Group MSA account fail when Domain Controller in Test Domain Fails to start KdsSvc. Event ID 7023

Similar Messages

• An attempt to resolve the DNS name of a domain controller in the domain being joined has failed.

  "An attempt to resolve the DNS name of a domain controller in the domain being joined has failed." 
  This is the error message I get whenever I try to connect to my servers domain which I just set up earlier today. I have read through a bunch of other threads on the same error message
  but each of them has had different solutions and none of them have helped me. 
  The one thing that I suspect is related to my problem is that I can't ping my domain on the W7 computer I'm trying to connect. I can ping the server, but not the domain. the domain
  i'm using is set up like "domain.local" . 
  Other things that might be relevant. 
  I'v already set up user accounts and a computer under the Server 2012 active domain administrator settings. 
  I'v port forwarded ports 80 and 443 on the server. 
  The server has a static IPv4 IP adress. I haven't done anything with IPv6 
  The W7 computer has a dynamic IP adress, but I don't think it changes. I believe my router is set up to keep it constant, not 100% sure though. 
  Thanks for any help with this, I'm pretty much out of ideas on this. 

  Hi ZachPrinz,
  Firstly, would you please let us know the outputs of ipconfig /all both of the clients and the DC.
  Also, if you run nslookup FQDN of your DC from your clients, what will you receive?
  Meanwhile, regarding the issue, we can refer to
  the similar thread and see how it works.
  More information:
  Troubleshooting Domain Join Error Messages (en-US)
  Hope this helps.
  Jeremy Wu
  TechNet Community Support

• Adding new domain controller under tree domain

  i have one forest root domain is ABC.com and one tree root domain under this forest is DEF.com ,
  i want to add a new domain controller under tree root domain in windows server 2008 r2? i need steps and DNS configuration on forest or domain level
  Thnx

  If you want to add an additional domain controller to a domain you should promote the new dc with the primary dns in the nic settings of the new dc pointing at the current dc and once promoted you should point the original ip address nic settings to
  the new dc.  I am making the assumption that you are using AD integrated DNS.
  http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• Provision Search in SharePoint Foundation 2013 without Domain Controller / Active Directory - Domain accounts

  Hi,
  I have successfully setup SharePoint Foundation 2013 as single server farm with SQL Server Standard database in a DMZ environment using local accounts since DMZ doesn't have an Active Directory and hence Domain accounts using powershell as described
  in https://theblobfarm.wordpress.com/2012/12/03/installing-sharepoint-2013-without-a-domain-controller 
  When I run Farm configuration wizard to provision search service application, I get an error:
  ERROR: "The service application(s) for the service "Search Service Application" could not be provisioned because of the following error: I/O error occurred."
  The log file logged the details of this error as:
  ERROR: "Failed to create file share Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 at D:\SharePoint Search\Office Server\Analytics_e441aa1c-1a8d-4f0a-a079-58b499eb4c50 (System.ArgumentException: The SDDL string contains an invalid sid or a sid
  that cannot be translated."
  After investigation, I found that potentially the error could be because the timer service is trying to setup a network share for analytics component (as part of provisioning search). It is trying to setup that share with a domain account that happens to
  be a local user instead in this case and fails with error “System.ArgumentException: The SDDL string contains an invalid sid or a sid that cannot be translated”.
  I got some pointer from the below thread
  https://social.technet.microsoft.com/Forums/en-US/c8e93984-f4e5-46da-8e8a-c5c79ea1ff62/error-creating-search-service-application-on-sharepoint-foundation-with-local-account?forum=sharepointadmin
  However, the above thread doesn't state that the solution worked.
  I have tried creating share manually for Analytics_<Guid> folder but it doesn't work since every time farm configuration wizards is run it creates a new Analytics_<Guid> folder.
  Since, I have setup SharePoint Foundation 2013 on a production environment I cannot test and trial various solutions.
  Can some please guide me on how to successfully provision search for SharePoint Foundation 2013 setup as a single server farm with SQL Server Standard database in a DMZ environment using local accounts (without Active Directory - domain accounts).
  Thanks in advance.
  Himanshu

  Microsoft documentation doesn't always specifically call out all products (Project Server isn't there, either). But it does apply. You'll need to stand up at least one Domain Controller, or allow port access back to a DC.
  Preferably, set up SharePoint on the internal network and use a reverse proxy (which will terminate client connections at the reverse proxy) present in the DMZ.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Window 2008 Server Core Domain Controller JRE 6u13 installation fails

  Installer used= jre-6u13-windows-x64-p.exe
  ERROR
  Installer : Wrapper.CreateFile failed with error 3: The system cannot find the path specified.
  I tried in safe mode too.
  Any ideas?
  It does work on a non-domain controller.
  Installer used = jre-6u13-windows-i586-p-iftw.exe
  ERROR
  Windows Installer: Error applying transforms. Verify that the specified transform paths are valid.
  I did not check this installer against a non-domain controller.
  Installer used = jre-6u13-windows-i586-p-s.exe
  INSTALLED SUCCESSFULLY
  I did not check this installer against a non-domain controller.
  Edited by: shinywindows on Apr 10, 2009 10:34 AM
  Edited by: shinywindows on Apr 10, 2009 10:41 AM

  I have exact the same issue with JRE 6u14 on Windows 2008. :(
  Any idea??

• Secondary Domain Controller Not Authenticating Domain Users

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Please find the dcdiag results below and any help much appreciated
  Performing initial setup:
     Trying to find home server...
     Home Server = server2
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: INDIA\server2
        Starting test: Connectivity
           ......................... server2 passed test Connectivity
  Doing primary tests
     Testing server: INDIA\server2
        Starting test: Advertising
     Warning: DsGetDcName returned information for \\server1.tst.mycompany.com, when we were trying to reach
     server2.
     SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
           ......................... server2 failed test Advertising
        Starting test: FrsEvent
           ......................... server2 passed test FrsEvent
        Starting test: DFSREvent
           There are warning or error events within the last 24 hours after th
           replication problems may cause Group Policy problems.
           ......................... server2 failed test DFSREvent
        Starting test: SysVolCheck
           ......................... server2 passed test SysVolCheck
        Starting test: KccEvent
           ......................... server2 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... server2 passed test KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... server2 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... server2 passed test NCSecDesc
        Starting test: NetLogons
           Unable to connect to the NETLOGON share! (\\server2\netlogon)
           [server2] An net use or LsaPolicy operation failed with error 67,
           ......................... server2 failed test NetLogons
        Starting test: ObjectsReplicated
           ......................... server2 passed test ObjectsReplicated
        Starting test: Replications
           ......................... server2 passed test Replications
        Starting test: RidManager
           ......................... server2 passed test RidManager
        Starting test: Services
           ......................... server2 passed test Services
        Starting test: SystemLog
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:10:30
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:11:24
              Event String: The WinRM service is not listening for WS-Manageme
           An error event occurred.  EventID: 0x0000271A
              Time Generated: 02/22/2015   17:11:24
              Event String:
              The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not regist
           A warning event occurred.  EventID: 0xA004001B
              Time Generated: 02/22/2015   17:12:41
              Event String: Intel(R) 82574L Gigabit Network Connection
           A warning event occurred.  EventID: 0x000003F6
              Time Generated: 02/22/2015   17:19:36
              Event String:
              Name resolution for the name mycompany.com timed out after none
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:28:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           A warning event occurred.  EventID: 0x000727A5
              Time Generated: 02/22/2015   17:33:35
              Event String: The WinRM service is not listening for WS-Manageme
           A warning event occurred.  EventID: 0x00001796
              Time Generated: 02/22/2015   17:35:54
              Event String:
              Microsoft Windows Server has detected that NTLM authentication i
  his server. This event occurs once per boot of the server on the first time
           ......................... server2 failed test SystemLog
        Starting test: VerifyReferences
           ......................... server2 passed test VerifyReferences
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test CrossRefValida
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test CrossRefValida
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidat
     Running partition tests on : tst
        Starting test: CheckSDRefDom
           ......................... tst passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... tst passed test CrossRefValidation
     Running enterprise tests on : tst.mycompany.com
        Starting test: LocatorCheck
           ......................... tst.mycompany.com passed test LocatorChec
        Starting test: Intersite
           ......................... tst.mycompany.com passed test Intersite

  Hi.
  I have a primary domain controller running Win Srv 2012 in USA and i added a secondary domain controller 2012 in the same domain from a different location India, through VPN.so that India user accounts can authenticate by the secondary DC instead of primary
  DC USA
  Installation & replication of AD went fine
  India domain users login is damn slow.
  When i ran the command echo %logonserver% from a india client machine,it displays the USA Primary DC name which means its authenticating the users from USA primary DC.
  Preferred DNS for india client machine is Secondary DC IP and alternate is Primary DC IP USA.
  Firstly make sure that you have configured sites and subnets correctly. According to your information which you have two locations, you should have at least 2 sites and 2 subnets associated to them. If you have forgotten to configure subnets of India in your
  site and services and assigned them to the India site you are experiencing this issue. Also make sure if clients in India has appropriate network connectivity to the domain controllers in India.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Domain Controller cannot access \\domain\netlogon causing Auth issues

  Hi everyone, I have been spent all day trying to figure out what is going on here, I have a Domain controller (only DC in the environment) that is acting funny
  I first noticed when I was attempting to RDP into a server in my domain I was getting "access denied" (but I could log in as a local admin). So when I looked at the Domain Controller, I ran a DCDiag DNS test and got some an AUTH error, but am not
  able to figure out how to fix this.
  Another thing I notice is when I am signed into the domain Controller (GP2010-a), I cannot browse to
  \\contoso.com\netlogon or any similar share.
  Here is the kicker, other servers on this domain, server3, server4, server5 etc... THEY CAN access
  \\contoso.com\netlogon It is ONLY the Domain controller and Server2 that CANNOT access this share. The other servers also allow me to RDP into them fine, it is only 1 server that is affected by this strange behavior.
  I have checked for no IP conflicts and as far as I can tell all the DNS records are correct.
  Regarding the DYNAMIC ip warning, we have a reservation that assigns the IP
  thanks for any input here as i'm really stuck,
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     Home Server = GP2010-A
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\GP2010-A
        Starting test: Connectivity
           ......................... GP2010-A passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\GP2010-A
        Starting test: DNS
           DNS Tests are running and not hung. Please wait a few minutes...
           ......................... GP2010-A passed test DNS
     Running partition tests on : ForestDnsZones
     Running partition tests on : DomainDnsZones
     Running partition tests on : Schema
     Running partition tests on : Configuration
     Running partition tests on : contoso
     Running enterprise tests on : contoso.com
        Starting test: DNS
           Test results for domain controllers:
              DC: GP2010-A.contoso.com
              Domain: contoso.com
                 TEST: Authentication (Auth)
                    Error: Authentication failed with specified credentials
                 TEST: Basic (Basc)
                    Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
                    (can be a misconfiguration)
           Summary of test results for DNS servers used by the above domain
           controllers:
              DNS server: 128.8.10.90 (d.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90              
              DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235              
              DNS server: 2001:500:2::c (c.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c              
              DNS server: 2001:500:2d::d (d.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d              
              DNS server: 2001:500:2f::f (f.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f              
              DNS server: 2001:500:3::42 (l.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42              
              DNS server: 2001:500:84::b (b.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b              
              DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30              
              DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30              
              DNS server: 2001:7fd::1 (k.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1              
              DNS server: 2001:7fe::53 (i.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53              
              DNS server: 2001:dc3::35 (m.root-servers.net.)
                 1 test failure on this DNS server
                 PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35              
           Summary of DNS test results:
  Auth Basc Forw Del  Dyn  RReg Ext
              Domain: contoso.com
                 GP2010-A                     FAIL WARN PASS PASS PASS PASS n/a 
           ......................... contoso.com failed test DNS

  Hi,
  TEST: Basic (Basc)
                    Warning: Adapter 00:0D:3A:00:0D:01 has dynamic IP address
                    (can be a misconfiguration)
  Do you have any NIC conifgured to get dynamic IP on your DC which is having issue? If yes, please disable that NIC. Also, please provide me the result of the below
  1) On your DC which is having issue, run "ipconfig /all"
  2) Repadmin /showrepl
  Thanks,
  Umesh.S.K
  Thanks, there is only 1 nic card. It is getting a dhcp address because this is an AZURE Hyper-v machine and I have set an IP reservation for it. I have no way to hardcode the IP because it gets shut off/on all the time
  C:\Users\Administrator>repadmin /showrepl
  Repadmin: running command /showrepl against full DC localhost
  Default-First-Site-Name\GP2010-A
  DSA Options: IS_GC
  Site Options: (none)
  DSA object GUID: 007c755c-f56c-4e51-a211-fd4431f63927
  DSA invocationID: 007c755c-f56c-4e51-a211-fd4431f63927

• Replace WS2003 domain controller for WS2012 domain controller

  Hi, I think that is a common problem but I haven't found anythink exactly like this, only something similar, but I have a lot of doubts yet.
  The thing is that I have a network with two domain controllers:
  WS2003     - 192.168.0.1, who is the first domain controller I created and is also a file sharing server
  WS2008R2 - 192.168.0.8, who is a  new domain controller I added one year ago.
  Now, I want to replace the first one, keeping the second. One.
  I thinking of removing the first one and replace it with a new machine (WS2012) with the same IP and name host. I need the same host because clients are pointing to it to get the shared files.
  My main fear is that clients get some error related with trust relationship and I will have to rejoin them one by one to the domain.
  As I have another domain controller, Will the global catalog of the new machine be synchronized automaticly with the WS2008R2 domain controller?
  Do I need to demote the old domain controller before add the new one?
  Thanks a lot

  Hi Tomas,
  As pointed by Burakm you should have an additional file server and should avoid using a Domain controller which has priviledged access, to share files. This puts you at a security risk.
  Regarding the requirement of old host name:
  Here is something that would let you keep a different servername and IP, yet allow your users to connect to the old hostname and access the share. Use CNAME records of old server to point it to the new hostname.
  How to Configure Windows Machine to Allow File Sharing with DNS Alias
  You might also look for Distributed File System Shares.
  http://blogs.technet.com/b/josebda/archive/2009/06/26/how-many-dfs-n-namespaces-servers-do-you-need.aspx
  NOTE- You can't run in-place upgrade of a 2003 to 2012 DC.
  Regards,
  Satyajit
  Please “Vote As Helpful”
  if you find my contribution useful or “Mark As Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• What note when remove an Domain controller from Existing Domain!!!

  Dear everybody,
  My company has 3 Domain controllers at the moment.
  all of them have some functions: DHCP, DNS.
  Now, we have plan to remove an DC/
  So, What note we need to pay attention when remove one of them?
  Thanks for your help!!!

  1. Migrate DHCP first. Using below command
  netsh dhcp server export C:\dhcp.txt all       -old Server
  netsh dhcp server import C:\dhcp.txt all       -New Server.
  2. Enable DNS debug log & see which client still pointing the old DC.
  http://technet.microsoft.com/en-us/library/cc759581%28v=ws.10%29.aspx
  3. Change the DHCP Scope accordingly.
  HTH
  Biswajit
  Regards,
  Biswajit
  MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
  Blog:
    Script Gallary:
  LinkedIn:
  Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..

• Domain Controller (Windows) + Secondary Domain Controller (Mac)

  Can this setup be done to where the windows box would control windows computers, while the secondary controller (xserve) would control the authentication for Macs?

  Hi
  OSX Server can function as a Domain Member in a Windows Server environment. It can’t function as a BDC if the PDC is a Windows Server. The only occasion that OSX Server can function as a BDC to a PDC is when the PDC is an Open Directory Master, in other words another OSX Server. In effect this would be an OD Master and Replica relationship.
  This applied with 10.4 Server. I may be wrong but I’ve not seen anything in the 10.5 Open Directory Admin Manual yet that says different.
  Hope this helps, Tony

• What exactly is happening/​failing when "GPIB Interfaces sequential​ly verified" FAILS?

  I have an AT-GPIB/TNT+ card installed in my computer. It fails the "GPIB Interfaces sequentially verified" portion of the Wizard program. I am able to communicate (IBIC) with my instruments, so it appears that all is working well. I do have older non-compliant GPIB interfaces so the "Scan for Instruments" does not work. What exactly is failing in the Wizard and what can I do? I have windows 95.0.

  Janet,
  Typically when the installations fails the sequential verification, it is due to either a resource conflict or a device being connected to the board during the test. You can click on the failed interface to get a brief explination of what may have caused the error.
  There are instances reported using the AT-GPIB/TNT+ board and Win 98 inwhich this error was reported even though there were no problems with the board's setup. Since you are communicating properly with the board through IBIC your board is functioning properly, and I would not be concerned with the error message.
  As for your instrument, this is likely due to your instruments non-compliance to 488.2 standards. Whenever the Measurement & Automation Explorer does a "Scan for Instruments", it sends out the stri
  ng "*idn?" (which is an IEEE 488.2 identification query string) to all of the devices on the bus. If you have older, non-IEEE 488.2 compliant instruments on your GPIB, then they will not recognize this string as a valid command. This will cause "Scan for Instruments" to fail.
  Best Regards,
  Chris D

• Deploy Windows Server 2012 R2 domain controller in 2008 domain

  Hi,
  We have three physical windows 2008 enterprise with SP1 32 bit domain controllers, we need to deploy two additional windows 2012 R2 standard as virtual machines on this domain. Do we need to install SP2 on the existing Windows 2008 sp1 DCs or we are fine?
  What are other requirements?  

  It is not required.
  Just your Forest/Domain Functional level should be Windows Server 2003 or higher to be able to add Windows Server 2012 R2 DCs.
  Please note that it is always recommended to have your Windows Operating Systems up-to-date to avoid known security attacks and known bugs.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• DMG fails when i want to test a connection

  I load a file that have been working before in Power BI office 365 and I get this error
  We can't perform this operation because this workbook uses unsupported features. Correlation ID: a266db82-9835-4cb9-b891-364417fec1a2
  I am just trying to schedule a data resfresh and I am testing the connections
  any help would be appreciated
  tahnks

  Hi Rarmiro,
  There are certain features in Excel that are not supported for web editing and thus also not for the flow of scheduled refresh, you can see a list here:
  https://support.office.com/en-us/article/Differences-between-using-a-workbook-in-the-browser-and-in-Excel-f0dc28ed-b85d-4e1d-be6d-5878005db3b6
  Look under the paragraph Workbook features that can differ between the browser and the desktop
  , shapes is a common one...
  GALROY

• Lack of Connectivty to Domain Controller - Domain Controller Access Issues Requires Repeated Reauthentication

  Sorry if my attempt to be thorough in my description may result in excessive and unnecessary information. 
  I'm running into some problems with a single server running WS 2012 R2 as a domain controller (AD and DNS) and I’m trying to figure out what the cause is. 
  The network has ~10 computers on it connected through a cable business gateway (running DHCP) which feeds 2 switches and a wireless router acting as a switch. (I also turned on remote services, but the end users aren’t using that until I get certificates
  setup.)
  For 6+ months everyone had access to the shared files and databases on each workstation without issue. 
  In the last month users would occasionally have to re-enter their credentials to get access to shared server folders despite being on a domain account already. 
  Last week one of the computers intermittently cannot gain access to the shared folders– entering the correct credentials just results in the credentials being requested again and again: There’s an error icon at the bottom saying that “there are currently
  no logon servers available to service the logon request”.  While access is rejected I’m still able to ping the DC both via its name and IPV4 address. 
  (Pinging via its name results in an IPv6 address in the response.) 
  Other network connectivity appears intact (able to browse the web, perform network discovery.)
  Things that ‘seem’ to allow access on this computer until the next failure:
  Entering a different domain username and password into the windows credentials request has allowed access a couple of times.
  Disconnecting and reconnecting the network cable allowed the original username to be used to log on (at least once.)
  After removing it from and then rejoining it to the domain (a few hours ago) it experienced the problem once more. Also, logging on with domain credentials created a TEMP user folder instead of the folder with the domain username. 
  Looking at the event logs, I notice there are quite a few warnings and errors reported regarding DC access on many of the computers; maybe this is normal?
  Most Problematic Computer:
  Event ID 8016:  System failed to register host A or AAAA resource records. (With an unknown Ipv6 and the server’s ipv4 address in the DNS server list.) 
  Event ID 131:  NtpClient unable to set a domain peer to use as a time source because of DNS resolution error on ‘Server.domain.local’ 
  ‘No such host is known.”
  Event ID 5719:  NETLOGON. This computer was not able to setup a secure session with a domain controller in the domain due …..: there are currently no logon servers available to service the logon request.
  And then pairs of: Event 1500: The Group Policy settings for the computer were processed successfully. There were no changes detected since the last successful processing of Group Policy. & Event 1054:
   The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
  Event 1030:  The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation
  at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.
  On the server I’ve run DCDIAG and DCDIAG /test:DNS and those all appeared to pass.
  Ipconfig/all from the server:
     Connection-specific DNS Suffix 
     Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
     Physical Address. . . . . . . . . : FC-4D-D4-F2-A1-83
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:b155:a0b0:892d:9ed5(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::b155:a0b0:892d:9ed5%13(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.1.10.42(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%13
   10.1.10.1
     DHCPv6 IAID . . . . . . . . . . . : 234638804
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3F-7D-B9-68-05-CA-24-31-C4
     DNS Servers . . . . . . . . . . . : ::1
  127.0.0.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Ipconfig/all from the problematic computer:
  Wireless LAN adapter Wi-Fi:
     Connection-specific DNS Suffix 
  . : wp.comcast.net
     Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 6150
     Physical Address. . . . . . . . . : 40-25-C2-63-C2-B8
     DHCP Enabled. . . . . . . . . . . : Yes
     Autoconfiguration Enabled . . . . : Yes
     IPv6 Address. . . . . . . . . . . : 2601:8:a182:1100:8f5:1606:d0a8:6b25(Prefe
  rred)
     Temporary IPv6 Address. . . . . . : 2601:8:a182:1100:283e:f9e8:4841:6c50(Pref
  erred)
     Link-local IPv6 Address . . . . . : fe80::8f5:1606:d0a8:6b25%3(Preferred)
     IPv4 Address. . . . . . . . . . . : 10.1.10.31(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Lease Obtained. . . . . . . . . . : Tuesday, March 10, 2015 9:19:02 AM
     Lease Expires . . . . . . . . . . : Tuesday, March 17, 2015 1:23:15 PM
     Default Gateway . . . . . . . . . : fe80::abd:43ff:fe9a:ab47%3
  10.1.10.1
     DHCP Server . . . . . . . . . . . : 10.1.10.1
     DHCPv6 IAID . . . . . . . . . . . : 54535618
     DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-15-6B-AA-F0-DE-F1-9C-07-D4
     DNS Servers . . . . . . . . . . . : 2001:558:feed::1
  2001:558:feed::2
                  10.1.10.42
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Any thoughts? I was assuming it was a Domain Controller/DNS error, but I don't know where to check next.  Could a failing piece of hardware be the culprit? 
  Thanks,
   -JT

  Hi,
  According to the error you have posted.
  A Netlogon 5719 event indicates that the client component of Netlogon was unable to locate a DC for the domain it was trying to perform an operation against.
  Most of the time this is caused by network issues or name resolution (DNS/WINS) issues, you could refer to:
  Netlogon 5719 and the Disappearing Domain [Controller]
  http://blogs.technet.com/b/instan/archive/2008/09/18/netlogon-5719-and-the-disappearing-domain.aspx
  Did you refer to this KB article?
  Event ID 5719 is logged when you start a Domain Member
  http://support.microsoft.com/kb/938449
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Install Active Directory Domain Controller on Windows server 2008 enterprise, dont login on Sql Server 2008 R2

  I install Active Directory Domain Controller on Windows server 2008 enterprise and dont login on Sql Server 2008 R2. Before install ADDC, I have logon SQL Server 2008r2 Success, After when i install ADDC is don't logon on SQL Server 2008r2 -->not success.
  I have uninstalled ADDC but i still can't login on SQL server 2008r2.
  please help me. it  is very very disaster!
  I think is loss account SQL server 2008r2!

  Hello,
  I stronly recommend you post the detail error message to us while you try to connect to SQL Server instance, it's useful for us to do further investigation.
  Microsoft recommends that you do not install SQL Server 2008 R2 on a domain controller, there are some limitations:
  You cannot run SQL Server services on a domain controller under a local service account or a network service account.
  After SQL Server is installed on a computer, you cannot change the computer from a domain member to a domain controller. You must uninstall SQL Server before you change the host computer to a domain controller.
  After SQL Server is installed on a computer, you cannot change the computer from a domain controller to a domain member. You must uninstall SQL Server before you change the host computer to a domain member.
  SQL Server failover cluster instances are not supported where cluster nodes are domain controllers.
  SQL Server Setup cannot create security groups or provision SQL Server service accounts on a read-only domain controller. In this scenario, Setup will fail.
  On Windows Server 2003, SQL Server services can run under a domain account or a local system account.
  So, I would suggest you try to open up Windows Services list and changed the account for SQL Server service.
  Regards,
  Elvis Long
  TechNet Community Support