Renamed Domain - Clients Still "joined" to old domain, can't open Group Policy Management on Server

Similar Messages

• Server 2012 R2 Group policy management with older Domain servers

  Hi Guys,
  I need your expert assistance with a issue I'm facing.
  We have a client that has 3 domain controllers. The Primary DC is running Server 2003 R2, another one is running Server 2008, and the last DC is running Server 2008 R2. The forest functional level is Server 2000 & the domain functional level is Server
  2003.
  Currently Group policy is processing using a central store across the 3 domain controllers.
  We have installed a new Server 2012 R2 Terminal server and need to apply group policies to the Server to lock it down.
  We have a separate Server 2012 R2 server (say SERVER1) that is also joined to the domain that I have added the group policy management feature to so it can remotely manage group policy.
  It seems to be pulling the all the group policy details from the central store so I can't see any of the server 2012 related settings on
  SERVER1.
  Are we going about this the correct way? how would we best manage the Server 2012 policies? I was thinking either somehow making the specific TS group policy only load in a local policy or templates somehow..

  If you are using a central policy store, this is the expected (intended) behaviour.
  You willl need to update the central store with the latest versions of the adm(x/l) files.
  http://www.microsoft.com/en-us/download/details.aspx?id=36991
  or grab them from a 2012(r2) instalaltion c:\Windows\PolicyDefinitions
  MCP/MCSA/MCTS/MCITP

• Group Policy Management Console Failes to open when one Domain Controller is powered down

  Hi All,
  This was an accidental discovery, but here's my dilemma. I have a site with 2 domain controllers(Windows 2008 R2), and if I shut down my second domain controller, when I try to open the Group Policy Management  Console on the 1st domain controller,
  it fails to open and I get the following error, "The specified domain either does not exist or could not be contacted" with 3 options to "retry", "choose another domain controller", or remove.   If I go to chose another domain
  controller and select the 1st domain controller it still fails.  Unless the 2nd DC is turned on, I have no issues opening the GP management console. Not sure, why this is happening, I've done it in the pass without issue.
  Any help would be appreciated.
  Thanks

  Well it seems that some how the PDC emulator is set to be the 2nd DC instead of the 1st DC on the 1st DC which explains why the failure after the 2nd DC went down. Why or should I say how could the PDC get switched from the primary DC without human intervention.
  Does the PDC automatically switch for any reason?

• How can I launch a site that I designed for a client using their MobileMe account? Can they 'open' my iWeb files on their iWeb software?

  How can I launch a site that I designed for a client using their MobileMe account? Can they 'open' my iWeb files on their iWeb software?

  If you give them the Domain.sites2 file that iWeb used to create the site  they will be able to open it with iWeb application (it has to be the same version as you have) and make changes.  But if you're expected to also make changes you'll need a way to send that file back and forth between the two. 
  Also there's an online MacWorld article that describes a way that both of you could manage the site using Dropbox.  Look at Managing an iWeb site from multiple Macs.
  OT

• I have a G5 mac using ver 10.4.11 and a newer mac using ver 10.8.4 these are networked. using the new mac i looked up my my photo on the old mac. It then said you need to upgrade your library which it did. Now the old mac can not open the photos

  I have a G5 mac using ver 10.4.11 and a newer mac using ver 10.8.4 these are networked. using the new mac i looked up my my photo on the old mac. It then said you need to upgrade your library which it did. Now the old mac can not open the photos and say that I need to upgrade my I photo to a newer version. The old mac has no more support from apple in software update so I am not sure where I should go from here. can I use new soft ware with the old mac

  The other part of the upgrade message was a warning that once you upgraded you would no longer be able to open the library with the old version which is exaclty what you did and what happened when you choose to continue
  The iphoto library needs to be upgraded to work with this version of iPhoto. Your photo library will not be readable by previous versions of iphoto after the upgrade. The upgrade process may take several minutes depending on the number of photos in the library. Cancel or upgrade.
  So now your choices are to not use iPhoto with the previous version using it onky with the newer version, restore your backup from before you did this upgrade or purchase iPhoto Library Manager and use it to rebuild the library using the older version of iPhoto (instructions are on their web site) thereby downgrading it (without projects)
  LN

• After updating Mozilla to 3.6.13, Ican still access my Hotmail, but CAN'T open, delete or move messages. Is there a solution? Thanks!

  after updating Mozilla to 3.6.13, I can still access my Hotmail, but CAN'T open, delete or move messages. Is there a solution? Thanks!

  Niel,
  thank you for the information...I will try your suggestion tonight.
  Arghhhh. Feel like an idiot - as I was clicking within the 'info' tab of these 'locked' folders, I guess I figured out that I could asign myself these 'locked' folders and open them after selecting a user and typing a password in. At that point, I was not looking forward to double-clicking every 'locked' folder and sub-folder from my restored drive.
  Looks like your suggestion will save me alot of time.
  Will advise with results....
  Dave.

• Hi. I am working on a Mac OSX 10.10.2 Yosemite. I'm working remotely with a woman who is using indesign CS8.2 I'm still on CS6.8 and can't open her files. I would like to upgrade to the latest version and I'd also like to know why these upgrades are not a

  Hi. I am working on a Mac OSX 10.10.2 Yosemite. I'm working remotely with a woman who is using indesign CS8.2 I'm still on CS6.8 and can't open her files. I would like to upgrade to the latest version and I'd also like to know why these upgrades are not automatic as i pay a monthly subscription to the cloud. Thanks.

  A Cloud subscription SHOULD always show you the most recent updates, so you may then choose to do the install
  CC desktop lists applications as "Up to Date" when they are not
  -http://helpx.adobe.com/creative-cloud/kb/aam-lists-removed-apps-date.html
  -and added step https://forums.adobe.com/thread/1529654
  Yosemite sometimes has problems, often related to "default" permissions needing to be changed
  -one person's solution https://forums.adobe.com/thread/1689788
  -and a Java update https://forums.adobe.com/thread/1507936
  -update breaks things https://forums.adobe.com/thread/1772260
  -http://blogs.adobe.com/creativecloud/creative-cloud-and-yosemite/
  -https://helpx.adobe.com/x-productkb/global/mac-os-yosemite-compatability.html

• Outlook 2010/2013 clients, outside of our main office, can't connect to our Exchange 2010 server

  Hi,
  Our remote users had been connecting to our Exchange server at our office since the Exchange server was installed in 2011.
  Starting last Wednesday, Outlook 2010/2013 clients, outside of our main office, can't connect to our Exchange 2010 server.  Outlook kept asking for a username and a password.  At the same time, entries of Event 4625 were generated on the Event
  log on out Exchange server. 
  Events 4625 has the following properties, "Logon Type: 3", "Failure Reason: An Error occured during Logon.", "Status: 0xc000006d", "Logon Process: NtLmSsp", and "Authentication Package: NTLM".
  By the way, I had used a laptop to test this problem.  Its Outlook work fine ion the main office, but it won't work outside of our office.
  Does anyone have any idea?
  Thanks.
  Johnnie :(
  Johnnie

  http://blogs.technet.com/b/rmilne/archive/2015/03/17/update-015_2d00_027-revised-_2800_3002657_2900_.aspx
  For additional people reading this thread, please update to v2 of that update.
  Cheers,
  Rhoderick
  Microsoft Senior Exchange PFE
  Blog:
  http://blogs.technet.com/rmilne 
  Twitter:   LinkedIn:
    Facebook:
    XING:
  Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.

• Can I make a wireless Windows domain? And does Group Policy work to limit domain accounts' capabilities?

  The first, most important question of this thread is if I can form a wireless domain or if I have to do it wired.
  If it matters, I have a Linksys E1200 router that does wireless and wired.
  My second question refers to Group Policy. Is this the way domains limit their user account's capabilities? Because I was planning on making a domain, so that I could have unified user accounts that I could control from the server, limiting what those accounts
  can access for further security. Is this what Group Policy does, and how would I move with starting that?

  Hi Adrian,
  >>The first, most important question of this thread is if I can form a wireless domain or if I have to do it wired.
  Just as Alan suggested, Active Directory domains support both wired and wireless connections.
  >>My second question refers to Group Policy. Is this the way domains limit their user account's capabilities?
  Group Policy is an infrastructure that allows you to implement specific configurations for users and computers. Group Policy settings are contained in Group Policy objects
  (GPOs), which are linked to the following Active Directory directory service containers: sites, domains, or organizational units (OUs). The settings within GPOs are then evaluated by the affected targets, using the hierarchical nature of Active Directory.
  Consequently, Group Policy is one of the top reasons to deploy Active Directory because it allows you to manage user and computer objects.
  Regarding group policy, the following link and articles can be referred to for more information.
  Group Policy for Beginners
  http://technet.microsoft.com/en-us/library/hh147307(v=WS.10).aspx
  Group Policy Planning and Deployment Guide
  http://technet.microsoft.com/en-us/library/cc754948(v=WS.10).aspx
  Group Policy
  http://technet.microsoft.com/en-us/windowsserver/bb310732.aspx
  Best regards,
  Frank Shen

• Recently purchased a new imac and thought my old iPhoto library transferred over. It wasn't. And I can't get iPhoto to open on my old mac ("can't open your current version of iPhoto using this version of iPhoto. You have made changes to your photo lib ...

  I purchased a new imac (4G, OS X 10.6.8) in Feb 2011 and thought my old iPhoto library transferred over. It wasn't. And I can't get iPhoto to open on my old mac. It says, "can't open your current version of iPhoto using this version of iPhoto. You have made changes to your photo library using a newer version of iPhoto. Please quit and use the latest version of iPhoto". I don't think my old mac will support the newer version of iPhoto so I feel like I'm stuck (this is why I got a new mac -- cheaper than upgrading all my software, etc). Help! I really need to get to my old photos, and no, they are not backed up anywhere. Thanks.

  You have two options:
  Run the Library on a machine that has the same version as the machine that was stolen.
  or
  Recover the files from this library and start over from scratch.
  To recover the files:
  Go to your Pictures Folder (or whereever you have the back up) and find the iPhoto Library there. Right (or Control-) Click on the icon and select 'Show Package Contents'. A finder window will open with the Library exposed.
  Your originals are in the Masters folder.
  Note this will only recover your photos as imported from you camera.
  Regards
  TD

• Outlook 2013 client, not in domain, can't connect to the Exchange 2013 server.

  Hello everyone,
  A colleague and me are in the process of rebuilding our Hosted Exchange servers. Everything is working perfectly except for the local Outlook 2013 clients. They are not in the domain but in the same network (through VLANs) as our Exchange server, and still
  they can't connect to Exchange without the use of Outlook anywhere. If we use Outlook Anywhere, it connects perfectly. If I ping the Exchange servers (1 CAS, 2 MBX servers) I get response with the right IP addresses.
  We've tried to create a new profile, this goes without problems. We enter the FQDN (or IP address) of CAS server and the required usersname, and the FQDN gets resolved to the correct MBX server where the mailbox resides on. We complete the whole wizard and
  then start Outlook. We then get the error that Outlook can't logon to the Exchange server.
  Is this an authentication setting that is wrong or do we need to use Outlook Anywhere if the PC is not in the same domain as the Exchange server?
  Thanks in advance!

  Hi,
  Agree with Martina, all Outlook clients use RPC over HTTP to connect to Exchange 2013. if the server version is Exchange 2013 SP1, only Outlook 2013 SP1 use MAPI over HTTP to connect to server after we enable the protocol MAPI over HTTP.
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Outlook 2013 client, not in domain, can't connect to the Exchange 2010 server

  Good Aftermoon,
  Having issues it seems getting to the right forum but here is what I have. Currently we are running an Exchange 2010 server. OWA is configured and I am not having any issues with people connecting through it. The issue I am having is that any user that tries
  to connect through Outlook 2013 gets an error message about the proxy server and then a certificate error. I have run the tests through the toolbox and get the following results. 
  Attempting to test potential Autodiscover URL https://autodiscover.westmoreland-county.org:443/Autodiscover/Autodiscover.xml
  Testing of this potential Autodiscover URL failed.
  Additional Details
  Elapsed Time: 694 ms.
  Test Steps
  Attempting to resolve the host name autodiscover.westmoreland-county.org in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 69.89.25.150
  Elapsed Time: 284 ms.
  Testing TCP port 443 on host autodiscover.westmoreland-county.org to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 164 ms.
  Testing the SSL certificate to make sure it's valid.
  The SSL certificate failed one or more certificate validation checks.
  Additional Details
  Elapsed Time: 245 ms.
  Test Steps
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server autodiscover.westmoreland-county.org on port 443.
  The Microsoft Connectivity Analyzer successfully obtained the remote SSL certificate.
  Additional Details
  Remote Certificate Subject: CN=*.bluehost.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated, Issuer: CN=PositiveSSL CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB.
  Elapsed Time: 201 ms.
  Validating the certificate name.
  Certificate name validation failed.
   <label for="testSelectWizard_ctl12_ctl06_ctl00_ctl00_ctl01_ctl02_ctl01_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  Host name autodiscover.westmoreland-county.org doesn't match any name found on the server certificate CN=*.bluehost.com, OU=PositiveSSL Wildcard, OU=Domain Control Validated.
  Elapsed Time: 1 ms.
  Attempting to contact the Autodiscover service using the HTTP redirect method.
  The attempt to contact Autodiscover using the HTTP Redirect method failed.
  Additional Details
  Elapsed Time: 234 ms.
  Test Steps
  Attempting to resolve the host name autodiscover.westmoreland-county.org in DNS.
  The host name resolved successfully.
  Additional Details
  IP addresses returned: 69.89.25.150
  Elapsed Time: 14 ms.
  Testing TCP port 80 on host autodiscover.westmoreland-county.org to ensure it's listening and open.
  The port was opened successfully.
  Additional Details
  Elapsed Time: 83 ms.
  The Microsoft Connectivity Analyzer is checking the host autodiscover.westmoreland-county.org for an HTTP redirect to the Autodiscover service.
  The Microsoft Connectivity Analyzer failed to get an HTTP redirect response for Autodiscover.
  Additional Details
  The URL specified in the location HTTP header was not HTTPS. URL: http://autodiscover.bluehost.com/Autodiscover/Autodiscover.xml
  HTTP Response Headers:
  Keep-Alive: timeout=10, max=500
  Connection: Keep-Alive
  Content-Length: 356
  Content-Type: text/html; charset=iso-8859-1
  Date: Wed, 03 Dec 2014 18:10:08 GMT
  Location: http://autodiscover.bluehost.com/Autodiscover/Autodiscover.xml
  Server: Apache
  Elapsed Time: 135 ms.
  Our setup currently our domain is being hosted and the web master has control of domain settings. 
  I am fairly new to the Excchange Server world so any suggestions that you may have as to how I can resolve this would be great. 
  Bill

  Hi Bill
  Thank you for your pos.
  You can use the following command to check whether you have purchased the certificate of audiscovery.westmoreload-country.org in your organization:
  Get-ExchangeCertificate –server CASServerName | fl
  For example: you want to return all certificates stored on the Client Access server named ClientAccess01, you will type the follow command in EMS.
  Get-ExchangeCertificate -Server ClientAccess01 | fl
  If you didn’t purchased the certificate of audiscovery.westmoreload-country.org, you could contact your certificate supplier.
  You could refer to the following link:
  https://support.microsoft.com/kb/940726?wa=wsignin1.0
  If there are any questions regarding this issue, please be free to let me know.
  Best regard,
  Jim

• Upgraded and Migrated Clients Still Connecting To Old MP

  I'm doing a migration from one site to another and I've just started with one ip range boundary. I did a discovery on the new systems and they all show up in my new site and the clients are getting installed. The only problem is that they are still connecting
  to the old MP. I can see this in ClientLocation.log. What am I missing?
  Orange County District Attorney

  Hi,
  Could it be that the SCCM clients in the old site was distributed uisng a GPO? That GPO is "tattoing" so you need to clear that value in the registry if that was used otherwise that will overwrite all ways to set/discover the
  site code for a client.
  Here is a post on the topic:
  http://blog.coretech.dk/heh/new-agents-will-not-re-assign-to-configmgr-2012-site/
  Also check which site have Boundary Groups configured for site assignment as well. that could alos cause this issue.
  Regards,
  Jörgen 
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Group Policy Management Console crashes when you click the target domain KB 2928427

  I have the Problems described in KB 292827 with Riverbed Steelhead WAN Optimizer configured as  Active Directory Integrated mode enabled, on a Windows Server 2012 R2. The Hotfix in KB 292827 is only for Windows 2012 and Windows 8. Is there a Hotfix
  for Windows 2012 R2 / Windows 8.1?

  Hi,
  Please understand that there is no hotfix for Windows 8.1 and Windows Server 2012 R2 on this issue now. As a workaround at this time, I suggest you’d better disable the application while modifying
  GPOs in GPMC. Hope this hleps.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• A client who is on a pc can't open my mac jpeg attachments. Help?

  Has anybody else had this problem? I attach a jpeg to an email from my Mac (Send Windows-friendly attachments is checked) and my client on a PC using Outlook says they are embedded. I send using different servers, but no luck. Anybody have an answer?

  If you use the automatic functions in other programs like iPhoto, they may be embedded by default. This encapsulates them in an html enclosure in the message and makes reading them more difficult.
  If you allow the insertion point to be at a random location when the insertion is performed in Mail, the photo may be embedded by default. Move the insertion point to the very end of the message text. OR,  send the attachment alone, with a Subject like, Photo ONLY attached (nt)
  -- (nt) is a common shorthand for no message text.
  In desperate situations, you can use this:
  Mail > Preferences > Composing
  Message Format:[ Plain Text ]
  --this will not allow attachment to be encapsulated in html, but you get no formatting in your message text.
  Not that also:
  Responding: [√] Use same message format as original message
  --will impact the format of your messages in some cases.