Essential event viewer bugs with "Forwarded Events" log in Windows Server 2008 R2 and Windows 7

Similar Messages

• AD RMS cluster with windows server 2008 R2 and Windows Server 2012 R2

  please i'm trying to add ADRMS server with windows server 2012 R2 with our ADRMS 2008 R2 cluster. and it fails with the following error:
  "The Client DLL version doesn't match with the one of the servers"
  so i want to know is it supported to add  RMS 2012 R2 server to RMS 2008 R2 Cluster
  Thanks

  They can't coexist, but usually what happens is you add the 2012 server, it migrates your cluster database and then your 2008r2 servers can no longer connect.
  What is this value:
  DRMS_Config database
  dbo.DRMS_ClusterPolicies
  AdrmsFileVersion

• Windows Server 2008 SP2 randomly reboots due to lsass.exe failed with status code 255

  Hello,
  Any help on this issue would be greatly appreciated.  I have an older Windows Server 2008 SP2 (I don't believe it is R2) (running SQL Server 2008 and SSRS 2008 on the machine) that is crashing randomly
  during business hours.  Looking into the event logs, I have found the following:
  Faulting application lsass.exe, version 6.0.6002.18541, time stamp 0x4ec3ca01, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118, exception code 0xc0000005, fault offset 0x00000000000011ad, process id 0x284, application start
  time 0x01d066d9669a3e1c.
  A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255.  The machine must now be restarted.
  The process wininit.exe has initiated the restart of computer RIDEDB02 on behalf of user  for the following reason: No title for this reason could be found
   Reason Code: 0x50006
   Shutdown Type: restart
   Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code 255.  The system will now shut down and restart.
  I found a Hot Fix for a similar issue (https://support.microsoft.com/en-us/kb/2732595?wa=wsignin1.0), but it appeared to only be applicable to Windows Server 2008 R2 and Windows 7.
  A few hours later, the crash happened again, with a slightly different error:
  The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819.  The system will now shut down and restart.
  Faulting application lsass.exe, version 6.0.6002.18541, time stamp 0x4ec3ca01, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118, exception code 0xc0000005, fault offset 0x00000000000011ad, process id 0x284, application start
  time 0x01d066fa9d74c5d7.
  A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005.  The machine must now be restarted.
  The security package Kerberos generated an exception. The exception information is the data
  I have been unable to find a reason for these exceptions and the server rebooting.  Any thoughts or ideas on how I can correct this error so it doesn't reboot our server again?  .
  Thank you,
  Ben

  Hello,
  Any help on this issue would be greatly appreciated.  I have an older Windows Server 2008 SP2 (I don't believe it is R2) (running SQL Server 2008 and SSRS 2008 on the machine) that is crashing randomly
  during business hours.  Looking into the event logs, I have found the following:
  Faulting application lsass.exe, version 6.0.6002.18541, time stamp 0x4ec3ca01, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118, exception code 0xc0000005, fault offset 0x00000000000011ad, process id 0x284, application start
  time 0x01d066d9669a3e1c.
  A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255.  The machine must now be restarted.
  The process wininit.exe has initiated the restart of computer RIDEDB02 on behalf of user  for the following reason: No title for this reason could be found
   Reason Code: 0x50006
   Shutdown Type: restart
   Comment: The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code 255.  The system will now shut down and restart.
  I found a Hot Fix for a similar issue (https://support.microsoft.com/en-us/kb/2732595?wa=wsignin1.0), but it appeared to only be applicable to Windows Server 2008 R2 and Windows 7.
  A few hours later, the crash happened again, with a slightly different error:
  The system process 'C:\Windows\system32\lsass.exe' terminated unexpectedly with status code -1073741819.  The system will now shut down and restart.
  Faulting application lsass.exe, version 6.0.6002.18541, time stamp 0x4ec3ca01, faulting module msvcrt.dll, version 7.0.6002.18551, time stamp 0x4ee8d118, exception code 0xc0000005, fault offset 0x00000000000011ad, process id 0x284, application start
  time 0x01d066fa9d74c5d7.
  A critical system process, C:\Windows\system32\lsass.exe, failed with status code c0000005.  The machine must now be restarted.
  The security package Kerberos generated an exception. The exception information is the data
  I have been unable to find a reason for these exceptions and the server rebooting.  Any thoughts or ideas on how I can correct this error so it doesn't reboot our server again?  .
  Thank you,
  Ben

• Windows Server 2008 R2 Backup Fails with error "Parameter is Incorrect"

  When i try to take backup of Windows Server 2008 R2 and Windows Storage server 2008 to External hard drive. It gives error "Parameter is incorrect".
  Am taking full Server backup from server backup utility. Backup includes (System State, Bare metal recovery and 5 local drivers). Full back size is 1.2TB.

  Hi,
  Can you post unedited error event log related to VSS from application log? Are you using windows server backup tool? If yes, please post error event log from "Applications ans Services Logs\Microsoft\Windows\Backup "
  Thanks,
  Umesh.S.K

• Microsoft Excel cannot access the file "-". There are several possible reasons. Windows Server 2008 R2 with Microsoft Office 2010

  I have a problem with starting the Excel Application under a particular user (service account).
  I try to schedule this C# script through an application X (not Windows Task Scheduler. And this
  application will always use a service account to run services on the server). If I run the C# script in
  command prompt under the same user, it runs. Under the application X, which uses the exact same
  user, to initiate the C# script, it fails to open the Excel application (not sufficient permission?).
  This script calls application.Workbooks.Open(<ExcelFileName>,0,false,Type.missing....). At this line
  of code, it gives the following error:
  Microsoft Excel cannot access the file "...". There are several possible reasons:
  -The file name or path does not exist.
  -The file is being used by another program.
  -The workbook you are trying to save has the same name as a currently open workbook.
  I tried all the methods that I found online as follow:
  Create directory "C:\Windows\SysWOW64\config\systemprofile\Desktop" (for 64 bit Windows) or "C:\Windows\System32\config\systemprofile\Desktop" (for 32 bit Windows).
  Changed the DCOM config for the Microsoft Excel application to include this user for Local/Remote Launch and Access.
  Enabled all macros in Excel application and set the Trust Center.
  Add the user to have full control on all folders that contain the Excel file.
  Under DCOM
  config, Microsoft Excel Application, if I modify the Identity tab to check on "This User" and enter the username/password to let Excel always run under that user. Then the application runs perfectly. However, other users can't run the excel application
  on their own with the following error: "Cannot use object linking and embedding". If I check "Use the launching user", then Excel can't be launched. No errors in the logs or events anywhere to check.
  Yet, still the same error. I think it's permission but I am not sure where and what to do for this to work.
  Now, normally, when I run this excel report, I can double-click on the file and it'd automatically run,
  save the new parameters into the current file and generate a new excel file (with date attached to the
  file name). That means there is a change (save) to the original file.
  Environment: Windows Server 2008 R2 and running Microsoft Excel 2010.
  I appreciate all your help!

  I am wondering if this has anything to do with having the user log into Excel.
  In point #5 above: Under DCOM config, Microsoft Excel Application, if I modify the Identity tab to check on "This User" and enter the username/password to let Excel always run under that user. Then the application runs perfectly. However, other
  users can't run the excel application on their own with the following error: "Cannot use object linking and embedding". If I check "Use the launching user", then Excel can't be launched. No errors in the logs or events anywhere to check.
  Because running with the launching user proposes an user to run the Excel application. However, I do not think there is any where that we can pass in the password for this user to Excel. However, this Excel has all the permissions to Excel application as
  well as the folders that have the Excel files.
  Please help!
  Thank you!

• Event Viewer cannot open the event Log or Custom view. Verify that the Event log service is running or query is too long. The instance name passed was not recognized as valid by a WMI data provider(4201).

  "Event Viewer cannot open the event Log or Custom view. Verify that the Event log service is running or query is too long. The instance name passed was not recognized as valid by a WMI data provider(4201)"
  This error keeps cropping up now and again on most of our domain controllers (OS-2008 AND 2008R2)...Usually a restart fixes the issue however the issue repeats and security logs don't generate.
  Any advice on how to fix this issue permanently would be greatly appreciated.

  Please see this: https://social.technet.microsoft.com/Forums/windows/en-US/95987ca3-a1b2-4da6-95b7-d825d06cdac7/error-code-4201-the-instance-name-passed-was-not-recognized-as-valid-by-a-wmi-data-provider?forum=w7itprosecurity
  You can also try rebuilding the WMI repository: http://blogs.technet.com/b/askperf/archive/2009/04/13/wmi-rebuilding-the-wmi-repository.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Windows update KB2964444 broke Event Logging Service and SQL Agent Service on Windows Server 2008 R2

  I got the following problem:
  I discovered that on my Windows Server 2008R2 machine the event logging stopped working on 04/May/2014 at 03:15.
  Also, SQL Agent Service won't run
  The only change that day was security
  update KB2964444 - Security
  Update for Internet Explorer 11 for Windows Server 2008 R2for x64-based Systems, that was installed exactly 04/May/2014 at 03:00. Apparently, that's what broke my machine...
  When I try to start Windows Event Log via net
  start eventlog or via Services
  panel, I get an error:
  C:\Users\Administrator>net start eventlog
  The Windows Event Log service is starting.
  The Windows Event Log service could not be started.
  A system error has occurred.
  System error 2 has occurred.
  The system cannot find the file specified.
  I tried:
  restarted the OS (virtual on the host's VMWare).
  re-checked the settings in services menu -they are like in the link.
  checked the identity in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eventlog -
  the identity is NT
  AUTHORITY\LocalService
  gave all Authenticated Users full access to C:\Windows\System32\winevt\Logs
  ran fc /scannow - Windows Resource Protection did not find any integrity violations.
  went to the file %windir%\logs\cbs\cbs.log -
  all clean, [SR] Repairing 0 components
  EDIT: Uninstalled the recent system updates and rebooted - didn't help
  EDIT: Sysinternals Process Monitor results when running start service from services panel (procmon in elevated mode):
  filters:
  process name is svchost.exe : include
  operation contains TCP : exclude
  the events captured are:
  21:50:33.8105780 svchost.exe 772 Thread Create SUCCESS Thread ID: 6088
  21:50:33.8108848 svchost.exe 772 RegOpenKey HKLM SUCCESS Desired Access: Maximum Allowed, Granted Access: Read
  21:50:33.8109134 svchost.exe 772 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
  21:50:33.8109302 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\Services REPARSE Desired Access: Read
  21:50:33.8109497 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\Services SUCCESS Desired Access: Read
  21:50:33.8110051 svchost.exe 772 RegCloseKey HKLM SUCCESS
  21:50:33.8110423 svchost.exe 772 RegQueryKey HKLM\System\CurrentControlSet\services SUCCESS Query: HandleTags, HandleTags: 0x0
  21:50:33.8110705 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS Desired Access: Read
  21:50:33.8110923 svchost.exe 772 RegQueryKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS Query: HandleTags, HandleTags: 0x0
  21:50:33.8111257 svchost.exe 772 RegOpenKey HKLM\System\CurrentControlSet\services\eventlog\Parameters SUCCESS Desired Access: Read
  21:50:33.8111547 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services SUCCESS
  21:50:33.8111752 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services\eventlog SUCCESS
  21:50:33.8111901 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
  21:50:33.8112148 svchost.exe 772 RegCloseKey HKLM\System\CurrentControlSet\services\eventlog\Parameters SUCCESS
  21:50:33.8116552 svchost.exe 772 Thread Exit SUCCESS Thread ID: 6088, User Time: 0.0000000, Kernel Time: 0.0000000
  NOTE: previoulsy, for
  21:46:31.6130476 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
  I also got NAME
  NOT FOUND error ,so I created the new string value for the Parameters with
  the name ServiceDll and
  data %SystemRoot%\System32\wevtsvc.dll (copied
  from the upper HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog key)
  and this event now is
  21:46:31.6130476 svchost.exe 772 RegQueryValue HKLM\System\CurrentControlSet\services\eventlog\Parameters\ServiceDll SUCCESS Type: REG_SZ, Length: 68, Data: %SystemRoot%\System32\wevtsvc.dll
  I also checked for the presence of wevtsvc.dll in
  the place and it's there.
  Also, I tried to capture all events with path containing 'event' and
  got following events firing every several seconds:
  21:38:38.9185226 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\Tag NAME NOT FOUND Length: 16
  21:38:38.9185513 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\DependOnGroup NAME NOT FOUND Length: 268
  21:38:38.9185938 services.exe 492 RegQueryValue HKLM\System\CurrentControlSet\services\EventSystem\Group NAME NOT FOUND Length: 268
  Also, I tried to capture all the events containing 'file',
  excluding w3wp.exe,
  chrome.exe, wmiprvse.exe, wmtoolsd.exe, System and it shows NO attempts to access any file ih the time I try to start
  the event logger (if run from cmd - there are several hits by net executable,
  not present if run from the panel).
  What can be done?

  Hi,
  I don’t found the similar issue, if you have the IE 11 please try to update system automatic or install the MS14-029 update.
  The related KB:
  MS14-029: Security update for Internet Explorer 11 for systems that do not have update 2919355 (for Windows 8.1 or Windows Server 2012 R2) or update 2929437 (for Windows 7
  SP1 or Windows Server 2008 R2 SP1) installed: May 13, 2014
  http://support.microsoft.com/kb/2961851/en-us
  Hope this helps.
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Require list of all events for Windows Server 2008 Active Directory

  Hi all,
  I require list of all events for Windows Server 2008 Active Directory. Event Log name for Active Directory log is "Directory Service".
  Regards,
  SR

  Hi,
  Thanks for your posting.
  Do you mean you want to list all Active Directory logs into one file named “Directory Services”?
  If that, it’s hard to achieve. There are kinds of Active Directory logs stored in different locations and they have different file formats. It’s hard
  to collect them into one file.
  Active directory records events in the directory services log in Event Viewer. By default, Active Directory records only critical error events. To instruct Active
  Directory to record other events in the directory services log, we need to modify registry.
  For more information please refer to following MS articles:
  Active Directory Diagnostic Logging
  http://technet.microsoft.com/en-us/library/cc961809.aspx
  How to configure Active Directory diagnostic event log
  http://support.microsoft.com/kb/314980
  Lawrence
  TechNet Community Support

• Event ID 10, WMI (0x80041002) Windows Server 2008 R2

  There was an error that appeared once on Windows Server 2008 R2.  I just want to know what caused this error to appear and whether this could have an effect on my Oracle environment.
  error was: Quota value has been reached. Event filter with query 
  "select * from __instancemodificationevent within 30 where targetinstance isa 
  'Win32_PerfFormattedData_PerfOS_Processor' and targetinstance.PercentProcessorTime > 99 and targetinstance.Name != '_Total'"could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041002. Events cannot be delivered
  through this filter until the problem is corrected.
  Thank you.

  Hi,
  As the issue is specific with  Windows Server 2008 R2, you may contact Microsoft Server Forum for further assistance on the issue:
  Contact - Microsoft Server Forum:
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/homeforum=windowsserver2008r2management
  Please revert for any clarification on this or any Windows issue. We will be glad to help you.
  Roger Lu
  TechNet Community Support

• Evenlog viewing causes CPU usage 100% on Windows server 2008 SP2

  We have Windows server 2008 SP2 with strange behaviour. When I scroll down events in eventlog viewer CPU usage hits 100% and eventlog viewer freeze. CPU usage is split between 2 processes SVCHOST.EXE (lmhosts, eventlog and Dhcp services) and MMC.EXE.
  1)I tried to replace eventlog files with new ones. That didn’t helped
  2)After server clean boot problem still exist.
  3)When CPU hits 100% usage process explorer shows that from SVCHOST.EXE process CPU is used by service EventLog.
  Any ideas how to fix this?

  Hi Santosh
  I re-installed VMware
  tools and also configured VMXNET 3 - nothing changed :(
  Sorry to hear that.
  Windows event log service has couple of dependencies i.e. task scheduler and windows event collector service. Can try restrating those services ?
  In addition to above, try following steps
  Change NTFS permission of  %WINDIR%\System32\WinEvt\Logs directory, add Local Service and
  Network Service, give them FULL permissions.
  Stop and Start event viewer service by running following command
  net stop eventlog && net start eventlog
  Issues like this might occur if the disk (FC or iSCSI SAN or even NAS) has some inconsistencies , this is true in case of both physical and virtual machines 
  You might want to try running chkdisk as well on the server in question
  http://technet.microsoft.com/en-us/library/cc730714(v=ws.10).aspx
  If nothing helps, try inplace upgrade of the Operating system as an last option.
  How to Perform an In-Place Upgrade on Windows Vista, Windows 7, Windows Server 2008 & Windows Server 2008 R2
  http://support.microsoft.com/kb/2255099
  Thanks
  Regards, Santosh
  I do not represent the organisation I work for, all the opinions expressed here are my own.
  This posting is provided "AS IS" with no warranties or guarantees and confers no rights.
  Whenever you see a helpful reply, click on Vote As Helpful & click on
  Mark As Answer if a post answers your question.

• How can I fix this printer error with Samsung SCX-4300 and SCX-4521f on Windows Server 2008 R2?

  I have two printers installed on Windows Server 2008 R2 (64-bit):
  1. Samsung SCX-4521f
  2. Samsung SCX-4300
  There are two computers (Windows 7 Professional, 32-Bit) connected to this server that utilise these shared printers.
  The drivers installed are as follows:
  SCX-4x21_Win7_Print.exe (Win 2000/XP/2003/Vista/2008/Win 7    3.04.96:03    Print Driver    11 Dec, 2009    12.37    MULTI LANGUAGE)
  SCX-4300_Print.exe (Win 2000/XP/2003/Vista/2008/Win 7(32,64bit) 3.04.95:07 Print Driver Jan 19, 2011 53.07 MULTI LANGUAGE)
  After printing documents for some time (within a 24 period) the printers no longer respond to print requests.
  On the server opening "Control Panel\Hardware\Devices and Printers" shows the two printers with yellow exclamation marks.
  The "SCX-4x21" printer shows the "Status" as "Needs troubleshooting" and "Printer: Error".
  The "SCX-4300" printer shows the "Status" as "Needs troubleshooting".
  Neither will print a test page.
  Searching for new drivers automatically returns saying: "The best driver software for your device is already installed".
  The error persists and nothing will print.
  When double-clicking on the "SCX-4x21" printer (or going to "Control Panel\Hardware\Devices and Printers\Samsung SCX-4x21 Series") you see the following:
  "Printer: Error" and "N document(s) in queue".
  Clicking on either of these brings up the print queue and shows a document with the status of "Error - Printing".
  As each job with an error is cancelled the next one attempts to print and also displays an error like the last.
  Once all the jobs are cleared the printer information says "Printer: Ready".
  Sending a "Print Test Page" sends the printer into an error state saying "Printer: Error".
  With the "SCX-4300", sending a "Print Test Page" displays a bubble saying: "Toner Empty: Replace Toner".
  However, I can't see any specific error messages.
  How do I find out what exactly "Needs troubleshooting"?
  Please can anyone advise further?

  The printer (SCX-4300) has stopped again.
  Since it has been stopped I have done your recommendations:
  Unticked the "Enable bidirectional support" option under the "Ports" tab in the printer properties.
  Set the "Interactive Services Detection" to Automatic and started it.
  Unfortunately the printer did not start printing, the print jobs did not restart or delete.
  I decided to check the Operational logs that we enabled.
  The first job I see goes like this:
  Information: Rendering job 41.
  Error: The print spooler failed to delete the file C:\Windows\system32\spool\PRINTERS\00041.SHD, error code 0x2. See the event user data for context information.
  Information: The print job 41 was sent through the print processor SSE1MPC on printer Samsung SCX-4300 Series, driver Samsung SCX-4300 Series, in the isolation mode 1 (0 - loaded in the spooler, 1 - loaded in shared sandbox, 2 - loaded in isolated
  sandbox). Win32 error code returned by the print processor: 0x0.
  Information:Printing job 41.
  Information:Spooling job 41.
  This job actually printed.
  Other jobs printed fine with no error.
  There are no other errors in the "Operational" log other than the "print spooler failed to delete" error.
  Any ideas what to try now?
  Update: Unticking the "Enable bidirectional support", clearing the print queue and then trying again seems to have fixed the problem for now.

• Windows Server 2008 R2 Domain Controller NOT logging EventID 4740

  EventID 4740 (account lockout) is not being logged to the event viewer. When searching through the security log there are none to be found. Having accounts locked out and no logging is driving me nuts. Hope someone has run into this before. This is what
  i have checked thus far.
  >Windows Server 2008 R2 Domain Controller
  >Verified the following GPO settings are set and correct:
  >Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ all are set for Success & Failure
  >Computer Configuration\Windows Settings\Security Settings\Advanced Audit Configuration\Logon/Logoff) is set for Success and Failure
  >Powershell command Get-Eventlog -log Security -InstanceId 4740 returns no results which makes sense since there are no entries in the security log file.
  >No 4740 entries in the netlogon.log debug file
  AD and the LockoutStatus tool show the account is locked out but i still have nothing in the logs.
  Anyone have any ideas? From everything i can find online , it appears i have everything set properly.
  Thanks, Chico

  Hi Chico,
  I suggest you try to enable this group policy below:
  Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management
  More information for you:
  Missing 4740 EventID's
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/c9871d72-7439-46b5-98e6-a7fadfa6ff28/missing-4740-eventids?forum=winserversecurity
  If you have multiple Domain Controllers, check this event on other DCs, too.
  Please feel free to let us know if there are any further requirements.
  Best Regards,
  Amy Wang

• Problems with RDP/RDC from Mac OSX to Windows Server 2008 on External IP

  We have a customer that is using Mac and Microsoft's RDC for Mac to their servers.
  They've just upgraded from Windows Server 2003 to 2008 and can't connect through RDP to their TS server on external IP.
  Their servers is not in any domain and it work for them to connect to another Windows Server 2008 that is located in their office when they use internal IP.
  The problem is that when using RDC to the external IP they get bellow:
  "Remote Desktop cannot verify the identity of the computer you want to connect to. This problem can occur if:
  The remote computer is running a version of Windows that is earlier than Windows Vista.
  The remote computer is configured to support only the RDP security layer.
  Contact your network administrator or the owner of the remote computer for assistance."
  From here they can choose "Connect" as they did on the Server 2003 but now they get: "Remote Desktop Connection cannot verify the identity of the computer that you want to connect to.Try reconnecting to the Windows-based computer, or contact our administrator."
  and is only able to choose "Ok".
  I've changed the settings on the "configuration for host server for remote desktop sessions" under General from "RDP-Security Layer" to "Negotiate" and in this case I get a logon windows where i type in all my information click logon. Here I get another
  error message which says something like: (We get it in Swedish). "Connection to the windows-based computer broke since there was a problem associated with the licensificationprotocol... Try to connect again" Where I can choose "Cansel" or "reconect"
  but it just keeps poping up if i chose reconnect.
  I've tried all settings in the TS server and there is not much to change on the RDP client. We have installed the server certificate on the Mac client but it didn't help.
  We've also tried with CoRD and it works fine as RDP from a normal Windows based computer.
  The only solution I've found on google is to use CoRD instead but we got problems with that connection since it keep crasching on our computer.
  In my eyes the problem is on the security requirements that the RDC for Mac needs but I can't find any inforamtion on MS sites about it.
  Greatfull for all tips and trix!

  I too was having the problem same as everyone else. However, for me the problem all started when I replaced my SSL certificate that was used/selected in the Remote Desktop Session Host Configuration utility, connections, RDP-TCP Properties.  The security
  layer is negotiate and the certificate is the one selected on that screen.  It was not licensing related.
  The certificate had expired and I didn't believe I needed it.  But turns out I did, so I had to generate and validate a new one using GoDaddy (though they specifically were not part of the problem).  As my Terminal Servers (Remote desktop servers)
  do not have IIS installed, I was a bit stumped on how to create a new certificate request.   I finally found some instructions on how to create a certificate request using the MMC snap-in, advanced operations, create custom request. The template
  chosen was "legacy key", and without boring the rest of the details that part was the root cause of my problem.  The legacy key was not able to be processed correctly by the Mac RDC client. Neither the official 2.1.1 client or the 2.1.2 download.
  The Terminal Server system event log was showing the following two errors, 36874 and 36888.  The first one contained the best details and said: "An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites
  supported by the client application are supported by the server. The SSL connection request has failed."  Upon searching the internet for that, I found this page which described the legacy key problem:
  http://social.msdn.microsoft.com/Forums/en-US/sqlreportingservices/thread/3a2d2eec-000d-432a-abd7-6b965268c671
  So, my solution most familiar to me was to use IIS and create the SSL certificate request, process that with my 3rd party CA, export the certificate with private key and then import that certificate into all of my terminal servers.  Then using the session
  host configuration tool, pick the new certificate and the problem was now solved.

• Windows Server 2008 R2 SP1 BSOD 0x1a with CLFS.sys

  Hello,
  I've got a BSOD on a Windows Server 2008 R2 with SP1 installed. Analyzed the dump and could
  see a Bug-check of 0x1a which means "MEMORY_MANAGEMENT".
  Further analysis on this dump shows me, that this probably is caused by the CLFS.sys, which
  is the Common Log File System Driver. This CLFS.sys is installed with date:
  Tue Jul 14 01:19:57 2009
  I have now searched trough MS Support pages and resources and also the Internet, but I found no
  information about an update for this or a newer version. It's nearby impossible to find newer versions
  for specific  files in i.e. Hot-fixes.
  Do you know this issue with the 0x1a BSOD and CLFS.sys and/or do you know a newer version ?
  Any help would be very appreciated!
  Thanks and regards plus have a nice day !
  Tino

  Hi Tino,
  Regarding to Bug Check 0x1A, please refer to following article.
  Bug Check 0x1A: MEMORY_MANAGEMENT
  Did you install any third-party application in this problematic server? Would you please let me know whether
  the BSOD issue occurred regularly? Or just occurred suddenly? If the BSOD issue occurred regularly, please
  perform a clean boot and check if this BSOD issue still exists.
  In addition, please check if necessary updates need to be installed and drivers need to be updated. Please
  run sfc /scannow command to scan all protected system files and check if find errors.
  As you know, troubleshoot this kind of kernel crash issue, we need to analyze the crash dump file to narrow down the root cause of the issue. Actually, it is not effective
  for us to debug the crash dump file here in the forum. If this issues is a state of emergency for you. Please contact Microsoft Customer Service and Support (CSS) via telephone so that a dedicated Support Professional can assist with your request.
  To obtain the phone numbers for specific technology request, please refer to the web site listed below:
  http://support.microsoft.com/default.aspx?scid=fh;EN-US;OfferProPhone#faq607
  àThis CLFS.sys is installed with date: Tue Jul 14 01:19:57 2009
  àor do you know a newer version?
  By the way, I checked the CLFS.sys in a Windows Server 2008 R2 in my Lab environment. It also created in July
  2009.
  Hope this helps.
  Best regards,
  Justin Gu

• Unable to receive an email by task scheduler on audit failure in windows server 2008 r2 security log

  Deal All,
  I am sorry in advance if i would be on wrong forum, i have created a task on Server 2008 r2 Domain controller that when an audit failure event triggered in windows security log then an email should reach on my email ID, but unfortunately, nothing happen
  on audit failure.i receive no email from task scheduler.
  kindly suggest me to resolve the issue. I have created Email task on  event ID 4771.
  Thanks.
  Zeeshan Ibrahim Network Administrator

  Hi Zeeshan,
  I have found a hotfix against the same error messages, though it applies to Windows Vista and Windows Server 2008, I am not sure if it will work on your machine.
  Please refer to this KB article below:
  Duplicate triggers are generated incorrectly in scheduled tasks in Windows Vista or in Windows Server 2008
  http://support.microsoft.com/kb/2617046
  Please feel free to let us know if this hotfix couldn’t help you fix this issue.
  Best Regards,
  Amy Wang