventory (hardware, software, user) and package distribution.
  Is this do able or a no go? If not directly is there any work-around for this? Appreciate any helpful advice or feedback.
  I have made the below diagram to better illustrate the scenario:
  Note: Domain B does not have WINS implemented (Domain A does). Both domains are running DNS of course.

  Hi,
  The following blog describes the technical requirements that have been put in place for the support of cross forest communication. You could have a look.
  Quote:
  Inner-site Communication (site to site communication) exists in the form of both File Based Replication (SMB Port 445) and Database Replication (TCP/IP port 4022 by default).
  In order to install and configure a child site (primary or secondary), the child site server must be located in the same forest as the parent site or reside in a forest that contains a
  two way trust with the forest of the parent (CAS or primary).
  Site System Roles (MP, DP, etc.) with the exception of the Out of Band Service Point and the Application Catalog Web Service Point can be deployed in an untrusted forest.
  The SLP functionality as known in ConfigMgr 2007 is now performed by a Management Point. In this blog I will refer to this as the Lookup Management Point.
  Most of these items were taken from this TechNet article – please refer to the article for more information -
  Planning for Communications in Configuration Manager .
  For more information:
  http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.
  Thank you for your reply. The below appears to make it seem as though this can be accomplished without requiring a trust:
  http://blog.coretech.dk/kea/multi-forest-support-in-configmgr-2012-part-i-managing-clients-in-an-untrusted-forest/#comment-284522
  Not sure which is correct...

• SCCM 2012SP1 - Cross Forest Scenario

  Guys/Girls
  I've configured a cross forest SCCM scenario, with all the SCCM config in one Forest and a single Windows XP SP3 desktop in the other. There is a trust between both Forests/2-way external but I haven't added Forests/Domain to SCCM to enable searching
  etc. I deployed the agent manually in the external Forest using a mapped drive and ccmsetup /mp:........ this all works fine.
  After installation, after the client is approved, when I click on the client in the SCCM console and try to initiate any of the "right-click" features, I just get a stack of access denied errors back "0x80070005". I've tried rebuilding
  WMI, re-installing the client to no avail. Im thinking that its related to the cross forest config but I see no provision for setting up external credentials for the other forest - am I right in thinking that the only account that needs to be configured is
  the "Network Access Account" that the agent uses to make network connections (the rest being run under the guise of the "Local System" account) if so - this is already done too.
  I'm not seeing any access denied entries on the XP desktop and I've been through the DCOM config and local policy to make adjustments/slacken off the permissions...still no dice.
  Am I chasing my tail with this? can I manage a client from the console that actually sits outside of the Forest where the SCCM installation is actually installed?
  The installation is pretty much inline with scenario 1 from the following blog:
  http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
  -a

  Reading more closely, I notice now that you said "right-click tools". That explains it as those truly have nothing to do with ConfigMgr. Essentially, what all right-click tools are are individual scripts run on your local system that directly connect
  to the remote system to perform an action. The console initiates these scripts but that's it. Thus, the credentials of the user logged into the console are used to launch those scripts and the problem here is that the user you are running the console
  as does not have permissions to remotely connect to that remote system.
  As mentioned, this has nothing to do with ConfigMgr though because ConfigMgr never ever connects to remote clients -- call client agent communication is initiated by the client.
  Thus, the right-click tools, while sometimes/often useful, should not be confused with native ConfigMgr functionality.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Cross Forest - SCCM 2012SP1

  Hi All - I've re-posted this as I put it in the wrong thread initially under 2007.
  I've configured a cross forest SCCM scenario, with all the SCCM config in one Forest and a single Windows XP SP3 desktop in the other. There is a trust between both Forests/2-way external but I haven't added Forests/Domain to SCCM to enable searching
  etc. I deployed the agent manually in the external Forest using a mapped drive and ccmsetup /mp:........ this all works fine.
  After installation, after the client is approved, when I click on the client in the SCCM console and try to initiate any of the "right-click" features, I just get a stack of access denied errors back "0x80070005". I've tried rebuilding
  WMI, re-installing the client to no avail. Im thinking that its related to the cross forest config but I see no provision for setting up external credentials for the other forest - am I right in thinking that the only account that needs to be configured is
  the "Network Access Account" that the agent uses to make network connections (the rest being run under the guise of the "Local System" account) if so - this is already done too.
  I'm not seeing any access denied entries on the XP desktop and I've been through the DCOM config and local policy to make adjustments/slacken off the permissions...still no dice.
  Am I chasing my tail with this? can I manage a client from the console that actually sits outside of the Forest where the SCCM installation is actually installed?
  The installation is pretty much inline with scenario 1 from the following blog:
  http://blogs.technet.com/b/neilp/archive/2012/08/20/cross-forest-support-in-system-center-2012-configuration-manager-part-1.aspx
  -a

  http://social.technet.microsoft.com/Forums/systemcenter/en-US/a64548eb-11dd-441f-95d7-097c70c96f17/sccm-2012sp1-cross-forest-scenario?forum=configmgrgeneral
  is the original thread. You shouldn't cross post -- you should wait for a mod to move the thread as now we have multiple people answering the same question without the benefit of seeing what others have answered.
  As mentioned there, this really has nothing to do with ConfigMgr and stems from the use of right-click tools.
  Jason | http://blog.configmgrftw.com | @jasonsandys

• Question about adding Windows 2012 R2 Domain Controller, into a native Windows 2008 R2 single forest domain

  I current have a two server domain, both Windows 2008 R2 and fully updated.   The two servers are on subnet 10.0.1.0 /24
  - Windows 2008 R2 Server A: 10.0.1.1 (DC, GC, FSMO, DNS)
  - Windows 2008 R2 Server B: 10.0.1.2 (DC, GC)
  AD Domain: COMPANY.LOCAL
  I have a second connected subnet, 192.168.1.0 /24) which is routed to the 10.0.1.0/24 subnet and I would like to install a Windows 2012 R2 server onto a server on that subnet and make it a domain controller with AD-Integrated DNS and DHCP for the 192.168.1.0
  /24 subnet.
  - Windows 2012 R2 Server C: 192.168.1.1
  What are the proper progression steps, in order to bring up the Windows 2012 R2 server and then add it to my COMPANY.LOCAL domain and then promote it do a DC/GC/AD-Integrated DNS server?   Are they anything like the following:
  1. Install Windows 2012 R2 server (Server C)
  2. Point Windows 2012 R2 server DNS servers at Server's A and B
  3. Perform AD prep to extend AD schema to support Windows 2012 R2 domain controllers
  4. Promote Windows 2012 R2 server to domain controller (install local DNS service on Server C, during this step)
  * Question:  Will Windows automatically create a DNS zone for the Windows 2012 R2 subnet (192.168.1.0/24) AND also include the DNS zone from the previous Windows 2008 R2 domain (10.0.1.0 /24)?  Or will I need to add the 10.0.1.0 /24 zone to the DNS
  server on Server C, even though the DNS from the Windows 2008 R2 domain is AD integrated?

  Hi,
  Regarding the issue here, please take a look into below articles:
  System Requirements and Installation Information for Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn303418.aspx
  Release Notes: Important Issues in Windows Server 2012 R2
  http://technet.microsoft.com/en-us/library/dn387077.aspx
  Install a Replica Windows Server 2012 Domain Controller in an Existing Domain (Level 200)
  http://technet.microsoft.com/en-us/library/jj574134.aspx
  Here is an example for promoting Windows Server 2012 to a DC, see:
  Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller
  http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
  As the server is promoted to a DC, DNS Zones will be replicated and synchronized to it automatically whenever the new one is added to an AD DS domain,  bascially there is no special need to add zones,  for more information, please see:
  Understanding Active Directory Domain Services Integration
  http://technet.microsoft.com/en-us/library/cc726034.aspx
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Migration of windows 2008 std 32bit DC to windows 2012 std

  i have 32bit DC in my local environment having schema ver 44.. now i hav another server and want to migrate to windows 2012 std edition.. can some one guide me how to achieve this task?

  Hi Babarmunir,
  In-place upgrades from 32-bit to 64-bit architectures are not supported. All editions of Windows Server 2012 are 64-bit only.
  Domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 can be upgraded to Windows Server 2012. You cannot upgrade domain controllers that run Windows Server 2003 or 32-bit versions of Windows Server 2008. To replace
  them, install domain controllers that run a later version of Windows Server in the domain, and then remove the domain controllers that Windows Server 2003.
  Hence you need to have a fresh x64 machine which you can join to domain and install ADDS Role then promote as additional domain controller.
  Provided the Forest Functional Level is Windows Server 2003 at minimum.
  Upgrading previous retail versions of Windows Server to Windows Server 2012:
  http://technet.microsoft.com/en-in/library/jj574204.aspx
  Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012
  Use the below guide to setup the ADC:
  Step-By-Step: Adding a Windows Server 2012 Domain Controller
  System requirements for Windows Server 2012 are unchanged from Windows Server 2008 R2. For more information, seeWindows Server 2008 R2 with SP1 System Requirements (http://www.microsoft.com/windowsserver2008/en/us/system-requirements.aspx).
  The Schema and Domain preparation:  One could run
  Adprep prior to ADDS Role installation, Regardless, if Adprep is not detected, it will automatically be completed on your behalf.
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• ¿Is it possible to upgrade from SCCM 2012 a domain controller in Windows Server 2008 R2 TO 2012 R2?

  Hi all.
  I want to know if is it possible to upgrade a domain controller from Windows Server 2008 r2 to 2012 r2 installing from SCCM 2012.
  Thanks.
  Regards.

  Hi all.
  I want to know if is it possible to upgrade a domain controller from Windows Server 2008 r2 to 2012 r2 installing from SCCM 2012.
  Thanks.
  Regards.
  Anything is possible if you can script it. You could create a task sequence to do the following (with scripts):
  1. Demote 2008R2 DC to member server
  2. Remove 2008R2 member server from domain
  3. Build new 2012R2 member server and join to domain
  4. Promote 2012R2 member server to DC
  You can do this. However, why would you? Just because you can doesn't mean you should. In my opinion it's more trouble and testing than it's worth. How many times would you need to do this?
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Windows 2008 r2 guests blue screen on Windows 2012 R2 Hyper-V Cluster with e5 2670-v2 processors

  Hello all,
  We have a new hyper-v infrastructure deployed in two brand new Dell R720 Servers with 384GB of Memory and dual Intel e5 2670-v2 processors. This infrastructure is replacing an existing hyper-v 2008 R2 and all the guests are being migrated to this new cluster.
  The issue we are seeing is our 2008 r2 guests blue screening ocasionally with 0x0000001a,0x0000004e or 0x00000050 bugchecks.
  All this guests are configured with dynamic memory and with the integration components up to date. These same guests were running with no problems in the hyper-v 2008r2 cluster.
  When searching i found this article from vmware that pretty much describes what we are facing:
  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2073791
  Are you aware of the same problem with this kindd of hardware on windows 2012 r2 hyper-v?
  Thanks!
  Nuno Carvalho

  Meanwhile i found this May 2014 update on the intel specification of the CPU we are using:
  CA135 Incorrect Page Translation when EPT is enabled
  Problem:
  If EPT (Extended Page Tables) is enabled, then a complex sequence of internal processor events may result in unexpected page faults or use of incorrect page translations.
  Implication:
  Due to this erratum a guest may crash or experience unpredictable system behavior.
  Workaround:
  It is possible for the BIOS to contain a workaround for this erratum.
  Status:
  For the affected steppings, see the
  Summary Tables of Changes.
  This affects VMware as of the today update of the article i referenced in the first post, what about hyper-v?
  http://www.intel.com/content/dam/www/public/us/en/documents/specification-updates/xeon-e5-v2-spec-update.pdf
  Nuno Carvalho

• Upgrade of Integation Services (Windows 2012 R2) on Windows 2008 R2 with Exchange 2013 SP1 DAG fails

  Here is the scenario:
  Legacy Host: Windows 2008 R2
  Guest VM: Windows 2008 R2 with Exchange 2013 SP1 DAG cluster.
  After importing the VM (2008 R2 and Exchange 2013 DAG) into a 2012 R2 host (Cluster).  (copy VM files to new 2012 R2host) Everything works fine.
  Then upgrading "Installation Services" (for Windows 2012 R2 host) on the imported VM runs fine with no errors to the "Restart" prompt. VM than shows: "Configuring Windows updates 32% complete. Do not turn
  of your computer." Hangs there for about 20 minutes until is says "shutting down". Hangs there for 20 minutes until power off. Restart to normal start; "Preparing to configure Windows. Do not turnoff your computer." proceeds slowly
  to "Configuring Windows updates 32% complete. Do not turn of your computer." hangs there again indefinite. Sometime hangs at shutdown cycle and "Configuring Windows updates 32% complete. Do not turn of your computer." indefinitely.
  I moved 20 other machines from a 2008 R2 host to new Windows 2012 R2 hosts all of these machines install the 2012 R2 Integration services just fine on the 2008 R2 VM. Just the 2008 R2 VMs clustered (DAG) and Exchange 2013 SP1 do not take the Integration
  Services upgrade.
  Any advise from Microsoft? I know I could decommission the DAG and Exchange machines and install Integration services on the native box before Exchange and DAG and that would sure work, but I'd rather avoid that amount of work for a simple integration layer
  upgrade.
  Thanks
  Gerhard Waterkamp ACSLA Inc.

  Hi,
  Could you try use the following method to fix this issue first?
  1. Run the System Update Readiness Tool, then check if there is any error in the Checksur.log and checksur.persist.log.
   1. Please run the System Update Readiness Tool on this affected server. Please download this tool from the following Microsoft article:
   Description of the System Update Readiness Tool for Windows Vista, for Windows Server 2008, and for Windows 7
   http://support.microsoft.com/kb/947821/en-us
  2. The System Update Readiness Tool creates the log files that captures any issues that the tool found or fixed. The log files are located at the following location:
  %SYSTEMROOT%\Logs\CBS\
  3. Please paste the checksur.log here for analysis.
  If there is no error found, please try the following step.
  ==================================
  2. Use Fix it tool to reset the Windows Update components.
   1. Open the following link.
   http://support.microsoft.com/kb/971058/en-nz
   2. Select Windows 8.1, Windows 8 and Windows 7 in the product selection box.
   3. Click “Run Now” to reset the Windows Update components.
  Note: We can reset the Windows Updates manually by following the steps in the KB above.
  3. Use the System File Checker tool to repair missing or corrupted system files
   1. Open the command promote with Administrators.
   2. At the command prompt, type the following command, and then press ENTER:
       sfc /scannow
  Any errors are found in the steps above, please let me know.
  Hope this helpful.
  Best Regards,
  Jason Zeng
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Slow printing on windows 2008 std, R2 and windows 2012

  Hi All,
  I have a print server which is configured on windows 2008 R2. We are experiencing slow printing when printing directly from the server or from a client through the server. Small sized files prints fast, anything which has image takes a long time. All the
  printers in our organization are Xerox Colorqube 9303. When installed the driver directly on to windows 7 32 bit PC, it prints without any delay. Also, when prints from the server a 2 MB file becomes 15 MB or more while sending. We have tried PCL6 and PS drivers.
  To replicate it, i have installed a windows 2012 server ended up with the same result. Installed windows 2008 standard 32 bit with SP2 and the result remains same. Also tried it on windows 8, 64 bit without any luck. So effectively, it works fine only when
  directly installed on a windows 7 PC. I have disabled all three: disabling TCP Chimney Offload, RSS, Receive Window Auto-Tuning .
  After shooting the print, if you observe the printer properties, it sends data at a very low rate which results a 10 MB documents prints take around 10 minutes. At the same time, file copying from the server to and fro is working normally. All these servers
  are directly connected to the cisco 6509 core switch. All the above tests were performed on the same physical switch. The server and clients are on the same network (subnet).
  Have anybody come across to a similar issue. Any useful suggestions would deeply appreciated.
  Thanks,
  Prince Mathew

  Hi Prince Mathew,
  Based on your description, this issue seems that it’s related to this specific model printer (Xerox
  colorqube 9303). Please install the latest version of the driver and the firmware from Xerox website, and then check if this issue still exists.
  If it still persists, please clear Printer Spooler Files and enable the Spooler Service again.
  For details, please refer to.
  1. Click Start, run "Services.msc" (without the quotation marks).
  2. In Services list, please double click "Printer Spooler". Then click
  Stop, and then click OK.
  3. Please locate to: "%WINDIR%\system32\spool\printers", delete all files in this folder.
  4. Click Start, run "Services.msc" (without the quotation marks). In Services list, double click
  "Printer Spooler". Click on Start. In the Startup Type list, make sure that "Automatic" is selected and click OK.
  Then check if this issue can be solved.
  Hope this helps.
  Best regards,
  Justin Gu

• How to activate Windows 8.1 on a Windows 2008 R2 KMS server when I don't have Windows 2012 R2 kms host key

  I only have windows 8.1 kms host key but I can't add a client OS kms key to Windows 2008 R2 kms server. And I don't have Windows 2012 R2 license either. Is there any way I can activate Windows 8.1 using my existing kms server? Thanks.

  I would like a yes no clarification answer. So does this mean that EVEN WITH THE PATCH. My Server 2012 Standard edition that currently hosts KMS VA for clients running Win7, Win 8, Office15, Server 2008, Server 2012. Will not be able to host windows 8.1?
  I will have to install 8.1 and use as a host? 
  if you have a KMShost product key for WS2012R2, you can patch a down=level Server and be fine.
  (the OP didn't renew SA or otherwise has no KMShost pkey for WS2012R2)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)
  I'm having similar issues and have a similar question that doesn't seem to be answered:
  My KMS server is Windows 2008 R2 (Also is my domain controller). I want to activate Windows 2012 R2 and Windows 8.1 machines off this KMS server. I can install the 2012 R2 key just fine but receive error 0xC004F015 (The Software Licensing Service reported
  that the license is not installed) when I try to install my 8.1 KMS key.
  What I'm gathering from this thread is that I have to set up a Windows 8.1 host and set it up to be a KMS server exclusively for activating Windows 8.1. Is this correct? If so, Microsoft needs to fix that. I have a SERVER for activations for a reason: it
  is a server, not a client. If I am mis-understanding, how do I get my Windows 2008 R2 server to accept the Windows 8.1 KMS key for activating 8.1 clients?
  Thanks!
  You don't need Windows 8.1 KMS key. Your 2012 R2 KMS key will be able to activate your Windows 8.1 machines. So your current set up is fine, no need to set up another Windows 8.1 KMS host.
  My problem is I don't have 2012 R2 KMS key as I didn't buy any Windows 2012 R2 license. So I can't use 2012 R2 KMS key to activate my Windows 8.1.
  Oh that's interesting. I guess I need to play around more because my 8.1 test machine isn't activating. I'll start a new thread for that if needed. Sorry for the confusion.

• DHCP Failover in Windows 2008 R2 and Windows 2012 R2 Environment

  Hi Everyone,
  We are trying to implement DHCP failover in our environment. Our IT Infrastructure consists of 4 – windows server 2008 R2 servers and 7 – Windows Server 2012 servers; 1 Main Office with 2 – DC’s and 9 branch/remote offices with one DNS server in every remote
  office. All the DNS servers have 2 scopes defined on them for VOICE and Data with different Subnets.
  What would be the best method to implement failover in 2008 R2 – Windows Failover Cluster or Split scope? And how to implement DHCP Failover in Windows Server 2012 R2?
  Please let me know if you need more information.
  Thank you for your help!
  -kN

  Hi,
  if you can choose between 2008 R2 and 2012 R2 than go with 2012 R2 it is easy to create a DHCP failover there. Actually that is one of the new features of Windows 2012.
  With Server 2012 you setup your fist DHCP server with the scopes you want to setup. Than you install the second 2012 server with DHCP role and authorized. If you have done this you going back to your first server, where you already configured your scopes.
  Now right click onto the scope you want to setup for failover and select 'Configure Failover'. You can than set it up as kind of split scope (Load balance Mode) or as real fail over setup (Hot Standby). In Load balance Mode you can configure the balance of
  IP addresses between the both servers, like primary has 60% IP addresses and secondary has 40%.
  With Server 2008 R2 the easiest configuration is split scope. But here it depends how many IP leases you will max have and if you can absorb if one of the server is going down. Lets say you have 50 DHCP leases max, than sure, set it up as split scope. But
  if you have 200 DHCP clients, than I would go with failover cluster. At the end it depends on your environment.
  Sven

• Migration of DNS from Windows 2008 R2 to Windows 2012

  Hello,
  We have a pair of Windows 2008 R2 servers running authoritative DNS services (they are not AD controllers, neither used as resolvers). There are ~20 domains + 10 DNSSEC domains hosted on those servers. We're considering to migrate them to Windows 2012
  servers and retain IP addresses.
  I'd greatly appreciate if somebody could advise the basic steps for such migration (particularly the DNSSEC part).
  Many thanks.

  Hi,
  It worked for me with a test zone but my example only had a single A record. You should test this first by adding the zone and testing resolution on the 2012 server before deleting it from the 2003 server.
  The bug for secondary zones that you describe in Server 2008 is news to me. However, 2012 and 2012 R2 has many advantages over 2008 R2 for DNSSEC signed zones so I would recommend you migrate even if you weren't having problems on 2008 R2.
  If you've been following the thread you mentioned above, you know that I've been doing a lot of testing with signed zones being updated on secondary servers. The signed zone is *always* updated on a secondary server but if the change on the primary was only
  a signature refresh then as of right now there is still a bug where the newest RRSIGs are not transferred to the secondary server. This happens because the zone transfer occurs just before the new RRSIG is generated on the primary. This causes it to be left
  behind on the primary server unless there is another zone transfer afterward. Note that a zone transfer still happens, it just happens too soon. The zone transfer that happens is an incremental zone transfer.
  If the previous RRSIG expires before another zone transfer occurs then the zone can have validation problems on the secondary. There is a hotfix for this that will be distributed soon. I am checking now on the date.
  If you increment the serial # on the primary, the secondary should get a full zone transfer.
  -Greg

• False Duplicate ip address error reported on our windows 2008 and windows 2012 servers

  we use windows 2008 and windows 2012 servers our company. my access switches are cisco catalyst 3560.
  A sample of a show version command from one of our access switches is as shown below.
  SW_01#show version
  Cisco IOS Software, C3560E Software (C3560E-UNIVERSALK9-M), Version 15.0(1)SE2, RELEASE SOFTWARE (fc3)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Compiled Thu 22-Dec-11 00:16 by prod_rel_team
  ROM: Bootstrap program is C3560E boot loader
  BOOTLDR: C3560E Boot Loader (C3560X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
  SW_01 uptime is 2 weeks, 5 days, 16 hours, 15 minutes
  System returned to ROM by power-on
  System restarted at 17:31:47 UTC Fri Nov 14 2014
  System image file is "flash:/c3560e-universalk9-mz.150-1.SE2/c3560e-universalk9-mz.150-1.SE2.bin"
  I will be grateful if any one can help with some solution.
  Thank you

  Can you post your switch config?
  How many switches do you have? Presumably you have more than one, this  one is connected to others, and those others have servers and clients?
  Try doing a 'show arp' on the switch and comparing the IPs and MACs to your windows server. Do it a few times as it may change as each device using the IP sends packets.

• Windows 2012 R2 - NPS in resource forest won't auteticate users in the user forest by UPN, only by DOMAIN\username

  Hi there
  I have recently setup a windows 2012 R2 NPS server (for WIFI auth) in our resource forest to replace an aging 2003 RADIUS server.
  The problem I am having is users logging in with their UPNs.
  To give some background our user forest and domains look like company.local and a few child domains department.company.local etc.
  Our resource domain is companyresources.com
  As we use office 365 we had to add UPNs to our users called company.com and set them.
  The NPS cannot authenticate users when they use their [email protected] UPN.
  From logs
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
              Security ID:                              NULL SID
              Account Name:                         [email protected]
              Account Domain:                                  -
              Fully Qualified Account Name:   -
  Followed by event ID 4402
  There is no domain controller available for domain DOMAIN.
  I believe its cannot translate the Account name into an Account domain when using the UPN we need for office 365 ([email protected]).
  If I set a test user to a UPN of [email protected] it does (however we cannot do this because it will affect our office 365 users)
  Network Policy Server granted access to a user.
  User:
              Security ID:                              DOMAIN\user1
              Account Name:                         [email protected]
              Account Domain:                                  DOMAIN
              Fully Qualified Account Name:   DOMAIN\user1
  or if I use DOMAIN\username
  Network Policy Server granted full access to a user because the host met the defined health policy.
  User:
              Security ID:                              DOMAIN\user1
              Account Name:                         DOMAIN\user1
              Account Domain:                                  DOMAIN
              Fully Qualified Account Name:   DOMAIN\user1
  Is there any way I can get my UPN authentication working form the resource domain s I would prefer my users logging into WiFi with their UPNs as we have moved away from the DOMAIN\username method.
  Thanks

  Hi,
  According to your description, my understanding is that client using UPN can’t be authenticated by NPS server, event ID 4402.
  In general, when NPS is configured as a RADIUS server with the default connection request policy, NPS processes connection requests for the domain in which the NPS server is a member and for trusted domains.
  You may try to use realm names configured in connection request policies to ensure that connection requests are routed from RADIUS clients to RADIUS servers that can authenticate and authorize the connection request.
  You may reference the link below for detailed information:
  Realm Names
  https://technet.microsoft.com/en-us/library/cc731342(v=ws.10).aspx
  Using Pattern-Matching Syntax in NPS
  https://technet.microsoft.com/en-us/library/dd197583%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
  Best Regards,
  Eve Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]