Monitoring of other domain member server

Similar Messages

• Installing Ciscoworks LMS 4.0 on Windows domain member server.

  Hello.
  I'm looking for some suggestions about installing CiscoWorks LMS 4.0, and upgrade, on a domain member server running Windows 2008 R2 SE 64 bit.
  Thanks.
  Andrea

  Here are the basic install best practices:
  1) Install as a local administrator (this means create a local account and add it
  the "Administrators" group).
  2) My Computer -> Properties -> Advanced -> Environment Variables
  Set the USER TMP and TEMP to a shorten path like
  C:\Windows\temp
  3) Make sure you have FIXED pagefile size like 8182
  My Computer -> Properties -> Advanced -> Performance Options -> Advanced
  4) May need to reboot, certainly log out an back in to make sure step 2 applies.
  5) Stop all anti-virus and firewall during the installation.  Disable them in services and reboot if necessary.
  *  NOTES: Anti-virus can be re-enabled after installation, but you should  EXCLUDE
  the NMSROOT directory as long as LMS is installed on the  server. DEP should
  remain off (that is, set to only protect critical  Windows system files) as long as LMS
  is installed on the server.
  *  If Internet Information Services (IIS) is detected on your system and  if you have
  continued the installation with IIS services, you cannot use  the port number 443 for
  HTTPS. Instead, you must use the port numbers  ranging from 1026 to 65535 for
  HTTPS to avoid this conflict.
  When performing the installation, make sure these two steps are followed:
  *  Install from original, locally attached media
  *  NEVER abort the installation after the installer says not to
  It may not always be possible to install from original, locally attached  media
  (especially on VMs). But you should avoid from installing over  the network as hiccups
  can cause bad installations. If you are  installing on a virtual machine, convert the DVD
  to an ISO image, then  mount that within the VM.
  Here is the document detailing all ports needed to be allowed (excluded from policy)
  for LMS 4.0
  LMS 4.0 Port Usage
  General Notes:
  If you want to upgrade the operating system from Windows 2003 or Windows
  2008 to Windows 2008 R2, you must first complete upgrading the operating
  system, and then install the LMS 4.0.x Windows 2008 R2 patch.
  *  You can install the LMS 4.0.x Windows 2008 R2 patch only on LMS 4.0.x
  and not on the lower version of LMS.
  *  You cannot install Integration Utility and HP Open View 7.x or 8.x on
  Windows 2008 or Windows 2008 R2 servers.
  Check out:
  System and Browser Requirements for Server and Client
  LMS Patches-Windows

• Trouble with detect network "Domain network" in the domain member server

  HI a have quetstaion about detecking "domain network " in the windows 2012 r2 server . after instaling and adding this member server to domain i look that i cannot connect to this server . After I connect to console a detect site also public site
  . After I disable and enable this netwotk site the network is correct domain. How is detect which network is it ? this contacted domain controller ? etc. ???
  Thank you for answer 
  Falcon

  Hi
  Not fully understood the problem. But if you have a Windows domain and you can't add the new server to the domain or can't connect
  to the server after or before joining to the domain. Then it could be no of reason first one to check is firewall.
  Turn the firewall on host and source and then try again. Also are you able to ping the new server?
  How are you trying to connect to the server via RDP?
  If yes then you need to enable the RDP and give yourself permission to remote dial in.
  Thanks
  Umar

• Difference between Domain member and standalone server with AD binding

  Hi all,
  Can anyone explain the difference between:
  A) Setting up a MacOSX server as Windows domain member server using Server Manager;
  B) Setting up a MacsOSX server as Windows standalone server and joining the Active Directory using Directory Access;
  My setup:
  ====================
  We have a Windows 2003 A.D. running, all users are set up in the A.D.
  Also we have two MacOSX servers, which provide file services (both AFP and SMB/CIFS) for Mac and Windows clients, while using the A.D. for user authentication.
  One of the MacOSX servers is configured as a domain member server, the other is configured as Windows standalone server. The latter is bound to the A.D. using Directory Access.
  Following the Apple manuals one should think that the first setup (domain member) is the best.
  As for Open Directory: both servers are running as Standalone.
  How my setup behaves
  ====================
  Official Apple guidelines are to set up the Mac server as domain member. Reality is another thing though.
  For AFP both servers perform equal: users are authenticated against the A.D. and get access to their shares. File/Folder permissions are as expected.
  For Windows clients things aren't the same.
  The server setup as Windows Domain member acts strange. Windows clients don't have single signon experience.
  Every file/folder's owner shared on this server is <<unknown>> to the client. Also, when a Windows user creates a file/folder the owner is <<unknown>>.
  Sometimes the Samba server just stops authentication. A relaunch of the Samba service fixes this.
  The server setup as a standalone server performs as expected. Windows clients have single signon experience, there are no issues with file/folder owner. Also authentication never stops.
  Several kinds of Mac   Mac OS X (10.4.9)  

  Hi all,
  Can anyone explain the difference between:
  A) Setting up a MacOSX server as Windows domain member server using Server Manager;
  B) Setting up a MacsOSX server as Windows standalone server and joining the Active Directory using Directory Access;
  My setup:
  ====================
  We have a Windows 2003 A.D. running, all users are set up in the A.D.
  Also we have two MacOSX servers, which provide file services (both AFP and SMB/CIFS) for Mac and Windows clients, while using the A.D. for user authentication.
  One of the MacOSX servers is configured as a domain member server, the other is configured as Windows standalone server. The latter is bound to the A.D. using Directory Access.
  Following the Apple manuals one should think that the first setup (domain member) is the best.
  As for Open Directory: both servers are running as Standalone.
  How my setup behaves
  ====================
  Official Apple guidelines are to set up the Mac server as domain member. Reality is another thing though.
  For AFP both servers perform equal: users are authenticated against the A.D. and get access to their shares. File/Folder permissions are as expected.
  For Windows clients things aren't the same.
  The server setup as Windows Domain member acts strange. Windows clients don't have single signon experience.
  Every file/folder's owner shared on this server is <<unknown>> to the client. Also, when a Windows user creates a file/folder the owner is <<unknown>>.
  Sometimes the Samba server just stops authentication. A relaunch of the Samba service fixes this.
  The server setup as a standalone server performs as expected. Windows clients have single signon experience, there are no issues with file/folder owner. Also authentication never stops.
  Several kinds of Mac   Mac OS X (10.4.9)  

• SQL 2008 R2 small business server OS edition check fails on SBS 2011 premium install on SBS member server.

  I am having trouble installing SQL 2008 Small Business Edition on top of MS 2008 std from the SBS premium suite. I recieve the SQL Server 2008 R2 setup log error stateing "Operating system supported for edition "Failed". The specific error is "EditionRequirementCheck
  Failed" This SQL server edition is not supported on this operating system.
  The SQL 2008 server is a valid SBS domain member server and sees the SBS domain just fine. I have tried re-installing the OS. Not selecting any options except the SQL engine, verbose logging as per How to diagnose "Operating system supported for edition"
  pre-requisite errors while installing SQL 2008 Standard Edition for Small Business with no success. (no log.txt generated), enabled browsing, and other items with no luck.
  I got the software from MVLS under the specific SBS 2011 premium section. It doesnt seem right or sees something to keep it from installing. The SBS AD box is clean with all FSMO and root functions assigned to it. There are no trust relationships or
  child domains. I have licenses for 75 users. Of course there is no tool, log or utility to find what the actual issue the SQL installation is seeing. SOS! Help!!!

  I meet all prerequisites that can be verified.
  I am installing it on the SBS Premium Server 2008 R2 OS from MVLS with the ISO file ending in 29732.
  I am on a valid SBS 2011 domain.
  The new SQL box is joined to the domain as a member server.
  THe SBS server contains alll FSMO roles and is the root of the AD.
  There are no trust relationships or child domains.
  There is NO way that I can find to determine the number of user and device licenses that it "senses" on the domain. I dont know which ones to count. I am licensed for 75 users and have less than that useing the network. There is no licensing monitor or meathod
  I can find to actually verify what the SQL install sees.
  I am doing all this logged in as the domain admin.
  The troubleshooting steps at the bottom of the post refrenced do not work or I am doing them wrong. I cannot find an output file when I enable verbose logging for the SQL install. I believe if I figure out how it may point the way to the block. Thanks

• Two Essentials, one Domain Controller, one Member Server....

  Hi
  is possible to install 2 Essentials Server : one as a Domain controller and one as a member server of the same domain?
  If it's not possible, the second Essentials could be at least in Workgroup environment?
  thank you

  Oh, I have no clue on demoting.  I am fairly certain that would be bad karma. I got lost when they stopped calling them Backup Domain Controllers. I cant see the forest for the trees.
  I don't understand backup DC on a small local lan anyway.  I mean most of the time if the server is down, it needs to be fixed. In a branch/quicker logins perhaps. Or maybe a LOB app on a 3rd box, but would they not login with cached creds ? 
  If he really wants a second DC I think Server Standard and Cals is the way to go.  I do not see the advantage to adding the essentials role to a second server on the local lan for 13 users.
  I don't suppose he can take it back, but he could take it home to backup his PC's there.  Me thinks he would be better off spending the money he spent on the second box for backups or even Storage Craft quick boot.  Server dies, you can be backup
  in 10 minutes.  Or just save the second box for the hardware and do practice bare metal recoveries to it periodically
  Grey

• Install Exchange on a 2013 Member server and later join it to a domain

  I'm installing Exchange 2013 on a 2012 Server at our depot. It will be joined to a SBS2003 Domain at a later date.   What precaution do I need to make.  Especially during the preinstall?
  Bonnie Whalon

  That is exactly what I meant by "no".
  An Exchange installation is more than installing the bits, it's configuring everything, which includes a huge amount of configuration in Active Directory.  Further once you've installed Exchange on a member server, you can't rename it.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• URGENT!! Demoted SBS server and now no other Domain Controllers are functioning

  Last night we were demoting a 2003 SBS in a domain. We have 3 other domain controllers that were online and appeared to be functional. All were shown in Sites and Services as GC. However, after demoting the SBS server, our other Domain controllers are not
  functioning as GCs or as DCs.
  I can get into Sites and Services if I let it fail when it tries to connect to the domain and then tell it to connect to the specific domain controller. But then things don't look quite right. I can't see all the tabs when I drill down to NTDS Settings and
  go to properties. The only tabs that show up are Security and Attribute Editor. Same thing with ADUC, I only get some of the tabs. It is like only half of AD is there.
  I need some urgent help if anyone can assist.

  Hi,
  In order to identify the cause, I suggest you run
  DCDiag command on a Domain Controller, and post out the results for troubleshooting:
  Dcdiag
  http://technet.microsoft.com/en-us/library/cc731968.aspx
  What does DCDIAG actually… do?
  http://blogs.technet.com/b/askds/archive/2011/03/22/what-does-dcdiag-actually-do.aspx
  Best Regards,
  Amy Wang

• Powershell script to get the domain admin list from non domian member server

  hello Script guys!
  I am new of the powershell scripting.
  currently I am working on autometion project , we would like generate a privilege report for our existing servers.
  in our environment, there are many seprated domain , we would like generate the report from one server instead to login each server to check , could you provide some guide on how can we get the specific domain admin list for each domain from a non domain
  membership server by using the powershell script? many thanks for your help.

  You could remote to the domain controller or use ADSI to query the domain.
  Look inth eGallery as ther eare many scripts there tha will return group membership using ADSI.
  ¯\_(ツ)_/¯

• [Solved] Need pointer for setting up an email server for other domains

  I am trying to setup a mail server that can handle multiple domains. Followed this tutorial [1]
  What I have:
  mailserver.domain.tld
  domain.tld
  domain2.tld
  I have set up postfix with dovecot through postfixadmin, have configured roundcube as my web email client. For the emails coming from and going to the @mailserver.domain.tld addresses work as I would expect them to.
  But what I am not grasping I guess is how do I add the domain.tld and domain2.tld domains so that the emails are @domain.tld but they are properly routed to be received on @mailserver.domain.tld
  I have been reading the wiki and the postfix virtual readme, but I feel like I am getting lost and confused on terms. Can someone point me back on path for what the proper next step is to be able to get the other domains to receive mail properly. Should it be done with a virtual email or domain or? I have tried both, but probably not properly and any time I send from @domain.tld the email headers do not say to send back to @mailserver.domain.tld .
  Thanks for your time and help.
  [1] https://wiki.archlinux.org/index.php/Si … ail_System
  Last edited by vwyodajl (2013-03-26 21:03:17)

  Did you add MX records for mailserver.domain.tld to your domains? That should basically all that is needed to get it working, assuming you configured the domains in postfixadmin already so your postfix feels responsible for them.

• Error while trying to change Standalone to Domain Member

  Error while writing settings. (Cannot make the server a domain member)
  What setting have I got wrong?

  Could you by chance post what setting was causing the issue? I am also encountering it and I'm not exactly sure where the error is coming from.

• Windows 2008 member server, repeating event 4625 in the security log

  Hello,
     I'm having an issue with a member server on our 2008 domain, security log is filling up with event 4625, here are the details:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          4/23/2014 2:04:42 PM
  Event ID:      4625
  Task Category: Logon
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      my.member.server
  Description:
  An account failed to log on.
  Subject:
   Security ID:  NULL SID
   Account Name:  -
   Account Domain:  -
   Logon ID:  0x0
  Logon Type:   3
  Account For Which Logon Failed:
   Security ID:  NULL SID
   Account Name:  
   Account Domain:  
  Failure Information:
   Failure Reason:  Unknown user name or bad password.
   Status:   0xc000006d
   Sub Status:  0xc000006a
  Process Information:
   Caller Process ID: 0x0
   Caller Process Name: -
  Network Information:
   Workstation Name: -
   Source Network Address: 10.0.0.115
   Source Port:  51366
  Detailed Authentication Information:
   Logon Process:  Kerberos
   Authentication Package: Kerberos
   Transited Services: -
   Package Name (NTLM only): -
   Key Length:  0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
      <EventID>4625</EventID>
      <Version>0</Version>
      <Level>0</Level>
      <Task>12544</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8010000000000000</Keywords>
      <TimeCreated SystemTime="2014-04-23T18:04:42.197Z" />
      <EventRecordID>99893119</EventRecordID>
      <Correlation />
      <Execution ProcessID="744" ThreadID="844" />
      <Channel>Security</Channel>
      <Computer>KLINEWEB.kline.local</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="SubjectUserSid">S-1-0-0</Data>
      <Data Name="SubjectUserName">-</Data>
      <Data Name="SubjectDomainName">-</Data>
      <Data Name="SubjectLogonId">0x0</Data>
      <Data Name="TargetUserSid">S-1-0-0</Data>
      <Data Name="TargetUserName">
      </Data>
      <Data Name="TargetDomainName">
      </Data>
      <Data Name="Status">0xc000006d</Data>
      <Data Name="FailureReason">%%2313</Data>
      <Data Name="SubStatus">0xc000006a</Data>
      <Data Name="LogonType">3</Data>
      <Data Name="LogonProcessName">Kerberos</Data>
      <Data Name="AuthenticationPackageName">Kerberos</Data>
      <Data Name="WorkstationName">-</Data>
      <Data Name="TransmittedServices">-</Data>
      <Data Name="LmPackageName">-</Data>
      <Data Name="KeyLength">0</Data>
      <Data Name="ProcessId">0x0</Data>
      <Data Name="ProcessName">-</Data>
      <Data Name="IpAddress">10.0.0.115</Data>
      <Data Name="IpPort">51366</Data>
    </EventData>
  </Event>
  The IP address that appears in source network address all belong to VPN clients. And it looks like its only happening with 4-5 IPs, all of which are VPN clients. These clients shouldn't be connecting to anything on this server, which is why its puzzling.
  Our DC is Windows 2008 and the VPN server is another member server on the domain. I suspect the issue is at the client PCs since there are many other VPN clients connected that don't generate the event ID.
  Can anyone tell what the issue might be?
  Thanks.

  Hi Rayminette,
  There are multiple login sources that could possibly be generating the errors:
  FTP logins - check your FTP log to see if login failures are showing up at the same time.
  Logins via Basic Authentication over http or https (simple, but possibly dangerous, way to password-protect a web site).
  ASP scripts.
  This logon type 8 indicates a network logon like logon type 3 but where the password was sent over the network in the clear text. Windows server doesn’t allow connection to shared file or printers with clear text authentication. The only situation
  I’m aware of are logons from within an ASP script using the ADVAPI or when a user logs on to IIS using IIS’s basic authentication mode. In both cases the logon process in the event’s description will list advapi. Basic authentication is only dangerous
  if it isn’t wrapped inside an SSL session (i.e. https). As far as logons generated by an ASP, script remember that embedding passwords in source code is a bad practice for maintenance purposes as well as the risk that someone malicious will view the source
  code and thereby gain the password.
  Reference from:
  What is the source of thousands of 4625 Logon Failure errors with Logon Type 8 (NetworkCleartext)?
  I hope this helps.

• DC not showing under "Network" in Windows Explorer of member server

  Hello Community
      After spending an endless amount of time trying to create SharePoint Server farm
  and seeing an error message stating that I could not connect to the master, I found
  that that was not the problem at all.
      The farm has Windows 2008R2 Server dc (Server1) and Windows 2008 Server member server
  (Server2).
      If I go into Windows Explorer and click "Network" on the Windows 2008R2 Server
  dc (Server1) the Windows 2008 Server member server (Server2) is visible.
      But if I go to the Windows 2008 Server member server (Server2) and click "Network"
  I do not see the Windows 2008R2 Server dc (Server1) it is not visible.
      I figured that since Server2 showed under "Network" I would be able to map a network
  drive to Server2. But when I tried to map the network drive I got the following error
  message:
      "\\Server2 is not accessible. You might not have permission to use this network
       resource. Contact the administrator of this server to find out if you have access
       permissions."
      However, after a waiting a looong time I was able to do the opposite by
  mapping a network drive from Server2 from Server1.
      But that doesn't solve the problem because Server1 still doesn't show under
  "Network" on Server2 which is what is needed.  It only mapped to the C:\ drive on Server2,
  which is what the server farm needs.
      I am admin on both servers.
      The firewall is off.
      Both servers are obviously in the same domain.
      How can I get Server1 to appear under "Network" on Server2?
      Thank you
      Shabeaut

  Hi,
  Based on my experience, if your computer is connected to a network, you can see all of the computers and devices that are currently part of the network in the Network
  folder.
  Please make sure the DC and server2 are in the same network and network discovery setting is set to open on both of the computers.
  In addition, did you have other member servers on the same network? If yes, can you see them list in the network folder on server2?
  I also recommend you to ping the DC on server2 to make sure the connectivity between them.
  Best regards,
  Susie

• Non-Domain Print server

  Hello All,
  We set up a non-domain print server for our SAP integration. We have several printers all being shared. When we go to add a printer on a workstation or terminal server through add a printer and choose network we can bring up list through typing in \\servername\.
  When we use windows explorer it says we can not access. How can we allow them to browse printers through windows explorer? This will be done from domain and non domain accounts. 
  -File and printer sharing is on
  -Windows firewall is off
  - Guest account is on

  Hi,
  à
  When we use windows explorer it says we can not access.
  Would you please let me know complete message that you can get?
  Please follow the path: Control Panel-> Network and Sharing Center-> Change advanced sharing settings.
  Please also click ‘Turn on network discovery’ and monitor the result.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Limit Administrator Access to only OS Level functions on a Windows 2003 (and up) Domain Controller Server

  <p>I have read several articles such as:</p><p>1.&nbsp; <a href="http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS">http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS</a></p><p>2.&nbsp;
  Active_Directory_Delegation.doc</p><p>Consider that a domain controller, doing no other functions than domain based functions (ie no file server, printer or app server) - is managed in two parts:&nbsp; The OS-only level, to read log files,
  server health monitoring, install OS-level Micrsoft security patching and the second part being Domain management level - Users and Computers, Domains and Trusts, etc).</p><p>For a given domain controller server, an outsourced support&nbsp;group&nbsp;needs
  to be responsible for the OS-only level access - they need no access to the Domain management level functions so they can fufill contractual obligations (SLAs) for server uptime, patching etc.&nbsp; </p><p>For the same given domain controller
  server above, there is an internal (non-outsourced) support group that will perform all Domain management level functions only.&nbsp; They want to manage the Domain on the Domain Controller servers, want the Outsourcer to manage the VM and OS-related tasks,
  but DO NOT want them to be able to access and change information in Users and Computers, Domains and Trusts etc.&nbsp; </p><p>With that explaination, would putting the Outsourcer's AD-based account IDs in the Server Operators group alone be
  sufficient to allow OS-level management, like patching, reboots, etc but disallow access to Domain Management functionality (Users and Computers etc) - or does it need to be a combination of built in groups and delgated rights?</p><p>Please consider
  that I am seeking a technical solution here&nbsp;- do not respond with "either trust your Domain Administrators or keep your junior admins from the server" as that is not a viable solution.&nbsp; </p>
  Jason B. Allen

  Hi Jason,
  According to your description, you want to assign the OS-level management and Domain management rights to two groups separately, right?
  Based on my research, members of Server Operators group don’t have sufficient rights to install updates for Domain Controllers, you can refer to this article below:
  Default groups
  http://technet.microsoft.com/en-us/library/cc756898(v=WS.10).aspx
  You can configure Allow non-administrators to receive update notifications group policy so that non-administrative users will be able to install all optional, recommended, and important updates content for which
  they received a notification, except some updates which contain User Interface, End User License Agreement and so on, which still require domain admin credentials.
  To enable non-administrator users the ability of logging onto and shutting down DCs,
  Allow logon locally and Shut down the System rights should be granted.
  In addition, reading logs and monitoring server performance rights are included on Performance Log Users and Performance Monitor Users groups.
  More information for you:
  Step 5: Configure Group Policy Settings for Automatic Updates
  http://technet.microsoft.com/en-us/library/dn595129.aspx
  User Rights Assignment
  http://technet.microsoft.com/en-us/library/cc780182(v=WS.10).aspx
  I hope this helps.
  Amy Wang