Migrating Certificate Services to Server 2012 in a 2008 R2 AD Domain

Similar Messages

• Running two instances of Windows Server 2012 Essentials R2 on the same domain

  We have Windows Server 2012 Essentials R2 running as a domain controller -- and have installed another licensed copy of the same thing on the same domain.  We want to use the 2nd server for running an LOB application and provide backup for the
  AD services. 
  The 2nd server is a member of the domain. Can I do this and have the 2nd server provide AD failover services like they do with 2012 Standard? 

  Two things to consider. In the XP and 2003 era, the OS was not written in a security-first fashion. While XP did have LUA, almost nobody used them. Then came Vista and UAC, and those prompts were a major pain point because nobody wrote for security. Fast
  forward 6 years and standard accounts are a normal best practice. Almost nobody in business recommends running daily tasks as administrator.
  I mention all this to illustrate that, similar to admin accounts, what you used to get away with no longer applies. Running LOB apps on a DC is just bad. Many times, the app just doesn't work. But even if you could get it to work, it is a terrible idea.
  If the stories of Home Depot, Target, and most recently Sony don't already give it away, I'll spell it out. We no longer live in an age where you can take shortcuts and expect to be safe. Large organizations make national news when they screw up. But small
  businesses are targeted just as often and are at just as much risk. From "leaking" their client info to having their data held for ransom, the small business is abused regularly, but never makes national news because they are, by definition, small.
  If you can take simple easy steps to help minimize that risk, such as keeping a domain controller free of other software and locked down, then it is almost unethical to do Otherwise in the modern computing era. The world ha changed. It is our responsibility
  as I.T professionals to change with it. That's why we get to call ourselves "professionals" in relation to I.T.
  So, what bad things? Risking the customer's very livelihood. I consider that pretty darn bad.

• Migrating KMS Services from Server 2003 Servers to Server 2012 R2

  We have two Windows Server 2003 boxes that a previous administrator had setup as our KMS Servers. 
  These servers appear to be activating Office 2010, Windows 7, and Windows Server 2008R2 and 2003
  I can see these activations taking place in the KMS logs on each server.
  The question is what are the steps that we need to take to get the KMS Services migrated to Server 2012 without causing any activation issues in the current environment?  I've be unable to come up with the proper order of operations from researching
  blogs and I'm just not sure how to get where I need to go, what keys to use etc.
  Since this was setup by a previous administrator, there is no documentation on what was done, what keys were used etc.
  KMS Server 1:
  slmgr /dlv   
  Name:  Office(TM) 14, ProPlusKMSHost edition   (Partial Product Key C6PWX)
  Description:  Office(TM) 14 KMS, VOLUME_KMS channel
  Name:   Windows(TM) Server 2003 KMS, W7R2-Kms3 edition
  Description:   Windows(TM) Server 2003 KMS, VOLUME_KMS_R2_B channel (Partial Product Key VX348)
  KMS Server 2:
  slmgr /dlv   
  Name:  Office(TM) 14, ProPlusKMSHost edition   (Partial Product Key 3T9QW)
  Description:  Office(TM) 14 KMS, VOLUME_KMS channel
  Name:   Windows(TM) Server 2003 KMS, W7R2-Kms3 edition
  Description:   Windows(TM) Server 2003 KMS, VOLUME_KMS_R2_B channel (Partial Product Key TT78P)
  Of Note, we are a Microsoft Software Assurance customer and have Volume Licensing
  In Summary, I would like to understand how to move my KMS Services to a new 2012 Server(s) and decommission the old 2003 boxes running KMS without disruption.  As a final step I'd also like to be able to activate Windows 8, Server 2012, and Office 2013.

  Hi,
  If you wanted to slowly transition and verify... you could stand up new KMS host and make the priority of the SRV record lower so that clients will always connect to new server first and fall back to original box second.
  Steps to migrating the KMS:
  1. Uninstall the KMS host key first by running the following command:
  slmgr -upk
  2. Then, install the default kms key by running the following command:
  slmgr /ipk [KMS Client Setup Key]
  The default KMS client setup keys can be found here:
  http://technet.microsoft.com/en-us/library/cc303280.aspx
  3. Delete the record from the DNS:
  Open DNS console:
  Expand _tcp node under the domain.com. There will be a record _VLMCS. Delete this record.
  4. The KMS server is uninstalled.
  5. To install KMS on a new server, enter:
  cscript C:\windows\system32\slmgr.vbs /ipk <KmsKey>
  then to activate the KMS host, enter:
  cscript C:\windows\system32\slmgr.vbs /ato
  6. After activation is complete, restart the Software Licensing Service.
  7. Verify that the record is created for the new server in the DNS.
  To verify that the KMS host is configured correctly, you can check the KMS count to see if it is increasing. Run slmgr.vbs /dli on the KMS host to obtain the current KMS count. You can also check the Key Management Service log in the Applications and Services
  Logs folder for 12290 events, which records activation requests from KMS clients. Each event displays the name of the computer and the time-stamp of an individual activation request.
  https://social.technet.microsoft.com/Forums/windows/en-US/cd4177bd-8df5-4a66-afdc-c760398b7e7f/migrating-kms-server-from-one-computer-to-another
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• WebID (x509 certificate) on Windows Server 2012

  How can a (end) user log in to Windows Server 2012 using his WebID (x509 certificate)?

  Hi,
  I assume that you are talking about smart card logon, which makes it possible for user to logon using a smart card and a PIN (Personal Identification Number).
  More information for you:
  Set up a smart card for user logon
  http://technet.microsoft.com/en-us/library/cc775842(v=WS.10).aspx
  How to implement x.509 certificate-based windows logon and authentication
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0291dee1-1b10-4139-b36d-f1b953f8a09a/how-to-implement-x509-certificatebased-windows-logon-and-authentication?forum=winserversecurity
  I hope this helps.
  Amy Wang

• Configuration failed for Windows Server Update Services on Server 2012 R2 Essentials (Trial Version)

  Hi,
  I'm trying to setup the WSUS on the Server 2012 R2 Essentials (Trial Version) but with no luck. Below are the logs generated. Hopefully someone can guide me on this. Thanks.
  2014-10-15 12:23:06  Postinstall started
  2014-10-15 12:23:06  Detected role services: Api, UI, WidDatabase, Services
  2014-10-15 12:23:06  Start: LoadSettingsFromXml
  2014-10-15 12:23:06  Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentLocal
  2014-10-15 12:23:06  Value is true
  2014-10-15 12:23:06  End: GetConfigValue
  2014-10-15 12:23:06  Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentDirectory
  2014-10-15 12:23:06  Value is C:\WSUS
  2014-10-15 12:23:06  End: GetConfigValue
  2014-10-15 12:23:06  Content directory is C:\WSUS
  2014-10-15 12:23:06  Database roleservice is not installed
  2014-10-15 12:23:06  End: LoadSettingsFromXml
  Post install is starting
  2014-10-15 12:23:06  Start: Run
  2014-10-15 12:23:06  Fetching WsusAdministratorsSid from registry store
  2014-10-15 12:23:06  Value is S-1-5-21-308464661-3380577483-199018475-1000
  2014-10-15 12:23:06  Fetching WsusReportersSid from registry store
  2014-10-15 12:23:06  Value is S-1-5-21-308464661-3380577483-199018475-1001
  2014-10-15 12:23:19  Configuring content directory...
  2014-10-15 12:23:19  Configuring groups...
  2014-10-15 12:23:19  Starting group configuration for WSUS Administrators...
  2014-10-15 12:23:19  Found group in regsitry, attempting to use it...
  2014-10-15 12:23:22  Writing group to registry...
  2014-10-15 12:23:22  Finished group creation
  2014-10-15 12:23:22  Starting group configuration for WSUS Reporters...
  2014-10-15 12:23:22  Found group in regsitry, attempting to use it...
  2014-10-15 12:23:22  Writing group to registry...
  2014-10-15 12:23:22  Finished group creation
  2014-10-15 12:23:22  Configuring permissions...
  2014-10-15 12:23:22  Fetching content directory...
  2014-10-15 12:23:22  Fetching ContentDir from registry store
  2014-10-15 12:23:22  Value is C:\WSUS
  2014-10-15 12:23:22  Fetching group SIDs...
  2014-10-15 12:23:22  Fetching WsusAdministratorsSid from registry store
  2014-10-15 12:23:22  Value is S-1-5-21-308464661-3380577483-199018475-1000
  2014-10-15 12:23:22  Fetching WsusReportersSid from registry store
  2014-10-15 12:23:22  Value is S-1-5-21-308464661-3380577483-199018475-1001
  2014-10-15 12:23:22  Creating group principals...
  2014-10-15 12:23:22  Granting directory permissions...
  2014-10-15 12:23:23  Granting permissions on content directory...
  2014-10-15 12:23:23  Granting registry permissions...
  2014-10-15 12:23:23  Granting registry permissions...
  2014-10-15 12:23:23  Granting registry permissions...
  2014-10-15 12:23:23  Configuring shares...
  2014-10-15 12:23:23  Configuring network shares...
  2014-10-15 12:23:23  Fetching content directory...
  2014-10-15 12:23:23  Fetching ContentDir from registry store
  2014-10-15 12:23:23  Value is C:\WSUS
  2014-10-15 12:23:23  Fetching WSUS admin SID...
  2014-10-15 12:23:23  Fetching WsusAdministratorsSid from registry store
  2014-10-15 12:23:23  Value is S-1-5-21-308464661-3380577483-199018475-1000
  2014-10-15 12:23:23  Content directory is local, creating content shares...
  2014-10-15 12:23:25  Creating share "UpdateServicesPackages" with path "C:\WSUS\UpdateServicesPackages" and description "A network share to be used by client systems for collecting all software packages (usually applications) published
  on this WSUS system."
  2014-10-15 12:23:25  Creating share...
  2014-10-15 12:23:25  Share successfully created
  2014-10-15 12:23:25  Creating share "WsusContent" with path "C:\WSUS\WsusContent" and description "A network share to be used by Local Publishing to place published content on this WSUS system."
  2014-10-15 12:23:26  Creating share...
  2014-10-15 12:23:26  Share successfully created
  2014-10-15 12:23:26  Creating share "WSUSTemp" with path "C:\Program Files\Update Services\LogFiles\WSUSTemp" and description "A network share used by Local Publishing from a Remote WSUS Console Instance."
  2014-10-15 12:23:27  Creating share...
  2014-10-15 12:23:27  Share successfully created
  2014-10-15 12:23:27  Finished creating content shares
  2014-10-15 12:23:27  Stopping service WSUSService
  2014-10-15 12:23:27  Stopping service W3SVC
  2014-10-15 12:23:27  Configuring WID database...
  2014-10-15 12:23:27  Configuring the database...
  2014-10-15 12:23:27  Establishing DB connection...
  2014-10-15 12:23:27  Checking to see if database exists...
  2014-10-15 12:23:28  Database exists
  2014-10-15 12:23:28  Switching database to single user mode...
  2014-10-15 12:23:32  Loading install type query...
  2014-10-15 12:23:32  DECLARE @currentDBVersion       int
  DECLARE @scriptMajorVersion     int = (9600)
  DECLARE @scriptMinorVersion     int = (16384)
  DECLARE @databaseMajorVersion   int 
  DECLARE @databaseMinorVersion   int 
  DECLARE @databaseBuildNumber    nvarchar(10)
  IF NOT EXISTS(SELECT * FROM sys.databases WHERE name='SUSDB')
  BEGIN
      SELECT 1
  END
  ELSE
  BEGIN
      SET @currentDBVersion = (SELECT SchemaVersion FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
      SET @databaseBuildNumber = (SELECT BuildNumber FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
      DECLARE @delimiterPosition INT = CHARINDEX('.', @databaseBuildNumber)
      IF (@delimiterPosition = 0)
      BEGIN
          RAISERROR('Invalid schema version number', 16, 1) with nowait
          return 
      END 
      SET @databaseMajorVersion = SUBSTRING(@databaseBuildNumber, 1, @delimiterPosition - 1)
      SET @databaseMinorVersion = SUBSTRING(@databaseBuildNumber, (@delimiterPosition + 1), (10 - @delimiterPosition))
      IF @currentDBVersion < 926
      BEGIN
          SELECT 3
      END
      ELSE
      BEGIN
          IF (@scriptMajorVersion > @databaseMajorVersion OR
             (@scriptMajorVersion = @databaseMajorVersion AND @scriptMinorVersion > @databaseMinorVersion))
          BEGIN
              SELECT 2
          END
          ELSE IF (@scriptMajorVersion = @databaseMajorVersion AND
                   @scriptMinorVersion = @databaseMinorVersion)
          BEGIN
              SELECT 0
          END
          ELSE
          BEGIN
              SELECT 4
          END
      END
  END
  2014-10-15 12:23:32  Install type is: Reinstall
  2014-10-15 12:23:32  Creating logins...
  2014-10-15 12:23:32  Fetching account info for S-1-5-20
  2014-10-15 12:23:32  Found principal
  2014-10-15 12:23:32  Found account
  2014-10-15 12:23:32  Got binary SID
  2014-10-15 12:23:35  Fetching WsusAdministratorsSid from registry store
  2014-10-15 12:23:35  Value is S-1-5-21-308464661-3380577483-199018475-1000
  2014-10-15 12:23:35  Fetching account info for S-1-5-21-308464661-3380577483-199018475-1000
  2014-10-15 12:23:35  Found principal
  2014-10-15 12:23:35  Found account
  2014-10-15 12:23:35  Got binary SID
  2014-10-15 12:23:35  Setting content location...
  2014-10-15 12:23:35  Fetching ContentDir from registry store
  2014-10-15 12:23:35  Value is C:\WSUS
  2014-10-15 12:23:40  Swtching DB to multi-user mode......
  2014-10-15 12:23:47  Finished setting multi-user mode
  2014-10-15 12:23:47  Writing DB settings to registry...
  2014-10-15 12:23:47  Marking PostInstall done for UpdateServices-WidDatabase in the registry...
  2014-10-15 12:23:47  Starting service W3SVC
  2014-10-15 12:23:47  Configuring IIS...
  2014-10-15 12:23:47  Start: ConfigureWebsite
  2014-10-15 12:23:51  System.Runtime.InteropServices.COMException (0x80070003): The system cannot find the path specified.
     at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
     at System.DirectoryServices.DirectoryEntry.Bind()
     at System.DirectoryServices.DirectoryEntry.get_AdsObject()
     at System.DirectoryServices.PropertyValueCollection.PopulateList()
     at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
     at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
     at Microsoft.UpdateServices.Administration.UseCustomWebSite..ctor()
     at Microsoft.UpdateServices.Administration.PostInstall.ConfigureWebsite(Int32 portNumber)
     at Microsoft.UpdateServices.Administration.PostInstall.Run()
     at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
  Fatal Error: The system cannot find the path specified.

  2014-10-15 12:23:47  Start: ConfigureWebsite
  2014-10-15 12:23:51  System.Runtime.InteropServices.COMException (0x80070003): The system cannot find the path specified.
  Looks like it failed trying to setup the website.
  2014-10-15 12:23:27  Configuring WID database...
  2014-10-15 12:23:27  Configuring the database...
  2014-10-15 12:23:27  Establishing DB connection...
  2014-10-15 12:23:27  Checking to see if database exists...
  2014-10-15 12:23:28  Database exists
  This also looks like its a RE-installation of WSUS.
  Any chance the "WSUS Administration" v-root is already present and did not get deleted after the last uninstallation?
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Server 2003 SBS (with Exchange 2003) migrate to new machine Server 2012 Standard (with Exchange 2013)

  This is what I have:
  A very outdated machine running a small domain, SBS 2003 and Exchange - this is the ONLY server currently.
  This is what my boss ordered:
  A Dell R210 II machine with Server 2012 Standard (and I downloaded the trial for Exchange 2013).
  He wants the old server completely replaced and gone - with everything moved over (including Exchange) to the new machine. The main reason for the upgrade is that not all users can access email on their machines (Macs, new versions of Outlook, etc.)
  I have set up a new standalone server before but never migrated one - and I've found that going from SBS2003/Exchange2003 to Server2012/Exchange2013 is not simple in the least.
  I thought I could just set up the new server as a DC on the domain and have everything replicated to it from the source server. Then I could decommission the old server. I have been told that 1) I can't upgrade Exchange 2003 to 2013 and 2) that I shouldn't
  put Exchange on a DC. What do you do if you only have the one server?

  Hi,
  Just additional. Please also refer to following threads and article, then check if can help you.
  Migrate
  SBS 2003 to Windows Server 2012 Standard
  Migration
  SBS 2003 to Windows Server 2012 Standard
  Transition
  from Small Business Server to Standard Windows Server
  Hope this helps.
  Best regards,
  Justin Gu

• How to setup NTP service in server 2012 R2 to synch with an external NTP server

  Server 2012 R2 Std as DC
  I have looked at the blogs on setup and could not make sense of them. I did this easily on SBS2008 before I migrated to 2012 R2.
  What is the process to establish the DC server 2012 R2 as the time source.  Right now it is BIOS clock and I wish to move to NTP as the time source.
  Thanks for your help
  John Lenz

  Hi JohnLenz,
  You can use the following command line and refer the following KB:
  w32tm /config /syncfromflags:manual
  w32tm /config /manualpeerlist:<IP_or_FQDN_of_the_time_source>
  Note: please replace "<IP_or_FQDN_of_the_time_source>” with the IP address or FQDN of your NTP server.
   Net stop w32time
  Net start w32time
  The related KB:
  Synchronize the Time Server for the Domain Controller with an External Source
  http://technet.microsoft.com/en-us/library/cc784553(v=ws.10).aspx
  Configure the Time Source for the Forest
  http://technet.microsoft.com/zh-cn/library/cc794937(v=ws.10).aspx
  Configuring a time source for the forest
  http://technet.microsoft.com/en-us/library/cc784800(v=ws.10).aspx
  I’m glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Install GoDaddy SSL Certificate to Windows Server 2012 - Access Anywhere

  I would like to activate Access Anywhere on my windows server 2012 essentials. I went through the guided steps and purchased a SSL certificate from Godaddy. Godaddy doesn't offer support regarding the correct installation process of their certificates
  using iis 8 (server 2012 essentials). I noticed that Access Anywhere requires a PFX certificate and Godaddy only provided a PKCS #7 and a cer. file. Please let me know if Godaddy's certificates are compatible with windows server 2012 essentials. Without Access
  Anywhere functioning on my server, the usefulness of the server greatly decreases. Your assistance is greatly appreciated. Thanks. 

  All you need is the standard, lowest level, single domain, no email, no bells, no whistles, no UCC.  Just a simple SSL cert.  Even SBS standard which adds email to the RWA feature, only requires that, thanks to the magic of the dev. team.
  Larry Struckmeyer[SBS-MVP] If your question is answered, please mark the response as the answer so that others can benefit.

• Need assistance how to configure RDS on a standalone Server 2012 R2 not joined to a domain

  Hi,
  I need help on how to configure RDS on my standalone server 2012 R2 that is not joined to a domain.  I would also like to see the counterpart of Terminal Services Manager.
  I am familiar with Terminal Services on my old Server 2003 which I migrating.
  Thank you for your assistance.
  Sincerely,
  Ramon

  Hi,
  the dedicated RDS/TS forum is here:
  http://social.technet.microsoft.com/Forums/en-US/home?forum=winserverTS
  Some useful articles, which seem to answer your questions:
  http://support.microsoft.com/kb/2833839
  http://ryanmangansitblog.com/2013/10/30/deploying-a-rdsh-server-in-a-workgroup-rds-2012-r2/
  http://support.risualblogs.com/blog/2014/03/10/setting-up-a-2012-r2-rds-gateway-for-a-workgroup/
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• How can i use ONE server 2012 to be DC for a domain on the WAN only.. NO LAN. and NO VPN..

  I need to run an active directory that is on a WAN (Utah). a server 2012 standard will be the DC with 60Mbps internet speed both up and downstream.
  approximately 100 clients/member systems will be all over the united states. NO VPN. only via internet. I can use SSL certificate for secure ldap.
  I need this setup to use GPO for different permissions and policies instead of manually doing those on each windows 7 or 8 professional system.
  Ideas??

  Daniel,
  I think since this will be the ONLY system that will be running as a DC providing ADDS and the Direct access server, i should follow this advice from the article you sent:
  For users who never connect directly to the Contoso intranet or through a VPN, they must use the DirectAccess
  Offline Domain Join process to initially join the appropriate domain and configure DirectAccess. When this process
  is complete, the users log on normally and have the same experience as if they were directly connected to the Contoso intranet.
  Because remember, no user will ever connect directly to the subnet where the server is. so do an offline join First and then start managing.. Only thing im worried about is: they keep saying that the direct access function has significantly improved in windows
  8. hmmmmm many systems will be using windows 7 Pro 64Bit. Some windows 8.1 Pro 64bit. should i worry?

• Server 2012 std not able to see Domain, DC and DNS on Win SBS 2008 std Domain

  Hi There
  I have a HP ML 110 G5 SBS 2008 std server as my DC on my network. I recently added a HP Microserver running Server 2012 std (with no roles or features installed) to act solely as a file server for a 3rd party program as the program was not running efficiently
  on the main server.
  The problem I am having now is that the 2012 server keeps falling off the domain and cannot contact DNS server. I have also had to re-enable remote desktop several times. It also shows the 2012 Server as being on a private firewall profile and not on the
  domain firewall profile but I suspect that this is part of the same problem. 
  the resulting problem that this is causing is that the local machines that need to contact an SQL database on the 2012 fileserver intermittently either time out or are very slow to connect.  
  So far I have tried: 
  Switching from Static IP to DHCP. 
  Re-adding the server to the domain. 
  Stopping and restarting DNS services on the DC.
  Checking physical Network connections and routing.
  Putting the 2012 server into the same Organizational Unit as the 2008 DC. 
  Has anyone else encountered this problem when adding a 2012 server to a 2008 domain?  I have a feeling that the solution is probably something simple that I've overlooked, but I can't think what.  Any help would be greatly appreciated. 
  Regards
  Russ
  Also, as some additional info -
  Event viewer gives the following errors:
  Group Policy Error:
  Log Name:      System
  Source:        Microsoft-Windows-GroupPolicy
  Date:          2015-04-27 01:17:51 PM
  Event ID:      1129
  Task Category: None
  Level:         Error
  Keywords:      
  User:          SYSTEM
  Computer:      [SERVERNAME].[DOMAIN].local
  Description:
  The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has
  successfully processed. If you do not see a success message for several hours, then contact your administrator.
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-GroupPolicy" Guid="{AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}" />
  <EventID>1129</EventID>
  <Version>0</Version>
  <Level>2</Level>
  <Task>0</Task>
  <Opcode>0</Opcode>
  <Keywords>0x8000000000000000</Keywords>
  <TimeCreated SystemTime="2015-04-27T11:17:51.111942100Z" />
  <EventRecordID>19056</EventRecordID>
  <Correlation ActivityID="{C0CBAF2B-1E93-49C0-B910-069AE43F74B2}" />
  <Execution ProcessID="732" ThreadID="1336" />
  <Channel>System</Channel>
  <Computer>[SERVERNAME].[DOMAIN].local</Computer>
  <Security UserID="S-1-5-18" />
  </System>
  <EventData>
  <Data Name="SupportInfo1">1</Data>
  <Data Name="SupportInfo2">1548</Data>
  <Data Name="ProcessingMode">0</Data>
  <Data Name="ProcessingTimeInMilliseconds">0</Data>
  <Data Name="ErrorCode">1222</Data>
  <Data Name="ErrorDescription">The network is not present or not started. </Data>
  </EventData>
  </Event>
  DNS Error:
  Log Name:      System
  Source:        Microsoft-Windows-DNS-Client
  Date:          2015-04-27 04:54:58 PM
  Event ID:      8015
  Task Category: (1028)
  Level:         Warning
  Keywords:      
  User:          NETWORK SERVICE
  Computer:      [SERVERNAME].[DOMAIN].local
  Description:
  The system failed to register host (A or AAAA) resource records (RRs) for network adapter with settings:
             Adapter Name : {3DDD0E46-D879-48C0-9DF6-5FAC0F1A56C4}
             Host Name : [SERVERNAME]
             Primary Domain Suffix : [DOMAIN].local
             DNS server list :
  192.168.2.10
             Sent update to server : <?>
             IP Address(es) :
               192.168.2.15
  The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running
  at this time. You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
  <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
  <EventID>8015</EventID>
  <Version>0</Version>
  <Level>3</Level>
  <Task>1028</Task>
  <Opcode>0</Opcode>
  <Keywords>0x4000000000000000</Keywords>
  <TimeCreated SystemTime="2015-04-27T14:54:58.599130300Z" />
  <EventRecordID>19105</EventRecordID>
  <Correlation />
  <Execution ProcessID="856" ThreadID="952" />
  <Channel>System</Channel>
  <Computer>[SERVERNAME].[DOMAIN].local</Computer>
  <Security UserID="S-1-5-20" />
  </System>
  <EventData>
  <Data Name="AdapterName">{3DDD0E46-D879-48C0-9DF6-5FAC0F1A56C4}</Data>
  <Data Name="HostName">[SERVERNAME]</Data>
  <Data Name="AdapterSuffixName">[DOMAIN].local</Data>
  <Data Name="DnsServerList"> 192.168.2.10</Data>
  <Data Name="Sent UpdateServer">&lt;?&gt;</Data>
  <Data Name="Ipaddress">192.168.2.15</Data>
  <Data Name="ErrorCode">1460</Data>
  </EventData>
  </Event>

  Can you post an ipconfig /all from the server and the DC?
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• DirectAccess Server 2012 Configuration cannot be retrieved from domain controller

  Hi everyone,
  We are using DirectAccess over Server 2012. There is just one server, no load balancing.
  Everything works fine, all clients can connect successfully and operations status page shows all in green. Nevertheless on the dashboard page in the configuration status section it say “Configuration for server [servername] cannot be retrieved
  from the domain controller.”
  I found a few hints what could cause this problem:
  In my case, the RAConfigTask, a scheduled task, was not enabled on the affected WS2012 server (DA entry point in a multisite deployment). After just enabling it, the errors has gone."
  http://blog.gocloud-security.ch/2013/01/11/ws2012-directaccess-and-the-configuration-for-server-server-name-retrieved-from-the-domain-controller-cannot-be-applied-error/
  Group Policy was filtering out my DA server from the GPO object for some reason. To fix, I opened up Group Policy Management on the domain controller and made sure that my DA server was a part of the group."http://www.joedissmeyer.com/2012/12/more-issues-and-solutions-for.html
  Server has no connectivity to the domain in order to update the policies. Run “gpupdate /force” on the server to force policy update. GPO replication might be required in order to retrieve the updated configuration.
   This could be because there is no writable domain controller in the Active Directory site of the Remote Access server. http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/56fedb17-1274-4e1a-b2d0-fea809f0bc45
  I checked everything. Task is enabled and completed successfully, GPO is not filtered out, run gpupdate without any errors, could connect to domain controller, no errors on domain controller, domain controller is writable.
  So, I have no idea what could cause this error. Any ideas or hints?
  Thanks
  Regards
  Sebastian

  i have the exact same problem i figured out that there was a problem with the logon as a service
  secpol.msc --> Local Policies --> User Rights Assignement, Logon as a service i have NT Service\All Services
  i can acces the group policy via the cpnsole just fine i have not connectivity issues what so ever.
  i decided to open a call with microsoft, their suggestion .... we dont know reinstall so i did and here we are same problem and no solution. it is getting frustrating...

• Server 2012 R2 DirectAccess - 2008 R2 Client

  I have things working for Server 2012 R2 Direct Access and Windows 8.1 Enterprise machines. Now moving on to Server 2008 R2 as a client, the environment is not working.
  I just tried turning on Windows 7 support and applying but still no luck.  I am not seeing much on this, so I suspect it usually just works for Server 2008 R2?
  Mike

  So I forged ahead with an actual fresh Windows 7 machine, all service packed up, instead of the existing 2008 R2 machine that we need to keep for sometime.
  I've installed the DCA 2.0, made the Group Policy edits on the domain.  The Windows 7 machine has received the updates and DCA appears happy when on the private network.
  However when the Windows 7 machine is switched over to the public network, no connection.  Not really much of a hint as to what the problem is.
  RED: Corporate connectivity is not working.
  "Your computer cannot connect to the DirectAccess server. If the problem persists, contact your administrator.
  The Probes FAIL, DTEs FAIL.
  The 2012 R2 DirectAccess server has no knowledge of the failed connection attempts.
  This is quite the challenge... 
  Mike

• Cannot install Active Directory Domain Services on Server 2012 R2

  Hi all,
  I'm having some trouble installing the AD DS role onto my virtual server. I keep getting "The request to add or remove features on the specified server failed. The operation cannot be completed because the server that you specified requires a restart."
  After the install fails the DFS Namespace service stops and I cannot refresh the server manager. 
  This server is currently dishing out DHCP and also has VIPRE anti virus on it. 
  I did a ton of research on the problem but can not find anything specific to this issue.
  Any help would be greatly appreciated. Thanks!

  Hi Dave,
  I ran the DISM.EXE/Online/Cleanup-image/Restorehealth command and Windows did not find any corruption. 
  I then attempted to install active directory and was greeted with the same errors as I expressed in my first post. 
  I ran the DISM.EXE/Online/Cleanup-image/Restorehealth command again and windows found corruption and fixed the corruption. 
  I tried to install active directory again (was able to refresh the server manager at this point and did not need to reboot the server to attempt another install, maybe that is the corruption windows fixed?) but it failed.... with the same errors I always
  get. 
  The active directory install always freezes on 64% and then bombs out. 
  I shutdown the VM and rebooted... before the login screen Windows attempts to configure updates but fails. Could this be the cause?
  Thank you,
  -Matt

• Testing windows server 2012 R2 Essentials with a "diferent" Domain name.

  Hi, i've been testing the essentials version server and i've found some tips to change the Domain name at the setup install moment of the server.
  but, when i try to use a Domain name like this: Mylocaldomain.com.mx
  it allows me to use the .com name but doesn't allow me to use the .mx suffix.
  do you know if there is a way to workaround this detail? or it won't be permitted at all. ?
  thanks in advance!

  Hi,
  Based on my experience, an internal corporate namespace that used for internal purpose does not need to end in a valid top-level domain. That is to say you can use .ux as the top-level domain if you only use the domain on internal.
  In your configuration, com is the second-level domain and
  mx is the top-level domain. In general, com is a kind of the core group of generic top-level domains
  which indicates that this name has been registered to a business organization for commercial use. Maybe it is due to you cannot use
  com as the second-level domain and you can use another second-level domain instead of
  com to see if the issue persists.
  Best regards,
  Susie