Server 2012 Patch and Certificate Problems - GPO Breaking Server

Similar Messages

• Exchange 2013 Windows Server 2012 NLB and DAG on the same server

  Hi all, I am installing Exchange 2013 infrastructure with two servers. 
  Both servers have the CAS and Mailbox roles. 
  For mounting on High Availability, will create a DAG. 
  Client Access I have no external Network Load Balancer. 
  I thought about installing the NLB servers in the DAG members, this could not be done before. 
  I do not know if in Windows Server 2012 and Exchange 2013 
  Can I install NLB on members of a DAG? 
  regards
  Microsoft Certified IT Professional Server Administrator

  Hi,
  I’m afraid that WNLB and DAG cannot coexist in the same server. Because WNLB is incompatible with Windows failover clustering. If we're using an Exchange 2010 DAG and we want to use WNLB, we need to have the Client Access server role and the Mailbox server
  role running on separate servers.
  For more information, you can refer to the following article:
  http://technet.microsoft.com/en-us/library/ff625247(v=exchg.141).aspx
  Thanks,
  Angela Shi
  TechNet Community Support

• I have windows server 2012 R2 and install active directory

  My question is I install active directory in windows server 2012 R2 and create Group Policy. ( These set-up is only for test)
  Have not registered domain only install active directory to test. 
  So the problem is when I created Group policy for my user and put software restriction policy but its affected to my administrator accounts too, No when I open VMware (install Virtual Machine windows XP) and start os then its shows you can not user this
  software as you restricted from installing software (Something like that don't know exact Error). I could not start installed Virtual Machine. 
  Please give me a solution for this.
  This is the setup for a test use only so their not big environment connect with my pc.
  Thanks in advance.
  Regards,
  Krunal

  Hi,
  The following article is talking about creating and managing Group Policy on a Windows Server 2012:
  http://www.thomas-krenn.com/en/wiki/Creating_and_managing_a_Group_Policy_on_a_Windows_2012_Server
  As Darren Blanchard mentioned, if you want to apply the GPO, you could link it to an OU that contain the computer or user.
  Group Policy Overview
  http://technet.microsoft.com/en-us/library/hh831791.aspx
  Please feel free to let us know if you need further assistance.
  Regards.
  Vivian Wang

• REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER

  I am using a window 7 professional  service pack 1 and I purchase REMOTE DESKTOP SERVICES CLIENT ACCESS LICENSES FOR MICROSOFT WINDOWS SERVER 2012 STANDARD AND DATACENTER. but  the seller did not send me any installation CD or instruction
  on how to use it.
   Please how can I use it on my window 7 professional  service pack 1.
  Thank you.

  Though Bill is absolutely correct for most CALs, Remote Desktop Services does have its own special licensing server.  I haven't installed one on 2012, yet, but here is a step-by-step guide for 2008. 
  http://technet.microsoft.com/en-us/library/dd983943(v=ws.10).aspx
  Here is a lab guide for 2012 -
  http://technet.microsoft.com/en-us/library/jj134160.aspx
  But, the explanation of your environment begs the question - what are you trying to do?  You say you have a desktop OS and you are talking about Windows Server products.  In that light, your question does not make a lot of sense.
  . : | : . : | : . tim

• Hyper-v Role in Windows Server 2012 foundation and Essentials

  Hello,
  I have seen that the two low cost version of Windows Server 2012 essential and Foundation) will not support hyper-v. Can you please tell me what it means exactly :
  Can you please tell me what is possible :
  -The server can not be installed as a hyper-v  guest (probably yes)
  -The hyper-v role can not be installed on the server (so I have to rely on vmware)?
  - Hyper-v role can be installed but there is no free license included with the server.
  Thank you
  Marc

  I suppose then, you would have to install Windows 8 and Hyper-V as your guest or core.
  Then run your Server 2012 Foundation under Win8.  which has 512GB Memory Limit.
  It seems asinine that you cannot install this role on Foundation, but seemingly you could work around it with Win8.  (Or Sun Virtual Box (free) (or VmWare(Free).
  So load up a dozen Win8Pro virutal sessions on that Win8 VirtualBox with up to 512GB Memory and Create your own Ghetto Remote Desktop Server with Foundation and Windows 8.   ;)
  What good is it if your can't run Hyper-V and Remote desktop services?  Those are the two apps small business need most.  But Microsoft strips it out, calls it a DEAL  (Essentials and Foundation) , yet if you want the good stuff, you're gonna
  have to buy Server 2012 Standard anyhow, + the CALs.
  So you are hooked into this "deal" by Microsoft Special Offer.   Its special alright, because you get to buy it twice.  The stripped down version that come with your server, then the full version when you discover Foundatoin and Essentials gives
  you AD, and thats it.  Nothing Else.  No "deal"
  Remember:
  All you get with Foundation or Essentials is AD and Group Policy.
  You cannot load RDP on Foundation or Essentials
  You cannot load Exchange on a DC, or Foundation or Essentials
  You cannot load Exchange and RDP on the same box.
  You cannot have Remote Web Apps if you load RDP on your DC.
  You cannot win with Microsoft.  No worthwhile "deal" has ever come out of the city of Redmond.
  The internet is a one-way money pipeline to Microsoft.
  Its three times the work, three times the cost and requires three servers licenses to do with 2012, what you could do with one 2008R2 license.  
  Might as well purchase 2 Server 2013 Standard Editions if you want:
  1.) Active Directory
  2.) Remote Desktop and Remote Apps
  3.) Your own Exchange Server
  You are better off installing a NAS if all you need is a file server. 
  Why bother with Foundation or Essentials?  Its a "Gimmick-ware"

• Windows Server 2012 Standard and Essentials User CAL's

  I've been running Windows Server 2012 Essentials in an organization that until recently stayed within the 25 user 50 network device limit specified by the license. Eventually we've grown beyond that. Since the Server 2012 Essentials machine had a non-transferable
  OEM license I decided not to waste it by doing an in-place migration to Server 2012 Standard, and instead set up a new server with freshly purchased Server 2012 R2 Standard and migrated Active Domain roles to it, leaving the original server as a part of a
  fail-over cluster.
  We purchased 30 User CAL's for the 2012 R2, as required for 25+ staff members.
  Now I am curious. The 2 servers that we have right now (2012 R2 Standard and 2012 Essentials) both maintain the same Active Directory and manage the same pool of users and workstations. Does that mean that the primary server with 30 User CAL's takes dominance
  and sets the limit as to how many people are allowed to access the network. Or does it become a combination of purchased 30 CAL's + 25 Users hard-wired into the 2012 Essential edition?
  Do these servers have to run separate domains with segregated pools of users in order to be license compliant for 30+ users or can they exist within the same same domain preserving individual user limits? What if the 2012 Essentials server maintains
  one office location with fewer than 25 staff and the Standard R2 2012 server runs another office with fewer than 30 staff, while both offices are linked via a VPN for the purpose of sharing 3rd party licenses? Do individual user limits apply, or is it still
  30 users max?
  To sum up the question, I'd like to know whether I'd need to buy more user CAL's when we reach more than 30 staff at 1 or possibly 2 office locations.
  Oh, and the device limit! 2012 R2 Standard under user CAL licensing scheme has no machine limits. Essentials is always capped at 50. When running one active directory, what's the legally allowed number of devices on the network? I assume it's unlimited.
  Thanks.

  Thank you for the reply.
  My question then is how to transition while preferably keeping both physical servers.
  Should a 2012 Standard key be purchased additionally for an in-place transition of 2012 Essentials machine to 2012 Standard (which at this point is as good as a fresh install)? Until then, should the Essentials 2012 server be taken offline entirely?
  What about the situation where I described both servers running segregated networks with their own pools of users, only connected via a VPN for 3rd party license sharing? Is that configuration supported?
  Also, if the configurations is unsupported, why are the servers able to share roles in first place? Why isn't there a software mechanism preventing interaction? What configuration do the servers themselves assume is in place?
  Thanks again.

• Is it possible to uninstall IE 11 from Windows Server 2012 R2 and replace it with the latest version of IE 10?

  Is it possible to uninstall IE 11 from Windows Server 2012 R2 and replace it with the latest version of IE 10? We have a remote desktop farm setup with 2012 R2 servers and we are publishing some web links that only work with IE10. As a result, we need to
  downgrade the remote desktop servers to IE10. I have a feeling that this isn't possible, but if I could get a definitive answer, I would greatly appreciate it, thank you!

  Hi,
  Agreed with DonPick.
  Internet Explorer 11 is preinstalled with Windows 8.1 and Windows Server 2012 R2.
  More information regarding Internet Explorer 11, please check:
  Internet Explorer 11 - FAQ for IT Pros
  http://msdn.microsoft.com/en-us/library/dn268945.aspx
  Best regards
  Michael Shao
  TechNet Community Support

• Just FYI, Windows Server 2012 R2 and Windows Server 2012 BranchCache Deployment Guide in Word format in the TechNet Gallery

  The Windows Server 2012 R2 and Windows Server 2012 BranchCache Deployment Guide is now available for download in Word format in the TechNet Gallery at
  http://bit.ly/1pYZT3F
  Thanks -
  James McIllece

  hello again,
  meanwhile I was lucky to find this article about Idenity Mapping in TechNet in the Storage Team Blog:
  http://blogs.technet.com/b/filecab/archive/2012/10/09/nfs-identity-mapping-in-windows-server-2012.aspx
  Likely to be overseen at the end of one paragraph it says:
  "Client for NFS does not support NFS V4.1 in Windows 8 or Windows Server 2012"
  Question : Is this an official statement and is it still valid with most recent
  Windows Server 2012 R2 that NFS client does NOT support NFSv4.x  ??
  thanks - Rainer

• Server 2012 R2 and DPM 2012 (ocsetup not recognized)

  I am trying to install DPM 2012 on Server 2012 R2 and unalbe to get past prerequisties check.  When I try the command "OCSetup.exe SIS-Limited"  it comes up that OCSetup is not recognized.  How do I install (SIS) on Server 2012 R2?

  Hi.
  DPM 2012 SP1 is not supported running on Windows 2012 R2.  Please decide on one of the following.
  A) Install DPM 2012 R2 on the Windows Server 2012 R2 or other
  supported operating systems.
  B) Install DPM 2012 SP1 on Windows Server 2012 or other
  supported operating systems.
  FYI for Windows server 2012 R2 the new command is:
  dism /online /enable-feature:SIS-Limited
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This
  posting is provided "AS IS" with no warranties, and confers no rights.

• Remote Desktop Gateway on Windows Server 2012 R2 and IPAD

  Hi guys,
  Would love some help with an issue I been struggling for a couple of days now.
  I have a RDS 2012 R2 Gateway configured and it works great with all Windows clients both internal and external communication. The problems comes now when my I want to use  IPAD
  from APPLE. I installed latest RD Client from Microsoft and it works great from the internal network but as soon the device is moved to an external network the client get an error while connecting. Gateway is located in the domain network.
  The error is “Failed to parse authorization Challenge”,
  This is what I see in the log file from the RD Client.
  [2014-Mar-06 16:53:49] RDP (0): --- BEGIN INTERFACE LIST ---
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
  [2014-Mar-06 16:53:49] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip2 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip3 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): pdp_ip4 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): en1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): ap1 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): en0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): awdl0 af=18  addr= netmask=
  [2014-Mar-06 16:53:49] RDP (0): --- END INTERFACE LIST ---
  [2014-Mar-06 16:53:49] RDP (0): Not using any proxy
  [2014-Mar-06 16:53:49] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'MB-RDS-01.contoso.LOCAL' to 'ERROR: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Error message: Unable to connect to remote PC. Please provide the fully-qualified name or the IP address of the remote PC, and then try again.(phase: 0, type: 0, reason: 0, systemCode: 0, systemMessage: )
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2014-Mar-06 16:53:54] RDP (0): Final rdp configuration used: {
      activeUsername = " Contoso\\User01";
      arcTimeout = 1800;
      cacheId = 12BF328DD1C8B841;
      certificatesUseRedirectName = 1;
      configurationVersion = 8;
      font = 1;
      gatewayId = F2EE288CD1C8B841;
      gatewayMode = 2;
      gwAutodetectState = kConnectionGwAutodectedForceGW;
      host = "MB-RDS-01.CONTOSO.LOCAL";
      label = "Murbiten - Terminal Server";
      loadBalanceInfo = "tsv://MS Terminal Services Plugin.1.Contoso_-_Termi";
      mouseMode = "-1";
      port = 3389;
      temporary = 1;
      type = rdp;
      useAlt = 0;
      utilityBar = "-1";
      webFeedVersion = "Windows 2008 R2 or newer";
      connections =     (
          F4BF288CD1C8B841,
          12BF328DD1C8B841
      host = "remote.customer.com";
      id = F2EE288CD1C8B841;
      port = 443;
      temporary = 1;
      type = rdp;
      kCFProxyTypeKey = kCFProxyTypeNone;
  [2014-Mar-06 16:53:54] RDP (0): --- BEGIN INTERFACE LIST ---
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=::1 netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=2 (AF_INET)  addr=127.0.0.1 netmask=255.0.0.0
  [2014-Mar-06 16:53:54] RDP (0): lo0 af=30 (AF_INET6)  addr=fe80::1%lo0 netmask=ffff:ffff:ffff:ffff::
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip0 af=2 (AF_INET)  addr=10.25.216.171 netmask=255.255.255.255
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip2 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip3 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): pdp_ip4 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): en1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): ap1 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): en0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): awdl0 af=18  addr= netmask=
  [2014-Mar-06 16:53:54] RDP (0): --- END INTERFACE LIST ---
  [2014-Mar-06 16:53:54] RDP (0): Not using any proxy
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolConnectingNetwork(1)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Resolved 'remote.customer.com' to '194.71.11.69' using NameResolveMethod_Unknown(0)
  [2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
      User Message : Failed to parse authorization Challenge
  [2014-Mar-06 16:53:54] RDP (0): Exception caught: Exception in file '/Users/build/jenkins/workspace/rc-ios-develop/protocols/RDP/librdp/librdp/private/httpendpoint.cpp' at line 346
      User Message : Failed to parse authorization Challenge
  [2014-Mar-06 16:53:54] RDP (0): Error message: Failed to parse authorization Challenge(phase: 0, type: 0, reason: 0, systemCode: -1, systemMessage: )
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnecting(7)
  [2014-Mar-06 16:53:54] RDP (0): Protocol state changed to: ProtocolDisconnected(8)
  [2014-Mar-06 16:53:54] RDP (0): ------ END ACTIVE CONNECTION ------
  en → en
  authorization
  Adam Bokiniec

  Hi Jeremy,
  I found a solution, thanks for you effort. The solutions is the following.
  First thing that needs to be done is either solution from options below, I did the Solution 1 in my case and added a NPS server to AD. (https://blogs.technet.com/b/networking/archive/2010/01/14/remote-desktop-gateway-client-fails-authentication-with-your-user-account-is-not-authorized-to-access-the-rd-gateway.aspx)
  Solution 1
  Register the NPS server in Active Directory:
  In Server Manager, browse to the following location: Roles\Network Policy and Access Services\NPS (Local).
  Right click on the NPS (Local) node and choose Register server in Active Directory.
  Click OK to authorize the server when prompted.
  Solution 2
  Open Active Directory Users and Computers on any Domain Controller of the same domain as the Remote Desktop Gateway.
  Add the Computer Name of the Remote Desktop Gateway to the RAS and IAS Servers group.
  Situation B
  Restart the RDS host and Gateway server.
  Secondly and the most important is to configure an alternate address that match your public certificate. My public certificate CNAME is “remote.domain.se”.
  All commands need to be run as administrator in PowerShell
  To show you current configuration run the following commands:
  CollectionName is the Collection Name you created for the RDS deployment.
  To get your collection name type
  Get-RDSessionCollection
  When you got the collection name type
  Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
  The default configuration will look like this:
  CustomRdpProperty     : use redirection server name:i:1
  No to add you public domain name that match the certificate run the following command
  Set-RDSessionCollectionConfiguration –CollectionName " RDS - Terminal Server " -CustomRdpProperty "use redirection server name:i:1 `n alternate full address:s:remote.domain.se
  Run again to verify your settings
  Get-RDSessionCollectionConfiguration -CollectionName "RDS - Terminal Server" | FL *
  Now it show look something like this
  CustomRdpProperty     : use redirection server name:i:1
                           alternate full address:s:remote.domain.se
  IPADs and iPhones can now connect to your environment.
  Adam Bokiniec

• Windows Server 2008 R2 Standard "Certificate Authority Service" / Exchange Server 2010 EMC not starting and no AD connectivity for authentication.

  Hello,
  I am a new IT Manager at this company and need assistance big time. Their environment looks as follows:
  Server 1. Domain Controller Server (Windows Server 2008 R2 Standard) running active directory.
  Server 2. Email Server (Windows Server 2008 R2 Standard) running Exchange Server 2010 .
  * Note. No back ups to work with aside from whats mentioned below.
  DC had a virus infection causing a lot of issues on the shared network drives 2 days ago locking up all the files with a crypto ransom virus. Running Avast suppressed the infection. Had to recover the file shares which luckily had a back up. 
  The issue is that the Exchange Server 2 post this lost connectivity with the AD Server 1. Exchange Server 2 when launching EMC could not launch the console stating the following:
  "No Exchange servers are available in any Active Directory sites. You can’t connect to remote
  Powershell on a computer that only has the Management Tools role installed."
  Shortly after I found that it is possible the EMC launcher was corrupt and needed to be reinstalled following another blog post. I deleted the exchange management console.msc  per instructions only to discover I couldnt relaunch it because there was
  no way how. So I copied another msc file that happened to be on the DC Server 1  back to Exchange Server 2 and got it to launch again. 
  Another post said that it might be an issue with the Domain Account for the Computer, so to delete it in the AD Server 1 only to find that rejoining it from Exchange Server 2 using Computer>Properties> Chage Settings > Change is greyed out because
  it is using the Certificate Authority Service.
  I tried manually re-adding the computer in AD and modeling permissions after another server in group settings but no go. After this I was unable to login to the Exchange Server 2 with domain accounts but only local admin, receiving the following Alert:
  "The Trust Relationship between this workstation and primary domain failed."
  I tried running the Power Shell tools on Exchange Server 2 to rejoing and to reset passwords for domain accounts as noted in some other blogs but no luck as the Server 2 could not make the connection with Server1 or other errors it kept spitting out.
  I also during the investigation found the DNS settings were all altered on both the Server 1 and Server 2 which I luckily was able to change back to original because of inventorying it in the beginning when I started. 
  I need help figuring out if I need to rejoin the Exchange Server 2 manually by disabling the Certificate Authority Service (or removing the CA as listed here:
  https://social.technet.microsoft.com/Forums/exchange/en-US/fb23deab-0a12-410d-946c-517d5aea7fae/windows-server-2008-r2-with-certificate-authority-service-to-rejoin-domain?forum=winserversecurity
  and getting exchange server to launch again. (Mind you I am relatively fresh to server managing) Please help E-Mail has been down for a whole day now!
  Marty

  I recommend that you open a ticket with Microsoft Support before you break things more.
  Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."

• Certificate problem in Proxy Server (ODSEE 11g)

  I am having a problem adding a CA Certificate to the Proxy Server. I followed the steps in the documentation, however I get the error: "keytool error: java.lang.Exception: Public keys in reply and keystore don't match".
  From what I have read, this error means that the alias name I am using when I add the new certificate is already being used. As per the documentation...
  When you request a CA-signed certificate, a temporary self-signed certificate is created. When you receive and install the CA-signed certificate from the CA, the new certificate replaces the temporary self-signed certificate.
  ... and this does happen. However when I bring in the new cert to replace... I get the mentioned error.
  If I use a different alias, it doesn't give me an error. However, I can't see it when I use the "dpadm list-certs" command (although it is there when I use the keytool command). More importantly, the "defaultservercert" is still the certificate being used when accessing the server.
  So the big question is... How do I get the Proxy Server to use the new CA Certificate?
  I've tried using the keytool command in many different ways, and it fails each time. Lesson learned: don't mess with the keystore via keytool. Any changes made are not recognized by the Proxy Server.
  I don't have access to this Proxy Server via DSCC because I do not have the password for the account running the services (a restriction made by the client), so it all to be done via CLI.
  The operating system is Oracle Solaris 10 8/11 s10s_u10wos_17b SPARC.
  Here are some outputs:
  $ ./dsee7/bin/dpadm list-certs ./dsee7/instances/PROXY01
  Alias Valid from Expires on Self-signed? Issued by Issued to
  defaultservercert 2012/06/18 09:23 2014/06/18 09:23 y CN=wpsun882:25389 Same as issuer
  1 certificate found.
  $ ./dsee7/bin/dpadm request-cert name devB2ADIRPROXY01.domain.com org 'COMPANY INC' org-unit IT city 'Eden Prairie' state Minnesota country US --keysize 2048 -o ./dsee7/ca-cert.csr ./instances/PROXY01 ca-cert
  $ ./dsee7/bin/dpadm list-certs ./dsee7/instances/PROXY01
  Alias Valid from Expires on Self-signed? Issued by Issued to
  defaultservercert 2012/06/18 09:23 2014/06/18 09:23 y CN=wpsun882:25389 Same as issuer
  ca-cert 2012/06/18 09:25 2014/06/18 09:25 y C=US, ST=Minnesota, L=Eden Prairie, O=COMPANY INC, OU=IT, CN=devB2ADIRPROXY01.domain.com Same as issuer
  2 certificates found.
  $ ./dsee7/bin/dpadm add-cert ./dsee7/instances/PROXY01 ca-cert ./dsee7/wpsun882.pem
  keytool error: java.lang.Exception: Public keys in reply and keystore don't match
  Thanks in advance!

  I can elaborate it further
  class GUI extends JFrame implements Runnable
  public void updateGUI()
  //update the GUI
  class MailListener extends Thread
  GUI refernce; // Reference to the GUI class
  public MailListener(GUI g)
  reference = g;
  public void run
  while(true)
  //wait for a message and call the updateGUI() method of
  GUI class when u get a message
  }

• DirectAccess Client not connecting without error code on Windows Server 2012 R2 and Windows 8.1

  Hello,
  we are currently migrating from Windows Server 2012 to 2012 R2 and are not able to get the new Direct Access Service up and running. Our goal is to establish DirectAccess connection for a handful of clients using the IPHTTPS-adapter on the default port 443.
  Errors:
  There is actually no error showing up. It seems the infrastructure tunnel cannot be created but none of the IPv6-transition adapters is connecting (teredo and 6-to-4 are down) and the IPHTTPs adapter gives no informations about a problem:
  >Get-DAConnectionStatus
  Status    : Error
  Substatus : CouldNotContactDirectAccessServer
  >Get-NetIPHttpsState
  LastErrorCode   : 0x0
  InterfaceStatus : Failed to connect to the IPHTTPS server; waiting to reconnect
  Setup:
  Our setup is a virtualized Windows Server 2012 R2 Standard running on Hyper-V. It is located behind a NAT having the Port 443 mapped to the server. The only role installed after the basic install is RRAS including DirectAccess and VPN. The assistants completed
  successfully (running the configuration for DirectAccess and VPN). Operation Status says everything is green und working (for multiple days in the meanwhile). A previous direct access installation (on a different machine running Windows Server 2012) has
  been removed before installing the new server. The new installation is using a different router, so this might also be the cause of a problem.
  The client is a Windows 8.1 notebook located outside the company network accessing the internet through another NAT-device. The client has been able to connect to the previous DirectAccess setup but has never been able to establish a connection after the
  setup of the new Direct Access server. The device has no outbound constraints concerning the NAT-device and is only running the integrated Windows Firewall.
  Diagnosis:
  So far I've done some basic DNS and connectivity checks. The DNS-name can be resolved correctly and the router even responds to pings. The port forward is working and HTTPs connections are generally possible (temporarily routed the port to
  access the NLS-Website located on the server, which worked fine).
  Network monitor shows that both computers are communicating, traffic on the expected Port 443 is incoming on the server and responses from the server reach the client.
  Opening the IPHTTPs-url and in an endless page load. Sometime the browser page closes but I've never seen any result. Using telnet on the port shows that the server is accepting connections. I've even build a small test application that does a GET-Request
  on the URL returning HTTP-200 and no content.
  I'm currently running out of ideas what to do and since no error occurs this is kind of a bit frustrating. Any help appreciated.
  Regards
  Matthias

  Hi,
  In addition, have you disabled the DA client components on the DA client? If no, please also check
  the settings on the Name Resolution Policy Table.
  More information:
  DirectAccess
  Client Location Awareness – NRPT Name Resolution
  In addition, error 0x4C9 means the remote computer refused the network connection. It may be due to the invalid
  registry or corrupt drivers. For more detailed information, please refer to the link below:
  Error 1225 - Error Code 0x4C9
  Note:
  Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best regards,
  Susie

• Task Sequence Windows Server 2012 format and partition issue when using MDT2012

  Hi all,
  Currently I'm working on a task sequence to deploy a Windows Server 2012 image. We've integrated MDT2012 Update 1 in SCCM2012 SP1 and created a default 'Server Task Sequence'. This task sequence deploys the install.wim to a server which has multiple disks
  attached.
  We've configured multiple format and partition disk steps to create the following partition layout:
  Disk 0: 499MB BDEDrive (do not assign drive letter) + 40GB OSDisk
  Disk 1: 40GB Programs
  Disk 2: 40GB Data
  Disk 3: 25GB User
  When the task sequence is finished I've noticed the drive letters assigned to the disk are not correct. In some cases the BDEdrive gets drive letter D assigned, sometimes drive letters are assigned starting with E, thus skipping drive
  letter D. 
  The smsts.log files show an error when it's re-assigning drive letters after booting into Windows. Looks like an error in the DiskPartScript.txt.
  <![LOG[==============================[ OSDSetupHook.exe ]==============================]LOG]!><time="16:59:40.889-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776"
  file="osdsetuphook.cpp:186">
  <![LOG[Executing task sequence]LOG]!><time="16:59:40.905-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776" file="osdsetuphook.cpp:279">
  <![LOG[Loading the Task Sequencing Environment from "C:\_SMSTaskSequence\TSEnv.dat".]LOG]!><time="16:59:40.920-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776"
  file="basesetuphook.cpp:366">
  <![LOG[Environment scope successfully created: Global\{51A016B6-F0DE-4752-B97C-54E6F386A912}]LOG]!><time="16:59:40.936-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776"
  file="environmentscope.cpp:659">
  <![LOG[Environment scope successfully created: Global\{BA3A3900-CA6D-4ac1-8C28-5073AFC22B03}]LOG]!><time="16:59:40.936-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776"
  file="environmentscope.cpp:659">
  <![LOG[Debug shell is enabled]LOG]!><time="16:59:43.806-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776" file="basesetuphook.cpp:1440">
  <![LOG[Successfully enabled debug command shell support.]LOG]!><time="16:59:43.884-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776" file="debugwindow.cpp:156">
  <![LOG[Configuring local administrator account]LOG]!><time="16:59:43.884-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776" file="basesetuphook.cpp:1462">
  <![LOG[Re-assign all drive letters...]LOG]!><time="16:59:43.884-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776" file="diskutils.cpp:1941">
  <![LOG[Executing command line: "C:\WINDOWS\system32\diskpart.exe" /s "C:\WINDOWS\TEMP\DiskPartScript.txt"]LOG]!><time="16:59:43.900-120" date="05-10-2013" component="OSDSetupHook" context=""
  type="1" thread="776" file="commandline.cpp:827">
  <![LOG[Process completed with exit code 2147942487]LOG]!><time="16:59:50.249-120" date="05-10-2013" component="OSDSetupHook" context="" type="1" thread="776" file="commandline.cpp:1123">
  <![LOG[Diskpart.exe STDOUT:
  Microsoft DiskPart version 6.1.7601
  Copyright (C) 1999-2008 Microsoft Corporation.
  On computer: SRV03
  Volume 1 is the selected volume.
  DiskPart successfully removed the drive letter or mount point.
  The volume you selected is not valid or does not exist.
  There is no volume selected.
  ]LOG]!><time="16:59:50.249-120" date="05-10-2013" component="OSDSetupHook" context="" type="3" thread="776" file="diskutils.cpp:1807">
  When I take a look at the generated diskpart_script.log file the volume D gets selected twice, which fails the second time because of the first remove drive letter command.
  This is the output in the diskpart_script.log file:
  select volume D
  remove letter=D
  select volume D
  remove letter=D
  select volume E
  remove letter=E
  select volume F
  remove letter=F
  select volume H
  remove letter=H
  select disk 0
  select partition 1
  assign
  select disk 1
  select partition 1
  assign
  select disk 2
  select partition 1
  assign
  select disk 3
  select partition 1
  assign
  It seems this error is caused by the first 'Format and Partition Disk' step before the 'Use Toolkit Package' step which is part of the default Server Task sequence. When I disable this Format and Partition step and create the partition manually
  all looks ok showing no errors in the smsts.log file.
  I've solved this by replacing the first 'Format and Partition Disk' step by an Powershell command which formats and partitions the disk. 
  Anyone seen this behavior?

  I have a similar problem when I install windows on some clients. Have you found any explanation for the behavior?

• October 2014 update rollup for Windows Server 2012 R2 and Data Protection Manager 2012 R2

  Hello all,
  After installing the October 2014 update rollup for Windows Server 2012 R2 (KB2995388) on our Windows 2012 R2 Core Edition backup jobs of System State start to Fail, below the generic error:
  The replica of Non VSS Datasource Writer on hostname.domain is inconsistent with the protected data source. All protection activities for this data source will fail until the replica is synchronized with consistency check.
  The job was cancelled. The user either cancelled the job or modified the associated protection group.
  Removing the update rollup all jobs complete without errors. Somebody is expiriencing the same issue? How can we resolve the problem?
  Thnks, Andrea

  Hi Andrea,
  Have you installed the update 2919355?
  To apply update 2995388, you must first install update 2919355 on Windows 8.1 or Windows Server 2012 R2.
  According to the official website, the issue which you described is not listed as the known issue.
  Please uninstall this update and continue to monitor the official website for the latest news.
  Best Regards.
  Steven Lee
  TechNet Community Support