Multiple Subordinate Issuing CA in Windows 2012 for redudancy

Similar Messages

• Windows 2012 System State Backup Fails

  We have a Windows 2012 Domain Controller VM that we would like to backup the System State using DPM. Agent has been installed and the Windows Backup has been added.
  When the backup runs in DPM, the job fails. Here is the error code:
  DPM cannot create a backup because Windows Server Backup (WSB) on the protected computer encountered an error (WSB Event ID: 517, WSB Error Code:  0x12363C0). (ID 30229 Details: Internal error code: 0x80990ED0)
  When we try and create the backup using Windows Backup, the following error is in the log file:
  following error code '0x807800C5' (There was a failure in preparing the backup image of one of the volumes in the backup set.). Please review the event details for a solution, and then rerun the backup operation once the issue is resolved.
  We have tried attaching a separate drive and backup to a shared location. Both fail.
  We have tried backup of just a few files on the DC instead of the System State, this fails as well.
  All VSS Writers show as Stable with no errors
  Server has the latest updates
  Server has been rebooted, same issue
  VM is Windows 2012 on a Windows 2008 R2 clustered host and is using Dynamic Disks (not fixed disks).
  Anyone have any thoughts on what could be going on?

  Hi,
  If any of the following are true, you will not be able to backup a system state to that volume.
  • Make sure that the target volume has no shadow copy before the backup starts.  
  • If a system state backup is stored on a source volume, backup settings should be configured for full backups. By default, settings are configured for full backups.  
  • Periodically check that no other user or program maintains a shadow copy on the target volume.  
  • Do not keep volume level backups and system state backups in the same location.  
  • The volume used to store the system state backup needs twice the amount of free space as the size of the system state backup until the backup completes
  Meanwhile please check if it is caused that you are backing up to a critical drive. Try modify the following key:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine\SystemStateBackup\ 
  Set the value of this entry as follows: 
  Name: AllowSSBToAnyVolume 
  Data type: DWORD 
  Value data: 1 
  If you have any feedback on our support, please send to [email protected]

• Script Issue for Windows 2012 R2 or 2012 Operating Systems

  I have this login script that works on older operating systems but fails to run under Window 2012 R2 for users when the login; its setup as a active directory domain user logon policy: Im not much with scripts ..any help you could provide would be great
  Option Explicit
  Dim objFSO, objFolder, strDirectory, WshS, WSHSell, strDriveLetter, intRunError, objShell, strUser
  Dim objNetwork, usrProfile, strProfilepath, usrName
  Set WshS = WScript.CreateObject("WScript.Shell")
  'Expand Environment
  'Create const's to spare time and place
  usrProfile = WshS.ExpandEnvironmentStrings("%UserProfile%")
  usrName = WshS.ExpandEnvironmentStrings("%UserName%")
  ' Message to prove my string contains the path to my profile
  strProfilepath = usrProfile
  ' CREATE FOLDERS ON USER SHARE IF IT DOES NOT EXIST AND ASSIGN RIGHTS
  strDirectory = "\\hadfs1.pmhadley.com\users\" & usrName
  ' Create folder in share.
  Set objFSO = CreateObject("Scripting.FileSystemObject")
  If Not objFSO.FolderExists(strDirectory) Then
  Set objFolder = objFSO.CreateFolder(strDirectory)
  ' Grant permissions to user in the folder.
  Set objShell = CreateObject("Wscript.Shell")
  intRunError = objShell.Run("%COMSPEC% /c Echo Y| cacls " & strDirectory & " /t /c /g " & usrName & ":C ""Domain Admins"":F", 2, True)
  strDriveLetter = "U:"
  Set objNetwork = CreateObject("WScript.Network") 
  objNetwork.MapNetworkDrive strDriveLetter, strDirectory 
  ELSE IF objFSO.FolderExists(strDirectory) Then
  strDriveLetter = "U:"
  Set objNetwork = CreateObject("WScript.Network") 
  objNetwork.MapNetworkDrive strDriveLetter, strDirectory
  END IF
  END IF
  It works if I run the script on the server from command prompt; but Remote Desktop sessions dont show the mapping created

  Hi,
  Get rid of the script and set up your user's home folder like so:
  https://support.microsoft.com/en-us/kb/320043/
  Don't retire TechNet! -
  (Don't give up yet - 13,225+ strong and growing)

• Windows 2012 Nodes - Slow CSV Performance - Need help to resolve my iSCSI issue configuration

  I spent weeks going over the forums and the net for any publications and advice on how to optimize iSCSI connections and i'm about to give up.  I really need some help in determining if its something i'm not configuring right or maybe its an equipment
  issue. 
  Hardware:
  2x Windows 2012 Hosts with 10 Nics (same NIC configuration) in a Failover Cluster sharing a CSV LUN. 
  3x NICs Teamed for Host/Live Migration (192.168.0.x)
  2x NICS teamed for Hyper-V Switch 1 (192.168.0.x)
  1x NIC teamed for Hyper-V Switch 2 (192.168.10.x)
  4x NICs for iSCSI traffic (192.168.0.x, 192.168.10.x, 192.168.20.x 192.168.30.x)
  Jumbo frames and flow control turned on all the NICs on the host.  IpV6 disabled.  Client for Microsoft Network, File/Printing Sharing Disabled on iSCSI NICs. 
  MPIO Least Queue selected.  Round Robin gives me an error message saying "The parameter is incorrect.  The round robin policy attempts to evenly distribute incoming requests to all processing paths. "
  Netgear ReadyNas 3200
  4x NICs for iSCSI traffic ((192.168.0.x, 192.168.10.x, 192.168.20.x 192.168.30.x)
  Network Hardware:
  Cisco 2960S managed switch - Flow control on, Spanning Tree on, Jumbo Frames at 9k - this is for the .0 subnet
  Netgear unmanaged switch - Flow control on, Jumbo Frames at 9k - this is for .10 subnet
  Netgear unmanaged switch - Flow control on, Jumbo Frames at 9k - this is for .20 subnet
  Netgear unmanaged switch - Flow control on, Jumbo Frames at 9k - this is for .30 subnet
  Host Configuration (things I tried turning on and off):
  Autotuning 
  RSS
  Chimney Offload
  I have 8 VMs stored in the CSV.  When try to load all 8 up at the same time, they bog down.  Each VM loads very slowly and when they eventually come up, most of the important services did not start.  I have to load
  them up 1 or 2 at a time.  Even then the performance is nothing like if they were loading up on the Host itself (VHD stored on the host's hdd).  This is what prompted me to add in more iSCSI connections to see if I can improve the VM's
  performance.  Even with 4 iSCSI connections, I feel nothing has changed.  The VMs still start up slowly and services do not load right.  If I distribute the load with 4 VMs on Host 1 and 4 VMs on Host 2, the load up
  times do not change. 
  As a manual test for file copy speed, I moved the cluster resources to Host 1 and copied a VM from the CSV and onto the Host.   The speed would start out around 250megs/sec and then eventually drop down to about 50/60 megs/sec.  If I turn
  off all iSCSI connections except one, it get the same speed.  I can verify from the Windows Performance Tab under Task Manager that all the NICS are distributing traffic evenly, but something is just limiting the flow.  Like what I stated on top,
  I played around with autotuning, RSS and chimney offload and none of it makes a difference. 
  The VMs have been converted to VHDx and to fixed size.  That did not help.   
  Is there something I'm not doing right?   I am working with Netgear support and they are puzzled as well.  The ReadyNas device should easily be able to handle it. 
  Please help!  I pulled my hair out over this for the past two months and I'm about to give up and just ditch clustering all together and just run the VMs off the hosts themselves. 
  George

  A few things...
  For starters, I recommend opening a case with Microsoft support.  They will be able to dig in and help you...
  Turn on the CSV Cache, it will boost your performance 
  http://blogs.msdn.com/b/clustering/archive/2012/03/22/10286676.aspx
  A file copy has no resemblance of the unbuffered I/O a VM does... so don't use that as a comparison, as you are comparing apples to oranges.
  Do you see any I/O performance difference between the coordinator node and the non-coordinator nodes?  Basically, see which node owns the cluster Physical Disk resource... measure the performance.  Then move the Physical Disk resource for the
  CSV volume to another node, and repeat the same measure of performance... then compare them.
  Your IP addressing seems odd...  you show multiple networks on 192.168.0.x and also on 192.168.10.x.   Remember that clustering only recognizes and uses 1 logical interface per IP subnet.  I would triple check all your IP schemes...
  to ensure they are all different logical networks.
  Check you binding order
  Make sure you NIC drivers and NIC firmware are updated
  Make sure you don't have IPsec enabled, that will significantly impact your network performance
  For the iSCSI Software Initiator, when you did your connection... make sure you didn't do a 'Quick Connect'... that will do a wildcard and connect over any network.  You want to specify your dedicated iSCSI network
  No idea what the performance capabilities of the ReadyNas is...  this could all likely be associated with the shared storage.
  What speed NIC's are you using?   I hope at least 10 GB...
  Hope that helps...
  Elden
  Hi Elden,
  2. CSV is turned on, I have 4GB dedicated from each host to it.  With IOmeter running within the VMs, I do see the read speed jumped up 4-5x fold but the write speed stays the same (which according to the doc it should).  But even with the read
  speed that high, the VMs are not starting up quickly.  
  4. I do not see any difference with IO with coordinator and non coordinator nodes.  
  5.  I'm not 100% sure what your saying about my IPs.  Maybe if I list it out, you can help explain further.  
  Host 1 - 192.168.0.241 (Host/LM IP), Undefined IP on the 192.168.0.x network (Hyper-V Port 1), Undefined IP on the 192.168.10.x network (Hyper- V port 2), 192.168.0.220 (iSCSI 1), 192.168.10.10 (iSCSI2), 192.168.20.10(iSCSI 3), 192.168.30.10 (iSCSI 4)
  The Hyper-V ports are undefined because the VMs themselves have static ips.  
  0.220 host NIC connects with the .231 NIC of the NAS
  10.10 host NIC connects with the 10.100 NIC of the NAS
  20.10 host NIC connects with the 20.100 NIC of the NAS
  30.10 host NIC connects with the 30.100 NIC of the NAS
  Host 2 - 192.168.0.245 (Host/LM IP), Undefined IP on the 192.168.0.x network (Hyper-V Port 1), Undefined IP on the 192.168.10.x network (Hyper- V port 2), 192.168.0.221 (iSCSI 1), 192.168.10.20 (iSCSI2), 192.168.20.20(iSCSI 3), 192.168.30.20 (iSCSI 4)
  The Hyper-V ports are undefined because the VMs themselves have static ips.  
  0.221 host NIC connects with the .231 NIC of the NAS
  10.20 host NIC connects with the 10.100 NIC of the NAS
  20.20 host NIC connects with the 20.100 NIC of the NAS
  30.20 host NIC connects with the 30.100 NIC of the NAS
  6. Binding orders are all correct.
  7. Nic drivers are all updated.  Didn't check the firmware.
  8. I do not know about IPSec...let me look into it.  
  9. I did not do quick connect, each iscsi connection is defined using a specific source ip and specific target ip.  
  These are all 1gigabit nics, which is the reason why I have so many NICs...otherwise there would be no reason for me to have 4 iscsi connections.  

• Teaming options with Windows 2012 R2 Host for HV Guests

  Hi
  We are configuring Windows 2012 R2 standard host servers for Win 2008 / Win 2012 Guest servers. We have 3 NICs and using one for host management and other two in windows teaming. We read many blogs and supported configurations, but still not clear about
  the options with teaming.  Usually with teaming we select the default options such as Switch Independent Teaming mode, Dynamic Load Balancing mode with no standby adapter. Recently with this teaming configuration we faced issues with host servers on multiple
  Windows 2012 R2 standard host servers (the guest hang multiple times) and when we removed one of the NICs from team it started working fine. With the switches we didn't find any issues nor with NICs. Is it because of the default team options? Should we go
  with Hyper V port Load balancing mode?
  Expect support from you guys. Thanks in advance
  LMS

  Laljeev Madanamma
  TCP Chimney is not supported with NIC teaming in Windows Server 2012 R2 since TCP Chimney has the entire networking stack offloaded to the NIC, please check you have disable
  it.
  More information:
  NIC Teaming Overview
  http://technet.microsoft.com/en-us/library/hh831648.aspx
  I’m glad to be of help to you!
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Issues with Shell32.dll, NTDLL.DLL and Migration from Windows 2003 to Windows 2012

  Hello all,
  I am new to ThinApp and working as a consultant to help a company migrate older Windows 2003 software to Windows 2012.  They have purchased ThinApp 5.0.4.5 so that is what we will be using.
  We have created a clean 2003 VM and did a pre-scan
  We loaded the application and configured it  and then did a capture.
  We then tested the capture the 2003 VM and it works
  We then loaded the capture on a Clean 2003 VM and it works
  We then loaded onto a 2012 VM and when running the app from a command window get an error  -missing import shell32.dll:StrCpyNW
  If we run the capture in Emulation Mode on 2012 VM, we do not get the Shell32.dll error but instead the cmd fails with a Fault Module Name  - NTDLL.DLL error
  I am sure I am just missing the correct location to identify or configure the capture - but do not have the experience to know where yet.  (Taking training next week).
  Until then, is there any suggestions which I can try?
  Thanks for your time in advance,
  Vince 

  Tried and done that.  The main issue while configuring the printer from the printer Web Interface is that there is no access to the Digital Sending section due to a problem with the "Sun Java plug in"  I think the code mentions 1.31. or similar.
   We downloaded the java plug in and installed it.  No progress. 
  We reset the printer to defaults and reconfigured it .. It sees the smtp gateway and access it but fails sending email with scanned documents.. 
  We have tried in very different ways.  We connected the printer to another domain SBS server 2003 and it works beautifully.  So, I have no idea on what is the problem. We created a firewall exception for ports 390. 1783 from the SBS to the Printer
  and still no go..
  We have tried four different accounts and nothing.  Same results as stated originally.
  Any other suggestions??
  JFM

• Issues with SharePoint 2013 after upgrading from windows 2012 to 2012 r2

  We have a Sharepoint with Sp1 environment on windows 2012. Recently we upgraded the windows 2012 to 2012 r2. After the upgrade sharepoint environment is completely unstable.
  At first all the sites returned 401 errors. After resolving by resetting the object cache accounts the sites are back.
  Then i see that none of the performance point dashboards work. I figured that claims to windows token service is defaulted to local system account. I previously configured with a domain account. I reconfigured to work with domain account. 
  All the dashboard pages throw error.
         Some Error logs:Failed to get document content data. System.ComponentModel.Win32Exception (0x80004005): Cannot complete this function     at Microsoft.SharePoint.SPSqlClient.GetDocumentContentRow 
  Application error when access /Dashboards/Performance Dashboard/Main.aspx, Error=The EnableScriptGlobalization property cannot be changed during async postbacks or after the Init event.   at System.Web.UI.ScriptManager.set_EnableScriptGlobalization(Boolean
  value)    
    4.  I tried to create a new dashboard and this time the performancepoint designer wont launch. After some troubleshooting i see that c2w host file didnot have the caller  C:\Program Files\Windows Identity Foundation\v3.5. 
         I added <add value="WSS_WPG" /> and now it launches
    5.  Now the Dashboard launches and peruser identity works without having kerberos enabled at IIS. I have all the spn and required delegations setup for this url . But i did not configure at the IIS level
  yet.
  It looks like lot of things got messed up and reset. Can we upgrade to windows 2012 r2 with a sharepoint application inplace. what is the recommended approach and Whats happening with Performancepoint dashboards. IS there a known issue with sharepoint 2013
  sp1.
  Raj-Shpt

  Thanks for the above article. Few issues are solved . One of the main issue is with Performancepoint Dashboard.
   I have all the spn and required delegations setup for this url . But i did not configure at
  the IIS level yet. Still per user identity works without having kerberos enabled at IIS.
  Raj-Shpt

• Write access to a directory for ASP 2.0 application stops working on Windows 2012 Standard Cloud Server

  Just moved our ASP 2.0 based web application to a Windows 2012 Standard Cloud Server.  A directory is used for temporary copying of files for the application.  The Read Write access is properly given and everything works but then stops working
  in about 2.5 hours.  The settings are still there, to make things work again typically I add "Everyone" to the security list and apply and then 3 hours later I remove "Everyone" and this refreshes the security setting and things work
  againg for a couple of hours.  Last Cloud server was 2008 R2 and we had no issues.  Recently moved to this new cloud server.  Code has been functioning fine for years and can not migrate it to newer ASP since will have to make quite a few code
  changes.  Obviously a bug which needs to be addressed.  Again the security settings do not disappear but are no longer handled properly every 3 hours or so.

  Hi,
  Is there any other files have the same issue? Please create a test folder and give the same permissions with the directory for ASP 2.0 application to see if the issue still exists.
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• New files and folders on a Linux client mounting a Windows 2012 Server for NFS share do not inherit Owner and Group when SetGID bit set

  Problem statement
  When I mount a Windows NFS service file share using UUUA and set the Owner and Group, and set the SetGID bit on the parent folder in a hierarchy. New Files and folders inside and underneath the parent folder do not inherit the Owner and Group permissions
  of the parent.
  I am given to understand from this Microsoft KnowledgeBase article (http://support.microsoft.com/kb/951716/en-gb) the problem is due to the Windows implmentation of NFS Services not supporting the Solaris SystemV or BSD grpid "Semantics"
  However the article says the same functionality can acheived by using ACE Inheritance in conjunction with changing the Registry setting for "KeepInheritance" to enable Inheritance propagation of the Permissions by the Windows NFS Services.
  1. The Precise location of the "KeepInheritance" DWORD key appears to have "moved" in  Windows Server 2012 from a Services path to a Software path, is this documented somewhere? And after enabling it, (or creating it in the previous
  location) the feature seems non-functional. Is there a method to file a Bug with Microsoft for this Feature?
  2. All of the references on demonstrating how to set an ACE to achieve the same result "currently" either lead to broken links on Microsoft technical websites, or are not explicit they are vague or circumreferential. There are no plain Examples.
  Can an Example be provided?
  3. Is UUUA compatible with the method of setting ACE to acheive this result, or must the Linux client mount be "Mapped" using an Authentication source. And could that be with the new Flat File passwd and group files in c:\windows\system32\drivers\etc
  and is there an Example available.
  Scenario:
  Windows Server 2012 Standard
  File Server (Role)
  +- Server for NFS (Role) << -- installed
  General --
  Folder path: F:\Shares\raid-6-array
  Remote path: fs4:/raid-6-array
  Protocol: NFS
  Authentication --
  No server authentication
  +- No server authentication (AUTH_SYS)
  ++- Enable unmapped user access
  +++- Allow unmapped user access by UID/GID
  Share Permissions --
  Name: linux_nfs_client.host.edu
  Permissions: Read/Write
  Root Access: Allowed
  Encoding: ANSI
  NTFS Permissions --
  Type: Allow
  Principal: BUILTIN\Administrators
  Access: Full Control
  Applies to: This folder only
  Type: Allow
  Principal: NT AUTHORITY\SYSTEM
  Access: Full Control
  Applies to: This folder only
  -- John Willis, Facebook: John-Willis, Skype: john.willis7416

  I'm making some "major" progress on this problem.
  1. Apparently the "semantics" issue to honor SGID or grpid in NFS on the server side or the client side has been debated for some time. It also existed as of 2009 between Solaris nfs server and Linux nfs clients. The Linux community defaulted to declaring
  it a "Server" side issue to avoid "Race" conditions between simultaneous access users and the local file system daemons. The client would have to "check" for the SGID and reformulate its CREATE request to specify the Secondary group it would have to "notice"
  by which time it could have changed on the server. SUN declined to fix it.. even though there were reports it did not behave the same between nfs3 vs nfs4 daemons.. which might be because nfs4 servers have local ACL or ACE entries to process.. and a new local/nfs
  "inheritance" scheme to worry about honoring.. that could place it in conflict with remote access.. and push the responsibility "outwards" to the nfs client.. introducing a race condition, necessitating "locking" semantics.
  This article covers that discovery and no resolution - http://thr3ads.net/zfs-discuss/2009/10/569334-CR6894234-improved-sgid-directory-compatibility-with-non-Solaris-NFS-clients
  2. A much Older Microsoft Knowledge Based article had explicit examples of using Windows ACEs and Inheritance to "mitigate" the issue.. basically the nfs client "cannot" update an ACE to make it "Inheritable" [-but-] a Windows side Admin or Windows User
  [-can-] update or promote an existing ACE to "Inheritable"
  Here are the pertinent statements -
  "In Windows Services for UNIX 2.3, you can use the KeepInheritance registry value to set inheritable ACEs and to make sure that these ACEs apply to newly created files and folders on NFS shares."
  "Note About the Permissions That Are Set by NFS Clients
  The KeepInheritance option only applies ACEs that have inheritance enabled. Any permissions that are set by an NFS client will
  only apply to that file or folder, so the resulting ACEs created by an NFS client will
  not have inheritance set."
  "So
  If you want a folder's permissions to be inherited to new subfolders and files, you must set its permissions from the Windows NFS server because the permissions that are set by NFS clients only apply to the folder itself."
  http://support.microsoft.com/default.aspx?scid=kb;en-us;321049
  3. I have set up a Windows 2008r2 NFS server and mounted it with a Redhat Enteprise Linux 5 release 10 x86_64 server [Oct 31, 2013] and so far this does appear to be the case.
  4. In order to mount and then switch user to a non-root user to create subdirectories and files, I had to mount the NFS share (after enabling Anonymous AUTH_SYS mapping) this is not a good thing, but it was because I have been using UUUA - Unmapped Unix
  User Access Mapping, which makes no attempt to "map" a Unix UID/GID set by the NFS client to a Windows User account.
  To verify the Inheritance of additional ACEs on new subdirectories and files created by a non-root Unix user, on the Windows NFS server I used the right click properties, security tab context menu, then Advanced to list all the ACEs and looked at the far
  Column reflecting if it applied to [This folder only, or This folder and Subdirectories, or This folder and subdirectories and files]
  5. All new Subdirectories and files createdby the non-root user had a [Non-Inheritance] ACE created for them.
  6. I turned a [Non-Inheritance] ACE into an [Inheritance] ACE by selecting it then clicking [Edit] and using the Drop down to select [This folder, subdirs and files] then I went back to the NFS client and created more subdirs and files. Then back to the
  Windows NFS server and checked the new subdirs and folders and they did Inherit the Windows NFS server ACE! - However the UID/GID of the subdirs and folders remained unchanged, they did not reflect the new "Effective" ownership or group membership.
  7. I "believe" because I was using UUUA and working "behind" the UID/GID presentation layer for the NFS client, it did not update that presentation layer. It might do that "if" I were using a Mapping mechanism and mapped UID/GID to Windows User SIDs and
  Group SIDs. Windows 2008r2 no longer has a "simple" Mapping server, it does not accept flat text files and requires a Schema extension to Active Directory just to MAP a windows account to a UID/GID.. a lot of overhead. Windows Server 2012 accepts flat text
  files like /etc/passwd and /etc/group to perform this function and is next on my list of things to see if that will update the UID/GID based on the Windows ACE entries. Since the Local ACE take precedence "over" Inherited ACEs there could be a problem. The
  Inheritance appears to be intended [only] to retain Administrative rights over user created subdirs and files by adding an additional ACE at the time of creation.
  8. I did verify from the NFS client side in Linux that "Even though" the UID/GID seem to reflect the local non-root user should not have the ability to traverse or create new files, the "phantom" NFS Server ACEs are in place and do permit the function..
  reconciling the "view" with "reality" appears problematic, unless the User Mapping will update "effective" rights and ownership in the "view"
  -- John Willis, Facebook: John-Willis, Skype: john.willis7416

• What versions of Adobe Reader are certified for use in MS Windows 2012 RDS?

  I have a MS Windows 2012 RDS (Remote Desktop Services, the new name of Terminal Services) environment. We are running Reader 11.08 now, and having extreme performance issues opening certain PDF documents, and we did not have this issue with earlier versions of Reader/ TS services. And we have tried turning off Protected Mode, Enhanced Security, to no effect.
  So I have been tasked to ask - what versions of Reader are certified to work in 2012 RDS? We want to see if downgrading to an earlier version will help, but I need to know what versions will work in 2012 RDS. I see 10.01.4 available as an offline install; would that be the earliest? Previously, in Win 2003 TS, we used to use Reader v8 successfully.
  Thanks

  Hi MIke,
  Are you still facing this issue?
  Have you tried to install latest update patch 11.0.09. Do you have any GPO's for Reader. Have you tried to disable and checked again.
  Regards,
  Ajlan Huda.

• Print Management Console displays no printers after applying Windows Update for Windows Server 2012 R2 (KB2995388)

  After installing optional Windows Update for Windows Server 2012 R2 (KB2995388) on a print server upgraded from Windows 2012 to Windows 2012 R2, the Print Management Console wouldn't display locally shared or remotely shared printers. Another print server
  could see the printers on this server, but it couldn't see it's own. Removal of the patch resolved the issue.

  Hi,
  à
  Removal of the patch resolved the issue.
  Thanks for sharing in the forum. Your time and efforts are highly appreciated.
  On current situation, would you please let me confirm something more?
  Please check if this update rollup package (KB2995388) install successfully.
  Please run sfc /scannow command to scan all protected system files after installed this update.
  If be possible, please re-install Print Server feature on the server after installed this update. Any find?
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• Windows 2012 Verification of prerequisites for Domain Controller promotion failed

  Windows 2012 Verification of prerequisites for Domain Controller promotion failed and gave the below error(In computer management local group and user option is not there as suggested by a solution!)
  "Verification of prerequisites for Domain Controller promotion failed. The local Administrator account becomes the domain Administrator account when you create a new domain. The new domain cannot be created because the local Administrator account password
  does not meet requirements.
  Currently, the local Administrator password is blank, which might lead to security issues. We recommend that you press Ctrl+Alt+Delete, use the net user command-line tool, or use Local Users and Groups to set a strong password for the local Administrator
  account before you create the new domain."

  OK, the reason you see this error is because when you set up and configured your Windows R2 environment you may have logged into the OS with an account other than Administrator. So, if you created your log in account named Bob, this is throwing off the Server.
  So, hit Ctrl-Alt-Delete, and look who you are logged in as, and then change the account you are logging in as and use the local Administrator account. What you may find is that the default Admin account password has not been set.
  Check that out and see if that is what you are experiencing.
  Best wishes

• Subnet config and switch layout for windows 2012 ISCSI server

  I would like to ask about subnet design and switch layout in regards to using a Windows 2012 ISCSI solution. When you guys design subnets for ISCSI configurations do you use one subnet or multiple subnets?  Also do you link the switches together when
  designing your ISCSI layouts? These types of things are normally discussed in vendor deployment guides.  However, I have not come across a best practices guide for deploying Server 2012 ISCSI.

  I would like to ask about subnet design and switch layout in regards to using a Windows 2012 ISCSI solution. When you guys design subnets for ISCSI configurations do you use one subnet or multiple subnets?  Also do you link the switches together
  when designing your ISCSI layouts? These types of things are normally discussed in vendor deployment guides.  However, I have not come across a best practices guide for deploying Server 2012 ISCSI.
  For iSCSI you typically create a separate subnets around physical NICs you use for iSCSI traffic (assuming they are used by iSCSI target for MPIO of course). Here are few guides on how to do that (some for Windows Server 2008 R2 but you can ignore that fact
  as target itself did not change much and concepts are still the same). See:
  Configure iSCSI MPIO on Windows (full)
  http://blogs.technet.com/b/migreene/archive/2009/08/29/3277914.aspx
  (make sure you have at leas one connection before you try to enable MPIO)
  Setting up a Target and Initiator
  http://www.server-log.com/blog/2011/7/26/setting-up-an-microsoft-iscsi-target-and-initiator-using-mpi.html
  You need however be aware of a couple of facts... 
  1) MSFT does not see much future in iSCSI and is replacing it with SMB3 where it can. So if you want to use iSCSI to provide shared storage to your guest VMs you need to use shared VHDX hosted on SMB3 share, see:
  Shared VHDX for guest VM Cluster
  http://technet.microsoft.com/en-us/library/dn265980.aspx
  If you plan to use iSCSI to host CSV and VM images there you again can use SMB3 share, see:
  Hyper-V over SMB
  http://technet.microsoft.com/en-us/library/jj134187.aspx
  That's both simpler to manage (you don't configure anything except teaming for NICs to enable SMB Multichannel and create a shared folder in a few clicks) and faster: MSFT iSCSI target is not cached @ server side while (OK, Hyper-V ovens VMs in a pass-thru
  mode but other users typically don't do that). SQL Server is the same as Hyper-V in terms of SMB3 support, Windows clusters support SMB3 share as a witness and so on.
  2) That's a single point of failure. Think about using SoFS instead of a single SMB3 share and think about clustering your target (you'll need a separate fault tolerant back end of that) to increase uptime. See:
  MSFT iSCSI Target Failover Cluster
  http://techontip.wordpress.com/2011/05/03/microsoft-iscsi-target-cluster-building-walkthrough/
  Good luck! :)
  StarWind VSAN [Virtual SAN] clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts.

• File Share Cluster Transfer Issues - Windows 2012 R2 - Two Nodes

  Hi There,
  I am having some issues in creating a simple file share on a 2 node cluster.
  Each "File Server" is Windows 2012 R2 Standard.
  Each server has 4 Nic Ports, 2 are configured as a Control Team and the other 2 as a Media Team.  The media team is specifically for any storage and file sharing traffic, the control team is purely for access to the server via RDC.
  The storage is from a NetApp SAN connected via SAS cables to the 2 "File Servers" and transfer speeds to and from that are good (1GB/s)
  I have looked at different step-by-steps to get this working, they all are similar to: https://robertsmit.wordpress.com/2012/06/26/clustering-fileserver-on-windows-2012-step-by-step/
  The share permissions are configured with Everyone with Full Control.
  Once the file shares are all set up, I can browse the shares and any current folders and files.
  I can download any files that exist on these shares...
  The issue is when I try to put a file on the share from a "client" server (win 2008 r2) or even from the other node (connecting to the file share location as I would on another machine)
  I just get the copying dialogue attached, which sits there for about 3-4 minutes and then just finishes with a Network Error.
  This only occurs during an upload of a file to the share.
  All servers can ping each other, there are no cluster event errors..
  Can anyone help, I need to get this fixed ASAP.
  If you need more info then please ask.
  Thanks,
  -Tim

  Hi Tim,
  Did you run the cluster validation before you create this cluster? Please disable any firewall or AV soft and install the recommended hotfixes and updates for Windows Server
  2012 R2-based failover clusters update to narrow down the issue first.
  Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters
  http://support.microsoft.com/kb/2920151
  I’m glad to be of help to you!
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows 2012 R2 RDS Licensing Issue

  I setup RDS License Server role in our domain controller server and installed open license RDS User CAL. From the connection broker server, I setup RDS Deployment's RD Licensing to per user and added the domain controller from the license server
  list. RD Licensing Diagnoser output is ok and able to detect the license server. All servers are windows 2012 R2.
  Now the issue is, when using RD Web access and launching the application, the license manager is still showing 0 issued license. Tried opening several sessions, more than the number of license seats available and still RDS still works fine. Wondering
  whether license server is functioning properly. Let me know if someone experienced the same thing.
  Thanks!
  Joe

  Hi Joe,
  Thank you for posting in Windows Server Forum.
  Have you find any specific error\event id for this case?
  As you have Per User CAL  and to see your Per User RDS CAL usage you need to create a report, save it to a .csv file, and then view the csv file in Notepad/Excel. We can do this in RD Licensing Manager by right-clicking on the server name, choosing Create
  Report - Per User CAL Usage, and then after you have the report right-click on it and choose to save it as csv.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]