GPO issues server 2012

Similar Messages

• How do I configure a proxy for all users via GPO on Server 2012 R2?

  I would like to configure a proxy that applies to all users that log into our server running Server 2012 R2. I can manually set up the proxy (on an individual account basis) via Internet Options in Control Panel but this proxy needs to be configured for
  all users. Is it possible to do this in Group Policy Management for Server 2012 R2?
  Thank you
  Silas Horton

  > Have you checked *User configuration\Policies\Windows Settings\Internet
  > Explorer Maintenance\Connection\Proxy Settings *in group policy?
  He cannot check this because it is't available anymore starting with
  Server 2012/Windows 8/IE 10...
  > Hope it helps.
  No, it doesn't :)
  Better check User configuration - Preferences - Control Panel Settings -
  Internet Settings
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Folder Redirection GPO with Server 2012 R2 and Windows 7

  Hey folks,
  I have recently migrated from 2008 R2 to 2012 R2. I have set up a new GPO to redirect: Desktops & My Documents to the server \\dc.companyname.local\folder_redirections\  on all the windows 7 desktops
  in the office.  
  The problem i ahve having is that when i run gpresult is says that the GPO is being applied but when i check the location of the mentioned locations they are still pointing to the local desktop or the old 2008r2
  server. I have double checked the permission on the share folder and i have even set upo a test folder with everyone having full rights and it still will not
  redirect the folders...  any ideas would be most welcome!
  I cannot post pictures yet until i am verified :)

  > locations they are still pointing to the local desktop or the old 2008r2
  Check event logs. Folder redirection creates events if things go wrong...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Server 2012 file server loses connection to passthrough disk

  Hi!
  We have a virtual fileserver (server 2012), on a server 2012 hyper-v cluster. This server uses a passthrough disk as the main file store (D:\). This disk contains all the user data, profiles etc. Data is stored on a Dell Powervault md3220 (Direct Attached
  Storage). The other two virtual disks on the storage have no issues.
  I contacted Dell support and they couldn't find an issue with the storage.
  A few days ago the D: drive of the file server became unaccesable for no apparent reason, the server became unresponsive and the only way to get it up and running was to shutdown the file server and reboot it. After that the disk became accesible again,
  but the issue repeated after a few minutes. After that, it worked for about three days.
  A couple of days later we had the same issue.
  I can't find any apparent causes in the logs and searching the web leads me nowhere (maybe one topic on this forum, but I'm not sure if it's the same issue, but it doesn't have a solution anyway).
  I really hope someone has an idea on how to solve it, because it interferes with the final exams taking place at the moment.

  Hi,
  Did you access the D: drive of the file server locally or on a client? There is a similar thread, please go through it to help troubleshoot this issue:
  Server 2012 R2 File Server Stops Responding to SMB Connections
  http://social.technet.microsoft.com/Forums/en-US/e9567167-22db-4b8c-9f96-a08b97d507f9/server-2012-r2-file-server-stops-responding-to-smb-connections?referrer=http://social.technet.microsoft.com/Forums/en-US/e9567167-22db-4b8c-9f96-a08b97d507f9/server-2012-r2-file-server-stops-responding-to-smb-connections?forum=winserverfiles
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Server 2012: Remote desktop licence manager not issuing licences

  Hi,
  I am battling with an problem which i cannot seem to resolve and no other forums actually come to a conclusion on how to resolve this problem!
  I have a windows server 2012 server which is NOT part of a domain.
  I have installed Remote Desktop Services and also installed the Remote Desktop License manager and i just cannot get the license manager to issue cals when users connect remotely via RDP
  I have installed an extra two CAL's and tried using them as both a "Per User" and also "Per Device" but still does not work.
  I have now run out of my grace period and cannot connect to the server at all
  I have also tried changing some gpo's with no luck, 
  Computer Policy -> Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing
  "Use the specified RD license servers" = myservername
  "Set the Remote Desktop licensing mode" = Per User
  How can i fix this?
  Thanks

  Hi,
  Thank you for posting in Windows Server Forum.
  Have you seen that you have activated RDS License server before installing CAL?
  Please check that the License Server should be part of ‘Terminal Server License’ group in Active Directory Domain Services. You can also configure RD License server manually by powershell commmand. Please check below article for information.
  RD Licensing Configuration on Windows Server 2012
  http://blogs.technet.com/b/askperf/archive/2013/09/20/rd-licensing-configuration-on-windows-server-2012.aspx
  In addition, please install below Hotfix and verify the result.
  No RDS license when you connect to an RDS farm in Windows Server 2012
  http://support.microsoft.com/kb/2916846
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Windows Server 2012 R2 GPO Loginscript is executed with more than 2 minutes delay after login

  Hi everybody
  A strange problem came up in a new Windows Active Directory Domain (one single DC with Windows Server 2012 R2 Essentials): after configuring a User GPO with a Powershell Loginscript and applying the GPO to an User OU, the following happens:  when a
  User logs into a PC or Server, the Loginscript does not run within the first 120 - 150 seconds, and then suddenly the Scripts runs and completes within seconds. What could be the reason for such a long delay?
  When I run the Powershell Script manually it runs immediately and finishes within seconds. But assigned through a GPO it takes really long to run. I also tried a very "simple" Loginscript with only one command (map a network share) - but this Script
  also runs with a long delay. So the script does not seem to be the problem but the Logon Procedure. I even tried the same script with a locally defined GPO on a Windows Server 2012 R2 (just to check whether it might be a NETLOGON/SYSVOL share problem), but
  no luck - it takes 2 to 3 minutes until the Script is run. I went a bit further and realized that the problem is only related to the latest OS Windows 8 (8.1) / Windows Server 2012 (R2) but not to older windows system. So what changed in the logon process
  of the new Windows versions? Why are GPO applied with a such a long delay?
  Any ideas?
  Mark

  Other people have reported similar issues
  http://www.edugeek.net/forums/windows-8/128421-group-policy-logon-scripts-delayed-5-minutes-windows-8-1-design.html
  Rgds
  Milos

• Server 2012 Patch and Certificate Problems - GPO Breaking Server

  We built some Server 2012 R2 servers, the first ones in our organization. We were able to install SQL 2012 with no issues. We are required by organization policy to harden our computers. But when tried to install WSUS patches we began noticing several problems...messages
  like "the signer of the message is invalid or not found (0x8006002)" and "revocation process could not continue - the certificate(s) could not be checked) (0x800B010E and in event viewer 2148204814). We can only run Internet Explorer if we go
  to an admin command prompt, change to "program files\internet explorer" and type "iexplore.exe". Obviously we can not make these servers live until this problem is fixed. Two of us have spent two weeks on this. We can join a hardened
  Server 2012 R2 image to the domain and things still work. The point that it breaks at is when we apply our default domain GPO. It doesn't matter if we apply other GPOs singly or en masse, it's the default one that is breaking it. If we unapply the default GPO,
  it's still broken, so it's something that is not undone by removing the GPO. So while the breaking GPO is known, nothing we have tried has enabled us to narrow down what in the GPO is breaking this. We compared RSOPs on a working and non working image and
  they are the same.
  Something else worth noting is that the default domain GPO does not break our 2003 or 2008 servers. So the offending setting affects Server 2012 differently.
  Any ideas on what this setting might be or how to narrow the plethora of settings in our GPO?
  This build has IE 11. IE64 works in metro mode but both IE64 and 32 don't work in desktop mode.
  WSUS says certs for wuident.cab are not found but we've manually loaded them into the local store.
  As a side note, Server 2012 needs to have access to another CRL list in addition to what prior versions of Windows Server needs, towit: http;//www.microsoft.com/pkiops/crl
  Any help would be greatly appreciated.
  Ben JohnsonWY

  Hi Ben,
  >>IE is still not working right. Still working that one
  Based on your description, were there any related error event id logged? What’s the message when we opened IE normally?
  For this involves IE and for better help, we can also ask for advice in the following forum.
  Internet Explorer 8, 9, 10, 11 Preview
  http://social.technet.microsoft.com/Forums/ie/en-US/home?forum=ieitprocurrentver
  Best regards,
  Frank Shen

• Windows Server 2012 GPO setting are not apply on windows Xp clients

  Hi
  I am create GPO on windows server 2012.  300 clients on domain are working fine, GPO setting apply on all windows 7, 8 clients. But 200 clients of windows XP are not working. GPO setting are not applies on XP. I am trying to Group Policy
  Preference Client Side Extensions for Windows XP (KB943729) on one window XP client, all GPO servers 2012 setting is working fine. But is not solution. I have 200 clients of windows XP, Please provide batter solution on one click command and apply all 200
  XP clients.
  Thanks.

  Dear,
  I have Windows server 2012 ,  i have install ADDS with Forest functional level 2008 & Domain functional level 2008 .
  I have applied GPO to particular OU, when i login to domain user on Windows 7 PC all GPO working fine but when i login on Windows Xp SP3 PC its not applied on XP. 
  I am facing issue on windows XP clients it is true. Please see this URL address:
  http://blogs.technet.com/b/grouppolicy/archive/2009/03/27/group-policy-preferences-not-applying-on-some-clients-client-side-extension-xmllite.aspx
  Please provide batter solution on one click command
  Thanks.

• WSUS issue on server 2012 - Failing to update and have to set WinHTTP set

  Very new to 2012 with little knowledge on the product
  We have been seeing an issue for a while where we need to set the WinHTTP proxy in order for servers to correctly check in for WSUS and download patches.  This has been set in the Windows 2008 R2 build so hasn't been an issue before. e.g.
  However with Windows Server 2012 R2, setting the WinHTTP proxy causes some issues. With Exchange 2013 the PowerShell console does not connect with this set so we need a way around this.
  It seems as if the we use the FQDN in the GPO it then tries to go out to the internet thinking that the FQDN is an internet address and then blocked by the proxy so hence we had to create the proxy set on the server. We don't want to have to set WinHTTP
  on every 2012 servers as this would be very time consuming and will become un-manageable. Any help is greatly appreciated.

  Hello,
  What is the version of your WSUS? I suppose windows server 2012 is newly added in your network and the WSUS server is not patched.
  An update for Windows Server Update Services 3.0 Service Pack 2 is available (KB2734608)
  http://support.microsoft.com/kb/2734608
  Hope this helps.

• Issue with Server 2012 RDS roles

  I have a Server 2012 system where the Remote Desktop Services roles were installed manually, not using Remote Desktop Services Installation. This was picked up because of the licensing errors which popup from time to time. From what I have read, it is not
  possible to fix the licensing issues without installing the RDS roles correctly.
  I have tried to uninstall the roles but Server Manager hangs with an empty progress bar and never completes the task.
  I have run Remote Desktop Services installation, but it fails as the roles are already installed. The error message is "Failed to open the runspace pool. The Server Manager WinRM plug-in might be corrupted or missing."
  I am reluctant to reload the operating system and start again, as various pieces of software have already been installed. Is there a way to successfully remove the RDS roles or successfully run the RDS installation wizard with the roles already installed?

  Hi FissioPB, could you give us a reference about how to detect and remove the internet filter?
  I´ve tried the following, but the same issue “Failed to open the runspace pool. The Server Manager 
  WinRM plug-in might be corrupted or missing" and "ERROR_WINHTTP_TIMEOUT" events.
  netsh http add iplisten 127.0.0.1
  netsh http add iplisten ::1
  "netsh winhttp show proxy"
  netsh winhttp reset proxy
  Block GPOs
  Any advice could be helpful. Thanks!!
  :S
  H1R@M

• Windows Server 2012 R2 print issues

  We are using terminal server with Windows Server 2012 R2. Our users are using Windows 7 Embedded thin clients with MSTSC RDP 8.0. We are using network printers.
  There is problem with printing from Adobe Reader. We are using Adobe Reader 11.0.06. Sometimes users cannot print from Adobe Reader with error message "Printer not found" even though we can print on same printer from other software. This problem can be solved by relogging user, but in our enterprise environment, this is not acceptable solution.
  Thanks for your help.

  I had the same issue with another Canon UFRII that was not on the network. Canon has some monitor software that attempts to query the device and this threw back Invalid Parameter when the device did not exist.  Is your device on the network?
  Failed for get value IrregularPaper for printer . Error code 87(ERROR_INVALID_PARAMETER)
       InternalGetPrinterDataFromPort             
  3328               
  4984       0             
  0             
  LOCALSPL_TRACE                           
  Failed for get value udpEnable for printer . Error code 87(ERROR_INVALID_PARAMETER)
  Can you use one of the UFR drivers Canon included with the operating system?
  Canon UFR II Color Class Driver
  Canon UFR II B/W Class Driver
  Alan Morris Windows Printing Team

• Install sharepoint 2013 on Windows server 2012, Microsoft Identity Extensions issue !!!!!!!!!

  Sharepoint 2013 comes with prerequisitesinstaller.exe to install the software required for the actual Sharepoint installation.
  I 've installed Windows server 2012 in the R2 edition as well as Standard edition, but installing the prerequisites ends with an issue for the Microsoft Identity Extensions (MIE) on both versions (screenshot).
  The 2012 R2 server has been updated with all latest files by executing Windows update.
  In case of the Server 2012 R2,  MIE is already installed , but somehow the Sharepoint installation is missing something.
  I al;so tried removing default install to let prerequisiteinstaller.exe to install it's own version, but that did not help.
  When I skip the prerequisites remaining items, the Sharepoint installation stops directly , requesting the missing items.
  I've tried several Sharepoint server installation files, including the 180 days free version.
  Screenshots will be uploaded after my account has been checked......

  Hi Jay,
  Installing SharePoint Server 2013 on a computer that is running Windows Server 2012 R2 could lead to unexpected behavior, therefore, Microsoft does not support SharePoint Server 2013 in Windows Server 2012 R2.
  SharePoint Server 2013 with Service Pack 1 and SharePoint Foundation 2013 with Service Pack 1 will offer support for Windows Server 2012 R2.
  Refer to:
  SharePoint 2013 Support for Windows Server 2012 R2
  In addition, as Dave suggested, for the sharepoint server issue, please post in the dedicated forum for a better response.
  Best Regards,
  Anna Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Can I move a Virtual Domain Controller from one host(Win Server 2008 R2) to another (Win Server 2012 R2) ? Are there any issues?

  Can I move a Virtual Domain Controller from one host(Win Server 2008 R2) to another (Win Server 2012 R2) ? Are there any issues?

  I also had this error: "Setup cannot continue. Your computer will now restart, and your previous version of Windows will be restored."
  trying to do a in-place upgrade of a Domain Controller Windows 2008 R2 to Windows 2012 R2.
  The problem was the separated System Reserved Partition. After I removed using this instructions:
  http://jacobackerman.blogspot.com/2012/12/how-to-remove-system-reserved-partition.html
  The upgrade ran ok, and now have my DC as Windows 2012 R2.
  Hope that helps!.

• Server 2012 R2 RRAS NAT VPN connectivity issues

  Hello all,
  I'm having trouble making IKEv2 connections to my VPN server from the Internet after changing my home lab network infrastructure to use Server 2012 R2 RRAS NAT routing. Despite all of the appearances of a proper configuration, it appears that NAT-T is not
  working properly.
  Let me preface my questions/issues with some critical infrastructure disclosures/explanations to help troubleshoot this issue:
  1. This is a home lab environment with no impact to corporate production systems in any way. All information garnered from help in this session is understood to be as-is.
  2. The entire environment is on Server 2012 R2 Hyper-V. I’ve configured trunking on all of the layer 2 (Cisco Catalyst switch) etherchannels, and I’ve configured trunking on the Hyper-V vSwitches. I have no issue with internal routing or NAT or with attaching
  to VPN from an internal VLAN, which indicates that routing (Layer 3) is not at issue here since everything goes where it should.
  3. The NAT server and the VPN server are two separate Windows Server 2012 R2 Std. Hyper-V VMs. The NAT server has 1 NAT uplink to/from my ISP and 5 router interfaces (NICs with no gateways specified). I have a static IP, so it’s not an IP changing anywhere.
  I have all of the port forwarding on the public NAT interface configured properly. Email, web, and application access work fine from out-to-in. The VPN server has 2 NICs: one on a VPN VLAN and the other on an internal VLAN.
  4. I ran Netmon from my corporate office and saw that IKEv2 traffic to my host over UDP 500 was successful (I got a response back), but the connection to UDP 4500 was attempted 3 times and then fails. Since UDP 4500 is the NAT-T port, I’m thinking this is
  where the fault is occurring. I also ran Netmon from the NAT router itself and found that traffic was flowing from the Internet to the VPN server up the stack to Layer 3.
  5. As a test, I turned off Windows firewall on both the VPN server and the NAT server. This made no difference, so firewall is not at play here.
  6. My certificates are configured properly with my external VPN address and appropriate SANs pointing to the public IP address. These same certificates worked without issue prior to the migration to Server 2012 R2 RRAS as my NAT router.
  The actual error I'm receiving is Error 809 which indicates a problem with the connectivity to the VPN server, presumably through the NAT router. Prior to the change to virtual routing, I was using a Linksys E3000 with L2TP/PPTP passthrough enabled and had
  no issues connecting to my VPN server remotely.
  Some questions I have specifically regarding Server 2012 R2 RRAS and NAT:
  1. Is NAT-T "turned on" by default? Are there any settings required through netsh or elsewhere that I might have overlooked to enable NAT Traversal?
  2. How can I test if NAT-T is working outside of VPN testing?
  3. Is it Microsoft's recommendation/requirement that VPN and NAT be collocated on the same server? I noticed in the NAT forwarding rules that the pre-defined L2TP forwarder says "L2TP on this server." Does that indicate that L2TP can't pass beyond
  that server? What are the security implications for running VPN from the router?
  Any help would be appreciated. I've been troubleshooting this issue for 2 weeks and cannot seem to find any documentation or help on this issue. I'm hoping if others have similar issues, this post will help point them in the right direction. I have netmon
  captures to assist with troubleshooting if it comes to that. I'm certain this is NAT-T at this point, but I just can't prove it beyond a shadow of a doubt, and I have customers who have asked about using Microsoft RRAS for routing. I can't, in good conscience,
  recommend it if NAT-T is problematic since most companies want some sort of VPN solution for their environment.
  Respectfully yours,
  Ron Arestia

  Hi Ron,
  Please try to create and configure the AssumeUDPEncapsulationContextOnSendRule registry value.
  For detailed information, please refer to the link below:
  http://support.microsoft.com/kb/926179
  Best Regards.
  Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Server 2012 R2 Network Teaming Issues After Adding WOW64 Feature

  Recently I have had a specific issue adding the WOW64 feature to an active Server 2012 R2 server in core mode (no management).  The server had two active virtual machines.  A server 2008 R2 in version 1 mode and a 2012 R2 in version 2.  
  All were up2date as of April 10 2015.  This was a domain connected core with domain connected virtual machines.  We are the domain administrator.
  After using powershell to install WOW64 and issuing a restart we lost all external network connectivity to the server once the server came back up.  From the console we could ping 127.0.0.1 and all the network addresses of each VM but not the
  default gateway or any address on the local network.  We tried several resolutions including disabling all firewall rules and assigning a known VLAN but nothing worked.  Something went completely haywire within Windows 2012 R2 and network teaming
  and the virtual switch that supplies the VM's with communication.
  What we had to do was remove one of the physical network adapters from the team using powershell from the core console.  We then assigned an address to the nic and whallah we were able to remotely communicate to the server again but the problem
  still remained with communicating to the team.   
  After hours of trials we finally stumbled on a solution deleting the hyper-v virtual switch though a remote console, then the team through powershell.  This of course broke all the hyper-v VM's.  We said f'it and rebooted. 
  This is the magical combination apparently
  We then recreated the team using the remote management GRAPHICAL widget using every physical EXCEPT the nic we were communicating to.   Then we recreated the hyper-v virtual switch remotely again with the GRAPHICAL widget and assigned
  it an address using the command line sconfig tool.   We then went into the GRAPHICAL hyper-v manager and assigned all VM's to the new virtual switch.  WOW everything works again
  Let me just say here in this post that the lack of graphical management in CORE mode is a complete nightmare.  The fact we have to use some graphical tools to perform certain tasks and the command line for others is just silly.  The sconfig.exe
  tool should have built-in teaming commands as inexperienced remote administrators are very difficult to work with over the phone trying to explain spelling of the upper/lowercase commands. 
  This post is more informative than really asking a specific question but if I were to ask one I'd ask, why did installing the WOW64 feature and rebooting break the external communication of the team and the virtual switch?

  Hi gettnmorebetter,
  Could you try to confirm whether you have in the following situation, if you do not found the related symptom please try to install the latest update then monitor the issue
  again.
  Event ID 106 when a Hyper-V virtual switch is bound to an LBFO team
  https://support.microsoft.com/en-us/kb/2974384
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]