Server 2012 Win 8.1 GPO Remote Registry Service & Group Policy Trace
I'm trying to enable the Remote Registry Service via GPO (Computer > Preferences > Control Panel > Services).
I set the following (and left the other config items at default):
Startup: Automatic
Service name: RemoteRegistry
Service action: Start service
This only results in a message in the event log and a message when running "gpupdate /force" both saying
"Windows failed to apply the Group Policy Services settings. Group Policy Services settings might have its own log file. Please click on the "More information" link."
HA! When was the last time one of those links helped anyone?
So I tried to enable "Computer > Policies > Administrative Templates > System > Group Policy > Logging and tracing > Configure Services preference logging and tracing" and set
Event logging Informational, Warnings and Errors
Tracing On
User trace c:\Trace\User.log
Computer trace c:\Trace\Computer.log
Planning trace c:\Trace\Planning.log
Maximum size of trace file (KB) 1024
I made the C:\Trace folder.
And NOTHING.
So the GPO doesn't log anything meaningful to the Event Viewer (and tells you to look somewhere that says it can't help you), The same thing is in the "Operational" GPO log, Group Policy Result and GPRESULT /h <filename> give you the same
meaningless poop.
Is there any way to start the flippin' service with the GPO, and is there a way to get any kind of meaningful logging?
Hi,
>>
Is there any way to start the flippin' service with the GPO, and is there a way to get any kind of meaningful logging?
If we want to get verbose information about group policy processing, we can try to enable logging in the Gpsvc.log file.
Regarding how to enable logging in the Gpsvc.log file, the following blog can be referred to for more information.
How to enable GPO logging on windows 7 /2008 r2 ?
http://blogs.technet.com/b/csstwplatform/archive/2010/11/09/how-to-enable-gpo-logging-on-windows-7-2008-r2.aspx
In addition, regarding group policy debug logging, the following article can be referred to for more information.
Group Policy Debug Log Settings
http://social.technet.microsoft.com/wiki/contents/articles/4506.group-policy-debug-log-settings.aspx
Best regards,
Frank Shen
Similar Messages
-
Allow log on through Remote Desktop Services Group Policy for Domain Controllers
Hello,
We want to allow our Helpdesk Operators to be able to connect to Domain Controllers with the Remote Desktop Services. This is by default not allowed but according to many sites, it should be able to configure by using a Group Policy.
We made a new Group Policy with the setting 'Allow log on through Remote Desktop Services' and 'Allow log on locally' (as an extra for testing) and applied Security Filtering to only use it for a specific Security Group. Our test user is a member of this
security group and should be able to access the Domain Controllers now. However this isn't working.
The error message we receive upon trying to connect:
The connection was denied because the user account is not authorized for remote login.
For troubleshooting, we also applied the Security Group for that setting in the Default Domain Controllers Policy but that doesn't seem to work either. We want to avoid customization on our Default Domain Controllers Policy but this was just a test case
for solving our problem.
What should we do to solve our problem?
I hope to hear from you soon.
Thanks in advance.Hi, I just found out what the problem was. This site helped me alot:
http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
In my case, I had the group added to the Allow Logon Through Remote Desktop Services but was not added to the Builtin\Remote Desktop Users group. After knowing this I made some changes to our situation and are now using the builtin\Remote Desktop Users group
rather than a new self made Security Group. I also added the Remote Desktop Users to the Allow Logon Through Remote Desktop Service in the Default Domain Controllers Policy as this is not done by default. By default only the Domain Administrators are able
to logon through remote desktop services.
You do not need the 'Log on Locally' permission within the Group Policies.
In short:
Add the desired users/groups to the 'Builtin\Remote Desktop Users' security group.
Add the 'Builtin\Remote Desktop Users' security group to the 'Allow Logon Through Remote Desktop Services' within the 'Default Domain Controllers Policy'.
Thank you anyway for the fast reply.
Have a nice day! -
This is killing my remote management. I have 4 server 2012R2 domain controllers. Only one of them is being affected with this problem. Almost everytime I check, the remote registry service is disabled again. It seems like there is a corrupt
group policy preference that keeps on attacking during a policy refresh, but I can't imagine setting a group policy to disable this service. It is needed for our remote management. Also the IP Tunnel service is also disabling. Another strange
artifact is that when I set a Windows Firewall policy to add an exception for remote administration in a group policy to my Admin workstation, it seemed to set a firewall rule in other computers to block remote administration. I can not figure out where
else this strange Windows Firewall rule Blocking remote administration could have come from. These may be related or they may not, but they are occuring on the same domain controller. I am able to set the RemoteRegistry service to enabled and to
start it (which I have done too many times now), but it constantly is being changed back to disabled. I am searching the registry to find any invalid entries or artifacts that may be affecting these two annoying effects, but I cannot find anything yet.
Any ideas? I need to know what policies will disable the remoteregistry service OR the IPTunelling service, or where in the registry this could be set to enact this during a policy refresh. Of course, any other ideas are welcome, I have spent
several days troubleshooting this, and need to conquer this by tomorrow if possible, thank you. JamesHi,
Please type
services.msc in RUN to open Services panel, navigate to the Remote Registry service. Then open its Properties and set
Startup type: Automatic. Then please check if this issue still exist.
In addition, please refer to mlippold’s suggestion (the last reply) in following thread and configure relevant
value in RemoteRegistry registry key, then check if can help you to solve this issue.
For registry items, please back up all registry items before all operations. That will help us to avoid some unexpected issue.
Remote
Registry Service stops automatically if we do not use it above 10 minutes
By the way, did you open Event Viewer and check if find any relevant errors?
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Open an program install on Server 2012 as a app with remote desktop
I have a SQL app loaded on Server 2012. The app runs fine when logged into remote desktop on the server. The app loads to c:\Program Files (x86)\MSC\MCS.exe. Remote desktop will not recognize that path to open the .exe file. I
have tried the following path c:\"Program Files (x86)"\MSC\MCS.exe and still will not see the path string and load up. I am using the same path in the folder path as well. I have done hundreds of theses on previous versions but this one
will not work. Is there a trick on server 2012?I tried every form of the path with the %. No luck.
I found that I cannot put a simple .bat file in the temp directory and use the c:\temp\test.bat path and folder c:\temp and get the batch file to run.
Bill Bollinger -
Windows Terminal Server 2012 wont publish any more remote apps!
I have a weird problem with our new Windows 2012 Terminal Server. We have already published one application through a session collection via Remote Desktop Services. We now have the need to publish another application. When I click on the "Tasks"
drop down menu and select "Publish RemoteApp Programs" I get an error of "Server.domain.local is not available on the network. Verify that the server is available on the network or remove the server from the collection"
Does anyone have any ideas why I am seeing this?
ThanksHi,
Thank you for your posting in Windows Server Forum.
First of all please check that you have enough permission or performing with admin account.
I have installed many RemoteApp in my environment and can’t find this error until now.
Have you recently made any changes in your environment before facing this issue?
Did you tried to restart the server and then try to launch new Remote App?
By the way, can you let us know which program you want to publish as Remote App, so if possible then we can try to install and let you know the result.
In meantime, please try to publish new RemoteApp with PowerShell command as Administrator and let us know the result. You can try below command. In this example, we create a RemoteApp to deliver WordPad. We use the following command;
new-rdremoteapp -Alias Wordpad -DisplayName WordPad -FilePath "C:\Program Files\Windows NT\Accessories\wordpad.exe" -ShowInWebAccess 1 -collectionname MySessionCollection -ConnectionBroker LS01.CRFB.Local
For more information, refer beneath article.
Managing Remote Apps using PowerShell on Windows Server 2012
Hope it helps!
Thanks.
Dharmesh Solanki -
EHP2 - EHP7 Upgrade Path using SQL Server 2012/Win Server 2012 R2
Hi Guys.
I have question regarging Upgrade Roadmap for a ERP 6 EHP2 system based on NW 7.01 which I would like to Upgrade to ERP6 EHP7 SP7
Source System is
Windows 2012
SQL Server 2008 R2
EHP2 for ERP 6.0 SPS Level 14
Target System
Windows 2012
SQL Server 2012
EHP7 for ERP 6.0 SP 7 based on NW 7.4 SP 9
During Upgrade checks it says I must Upgrade Database first before continue since DB Release is too low for NW 7.4 SP9 as stated in Note
1951491 - Minimal DB system platform requirements for SAP NetWeaver 7.4 SP08
So, at this point I agree i have to update SQL Server to 2012 before next step
Now, my concern is that my Source System does not have the minimum NW SP level (14) to run under SQL Server 2012 which is 26.
Im currently running SAP Kernel 721 EXT Level 401 which is above mininum
According to Note 1651862 - Release planning for Microsoft SQL Server 2012 that would not be possible
Existing systems of SAP products that are out of SAP maintenance can be upgraded to SQL Server 2012 in order to prepare a SAP upgrade, if they match the SAP NetWeaver Support Package requirements defined below.
SAP products prior to SAP NetWeaver 7.0 are not supported at all on SQL Server 2012.
Required minimum SAP Netweaver Support Package Stacks (SPSs) for SQL Server 2012 (SAP ABAP, SAP ABAP+JAVA stacks)
SAP NETWEAVER 7.0 - SPS 26 (SAP BASIS 26, SAP BW 28)
SAP EHP1 FOR SAP NETWEAVER 7.0 - SPS 11 (SAP BASIS 11, SAP BW 11)
SAP EHP2 FOR SAP NETWEAVER 7.0 - SPS 11 (SAP BASIS 11, SAP BW 11)
SAP EHP3 FOR SAP NETWEAVER 7.0 - SPS 03 (SAP BASIS 03, SAP BW 03)
SAP NETWEAVER 7.1 - SPS 14 (SAP BASIS SP14)
SAP EHP1 FOR SAP NETWEAVER 7.1 EhP1 - SPS 10(SAP BASIS SP10, SAP BW SP10)
SAP NetWeaver 7.2 - no restriction
SAP NETWEAVER 7.3 - SPS 07 (SAP BASIS 07, SAP BW 07)
SAP EHP1 FOR SAP NETWEAVER 7.3 - SPS 03 (SAP BASIS 03, SAP BW 03)
If your system is running on a SPS lower than the one required above, you have to apply the minimum required SPS before upgrading/migrating to SQL Server 2012.
If you install a NetWeaver product on SQL Server 2012, the required SPS for your product must be applied immediately after the installation - see SAP note 1676665, section I for more information.
But performing the Upgrade would be technically possible? I mean not for productive use but technicaly during that time the Database is Upgrade and during SUM Execution.
According to the note it states if you install a Netweaver Product in SQL Server 2012, SPS must be applied immediately, so is kinda ambigous what SAP is saying.
Best
MartinHi Martin,
For a test scenario, there's no harm in trying it (other than spending a lot of time on it, but hopefully that will prove not to be a waste). Generally, I expect you'll be fine upgrading your DBMS even though you aren't on the required minimum SP yet. The main thing you'll be missing out on is the updates to DBACOCKPIT, but once you do your EhP upgrade (with sps update included), you'll be putting that in place.
So, you could try this on your sandbox system and see if there are any problems. I assume the intent is to start the EhP upgrade as soon as the DBMS upgrade is done, right? In other words, you won't be actually using the system without the required SP except to run the EhP upgrade?
Alternatively, you could do a minimal support pack update, perhaps just a Basis SP only, to the minimum SP needed for your current release, then do the DBMS upgrade, then proceed with the EhP upgrade. This would be the safest procedure, but, as I said, I expect you can probably get away without going to this level without much problem. Again, the idea would be minimizing the time between the start and end of the total project on each system (DEV, QAS, PRD, etc).
Regards,
Matt -
Server 2012 R2 - No response from the UmRdpService service and more...
Hi!
We have a Remote Desktop Services Deployment with the following:
LIC01 – Windows 2012 R2 - Licensing
RDCB01 – Windows 2012 – Connection Broker
RDWA02 – Windows 2012 R2 – Web Access
RDG01 – Windows 2012 R2 - Gateway
RDG02 – Windows 2012 R2 - Gateway
RDG03 – Windows 2012 R2 – Gateway
RDSH01 – Windows 2012 R2 - Session Host
RDSH02 – Windows 2012 - Session Host
RDSH03 – Windows 2012 R2 - Session Host
RDSH04 – Windows 2012 R2 - Session Host
RDSH05 – Windows 2012 R2 - Session Host
RDSH06 – Windows 2012 R2 - Session Host
RDSH07 – Windows 2012 R2 - Session Host
RDSH08 – Windows 2012 R2 - Session Host
RDSH09 – Windows 2012 R2 - Session Host
RDSH10 – Windows 2012 R2 - Session Host
We have two Session Collections:
Office-R2 (All Server 2012 R2 RDSHs)
"Office (RDSH02, Closed for users)"
User Profile Disk are enabled to a SOFS Share (Server 2012).
Client Settings: Everything except "Plug and play Devices" are enabled
Problem:
Suddenly, one or more of RDSH
servers (in the Office-R2 Collection) get the following error:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.
After this, we get similar error messages
to other services, such as:
AudioEndpointBuilder, NcbService, ScDeviceEnum, WPDBusEnum, Netman
Users logged into the server, looses Redirection
services as local drives and local
printers, and they also have problem signing out of the server. (Hangs on signing out)
New Users that tries to sign in to that server are also having trouble (Hangs on signing in).
After using the logoff tool to sign out every user on that server, I end up With the following:
It
appears that there are no users logged on,
yet there are many Disconnected sessions...
Looking at the SOFS file share I still see that RDSH04 has read/Write to the .VHDX file that hold the User Profile.. And If the user try to log on to another server in that Collection, it get a temporary profile.
If I kill the Conncetion to the VHDX files, Users can then sign in normally to another node it that Collection.
Trying to restart the server With "Shutdown -r -t 0 -f" does not work, It just hangs on Shutdown (waited 3 days), so All I can do is Press and Hold.We
have also seen BSoD on these nodes, but I'm sure if they are related to this error:
WinDBG is saying:
BugCheck 3B, {c0000005, fffff803538fa84e, ffffd0002711cb00, 0}
Probably caused by : dfsc.sys ( dfsc!DfscCacheStore+6f )
I found https://support.microsoft.com/kb/2925981 and
http://support.microsoft.com/kb/2525246, but they are not for Windows Server 2012 R2.
Any Idea?
Thanks
AndersHi,
Firstly, dfsc.sys indicates the DFS clients. It means that your systems use DFS service to access the file share.
Please let us know if you configured the DFS service on your file server.
Also, what is the format of file path you configured for UPD?
\\FileServer\FileShare
Or
\\Domain.com\DFS NameSpace\File Share
Thanks.
Jeremy Wu
TechNet Community Support -
SQL Server 2012 SP2 NTService Accounts Access Denied starting services
We have an SQL Server 2012 SP1 which was running perfectly until we applied the SQL Server 2012 SP2.
After SP2 was installed and the server rebooted all the associated SQL services that uses NTService\xxxxxxx accounts failed to start with Error 5: Access Denied.
We were able to change the services to Local System account but I just want to understand why this occurred and is this ok?
Has anyone had a similar issue or can anyone assist with an explanation?Hi Giulio,
Based on your description, I tested the scenario as yours. After applying SQL Server 2012 SP2, I reboot the server , then restart all the associated SQL Server services that use NT SERVICE\<SERVICENAME> accounts successfully.
According to the error message, it might be caused by that NT SERVICE\<SERVICENAME> accounts don’t have sufficient permissions to access the SQL Server services installation folders. You can post detailed information in the SQL Server Errorlog file
for analysis.
In addition, Local System is a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network. And it is not recommend to use local system account for running SQL Server services. For more details
about configuring SQL Server Service accounts, you can review the following links.
Configure Windows Service Accounts and Permissions:
http://msdn.microsoft.com/EN-US/library/ms143504.aspx#Windows
Best Practices For Using SQL Server Service Accounts:
http://blogs.technet.com/b/canitpro/archive/2012/02/08/the-sql-guy-post-15-best-practices-for-using-sql-server-service-accounts.aspx
Thanks,
Lydia Zhang -
Hi all,
installed SCCM 2012 R2 CAS on a 2012 server. The SQL is off box on a server cluster. I've installed WSUS through the 'Add Roles and Features'. I configured it to have local storage for the content and a remote DB instance (called SQL1 on our cluster). All this
worked well and the install completed as expected. I checked the SQL cluster and the "SUSDB" database was created ok.
As a final step, i went to Tools in Server Manager and launched Windows Server Update Services. This brought up the 'Complete WSUS Installation' dialogue box. I entered the exact same DB info as i had done when completing the initial install of WSUS:
Yet when i hit 'run' the following message returns:
The relevant bit of logging is shown here:
2015-01-14 16:58:42 Starting service W3SVC
2015-01-14 16:58:42 Configuring IIS...
2015-01-14 16:58:42 Start: ConfigureWebsite
2015-01-14 16:58:42 System.Runtime.InteropServices.COMException (0x80070422): The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Since i'm pretty sure i need WSUS working correctly to use it for SCCM, can anyone suggest what my problem is here? I'd assume it's falling down because the 'ConfigureWebsite' job can't start but what service does that need to run?
Really stumpoed by this so any help would be much appreciated! Thanks2015-01-14 16:58:42 Start: ConfigureWebsite
Did you install the Web Server role before installing the WSUS Server role? Is the Web Server role already installed? If so, is it installed and configured in a compatible manner with the WSUS role?
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds. -
In Windows Server Essentials 2012 R2, all of our online services integration features, including Azure Active Directory and Office 365, are supported only in environments that
have a single domain controller. In environments with more than one domain controller, integration of these services is blocked due limitations in the user account and password synchronization mechanism in Windows Server Essentials.
I am happy to announce that with the recent Windows August Update released on (8/12/2014, PST), this limitation has been removed. This update adds support for both Azure
Active Directory integration and Office 365 integration features in domain environments consisting of a single domain controller, multiple domain controllers, or Windows Server Essentials as a domain member server.
For more information, please go to
http://support.microsoft.com/kb/2974308Hi JoeBeck,
Thanks for the comment. Could you please tell which link you clicked to download?
Please go to PinPoint check details and start download
http://pinpoint.microsoft.com/en-US/applications/Dynamics-CRM-Online-Add-in-12884966386
Thanks,
Shanghai Wicresoft -
Adding AD RMS to a 2012 Standard server. At the point where it wants a service account. I tried numerous accounts and it would give me the same error on all of them "Invalid credentials were presented. Verify the correctness of the provided
password."
I tried more and less complex passwords with no change. If I used a non-existant user name it would throw a different error so I know it's not that.
I was able to get it to take the Domain Administrator account name and password. Obviously I don't want to use that so I set the same password on a service account with no change in error.
Attepted to logon with SA on the server. Logon was successful. Attempted install logged on as service account and got message "The service account cannot be the same account used to install AD RMS. Please specify a different account".
Am I missing something?
There's no place like 127.0.0.1But to be clear, installing RMS on a Domain Controller is NOT recommended. Precisely for the reasons you found.
Enrique Saggese - Sr. Program Manager - Information Protection - Microsoft Corporation -
Adding Internet shortcut favourites using Server 2012 R2 Group Policy Manager
Hi there,
I wonder could someone help me!
Up on to recently we have been using the User Policies/Windows Settings/Internet Explorer Maintenance/URLs/Favourites and Links Group policy in Windows Server 2008 R2 but now within Server 2012 R2 that option doesn’t seem to be available.
If I however click on the GPO that is currently in place that has favourites specified and click on the Setting tab it generates the report showing the old /Internet Explorer Maintenance/URLs/Favourites and Links Group policy but with I click Edit on the
GPO it doesn’t show me the /Internet Explorer Maintenance/URLs/Favourites and Links Group policy to allow me to add more favourites.
From reading online I see that that /Internet Explorer Maintenance/URLs/Favourites and Links Group policy has been dropped in Server 2012 with the IEAK but this seems to need to be downloaded and installed I assume on a DC which I’m reluctant to do.
I notice there something called the Policy Preferences Administrators tool that should allow me to set favourites but I’m not sure how to use that or even where to get it – it is a feature in Server 2012?
Sorry for all of the info above! All I want to do is within Server 2012 R2 edit an existing Windows 2008 R2 group policy and add new shortcuts to that policy so they are pushed out.
Any help or guidance would be greatly appreciated!
Thanks,
BonemisterHi Frank,
Thanks very much for your reply!
Ok, method 1 seems to be a good way for what I am looking to achieve in terms of providing shortcuts, however, could you clarify a couple of things for me please: -
Does method 1 create a shortcut within Internet Explorer that is accessible by all users when they click on the favourites tab or is it a desktop shortcut?
At present there are no shortcuts specified within User Configuration -> Preferences -> Windows Settings -> Shortcuts so I presume the current shortcuts are currently still being delivered via the settings within IEM.
If that is the case I don’t then want to remove the IEM from the GP reporting tools. The question is, can I keep the current policy that seems to be delivering our shortcuts and just use
User Configuration -> Preferences -> Windows Settings -> Shortcuts to add any new shortcuts that we need – would there be any issue with having both GPOs operating or would there be any issues introducing shortcuts alongside the IEM
settings?
Thanks again for your help!
Bonemister
Method #1, is more of a problem-fix, rather than a solution-for-how-to-do-it-from-now-on. This method would only really be needed, if you have a dysfunctional IEM-GPO, causing issues.
GPP is the way you need to adopt, because even Windows7 is affected by the IEM-removal if you upgrade IE to IE10 or newer (regardless of the Windows Server version you are using).
The recommendation is that you create some new GPOs for transitioning away from IEM over to GPP, test those, and then deploy those and remove your older GPOs that were using IEM, this would complete your transition away from IEM.
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
Remote Desktop Session Host on Server 2012 not domain-joined
I have a server 2012 which is running Remote Desktop Session Host role without the Connection Broker like described here:
http://support.microsoft.com/en-us/kb/2833839
Now the client would like the Network Level Authentication (NLA) disabled. And since server 2012 does not have the Remote Desktop Session Host Configuration tool, I have to use the server manager console.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/630cc818-69b0-4e1c-8d65-1b895b20e203/where-is-the-remote-desktop-session-host-configuration-tool-in-server-2012-?forum=winserverTS
But when I go to the remote Desktop Services of Server manager, it says “You are currently logged on as local administrator on the computer. You must be logged on as a domain user to manage servers and collections.”
So I tried finding some Powershell cmdlet could help me with the problem. I guess
Get-RDServer
or Set-RDSessionCollectionConfiguration would be the ones but I can’t seem to make them work.
Any help, or a hint that I going in the right direction or not?Hi,
Have you configure the certificate for your server?
Add the user under Remote Desktop user local group, configure FQDN name of server. Please see that if we are using RDS server in workgroup then most of the tools provided to make managing/configuring RDSH servers easier in 2012 will not work in a workgroup
configuration including some PowerShell command. You can check the below article for information.
Deploying a RDSH Server in a Workgroup – RDS 2012 R2
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
We recently switched hardware and server software Win SBS 2008 to 2012R2 for a small network roughly 40 clients (Win7 Pro / Win 8.1 Pro) about 16 running concurrently at a given time and one network printer with the printer queue residing on the DC as well.
I read that a single server environment might not be ideal in particular no fail-over but that is an accepted risk in this particular network here.
Errors:
Error 1043: Timeout during name resolution request
Error 1129: Group policy updates could not be processed due to DC not available
Error 5719: Could not establish secure connection to DC, DC not available
Occasionally but disappears after a while
Error 134: As a result of a DNS resolution timeout could not reach time server
Symptoms
On Win 7 Clients
Network shares added through Group Policy will not show sometimes
Network shares disconnect (red X) and when accessed return access authorization error after one or two clicks on the share finally grant access again
When the issue with accessing network shares occurs, it usually also affects Internet access meaning a 'server not responding' error appears in the browser windows when trying to open just any web page
nslookup during the incident returns cannot resolve error
ipconfig on client shows correct default router (VDSL Router) and DHCP / DNS Domain Controller
Also, the Win system log shows the above errors during these incidents, however, the nuimber of incidents vary from 20-30
On Win 8.1 Clients
Same as above with the slight variation for network shares apparently due to Server 2012 and Win 8.1 clients managing drive shares differently. However, network share refresh does not work with this clients. In most cases only a gpupdate /force returns
drive shares but usually only for the active session. After logoff / logon the shares are gone again.
The issue does appear to be load related since it occurs even if there are only one or two workstations active.
Server Configuration
Dell R320 PowerEdge 16GB / 4TB 7200RPM RAID10 / GBitEthernet
Zyxel 1910-48 Port Switch
VDSL 50Mbps Down / 20Mbps Up
Since the DC is the only local DNS and there are no plans to add another one or move DNS to another server, the DNS server is configured with this own address as preferred DNS with three DNS forwarders 1) VDSL Router 2) ISP DNS1 3) ISP DNS2
Currently only one Network card is active for problem determination reasons.
There appears to be no consensus concerning IPV6 enabled or disabled, I tried both with no apparent effect
I have set all network cards server and client to Full Duplex and the same speed, also disabled Offload functions within the adapter settings. Some but no consistent improvements.
Best Practice Analyzer Results
DNS server scavening not enabled
Root hint server XYZ must respond to NS queries for the root zone
More than one forwarding server should be configured (although 3 are configured)
NIC1 should be configured to use both a preferred and alternate DNS (there is only one DNS in this network)
I have found some instructions to apply changes to the clients through a host file but I would rather like to understand whether this DNS response time issue can be resolved on the server for example timing setting perhaps. Currently the DNS forwarders are
set to 3 second.
Since a few people have reported issues with DNS but most are working with multi DNS, DC environment I could not really apply any suggestions made there. perhaps there is anyone like me who is running a single server who has overcome or experience the same
issues. Any help would be appreciatedHello Milos thx for your reply.. my comments below
1. What does it "switched"? You may mean migration or new installation. We do not know...
>> Switched is probably the incorrect term, replaced would be the appropriate wording. Before, there was a HP Proliant Server with SBS 2008 with distinct domain and now there is a Dell Server with MS 2012 R2 with a distinct domain. Client were
removed from one (SBS) domain and added to the new Server 2012 domain. Other components did not change for example same Network Switch or VDSL Router, Workstations and Printer
2. Two DCs are better alternative. Or backup very frequently. There are two groups of administrators. Those who have lost DC and those who will experience this disaster in near future.
>> Correct, and I am aware of that
3. NIC settings in W 7 and W 8.1, namely DNS points to DC (...and NOTHING else. No public IP or that of router DNS.))
>> Correct, this is how it's currently implemented. Clients point to DC for DHCP and DNS and Default Router, no public IP or DNS. The only references to ISP DNS exist on the VDSL Router itself as provided through ISP when establishing VDSL
Link and the list of Forwarders in the DNS Server configuration. However, I have just recently added the ISPs DNS as forwarders for test purposes and will probably learn tomorrow morning whether this had any effect for better or worse.
4. Do nslookup to RR on clients. RR branch is saying client basic info on LDAP parameters of AD.
>> Will post as soon as available
5. I do not use forwarders and the system works
>> Ok, does this mean it works for you in a similar or the same infrastructure setup or are you saying it is not required at all and I can remove any forwarder in a scenario like mine? If not required can you explain a bit more why it is not
required apart from that it does work for you that way?
6. DHCP should sit on DC (DHCP on router is disabled)
>> Correct, no other device is configured to provide DHCP service other than DC and DHCP is currently running on DC
7. NIC settings in DC points to itself (loopback address 127.0.0.1)
>> Are you sure this is still correct and does apply to Server 2012? I am reading articles stating that it should be the servers own IP but local loop or should this be added as alternate DNS in addition to the servers own IP?
8. Use IPCONFIG /FLUSHDNS whenever you change DNS settings.
>> OK, that was not done every time I changed some settings but I can do that next week. Reboot alone would not suffice, correct?
9. Test your system with dcdiag.
>> See result below
10. Share your findings.
Regards
Milos
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = GSERVER2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GSERVER2
Starting test: Connectivity
......................... GSERVER2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GSERVER2
Starting test: Advertising
......................... GSERVER2 passed test Advertising
Starting test: FrsEvent
......................... GSERVER2 passed test FrsEvent
Starting test: DFSREvent
......................... GSERVER2 passed test DFSREvent
Starting test: SysVolCheck
......................... GSERVER2 passed test SysVolCheck
Starting test: KccEvent
......................... GSERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... GSERVER2 passed test
KnowsOfRoleHolders
Starting test: MachineAccount
......................... GSERVER2 passed test MachineAccount
Starting test: NCSecDesc
......................... GSERVER2 passed test NCSecDesc
Starting test: NetLogons
......................... GSERVER2 passed test NetLogons
Starting test: ObjectsReplicated
......................... GSERVER2 passed test
ObjectsReplicated
Starting test: Replications
......................... GSERVER2 passed test Replications
Starting test: RidManager
......................... GSERVER2 passed test RidManager
Starting test: Services
......................... GSERVER2 passed test Services
Starting test: SystemLog
......................... GSERVER2 passed test SystemLog
Starting test: VerifyReferences
......................... GSERVER2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : GS2
Starting test: CheckSDRefDom
......................... GS2 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... GS2 passed test CrossRefValidation
Running enterprise tests on : GS2.intra
Starting test: LocatorCheck
......................... GS2.intra passed test LocatorCheck
Starting test: Intersite
......................... GS2.intra passed test Intersite
Server: gserver2.g2.intra
Address: 192.168.240.6
*** gserver2.g2.intra can't find g2: Non-existent domain
> gserver2
Server: gserver2.g2.intra
Address: 192.168.240.6
g2.intra
primary name server = gserver2.g2.intra
responsible mail addr = hostmaster.g2.intra
serial = 443
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
> wikipedia.org
Server: gserver2.g2.intra
Address: 192.168.240.6
Non-authoritative answer:
wikipedia.org MX preference = 10, mail exchanger = polonium.wikimedia.org
wikipedia.org MX preference = 50, mail exchanger = lead.wikimedia.org
polonium.wikimedia.org internet address = 208.80.154.90
polonium.wikimedia.org AAAA IPv6 address = 2620:0:861:3:208:80:154:90
lead.wikimedia.org internet address = 208.80.154.89
lead.wikimedia.org AAAA IPv6 address = 2620:0:861:3:208:80:154:89
Final benchmark results, sorted by nameserver performance:
(average cached name retrieval speed, fastest to slowest)
192.168.240. 6 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
+ Cached Name | 0,001 | 0,002 | 0,003 | 0,001 | 100,0 |
+ Uncached Name | 0,027 | 0,076 | 0,298 | 0,069 | 100,0 |
+ DotCom Lookup | 0,041 | 0,048 | 0,079 | 0,009 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
gserver2.g2.intra
Local Network Nameserver
195.186. 4.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,023 | 0,025 | 0,000 | 100,0 |
- Uncached Name | 0,025 | 0,071 | 0,274 | 0,065 | 100,0 |
- DotCom Lookup | 0,039 | 0,040 | 0,043 | 0,001 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns8.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
195.186. 1.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,023 | 0,026 | 0,001 | 100,0 |
- Uncached Name | 0,025 | 0,072 | 0,299 | 0,066 | 100,0 |
- DotCom Lookup | 0,039 | 0,042 | 0,049 | 0,003 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns7.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,033 | 0,040 | 0,079 | 0,011 | 100,0 |
- Uncached Name | 0,042 | 0,113 | 0,482 | 0,097 | 100,0 |
- DotCom Lookup | 0,049 | 0,079 | 0,192 | 0,039 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
google-public-dns-a.google.com
GOOGLE - Google Inc.,US
UTC: 2014-11-03, from 14:33:12 to 14:33:29, for 00:17,648
15: 40
192.168.240. 6 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
+ Cached Name | 0,001 | 0,002 | 0,004 | 0,000 | 100,0 |
+ Uncached Name | 0,025 | 0,074 | 0,266 | 0,063 | 100,0 |
+ DotCom Lookup | 0,042 | 0,048 | 0,075 | 0,007 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
gserver2.g2.intra
Local Network Nameserver
195.186. 1.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
- Uncached Name | 0,024 | 0,073 | 0,289 | 0,067 | 100,0 |
- DotCom Lookup | 0,039 | 0,041 | 0,043 | 0,001 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns7.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
195.186. 4.162 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
- Uncached Name | 0,025 | 0,073 | 0,286 | 0,065 | 100,0 |
- DotCom Lookup | 0,041 | 0,066 | 0,180 | 0,037 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
cns8.bluewin.ch
BLUEWIN-AS Swisscom (Schweiz) AG,CH
8. 8. 8. 8 | Min | Avg | Max |Std.Dev|Reliab%|
----------------+-------+-------+-------+-------+-------+
- Cached Name | 0,033 | 0,038 | 0,077 | 0,009 | 100,0 |
- Uncached Name | 0,042 | 0,105 | 0,398 | 0,091 | 100,0 |
- DotCom Lookup | 0,049 | 0,066 | 0,141 | 0,025 | 100,0 |
---<-------->---+-------+-------+-------+-------+-------+
google-public-dns-a.google.com
GOOGLE - Google Inc.,US
UTC: 2014-11-03, from 14:39:59 to 14:40:12, for 00:13,363 -
Cannot install or manage Server 2012 R2 RDS server locally but works remotely
I am working with a Server 2012 R2 standard machine and attempting to get Remote Desktop Services installed and configured on it. Using the Add Roles and Features wizard while logged on locally to the server in question resulted in the error
“Unable to connect to the server by using Windows PowerShell remoting.” However, if I use a different Server 2012 R2 machine to run the Add Roles and Features wizard remotely targeted
at the original server then I can successfully get RDS installed.
Also, after the installation has completed I cannot manage RDS locally on the server but can successfully manage it remotely from another Server 2012 R2 box. When attempting to use Server Manager locally and choose the Remote Desktop Services menu the error
message "A Remote Desktop Services deployment does not exist in the server pool."
The server appears to be functioning correctly and can be managed remotely just not locally. I can reproduce the behavior on other Server 2012 boxes in the environment.
What would cause local install and management to fail but remote management work?Hi,
Have you added the RDS server under server manager ADD server? Does it show the server in server list?
Check whether there is any wrong IP address\hostname entry occurs under DNS record which looks\points the DNS entry successfully.
Add Servers to Server Manager
https://technet.microsoft.com/en-in/library/hh831453.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Maybe you are looking for
-
Extractor 0FC_BP_ITEMS - Business Partner Items Enhancement
I'm looking at using 0FC_BP_ITEMS extractor to extract Open and cleared items. Has anyone worked on the enhancement of this extractor. If so what are the steps involved in enhancing this extractor? Is it similar to the Full load extractor 0FC_CI_01
-
Hi gurus, I have to create special gl indicators for downpayments to be used in Slovakia but I do not really know if there downpayments are treated as gross amount or net amount, I mean, for the GL accounts for outgoing down payments do I have to set
-
2Hello! I've looked, but I didn't see any other discussions that address the particular issue that I am experiencing. I'm using Captivate 5 on a Mac and when I select "Save as" for my projects, I only have the option to save as a .cptl type file and
-
ITunes graceful exit from using SDK
hello, im developing a c# application that uses the iTunes sdk to copy and share the playlists. i've also found a way to detect the iTunes shutdown to shutdown my application, however, i also need to prevent iTunes from asking this annoying question,
-
Does Icloud sync for bookmarks between Ipad and mac pro with lion work for anyone?
My wife has an Ipad 2 and Macbook Pro tunning Lion. Bookmarks and docs do not sync on icloud. I see from the discussions many are having this problem. My question is does this work for anyone? Am wasting my time trying to make it work?