Server 2012 Win 8.1 GPO Remote Registry Service & Group Policy Trace

Similar Messages

• Allow log on through Remote Desktop Services Group Policy for Domain Controllers

  Hello,
  We want to allow our Helpdesk Operators to be able to connect to Domain Controllers with the Remote Desktop Services. This is by default not allowed but according to many sites, it should be able to configure by using a Group Policy.
  We made a new Group Policy with the setting 'Allow log on through Remote Desktop Services' and 'Allow log on locally' (as an extra for testing) and applied Security Filtering to only use it for a specific Security Group. Our test user is a member of this
  security group and should be able to access the Domain Controllers now. However this isn't working.
  The error message we receive upon trying to connect:
  The connection was denied because the user account is not authorized for remote login.
  For troubleshooting, we also applied the Security Group for that setting in the Default Domain Controllers Policy but that doesn't seem to work either. We want to avoid customization on our Default Domain Controllers Policy but this was just a test case
  for solving our problem.
  What should we do to solve our problem?
  I hope to hear from you soon.
  Thanks in advance.

  Hi, I just found out what the problem was. This site helped me alot:
  http://blogs.technet.com/b/askperf/archive/2011/09/09/allow-logon-through-terminal-services-group-policy-and-remote-desktop-users-group.aspx
  In my case, I had the group added to the Allow Logon Through Remote Desktop Services but was not added to the Builtin\Remote Desktop Users group. After knowing this I made some changes to our situation and are now using the builtin\Remote Desktop Users group
  rather than a new self made Security Group. I also added the Remote Desktop Users to the Allow Logon Through Remote Desktop Service in the Default Domain Controllers Policy as this is not done by default. By default only the Domain Administrators are able
  to logon through remote desktop services.
  You do not need the 'Log on Locally' permission within the Group Policies.
  In short:
  Add the desired users/groups to the 'Builtin\Remote Desktop Users' security group.
  Add the 'Builtin\Remote Desktop Users' security group to the 'Allow Logon Through Remote Desktop Services' within the 'Default Domain Controllers Policy'.
  Thank you anyway for the fast reply.
  Have a nice day!

• Only One domain controller, Remote Registry service keeps DISABLING itself. Where in the registry could this be set?

  This is killing my remote management. I have 4 server 2012R2 domain controllers.  Only one of them is being affected with this problem.  Almost everytime I check, the remote registry service is disabled again.  It seems like there is a corrupt
  group policy preference that keeps on attacking during a policy refresh, but I can't imagine setting a group policy to disable this service.  It is needed for our remote management.  Also the IP Tunnel service is also disabling.  Another strange
  artifact is that when I set a Windows Firewall policy to add an exception for remote administration in a group policy to my Admin workstation, it seemed to set a firewall rule in other computers to block remote administration.  I can not figure out where
  else this strange Windows Firewall rule Blocking remote administration could have come from.  These may be related or they may not, but they are occuring on the same domain controller.  I am able to set the RemoteRegistry service to enabled and to
  start it (which I have done too many times now), but it constantly is being changed back to disabled.  I am searching the registry to find any invalid entries or artifacts that may be affecting these two annoying effects, but I cannot find anything yet.
   Any ideas?  I need to know what policies will disable the remoteregistry service OR the IPTunelling service, or where in the registry this could be set to enact this during a policy refresh.  Of course, any other ideas are welcome, I have spent
  several days troubleshooting this, and need to conquer this by tomorrow if possible, thank you. James

  Hi,
  Please type
  services.msc in RUN to open Services panel, navigate to the Remote Registry service. Then open its Properties and set
  Startup type: Automatic. Then please check if this issue still exist.
  In addition, please refer to mlippold’s suggestion (the last reply) in following thread and configure relevant
  value in RemoteRegistry registry key, then check if can help you to solve this issue.
  For registry items, please back up all registry items before all operations. That will help us to avoid some unexpected issue.
  Remote
  Registry Service stops automatically if we do not use it above 10 minutes
  By the way, did you open Event Viewer and check if find any relevant errors?
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Open an program install on Server 2012 as a app with remote desktop

  I have a SQL app loaded on Server 2012. The app runs fine when logged into remote desktop on the server.   The app loads to c:\Program Files (x86)\MSC\MCS.exe.  Remote desktop will not recognize that path to open the .exe file. I
  have tried the following path c:\"Program Files (x86)"\MSC\MCS.exe and still will not see the path string and load up.  I am using the same path in the folder path as well.  I have done hundreds of theses on previous versions but this one
  will not work.  Is there a trick on server 2012?

  I tried every form of the path with the %.  No luck.
  I found that I cannot put a simple .bat file in the temp directory and use the c:\temp\test.bat path and folder c:\temp and get the batch file to run.
  Bill Bollinger

• Windows Terminal Server 2012 wont publish any more remote apps!

  I have a weird problem with our new Windows 2012 Terminal Server. We have already published one application through a session collection via Remote Desktop Services. We now have the need to publish another application. When I click on the "Tasks"
  drop down menu and select "Publish RemoteApp Programs" I get an error of "Server.domain.local is not available on the network. Verify that the server is available on the network or remove the server from the collection"
  Does anyone have any ideas why I am seeing this?
  Thanks

  Hi,
  Thank you for your posting in Windows Server Forum.
  First of all please check that you have enough permission or performing with admin account. 
  I have installed many RemoteApp in my environment and can’t find this error until now. 
  Have you recently made any changes in your environment before facing this issue? 
  Did you tried to restart the server and then try to launch new Remote App?
  By the way, can you let us know which program you want to publish as Remote App, so if possible then we can try to install and let you know the result.
  In meantime, please try to publish new RemoteApp with PowerShell command as Administrator and let us know the result. You can try below command. In this example, we create a RemoteApp to deliver WordPad. We use the following command;
  new-rdremoteapp -Alias Wordpad -DisplayName WordPad -FilePath "C:\Program Files\Windows NT\Accessories\wordpad.exe" -ShowInWebAccess 1 -collectionname MySessionCollection -ConnectionBroker LS01.CRFB.Local
  For more information, refer beneath article.
  Managing Remote Apps using PowerShell on Windows Server 2012
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• EHP2 - EHP7 Upgrade Path using SQL Server 2012/Win Server 2012 R2

  Hi Guys.
  I have question regarging Upgrade Roadmap for a ERP 6 EHP2 system based on NW 7.01 which I would like to Upgrade to ERP6 EHP7 SP7
  Source System is
  Windows 2012
  SQL Server 2008 R2
  EHP2 for ERP 6.0 SPS Level 14
  Target System
  Windows 2012
  SQL Server 2012
  EHP7 for ERP 6.0 SP 7 based on NW 7.4 SP 9
  During Upgrade checks it says I must Upgrade Database first before continue since DB Release is too low for NW 7.4 SP9 as stated in Note
  1951491 - Minimal DB system platform requirements for SAP NetWeaver 7.4 SP08
  So, at this point I agree i have to update SQL Server to 2012 before next step
  Now, my concern is that my Source System does not have the minimum NW SP level (14) to run under SQL Server 2012 which is 26.
  Im currently running SAP Kernel 721 EXT Level 401 which is above mininum
  According to Note 1651862 - Release planning for Microsoft SQL Server 2012 that would not be possible
  Existing systems of SAP products that are out of SAP maintenance can be upgraded to SQL Server 2012 in order to prepare a SAP upgrade, if they match the SAP NetWeaver Support Package requirements defined below.
  SAP products prior to SAP NetWeaver 7.0 are not supported at all on SQL Server 2012.
  Required minimum SAP Netweaver Support Package Stacks (SPSs) for SQL Server 2012 (SAP ABAP, SAP ABAP+JAVA stacks)
  SAP NETWEAVER 7.0 - SPS 26 (SAP BASIS 26, SAP BW 28)
  SAP EHP1 FOR SAP NETWEAVER 7.0 - SPS 11 (SAP BASIS 11, SAP BW 11)
  SAP EHP2 FOR SAP NETWEAVER 7.0 - SPS 11 (SAP BASIS 11, SAP BW 11)
  SAP EHP3 FOR SAP NETWEAVER 7.0 - SPS 03 (SAP BASIS 03, SAP BW 03)
  SAP NETWEAVER 7.1 - SPS 14 (SAP BASIS SP14)
  SAP EHP1 FOR SAP NETWEAVER 7.1 EhP1 - SPS 10(SAP BASIS SP10, SAP BW SP10)
  SAP NetWeaver 7.2 - no restriction
  SAP NETWEAVER 7.3 - SPS 07 (SAP BASIS 07, SAP BW 07)
  SAP EHP1 FOR SAP NETWEAVER 7.3 - SPS 03 (SAP BASIS 03, SAP BW 03)
  If your system is running on a SPS lower than the one required above, you have to apply the minimum required SPS before upgrading/migrating to SQL Server 2012.
  If you install a NetWeaver product on SQL Server 2012, the required SPS for your product must be applied immediately after the installation - see SAP note 1676665, section I for more information.
  But performing the Upgrade would be technically possible? I mean not for productive use but technicaly during that time the Database is Upgrade and during SUM Execution.
  According to the note it states if you install a Netweaver Product in SQL Server 2012, SPS must be applied immediately, so is kinda ambigous what SAP is saying.
  Best
  Martin

  Hi Martin,
  For a test scenario, there's no harm in trying it (other than spending a lot of time on it, but hopefully that will prove not to be a waste). Generally, I expect you'll be fine upgrading your DBMS even though you aren't on the required minimum SP yet. The main thing you'll be missing out on is the updates to DBACOCKPIT, but once you do your EhP upgrade (with sps update included), you'll be putting that in place.
  So, you could try this on your sandbox system and see if there are any problems. I assume the intent is to start the EhP upgrade as soon as the DBMS upgrade is done, right? In other words, you won't be actually using the system without the required SP except to run the EhP upgrade?
  Alternatively, you could do a minimal support pack update, perhaps just a Basis SP only, to the minimum SP needed for your current release, then do the DBMS upgrade, then proceed with the EhP upgrade. This would be the safest procedure, but, as I said, I expect you can probably get away without going to this level without much problem. Again, the idea would be minimizing the time between the start and end of the total project on each system (DEV, QAS, PRD, etc).
  Regards,
  Matt

• Server 2012 R2 - No response from the UmRdpService service and more...

  Hi!
  We have a Remote Desktop Services Deployment with the following:
  LIC01 – Windows 2012 R2 - Licensing
  RDCB01 – Windows 2012 – Connection Broker
  RDWA02 – Windows 2012 R2 – Web Access
  RDG01 – Windows 2012 R2 - Gateway
  RDG02 – Windows 2012 R2 - Gateway
  RDG03 – Windows 2012 R2 – Gateway
  RDSH01 – Windows 2012 R2 - Session Host
  RDSH02 – Windows 2012 - Session Host
  RDSH03 – Windows 2012 R2 - Session Host
  RDSH04 – Windows 2012 R2 - Session Host
  RDSH05 – Windows 2012 R2 - Session Host
  RDSH06 – Windows 2012 R2 - Session Host
  RDSH07 – Windows 2012 R2 - Session Host
  RDSH08 – Windows 2012 R2 - Session Host
  RDSH09 – Windows 2012 R2 - Session Host
  RDSH10 – Windows 2012 R2 - Session Host
  We have two Session Collections:
  Office-R2 (All Server 2012 R2 RDSHs)
  "Office (RDSH02, Closed for users)"
  User Profile Disk are enabled to a SOFS Share (Server 2012).
  Client Settings: Everything except "Plug and play Devices" are enabled
  Problem:
  Suddenly, one or more of RDSH
  servers (in the Office-R2 Collection) get the following error:
  A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UmRdpService service.
  After this, we get similar error messages
  to other services, such as:
  AudioEndpointBuilder, NcbService, ScDeviceEnum, WPDBusEnum, Netman
  Users logged into the server, looses Redirection
  services as local drives and local
  printers, and they also have problem signing out of the server. (Hangs on signing out)
  New Users that tries to sign in to that server are also having trouble (Hangs on signing in).
  After using the logoff tool to sign out every user on that server, I end up With the following:
  It
  appears that there are no users logged on,
  yet there are many Disconnected sessions...
  Looking at the SOFS file share I still see that RDSH04 has read/Write to the .VHDX file that hold the User Profile.. And If the user try to log on to another server in that Collection, it get a temporary profile.
  If I kill the Conncetion to the VHDX files, Users can then sign in normally to another node it that Collection.
  Trying to restart the server With "Shutdown -r -t 0 -f" does not work, It just hangs on Shutdown (waited 3 days), so All I can do is Press and Hold.We
  have also seen BSoD on these nodes, but I'm sure if they are related to this error:
  WinDBG is saying:
  BugCheck 3B, {c0000005, fffff803538fa84e, ffffd0002711cb00, 0}
  Probably caused by : dfsc.sys ( dfsc!DfscCacheStore+6f )
  I found https://support.microsoft.com/kb/2925981 and
  http://support.microsoft.com/kb/2525246, but they are not for Windows Server 2012 R2.
  Any Idea?
  Thanks
  Anders

  Hi,
  Firstly, dfsc.sys indicates the DFS clients. It means that your systems use DFS service to access the file share.
  Please let us know if you configured the DFS service on your file server.
  Also, what is the format of file path you configured for UPD?
  \\FileServer\FileShare
  Or
  \\Domain.com\DFS NameSpace\File Share
  Thanks.
  Jeremy Wu
  TechNet Community Support

• SQL Server 2012 SP2 NTService Accounts Access Denied starting services

  We have an SQL Server 2012 SP1 which was running perfectly until we applied the SQL Server 2012 SP2.
  After SP2 was installed and the server rebooted all the associated SQL services that uses NTService\xxxxxxx accounts failed to start with Error 5: Access Denied.
  We were able to change the services to Local System account but I just want to understand why this occurred and is this ok?
  Has anyone had a similar issue or can anyone assist with an explanation?

  Hi Giulio,
  Based on your description, I tested the scenario as yours. After applying SQL Server 2012 SP2, I reboot the server , then restart all the associated SQL Server services that use NT SERVICE\<SERVICENAME> accounts successfully.
  According to the error message, it might be caused by that NT SERVICE\<SERVICENAME> accounts don’t have sufficient permissions to access the SQL Server services installation folders. You can post detailed information in the SQL Server Errorlog file
  for analysis.
  In addition, Local System is a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network. And it is not recommend to use local system account for running SQL Server services. For more details
  about configuring SQL Server Service accounts, you can review the following links.
  Configure Windows Service Accounts and Permissions:
  http://msdn.microsoft.com/EN-US/library/ms143504.aspx#Windows
  Best Practices For Using SQL Server Service Accounts:
  http://blogs.technet.com/b/canitpro/archive/2012/02/08/the-sql-guy-post-15-best-practices-for-using-sql-server-service-accounts.aspx
  Thanks,
  Lydia Zhang

• Server 2012 R2 - Complete WSUS Installation Issue - The service cannot be started...

  Hi all,
  installed SCCM 2012 R2 CAS on a 2012 server. The SQL is off box on a server cluster. I've installed WSUS through the 'Add Roles and Features'. I configured it to have local storage for the content and a remote DB instance (called SQL1 on our cluster). All this
  worked well and the install completed as expected. I checked the SQL cluster and the "SUSDB" database was created ok.
  As a final step, i went to Tools in Server Manager and launched Windows Server Update Services. This brought up the 'Complete WSUS Installation' dialogue box. I entered the exact same DB info as i had done when completing the initial install of WSUS:
  Yet when i hit 'run' the following message returns:
  The relevant bit of logging is shown here:
  2015-01-14 16:58:42  Starting service W3SVC
  2015-01-14 16:58:42  Configuring IIS...
  2015-01-14 16:58:42  Start: ConfigureWebsite
  2015-01-14 16:58:42  System.Runtime.InteropServices.COMException (0x80070422): The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
  Since i'm pretty sure i need WSUS working correctly to use it for SCCM, can anyone suggest what my problem is here? I'd assume it's falling down because the 'ConfigureWebsite' job can't start but what service does that need to run?
  Really stumpoed by this so any help would be much appreciated! Thanks

  2015-01-14 16:58:42  Start: ConfigureWebsite
  Did you install the Web Server role before installing the WSUS Server role? Is the Web Server role already installed? If so, is it installed and configured in a compatible manner with the WSUS role?
  Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
  SolarWinds Head Geek
  Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
  My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
  http://www.solarwinds.com/gotmicrosoft
  The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

• Announcing the availability of enabling Windows Server 2012 R2 Essentials' integration of Microsoft online services in environments with multiple domain controllers

  In Windows Server Essentials 2012 R2, all of our online services integration features, including Azure Active Directory and Office 365, are supported only in environments that
  have a single domain controller. In environments with more than one domain controller, integration of these services is blocked due limitations in the user account and password synchronization mechanism in Windows Server Essentials. 
  I am happy to announce that with the recent Windows August Update released on (8/12/2014, PST), this limitation has been removed.  This update adds support for both Azure
  Active Directory integration and Office 365 integration features in domain environments consisting of a single domain controller, multiple domain controllers, or Windows Server Essentials as a domain member server.
  For more information, please go to
  http://support.microsoft.com/kb/2974308

  Hi JoeBeck,
  Thanks for the comment. Could you please tell which link you clicked to download?
  Please go to PinPoint check details and start download
  http://pinpoint.microsoft.com/en-US/applications/Dynamics-CRM-Online-Add-in-12884966386
  Thanks,
  Shanghai Wicresoft

• ADRMS Install on Server 2012 - Invalid credentials presented error when supplying service account.

  Adding AD RMS to a 2012 Standard server.  At the point where it wants a service account.  I tried numerous accounts and it would give me the same error on all of them "Invalid credentials were presented.  Verify the correctness of the provided
  password."
  I tried more and less complex passwords with no change.  If I used a non-existant user name it would throw a different error so I know it's not that.
  I was able to get it to take the Domain Administrator account name and password.  Obviously I don't want to use that so I set the same password on a service account with no change in error.
  Attepted to logon with SA on the server.  Logon was successful.  Attempted install logged on as service account and got message "The service account cannot be the same account used to install AD RMS.  Please specify a different account".
  Am I missing something?
  There's no place like 127.0.0.1

  But to be clear, installing RMS on a Domain Controller is NOT recommended. Precisely for the reasons you found.
  Enrique Saggese - Sr. Program Manager - Information Protection - Microsoft Corporation

• Adding Internet shortcut favourites using Server 2012 R2 Group Policy Manager

  Hi there,
  I wonder could someone help me!
  Up on to recently we have been using the User Policies/Windows Settings/Internet Explorer Maintenance/URLs/Favourites and Links Group policy in Windows Server 2008 R2 but now within Server 2012 R2 that option doesn’t seem to be available.
  If I however click on the GPO that is currently in place that has favourites specified and click on the Setting tab it generates the report showing the old /Internet Explorer Maintenance/URLs/Favourites and Links Group policy but with I click Edit on the
  GPO it doesn’t show me the /Internet Explorer Maintenance/URLs/Favourites and Links Group policy to allow me to add more favourites.
  From reading online I see that that /Internet Explorer Maintenance/URLs/Favourites and Links Group policy has been dropped in Server 2012 with the IEAK but this seems to need to be downloaded and installed I assume on a DC which I’m reluctant to do.
  I notice there something called the Policy Preferences Administrators tool that should allow me to set favourites but I’m not sure how to use that or even where to get it – it is a feature in Server 2012?
  Sorry for all of the info above!  All I want to do is within Server 2012 R2 edit an existing Windows 2008 R2 group policy and add new shortcuts to that policy so they are pushed out.
  Any help or guidance would be greatly appreciated!
  Thanks,
  Bonemister  

  Hi Frank,
  Thanks very much for your reply!
  Ok, method 1 seems to be a good way for what I am looking to achieve in terms of providing shortcuts, however, could you clarify a couple of things for me please: -
  Does method 1 create a shortcut within Internet Explorer that is accessible by all users when they click on the favourites tab or is it a desktop shortcut?
  At present there are no shortcuts specified within User Configuration -> Preferences -> Windows Settings -> Shortcuts so I presume the current shortcuts are currently still being delivered via the settings within IEM. 
  If that is the case I don’t then want to remove the IEM from the GP reporting tools. The question is, can I keep the current policy that seems to be delivering our shortcuts and just use
  User Configuration -> Preferences -> Windows Settings -> Shortcuts to add any new shortcuts that we need – would there be any issue with having both GPOs operating or would there be any issues introducing shortcuts alongside the IEM
  settings?
  Thanks again for your help!
  Bonemister
  Method #1, is more of a problem-fix, rather than a solution-for-how-to-do-it-from-now-on. This method would only really be needed, if you have a dysfunctional IEM-GPO, causing issues.
  GPP is the way you need to adopt, because even Windows7 is affected by the IEM-removal if you upgrade IE to IE10 or newer (regardless of the Windows Server version you are using).
  The recommendation is that you create some new GPOs for transitioning away from IEM over to GPP, test those, and then deploy those and remove your older GPOs that were using IEM, this would complete your transition away from IEM.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Remote Desktop Session Host on Server 2012 not domain-joined

  I have a server 2012 which is running Remote Desktop Session Host role without the Connection Broker like described here:
  http://support.microsoft.com/en-us/kb/2833839
  Now the client would like the Network Level Authentication (NLA) disabled. And since server 2012 does not have the Remote Desktop Session Host Configuration tool, I have to use the server manager console.
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/630cc818-69b0-4e1c-8d65-1b895b20e203/where-is-the-remote-desktop-session-host-configuration-tool-in-server-2012-?forum=winserverTS
  But when I go to the remote Desktop Services of Server manager, it says “You are currently logged on as local administrator on the computer. You must be logged on as a domain user to manage servers and collections.”
  So I tried finding some Powershell cmdlet could help me with the problem. I guess
  Get-RDServer
  or Set-RDSessionCollectionConfiguration would be the ones but I can’t seem to make them work.
  Any help, or a hint that I going in the right direction or not?

  Hi,
  Have you configure the certificate for your server?
  Add the user under Remote Desktop user local group, configure FQDN name of server. Please see that if we are using RDS server in workgroup then most of the tools provided to make managing/configuring RDSH servers easier in 2012 will not work in a workgroup
  configuration including some PowerShell command. You can check the below article for information.
  Deploying a RDSH Server in a Workgroup – RDS 2012 R2
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Intermittend DNS resolution, timeserver, group policy updates errors in client logs in Win 2012 R2 single server environement

  We recently switched hardware and server software Win SBS 2008 to 2012R2 for a small network roughly 40 clients (Win7 Pro / Win 8.1 Pro) about 16 running concurrently at a given time and one network printer with the printer queue residing on the DC as well.
  I read that a single server environment might not be ideal in particular no fail-over but that is an accepted risk in this particular network here.
  Errors:
  Error 1043: Timeout during name resolution request
  Error 1129: Group policy updates could not be processed due to DC not available
  Error 5719: Could not establish secure connection to DC, DC not available
  Occasionally but disappears after a while
  Error 134: As a result of a DNS resolution timeout could not reach time server
  Symptoms
  On Win 7 Clients
  Network shares added through Group Policy will not show sometimes
  Network shares disconnect (red X) and when accessed return access authorization error after one or two clicks on the share finally grant access again
  When the issue with accessing network shares occurs, it usually also affects Internet access meaning a 'server not responding' error appears in the browser windows when trying to open just any web page
  nslookup during the incident returns cannot resolve error
  ipconfig on client shows correct default router (VDSL Router) and DHCP / DNS Domain Controller
  Also, the Win system log shows the above errors during these incidents, however, the nuimber of incidents vary from 20-30
  On Win 8.1 Clients
  Same as above with the slight variation for network shares apparently due to Server 2012 and Win 8.1 clients managing drive shares differently. However, network share refresh does not work with this clients. In most cases only a gpupdate /force returns
  drive shares but usually only for the active session. After logoff / logon the shares are gone again.
  The issue does appear to be load related since it occurs even if there are only one or two workstations active.
  Server Configuration
  Dell R320 PowerEdge 16GB / 4TB 7200RPM RAID10 / GBitEthernet
  Zyxel 1910-48 Port Switch
  VDSL 50Mbps Down / 20Mbps Up
  Since the DC is the only local DNS and there are no plans to add another one or move DNS to another server, the DNS server is configured with this own address as preferred DNS with three DNS forwarders 1) VDSL Router 2) ISP DNS1 3) ISP DNS2
  Currently only one Network card is active for problem determination reasons.
  There appears to be no consensus concerning IPV6 enabled or disabled, I tried both with no apparent effect
  I have set all network cards server and client to Full Duplex and the same speed, also disabled Offload functions within the adapter settings. Some but no consistent improvements.
  Best Practice Analyzer Results
  DNS server scavening not enabled
  Root hint server XYZ must respond to NS queries for the root zone
  More than one forwarding server should be configured (although 3 are configured)
  NIC1 should be configured to use both a preferred and alternate DNS (there is only one DNS in this network)
  I have found some instructions to apply changes to the clients through a host file but I would rather like to understand whether this DNS response time issue can be resolved on the server for example timing setting perhaps. Currently the DNS forwarders are
  set to 3 second.
  Since a few people have reported issues with DNS but most are working with multi DNS, DC environment I could not really apply any suggestions made there. perhaps there is anyone like me who is running a single server who has overcome or experience the same
  issues. Any help would be appreciated

  Hello Milos thx for your reply.. my comments below
  1. What does it "switched"? You may mean migration or new installation. We do not know...
  >> Switched is probably the incorrect term, replaced would be the appropriate wording. Before, there was a HP Proliant Server with SBS 2008 with distinct domain and now there is a Dell Server with MS 2012 R2 with a distinct domain. Client were
  removed from one (SBS) domain and added to the new Server 2012 domain. Other components did not change for example same Network Switch or VDSL Router, Workstations and Printer
  2. Two DCs are better alternative. Or backup very frequently. There are two groups of administrators. Those who have lost DC and those who will experience this disaster in near future.
  >> Correct, and I am aware of that
  3. NIC settings in W 7 and W 8.1, namely DNS points to DC (...and NOTHING else. No public IP or that of router DNS.))
  >> Correct, this is how it's currently implemented. Clients point to DC for DHCP and DNS and Default Router, no public IP or DNS. The only references to ISP DNS exist on the VDSL Router itself as provided through ISP when establishing VDSL
  Link and the list of Forwarders in the DNS Server configuration. However, I have just recently added the ISPs DNS as forwarders for test purposes and will probably learn tomorrow morning whether this had any effect for better or worse.
  4. Do nslookup to RR on clients. RR branch is saying client basic info on LDAP parameters of AD.
  >> Will post as soon as available
  5. I do not use forwarders and the system works
  >> Ok, does this mean it works for you in a similar or the same infrastructure setup or are you saying it is not required at all and I can remove any forwarder in a scenario like mine? If not required can you explain a bit more why it is not
  required apart from that it does work for you that way?
  6. DHCP should sit on DC (DHCP on router is disabled)
  >> Correct, no other device is configured to provide DHCP service other than DC and DHCP is currently running on DC
  7. NIC settings in DC points to itself (loopback address 127.0.0.1)
  >> Are you sure this is still correct and does apply to Server 2012? I am reading articles stating that it should be the servers own IP but local loop or should this be added as alternate DNS in addition to the servers own IP?
  8. Use IPCONFIG /FLUSHDNS whenever you change DNS settings.
  >> OK, that was not done every time I changed some settings but I can do that next week. Reboot alone would not suffice, correct?
  9. Test your system with dcdiag.
  >> See result below
  10. Share your findings.
  Regards
  Milos
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
    Home Server = GSERVER2
     * Identified AD Forest.
     Done gathering initial info.
  Doing initial required tests
  Testing server: Default-First-Site-Name\GSERVER2
        Starting test: Connectivity
           ......................... GSERVER2 passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\GSERVER2
        Starting test: Advertising
           ......................... GSERVER2 passed test Advertising
        Starting test: FrsEvent
           ......................... GSERVER2 passed test FrsEvent
        Starting test: DFSREvent
           ......................... GSERVER2 passed test DFSREvent
        Starting test: SysVolCheck
           ......................... GSERVER2 passed test SysVolCheck
        Starting test: KccEvent
           ......................... GSERVER2 passed test KccEvent
        Starting test: KnowsOfRoleHolders
           ......................... GSERVER2 passed test
           KnowsOfRoleHolders
        Starting test: MachineAccount
           ......................... GSERVER2 passed test MachineAccount
        Starting test: NCSecDesc
           ......................... GSERVER2 passed test NCSecDesc
        Starting test: NetLogons
           ......................... GSERVER2 passed test NetLogons
        Starting test: ObjectsReplicated
           ......................... GSERVER2 passed test
           ObjectsReplicated
        Starting test: Replications
           ......................... GSERVER2 passed test Replications
        Starting test: RidManager
           ......................... GSERVER2 passed test RidManager
        Starting test: Services
           ......................... GSERVER2 passed test Services
        Starting test: SystemLog
           ......................... GSERVER2 passed test SystemLog
        Starting test: VerifyReferences
           ......................... GSERVER2 passed test VerifyReferences  
     Running partition tests on : ForestDnsZones
        Starting test: CheckSDRefDom
           ......................... ForestDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... ForestDnsZones passed test
           CrossRefValidation
     Running partition tests on : DomainDnsZones
        Starting test: CheckSDRefDom
           ......................... DomainDnsZones passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... DomainDnsZones passed test
           CrossRefValidation
     Running partition tests on : Schema
        Starting test: CheckSDRefDom
           ......................... Schema passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Schema passed test CrossRefValidation
     Running partition tests on : Configuration
        Starting test: CheckSDRefDom
           ......................... Configuration passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... Configuration passed test CrossRefValidation
     Running partition tests on : GS2
        Starting test: CheckSDRefDom
           ......................... GS2 passed test CheckSDRefDom
        Starting test: CrossRefValidation
           ......................... GS2 passed test CrossRefValidation  
     Running enterprise tests on : GS2.intra
        Starting test: LocatorCheck
           ......................... GS2.intra passed test LocatorCheck
        Starting test: Intersite
           ......................... GS2.intra passed test Intersite
  Server:  gserver2.g2.intra
  Address:  192.168.240.6
  *** gserver2.g2.intra can't find g2: Non-existent domain
  > gserver2
  Server:  gserver2.g2.intra
  Address:  192.168.240.6
  g2.intra
          primary name server = gserver2.g2.intra
          responsible mail addr = hostmaster.g2.intra
          serial  = 443
          refresh = 900 (15 mins)
          retry   = 600 (10 mins)
          expire  = 86400 (1 day)
          default TTL = 3600 (1 hour)
  > wikipedia.org
  Server:  gserver2.g2.intra
  Address:  192.168.240.6
  Non-authoritative answer:
  wikipedia.org   MX preference = 10, mail exchanger = polonium.wikimedia.org
  wikipedia.org   MX preference = 50, mail exchanger = lead.wikimedia.org
  polonium.wikimedia.org  internet address = 208.80.154.90
  polonium.wikimedia.org  AAAA IPv6 address = 2620:0:861:3:208:80:154:90
  lead.wikimedia.org      internet address = 208.80.154.89
  lead.wikimedia.org      AAAA IPv6 address = 2620:0:861:3:208:80:154:89
  Final benchmark results, sorted by nameserver performance:
   (average cached name retrieval speed, fastest to slowest)
    192.168.240.  6 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
    ----------------+-------+-------+-------+-------+-------+
    + Cached Name   | 0,001 | 0,002 | 0,003 | 0,001 | 100,0 |
    + Uncached Name | 0,027 | 0,076 | 0,298 | 0,069 | 100,0 |
    + DotCom Lookup | 0,041 | 0,048 | 0,079 | 0,009 | 100,0 |
    ---<-------->---+-------+-------+-------+-------+-------+
               gserver2.g2.intra
                  Local Network Nameserver
    195.186.  4.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
    ----------------+-------+-------+-------+-------+-------+
    - Cached Name   | 0,022 | 0,023 | 0,025 | 0,000 | 100,0 |
    - Uncached Name | 0,025 | 0,071 | 0,274 | 0,065 | 100,0 |
    - DotCom Lookup | 0,039 | 0,040 | 0,043 | 0,001 | 100,0 |
    ---<-------->---+-------+-------+-------+-------+-------+
                       cns8.bluewin.ch
             BLUEWIN-AS Swisscom (Schweiz) AG,CH
    195.186.  1.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
    ----------------+-------+-------+-------+-------+-------+
    - Cached Name   | 0,022 | 0,023 | 0,026 | 0,001 | 100,0 |
    - Uncached Name | 0,025 | 0,072 | 0,299 | 0,066 | 100,0 |
    - DotCom Lookup | 0,039 | 0,042 | 0,049 | 0,003 | 100,0 |
    ---<-------->---+-------+-------+-------+-------+-------+
                       cns7.bluewin.ch
             BLUEWIN-AS Swisscom (Schweiz) AG,CH
      8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
    ----------------+-------+-------+-------+-------+-------+
    - Cached Name   | 0,033 | 0,040 | 0,079 | 0,011 | 100,0 |
    - Uncached Name | 0,042 | 0,113 | 0,482 | 0,097 | 100,0 |
    - DotCom Lookup | 0,049 | 0,079 | 0,192 | 0,039 | 100,0 |
    ---<-------->---+-------+-------+-------+-------+-------+
               google-public-dns-a.google.com
                   GOOGLE - Google Inc.,US
    UTC: 2014-11-03, from 14:33:12 to 14:33:29, for 00:17,648
  15: 40
  192.168.240.  6 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
    ----------------+-------+-------+-------+-------+-------+
    + Cached Name   | 0,001 | 0,002 | 0,004 | 0,000 | 100,0 |
    + Uncached Name | 0,025 | 0,074 | 0,266 | 0,063 | 100,0 |
    + DotCom Lookup | 0,042 | 0,048 | 0,075 | 0,007 | 100,0 |
    ---<-------->---+-------+-------+-------+-------+-------+
               gserver2.g2.intra
                  Local Network Nameserver
    195.186.  1.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
    ----------------+-------+-------+-------+-------+-------+
    - Cached Name   | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
    - Uncached Name | 0,024 | 0,073 | 0,289 | 0,067 | 100,0 |
    - DotCom Lookup | 0,039 | 0,041 | 0,043 | 0,001 | 100,0 |
    ---<-------->---+-------+-------+-------+-------+-------+
                       cns7.bluewin.ch
             BLUEWIN-AS Swisscom (Schweiz) AG,CH
    195.186.  4.162 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
    ----------------+-------+-------+-------+-------+-------+
    - Cached Name   | 0,022 | 0,024 | 0,029 | 0,001 | 100,0 |
    - Uncached Name | 0,025 | 0,073 | 0,286 | 0,065 | 100,0 |
    - DotCom Lookup | 0,041 | 0,066 | 0,180 | 0,037 | 100,0 |
    ---<-------->---+-------+-------+-------+-------+-------+
                       cns8.bluewin.ch
             BLUEWIN-AS Swisscom (Schweiz) AG,CH
      8.  8.  8.  8 |  Min  |  Avg  |  Max  |Std.Dev|Reliab%|
    ----------------+-------+-------+-------+-------+-------+
    - Cached Name   | 0,033 | 0,038 | 0,077 | 0,009 | 100,0 |
    - Uncached Name | 0,042 | 0,105 | 0,398 | 0,091 | 100,0 |
    - DotCom Lookup | 0,049 | 0,066 | 0,141 | 0,025 | 100,0 |
    ---<-------->---+-------+-------+-------+-------+-------+
               google-public-dns-a.google.com
                   GOOGLE - Google Inc.,US
    UTC: 2014-11-03, from 14:39:59 to 14:40:12, for 00:13,363

• Cannot install or manage Server 2012 R2 RDS server locally but works remotely

  I am working with a Server 2012 R2 standard machine and attempting to get Remote Desktop Services installed and configured on it. Using the Add Roles and Features wizard while logged on locally to the server in question resulted in the error
  “Unable to connect to the server by using Windows PowerShell remoting.” However, if I use a different Server 2012 R2 machine to run the Add Roles and Features wizard remotely targeted
  at the original server then I can successfully get RDS installed.
  Also, after the installation has completed I cannot manage RDS locally on the server but can successfully manage it remotely from another Server 2012 R2 box. When attempting to use Server Manager locally and choose the Remote Desktop Services menu the error
  message "A Remote Desktop Services deployment does not exist in the server pool."
  The server appears to be functioning correctly and can be managed remotely just not locally. I can reproduce the behavior on other Server 2012 boxes in the environment.
  What would cause local install and management to fail but remote management work?

  Hi,
  Have you added the RDS server under server manager ADD server? Does it show the server in server list?
  Check whether there is any wrong IP address\hostname entry occurs under DNS record which looks\points the DNS entry successfully. 
  Add Servers to Server Manager
  https://technet.microsoft.com/en-in/library/hh831453.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]