Windows 2012 - SYSVOL replication and NETLOGON share
After reading 100 tons of articles and links i decided to open this thread.
I know today is 1st of april, but unfortunately for me this is not a joke.
given:
two 2003 DC's - physical servers
two 2008 DC's - VM's on ESX 5.1 hosts
two 2012 DC's - VM's on ESX 5.5 hosts
domian fucntional level 2003
situation:
we plan to decom the 2003's.
The 2008 DC's are in place since a while and working ok.
We plan to upgrade to 2012 and here it is where the trouble starts.
Firstly, I couldn't, by any means, to promote 2012 as DC's until i moved all the FSMO roles from the 2003 DC's to the 2008 DC's.
After lots of work with the network team we made all the right connections opened the firewalls, made the DCDIAG and DNS tests and the only problem reported are the SYSVOL replication and NETLOGON share.
I tried all the tools out there to check the replication and the last one is Microsoft's AdRplstatus Tool which made me think that either Microsoft makes fun of me, either i'm the dumbest windows admin on this planet.
This tool reports that there are NO ERRORS in replicating SYSVOL, but when i run the command 'net share' the 'domain.com\sysvol\scripts' is not there. Further more checking, i try to access '\\domain.com\sysvol' - directory under which i must find the 'policies'
and 'scripts' folders and, Sysvol is empty - obviously these are present when i do this check from the 2008 DC's or 2003 DC's.
Is there a known issue for these problems regarding 2012 and ESX 5.5 ? - still, i doubt it.
DCDIAG /TEST:DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc-p01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: dc-p01
Starting test: Connectivity
......................... dc-p01 passed test Connectivity
Doing primary tests
Testing server: dc-p01
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... dc-p01 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: dc-p01.domain.com
Domain: domain.com
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record i
n zone domain.com
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 184.134.0.97 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 184.134.0.97
dc-p01 PASS
PASS PASS PASS WARN PASS n/a
......................... domain.com passed test DNS
The PTR record query for 1.0.0.127 is still there but i will change it manually, my DNS is set as primary to point to the server itself by it's IP and not 127.0.0.1.
still, that DNS server with that error is a linux DNS, but all my DC's have DNS role on and fully replicating and working, including the 2012's.
DCDIAG:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc-p01
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: dc-p01
Starting test: Connectivity
......................... dc-p01 passed test Connectivity
Doing primary tests
Testing server: dc-p01
Starting test: Advertising
......................... dc-p01 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... dc-p01 passed test FrsEvent
Starting test: DFSREvent
......................... dc-p01 passed test DFSREvent
Starting test: SysVolCheck
......................... dc-p01 passed test SysVolCheck
Starting test: KccEvent
......................... dc-p01 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... dc-p01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... dc-p01 passed test MachineAccount
Starting test: NCSecDesc
......................... dc-p01 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\dc-p01\netlogon)
[dc-p01] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... dc-p01 failed test NetLogons
Starting test: ObjectsReplicated
......................... dc-p01 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
dc-p01: Current time is 2014-04-01 10:25:09.
DC=ForestDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
DC=DomainDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
CN=Schema,CN=Configuration,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
CN=Configuration,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:25:50
DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
......................... dc-p01 passed test Replications
Starting test: RidManager
......................... dc-p01 passed test RidManager
Starting test: Services
......................... dc-p01 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:26:35
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:27:52
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID fdc (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:31:14
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:32:13
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:32:53
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID c18 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:35:33
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:37:54
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 950 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:42:54
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 5c4 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:47:55
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID ee0 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:52:56
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID e48 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 09:53:30
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 09:57:57
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID a20 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:02:58
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 1bc (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 10:06:04
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:07:58
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 14c (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:12:59
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 90c (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:18:00
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID 558 (C:\Windows\s
ystem32\taskhost.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 04/01/2014 10:23:01
Event String:
DCOM was unable to communicate with the computer ca-p01.domain.com
n using any of the configured protocols; requested by PID f00 (C:\Windows\s
ystem32\taskhost.exe).
A warning event occurred. EventID: 0xA004001B
Time Generated: 04/01/2014 10:23:56
EvtFormatMessage failed, error 15027 the message resource is present
but the message is not found in the string/message table.
(Event String (event log = System) could not be retrieved, error
0x3ab3)
......................... dc-p01 failed test SystemLog
Starting test: VerifyReferences
......................... dc-p01 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : mydomain
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Running enterprise tests on : domain.comn
Starting test: LocatorCheck
......................... domain.comn passed test LocatorCheck
Starting test: Intersite
......................... domain.comn passed test Intersite
in Active DIrecotry Sites adn Services when i try to replicate FROM a valid SYSVOL Domain Controller towards my 2012 DC i get this:
The following error ocurred during the attempt to contact the domain controller dc-p01:
Directory object not found
i cannot upload picture yet because Ms ...didn t verified me.
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\dc-p01\netlogon)
[dc-p01] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... dc-p01 failed test NetLogons
Starting test: ObjectsReplicated
......................... dc-p01 passed test ObjectsReplicated
Starting test: Replications
REPLICATION-RECEIVED LATENCY WARNING
dc-p01: Current time is 2014-04-01 10:25:09.
DC=ForestDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
DC=DomainDnsZones,DC=mydomain,DC=lan
Last replication received from DC-P02 at
2014-03-31 15:22:40
To perform non-authoritative restore of sysvol, you set the Burflag value & system will automatically tries to sync contents of sysvol with its replicating partner DC. Its not mandatory to select any particular DC for sysvol replication becasue in a
same domain, all DC's shares the same sysvol content.
Sometime, if initialization of FRS doesn't start, you have to follow the below article. Its also applicable to windows 2008 even as long as your using FRS for replication.
http://support.microsoft.com/kb/290762/en-us
To force the replication of sysvol using cmdline, refer below link.
http://blogs.technet.com/b/justinturner/archive/2007/04/27/quick-tip-force-frs-replication.aspx
Its better to find out what went wrong with the overall AD domain infra that sysvol has not been able to contact its partner for sysvol replication using depth assessment of the domain. It can be the network,firewall,antivirus or in-built firewall port issues
which might have broken sysvol replication.
http://msmvps.com/blogs/ad/archive/2008/06/03/active-directory-health-checks-for-domain-controllers.aspx
Awinish Vishwakarma - MVP
My Blog: awinish.wordpress.com
Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
Similar Messages
-
Hello all. We are currently running a Windows Server 2003 ADDC as a virtual machine on a Windows Server 2012 host using Hyper-V. We have recently added a second Windows Server 2012 ADDC also as a Hyper-V VM. I promoted the 2k12 to a DC, transferred all FMOS
roles, and tested AD replication. All AD data was replicated fine. However a DCDIAG (the results of which I have attached to this post) show a few errors.
First off, it is failing the advertising test. This is more than likely due to a DNS error. Unfortunately, I can not seem to find the error within the DNS to resolve it.
Secondly, it is failing the KccEvent test; also seeming as a DNS related error.
Thirdly, both SYSVOL and NETLOGON shares were not successfully replicated. This is likely the basis for the other issues. Without these successfully replicated, I can not demote the 2K3 server; which is the goal in the end, to replace the old server with
the new.
I am willing to try just about anything, so any suggestions would be greatly appreciated. As for what I have tried, I have tried a non-authoritative restore using burr flags with no success. I CAN ping both DCs from each other ensuring connectivity. All
users can currently log on to the server (due to the fact that the 2K3 server is still running and still holds the SYSVOL and NETLOGON shares).
Once again, any help would be greatly appreciated! Thank you in advance!
DCDIAG Output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = RETIRED2012
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\RETIRED2012
Starting test: Connectivity
......................... RETIRED2012 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\RETIRED2012
Starting test: Advertising
Warning: DsGetDcName returned information for
\\retired1.RetireFirst.local, when we were trying to reach
RETIRED2012.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... RETIRED2012 failed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... RETIRED2012 passed test FrsEvent
Starting test: DFSREvent
......................... RETIRED2012 passed test DFSREvent
Starting test: SysVolCheck
......................... RETIRED2012 passed test SysVolCheck
Starting test: KccEvent
An error event occurred. EventID: 0xC0000827
Time Generated: 08/09/2013 22:08:34
Event String:
Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
A warning event occurred. EventID: 0x80000677
Time Generated: 08/09/2013 22:10:02
Event String:
Active Directory Domain Services attempted to communicate with the following global catalog and the attempts were unsuccessful.
An error event occurred. EventID: 0xC0000466
Time Generated: 08/09/2013 22:10:06
Event String:
Active Directory Domain Services was unable to establish a connection with the global catalog.
......................... RETIRED2012 failed test KccEvent
Starting test: KnowsOfRoleHolders
......................... RETIRED2012 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... RETIRED2012 passed test MachineAccount
Starting test: NCSecDesc
......................... RETIRED2012 passed test NCSecDesc
Starting test: NetLogons
Unable to connect to the NETLOGON share! (\\RETIRED2012\netlogon)
[RETIRED2012] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... RETIRED2012 failed test NetLogons
Starting test: ObjectsReplicated
......................... RETIRED2012 passed test ObjectsReplicated
Starting test: Replications
......................... RETIRED2012 passed test Replications
Starting test: RidManager
......................... RETIRED2012 passed test RidManager
Starting test: Services
......................... RETIRED2012 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00001695
Time Generated: 08/09/2013 22:06:48
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'RetireFirst.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x000003F6
Time Generated: 08/09/2013 22:06:49
Event String:
Name resolution for the name _ldap._tcp.Default-First-Site._sites.dc._msdcs.RetireFirst.local. timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x00001696
Time Generated: 08/09/2013 22:07:44
Event String:
Dynamic registration or deregistration of one or more DNS records failed with the following error:
A warning event occurred. EventID: 0x000003F6
Time Generated: 08/09/2013 22:07:51
Event String:
Name resolution for the name retired1.RetireFirst.local timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x00001695
Time Generated: 08/09/2013 22:08:23
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.RetireFirst.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 08/09/2013 22:08:35
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.RetireFirst.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
An error event occurred. EventID: 0x0000041E
Time Generated: 08/09/2013 22:08:45
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An error event occurred. EventID: 0x00000423
Time Generated: 08/09/2013 22:08:53
Event String:
The DHCP service failed to see a directory server for authorization.
A warning event occurred. EventID: 0x000003F6
Time Generated: 08/09/2013 22:10:04
Event String:
Name resolution for the name isatap timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 08/09/2013 22:10:08
Event String:
Name resolution for the name e45ad288-70ff-4d9e-adf9-3035e459e126._msdcs.RetireFirst.local timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 08/09/2013 22:10:21
Event String:
Name resolution for the name _ldap._tcp.Default-First-Site._sites.dc._msdcs.RetireFirst.local. timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0x00000423
Time Generated: 08/09/2013 22:11:14
Event String:
The DHCP service failed to see a directory server for authorization.
An error event occurred. EventID: 0x0000041E
Time Generated: 08/09/2013 22:13:45
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
......................... RETIRED2012 failed test SystemLog
Starting test: VerifyReferences
......................... RETIRED2012 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : RetireFirst
Starting test: CheckSDRefDom
......................... RetireFirst passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... RetireFirst passed test CrossRefValidation
Running enterprise tests on : RetireFirst.local
Starting test: LocatorCheck
......................... RetireFirst.local passed test LocatorCheck
Starting test: Intersite
......................... RetireFirst.local passed test IntersiteThank you for your response first of all! And in response:
1. "Retired1" is the 2k3 ADDC / DNS Server. It currently has a different IP than the 2K12 Server. Verified with ipconfig/all.
2. I set 2K12 to only 2K3 for DNS; no external ISP servers or itself listed. Registered DNS, restarted netlogon; no success.
3. ipconfig/all for 2K12 server here:
Windows IP Configuration
Host Name . . . . . . . . . . . . : RETIRED2012
Primary Dns Suffix . . . . . . . : RetireFirst.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : RetireFirst.local
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-01-33-0A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8159:4f0c:4071:d780%12(Preferred)
IPv4 Address. . . . . . . . . . . : 172.21.69.246(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : 172.21.69.250
DHCPv6 IAID . . . . . . . . . . . : 251663709
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-74-BE-C0-00-15-5D-01-33-0A
DNS Servers . . . . . . . . . . . : 172.21.69.240
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{8317BEC2-079A-4846-B6B2-1AE3E2784691}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
4. The 2K12 is a GC; yes.
Thanks again and hopefully we can work this out!
Seems like you have/had a server named "retired1" with the same IP address as the new 2012 server? (if this is a old server) remove all references to it in DNS
Make sure that on the 2012 server in the TCP/IP DNS Settings, you only point to the 2003 DC for DNS (Not it self for now, and no external ISP DNS servers) - Run ipconfig /registerdns and restart the netlogon service on the 2012 server.
Can you post and unedited output of ipconfig /all from the 2012 server?
Did you make the 2012 server a global catalog? (if not I would recommend that)http://support.microsoft.com/kb/296882
Seems like you have/had a server named "retired1" with the same IP address as the new 2012 server? (if this is a old server) remove all references to it in DNS
Make sure that on the 2012 server in the TCP/IP DNS Settings, you only point to the 2003 DC for DNS (Not it self for now, and no external ISP DNS servers) - Run ipconfig /registerdns and restart the netlogon service on the 2012 server.
Can you post and unedited output of ipconfig /all from the 2012 server?
Did you make the 2012 server a global catalog? (if not I would recommend that)http://support.microsoft.com/kb/296882
Seems like you have/had a server named "retired1" with the same IP address as the new 2012 server? (if this is a old server) remove all references to it in DNS
Make sure that on the 2012 server in the TCP/IP DNS Settings, you only point to the 2003 DC for DNS (Not it self for now, and no external ISP DNS servers) - Run ipconfig /registerdns and restart the netlogon service on the 2012 server.
Can you post and unedited output of ipconfig /all from the 2012 server?
Did you make the 2012 server a global catalog? (if not I would recommend that)http://support.microsoft.com/kb/296882 -
Want to modify sysvol and netlogon share permissions
HI all,
As per security concern we need to remove the everyone from share permission on SYSVOL and NETLOGON share.......can anyone provide me the suggesstion for the same...or any documented article which says that how to do it or what precaution showld we take....
Or if the permission is by design has any document or Kb article which says the permission should not be changed.
Appreciate any help.
Thanks........
Ahmed Gaziyani Enterprise Admin.Hello,
If you remove such permission then you will have issues in appliance of group policies and netlogon scripts on your users. Users should have at least read permission on the SYSVOL folder so that group policies and netlogon scripts will be applied.
More if you ask them here: http://social.technet.microsoft.com/Forums/en-US/winserverGP/threads
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student
Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows 7, Configuring
Microsoft
Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified
IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer -
Monitor Sysvol and netlogon Share availability on domain controllers
I need to monitor availability of sysvol and Netlogon shares on all our domain controllers around 20 in all.
What is the best way for us to do that.
I have seen scripts that monitor share availability but that would mean i create 40 such 2 times script monitors , that is too much of manual work..
Any advice.I looked into the discovered Inventory (SysVol for windows 2008) I see all theobjects
But the path shows as dc01.domain.com\dc01\sysvol
However we never get notified when the sysvol share is inaccessible.
We have had a number of cases when the DC is online but somehow we cant access the sysvol share
We need a monitor to alert us in such a case;
I modified the our script to include %computername% and targeted it to all dC's group,
Dim oAPI, oBag
Set oAPI = CreateObject("MOM.ScriptAPI")
Set oBag = oAPI.CreatePropertyBag()
Set objFSO = CreateObject("Scripting.FileSystemObject")
strFile = "\\%computername%\sysvol\"
If objFSO.FolderExists(strFile) Then
Call oBag.AddValue("Status","Exist")
Call oAPI.Return(oBag)
Else
Call oBag.AddValue("Status","NotExist")
Call oAPI.Return(oBag)
End If
However the monitor alerted critical immediately.
How should the monitor be.
I though if i put \\%computername%\sysvol\ in the script and send it to all the DC's group then it will start monitoring as \\dc01\sysvol etc -
Pls help: SYSVOL and NetLOGON share not ready after creating first Windows 2012 DC
Hi all,
I'm setting up the first DC on Windows server 2012 following steps here (social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx).
DCdiag gives following errors in SysVolCheck, services, and Netlogons while the rest of tests are successful:
------------------------- cut here --------------------------
Test omitted by user request: DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
[ORT001C] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
The registry lookup failed to determine the state of the SYSVOL. The error returned was 0x43
"The network name cannot be found.". Check the FRS event log to see if the SYSVOL has successfully been
shared.
......................... ORT001C failed test SysVolCheck
[snipped]
Starting test: Services
Could not open Remote ipc to [ort001c.ad1.mydomain]: error 0x43 "The network name cannot be found."
......................... ORT001C failed test Services
[snipped]
Starting test: NetLogons
* Network Logons Privileges Check
[ORT001C] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... ORT001C failed test NetLogons
------------------------- cut here --------------------------
Some information collected:
----------------------- cut here --------------------
- net share
Share name Resource Remark
C$ C:\ Default share
IPC$ Remote IPC
ADMIN$ C:\Windows Remote Admin
NETLOGON C:\Windows\SYSVOL\sysvol\ad1.mydomain\SCRIPTS
Logon server share
SYSVOL C:\Windows\SYSVOL\sysvol Logon server share
The command completed successfully.
dnslint /ad /s <DC IP>: no error
- nltest /server:ort001c.ad1.mydomain /dsgetdc:AD1.MYDOMAIN
DC: \\ort001c.ad1.mydomain
Address: \\192.168.1.77
Dom Guid: 9faa9bae-faae-42be-bf45-05a1d77b2bf0
Dom Name: ad1.mydomain
Forest Name: ad1.mydomain
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE FULL_SECRET WS DS_8 DS_9
The command completed successfully
- repadmin /showrepl
Repadmin: running command
/showrepl against full DC localhost
Default-First-Site-Name\ORT001C
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: ff4092a2-62d8-4b83-a4d4-fec6920d8535
DSA invocationID: ff4092a2-62d8-4b83-a4d4-fec6920d8535
- netdom query /domain:AD1 fsmo
Schema master
ort001c.ad1.mydomain
Domain naming master
ort001c.ad1.mydomain
PDC
ort001c.ad1.mydomain
RID pool manager
ort001c.ad1.mydomain
Infrastructure master
ort001c.ad1.mydomain
The command completed
successfully.
----------------------- cut here --------------------
Besides, DFSR instead of FRS is used.
Sorry that I'm newbie to Windows and afraid if I've anything missed. Would anyone please help?
Thanks a lot.
/ST WongHi all,
Thanks for your advice. I updated following settings and restart the server:
- IPv6: set both address/DNS to dynamic
- IPv4: Add 127.0.0.1 as alternate DNS server
Same error reported in dcdiag. Besides, the server name used by nslookup is Unknown.
I'm afraid if I've something missed :(
Sorry for the trouble caused. Thanks a lot.
Regards,
/ST Wong
--------------- cut here ---------------
C:\Users\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ort001c
Primary Dns Suffix . . . . . . . : ad1.mydomain
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ad1.mydomain
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio
n
Physical Address. . . . . . . . . : 00-50-56-AA-1C-6D
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd03:5eec:b396:a323%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.77(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 302010454
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-57-D0-61-00-50-56-AA-1C-6D
DNS Servers . . . . . . . . . . . : 192.168.1.77
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{598372EC-A809-493B-8E25-004F6D4655E2}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>nslookup ort001c.ad1.mydomain
Server: UnKnown
Address: 192.168.1.77
Name: ort001c.ad1.mydomain
Address: 192.168.1.77
C:\Users\Administrator>nslookup ad1.mydomain
Server: UnKnown
Address: 192.168.1.77
Name: ad1.mydomain
Address: 192.168.1.77
PS C:\Users\Administrator> dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = ort001c
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\ORT001C
Starting test: Connectivity
......................... ORT001C passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ORT001C
Starting test: Advertising
......................... ORT001C passed test Advertising
Starting test: FrsEvent
......................... ORT001C passed test FrsEvent
Starting test: DFSREvent
......................... ORT001C passed test DFSREvent
Starting test: SysVolCheck
[ORT001C] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... ORT001C failed test SysVolCheck
Starting test: KccEvent
......................... ORT001C passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... ORT001C passed test KnowsOfRoleHolders
Starting test: MachineAccount
Could not open pipe with [ORT001C]:failed with 67: The network name cannot be found.
Could not get NetBIOSDomainName
Failed can not test for HOST SPN
Failed can not test for HOST SPN
......................... ORT001C passed test MachineAccount
Starting test: NCSecDesc
......................... ORT001C passed test NCSecDesc
Starting test: NetLogons
[ORT001C] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... ORT001C failed test NetLogons
Starting test: ObjectsReplicated
......................... ORT001C passed test ObjectsReplicated
Starting test: Replications
......................... ORT001C passed test Replications
Starting test: RidManager
......................... ORT001C passed test RidManager
Starting test: Services
Could not open Remote ipc to [ort001c.ad1.mydomain]: error 0x43 "The network name cannot be found."
......................... ORT001C failed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00001796
Time Generated: 01/14/2014 10:26:57
Event String:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and t
his server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
A warning event occurred. EventID: 0x00000090
Time Generated: 01/14/2014 10:40:03
Event String: The time service has stopped advertising as a good time source.
......................... ORT001C passed test SystemLog
Starting test: VerifyReferences
......................... ORT001C passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ad1
Starting test: CheckSDRefDom
......................... ad1 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ad1 passed test CrossRefValidation
Running enterprise tests on : ad1.mydomain
Starting test: LocatorCheck
......................... ad1.mydomain passed test LocatorCheck
Starting test: Intersite
......................... ad1.mydomain passed test Intersite -
Issue with Windows Explorer search function and network shares.
Hello all,
I hope all is well, I am having a very odd issue.
One user when they access a particular network drive, and try to use the explorer search function it prompts the following error
Runtime error
Program:
This application has requested the runtime to terminate in a unusual way. Please contact application team for support.
I have checked the event viewer on both the user machine and server hosting the share, not events show up regarding the issue.
I have tried with the user machine in safe mode with networking, and the issue still occurs
It of course is not telling which application or program is causing this.
I have confirmed all windows updates are up to date.
I have gone to the windows search in services and swapped the 1 for a 0, that opened up three of the four network drives for search
the last one is still causing this error.
User computer is windows 7 professional 64 bit
server is windows server 2012 64 bit.
I am at a total loss as to why this is happening on two machines out of ten.
any help or suggestions would be most appreciated.
Cheers
JoshHi Josh,
What operation did the user act and how to use the explorer search function to cause the issue? Please check if the issue still exists after the user does the same action locally.
You could refer to the thread below to troubleshoot the issue:
Windows Explorer crashes continually on Windows 7 with Visual C++ Runtime error
http://answers.microsoft.com/en-us/windows/forum/windows_7-files/windows-explorer-crashes-continually-on-windows-7/70c333ba-0cd3-4308-96ce-e81931d123e3
Best Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Bit locker on Windows 2012 r2 AD And Win 8.1 Client
Can anyone give guidelines/articles for configuring Bit locker on Windows 2012 r2 AD With Win 8.1 Client
I am looking for detailed directions on backing up Bit Lo. & TPM recovery key to ADHello,
please start with
https://technet.microsoft.com/en-us/library/dn383581.aspx and
https://technet.microsoft.com/en-us/library/jj592683.aspx?f=255&MSPPError=-2147217396
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter: -
Windows 2012 answer file and DVD drive letter
Hi
my question is about applying unattend XML file into a Wim file. I have read other thread here but still I can't get it to work. so here is the situation:
I have installed windows 2012 then I have SYSPREPed it and then I created a WIM file with DISM tool and then I have a very simple answer file. I use DISM to mount the image and then use DISM /apply-unattend to push my answerfile into my WIM file. now
the issue is, when I load this image into a VM using DISM tool, everything goes fine and when the server comes up for the first time I see the language setting page asking for "Country or region" and "App Language" and "keyboard layout"
when I hit next , it asks for license agreement and after confirming that one, I can login to windows. How I can hide those 2 windows. my small answer files is :
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="windowsPE">
<component name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SetupUILanguage>
<UILanguage>en-US</UILanguage>
<WillShowUI>Never</WillShowUI>
</SetupUILanguage>
<InputLocale>en-US</InputLocale>
<SystemLocale>en-US</SystemLocale>
<UILanguage>en-US</UILanguage>
<UserLocale>en-US</UserLocale>
</component>
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserData>
<AcceptEula>true</AcceptEula>
</UserData>
</component>
</settings>
<settings pass="specialize">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TimeZone>Mountain Standard Time</TimeZone>
</component>
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<TimeZone>Mountain Standard TIme</TimeZone>
</component>
</settings>
<cpi:offlineImage cpi:source="wim:c:/win2012/install.wim#Windows Server 2012 R2 SERVERSTANDARD" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
</unattend>
can somebody please let me know what am I doing wrong? I was assuming after applying unattanded xml file, when I do DISM /apply-image it gonna use my answer file....
I have one more question as well:
in 2012, I change DVD drive letter from D to Z and then I sysprep it. in target VM when I load my image, DVD drive is D again.
I guess when sysprep generalize everything, DVD drive get detected again and windows assign first available letter to it. my second question is : is there any way to make drive letter setting stays the same in target computer?
Your help is much appreciated!Hi,
Where did you put the answer file? Windows has several places to check the files, you can refer to the following article, notice Implicit Answer File Search Order.
Windows Setup Automation Overview
http://technet.microsoft.com/en-in/library/hh824950.aspx
For DVD drive letter, I think you can assign it via a script with diskpart command:
Assign, change, or remove a drive letter
http://technet.microsoft.com/en-in/library/cc757491(v=ws.10).aspx#BKMK_CMD
Include a Custom Script in a Windows PE Image
http://technet.microsoft.com/en-us/library/cc766521(v=ws.10).aspx
Hope this helps. -
Change license to Windows 2012 R2 Essentials and Windows 2012 R2 Standard
Hi,
I'm working for a small company (10 users). We have 2 servers; 1 is a normal file server, domain controller etc.; the second is dedicated for running a financial application. We bought and installed new hardware but with so called 'Technet licenses'.
Obviously we need to buy proper licenses. I have 2 questions :
1. Am I correct in buying 1 Windows 2012 R2 Essentials license, 1 Windows 2012 R2 Standard license and 10 CALs ?
2. Can I just install these licenses 'over' the existing 'Technet licenses' ?
Any help will be greatly appreciated.
Ronald RuijtenbergI would purchase one Server Standard license, install it as a hypervisor on the server, then add to VMs. First one is Server with the Essentials role, the second to run your financial application. You can do this on one physical box and you
only have to purchase one copy of Server Standard.
Larry Struckmeyer[MVP] If your question is answered please mark the response as the answer so that others can benefit. -
Windows 2012 storage server and tier with external SSD disks
Hi
My query is in case I have one SAN storage with SSD and FC disks connected to Windows 2012 storage server, will Windows be able to manage Tier between two types of disks if the volumes are properly assigned and formated?
RegardsHi
My query is in case I have one SAN storage with SSD and FC disks connected to Windows 2012 storage server, will Windows be able to manage Tier between two types of disks if the volumes are properly assigned and formated?
Regards
Short answer: No, not automatically. Long answer: Yes, it can be done but with some tricks. First you'll have to make your SAN export LUs built from flash and from spindles. At least one of each (see URL below). Then you'll have to build storage spaces (even
clustered but that's not officially supported for non-SAS disks) from them.
See:
Configure Tiering with Windows Server 2012 R2
http://blogs.technet.com/b/askpfeplat/archive/2013/10/21/storage-spaces-how-to-configure-storage-tiers-with-windows-server-2012-r2.aspx
Both LUs would have non-SSD type reported so you'll have manually assign types with PowerShell what's flash and what's spindle.
"Notice that the SSD devices were detected as SSD media. However, in this case the physical drives show as unknown.
If yours are not detected like in this example, they should be set correctly which can be done using PowerShell. "
Hope this helped :)
StarWind VSAN [Virtual SAN] clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts. -
Hi
I have got a job about a year ago in an organisation which had 3 windows 2008 R2 servers and lots of problem. I managed to clean up the domain and ended up to migrating all the DCs to Windows 2012 R2. when I run the command repadmin\syncall on any of my
domain controllers they sync each other with no issue, but when I run the following command:
repadmin /showvector /latency dc=....,dc=..... I am getting reports of the previous DCs which are demoted and still are in my active directory database. I know its something related to tombstone but how can I remove them completely from my domian.
Thanks so much in advanceHi Geraldton,
It seems that we can't remove these entries.
The following thread focused on the similar question and can be referred to for more information.
repadmin /showvector /latency dc=goodies,dc=com,dc=sa
http://social.technet.microsoft.com/Forums/windowsserver/en-US/09b61b9e-b618-4943-963e-de452bdece12/repadmin-showvector-latency-dcgoodiesdccomdcsa
Best regards,
Frank Shen -
How do I map a local windows 7 machine to and Azure Share?
I have 15 physical Windows 7 machines with that I want to access a file share in Windows Azure. How do I do this?
daveeeeeeHi
daveeeeee,
Azure File Share can be access from a Local computer using Rest APIs, whereas, SMB protocol only allows the access of Azure File Share within the same region in Azure.
You could refer the following link for further details:
http://blogs.msdn.com/b/windowsazurestorage/archive/2014/05/12/introducing-microsoft-azure-file-service.aspx
You could use the Rest APIs or AzCopy to
transfer data to and from Azure File Share.
Regards,
Malar. -
Active Directory, Windows 2003 SP2 Server and SMB shares
I have 10 new iMacs that will be returned and exchanged for 10 HP wintels if I can't resolve an issue with SMB shares in Mac OS X 10.4.9.
We had an old win 2000 server, and all the macs could mount their smb shares without problems.
Recently we upgraded to two new 2003 sp2 servers, one of them the domain controller, and we can't mount their SMB shares. I followed this http://weblog.bignerdranch.com/?p=6&page=3 and/or this http://allinthehead.com/retro/218/accessing-a-windows-2003-share-from-os-x to allow AD authentication, but still, I can't mount the 2003 shares (but can with the 2000 ones!!!).
If I enable SFM (services for macintosh) then I can mount the shares, but:
1) the network is slower (I supouse is due to appletalk implementation)
2) and worse, names with more than 32 characters or with some special characters are not allowed. This renders 30% of our archives unavailable with the AFP solution.
I also used all the authentication methods (Plain text apple, plain text windows, etc.) but no one works.
I have now 10 days to find a solution, or all "my" macs will dissapear forever.
Please, some advice or point to documentation.
G4, G5, iMac Intel, Mac Book Pro, etc Mac OS X (10.4.9)Do you just want to mount arbitrary share from the win servers or do you want the macs to be bound to AD?
The first requires the steps from your second link (allinthehead.com) but the latter (bind to AD) requires things like proper use of DNS, time synchronisation for kerberos to work and proper configuration as described in your first link (bignerdranch.com).
Here are some more links for the latter (AD intergration):
http://www.bombich.com/mactips/activedir.html
http://www.afp548.com/article.php?story=20051202151540574&query=ad-od
HTH
-Ralph -
Windows 2012 R2 DFSR and backlog for Read only Server
Hi All
I have strange situation - i have 2 servers running Win2012R2 with 2 folders replicated by DFSR ( + Deduplication Enabled on both servers). Second Server folders set to ReadOnly. But second server showing high backlog waiting replication to Server1 -
in the same time Staging Folder is empty. When i'm disabling membership for this server, and enabling back - some time it is showing 0 backlog - all is ok, but then it resumes to show hight backlog again. How i can fix it?
Best Wishes, Andrew GolubenkoffHi,
Is there any error message in the Event Log? Since the got the status 5 ( "5: In Error" ), you could try to rebuild the DFSR database to resolve the issue.
For more detailed information, you could refer to the thread below:
DFSR - Database Corrupt
https://social.technet.microsoft.com/Forums/windowsserver/en-US/b69839aa-f050-419c-9344-6b7bf067c318/dfsr-database-corrupt?forum=winserverfiles
Best Regards,
Mandy
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
Windows 2012 Domain Controllers and RC4
We are using Qualysguard as our vulnerability scanner, and we are getting QID 38601, "SSL/TLS use of weak RC4 cipher". While we have created a GPO to disable RC4 on the 2008/2012 servers, we have 4 Domain Controllers that we haven't included in
the GPO yet. I'm wondering if disabling RC4 on 2012 Domain Controllers will cause problems that I'm not forseeing right now.
Does someone out there have any knowledge of this through experience or otherwise?
Thanks in advance.
Hi,
As far as I know, disable RC4 cipher usage in SSL/TLS wouldn’t affect Kerberos related services on Domain Controller, since Key Distribution Center (KDC) just use the available encryption type to encrypt tickets that requested from our clients with
RC4_HMAC_NT.
More information for you:
Disabling RC4 Cipher KB2868725 relation to Kerberos
https://social.technet.microsoft.com/Forums/sqlserver/en-US/836eba80-a070-486d-98b2-69b6325cb40e/disabling-rc4-cipher-kb2868725-relation-to-kerberos?forum=winserversecurity
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Maybe you are looking for
-
ADS: com.adobe.ProcessingException: XMLFM Exception - P(200101)
Hi, Exception SYSTEM_ERROR Message ID: FPRUNX Message number: 001 Message: ADS: com.adobe.ProcessingException: XMLFM Exception - P(200101) I am getting the above error while executing adobe forms function
-
RfcAdapter received a synchronous message. Trying to send sRFC for SALERT_C
Hi All, I am receiving the message 'RfcAdapter received a synchronous message. Trying to send sRFC for SALERT_CREATE' in my receiver RFC channel used to trigger alerts from PI to ECC. no emails are getting generated. Please advice. Regards.
-
Hello. I recently installed iphoto 09 from ilife. When I opened it, all of my photos were grey square thumbnails. I might have done something wrong in the installation, however, if I click on a grey square, the photo does come up. It is like the thum
-
I recently wiped my iBook and when I next connected my digital camera it came up with a notice that said something like, 'do you wish to start iPhoto everytime you connect your digital camera'. Because I was in a bit of a rush, I accidentally clicked
-
Safari RSS feed suddenly requires authentication
I have a bunch of RSS feeds, which I subscribed to (and read) via Safari. A couple of them come from a BitTorrent tracker that I frequent. I have been using these feeds for at least a year, without error. All of a sudden, I'm getting an error saying: