Windows 8.1 TPM ownership on Server 2008 R2 schema - not to spec?

My organization is running AD DS on Server 2008 R2 schema. Already a bad start, I know, but let's pretend that's impossible to change. In our default domain policy, we have the following setting
enabled to require AD backup of TPM owner authorization value hashes:
Computer Settings\Policies\Administrative Templates\System\Trusted Platform Module Services\Turn on TPM backup to Active Directory Domain Services
As a result, when I try to encrypt an AD-bound Windows 8 Enterprise machine with BitLocker, it fails because Windows 8 tries to store the TPM authorization hash as a
child object (with type ms-TPM-OwnershipInformation) of the computer object, while the Server 2008 R2 schema requires storing this information as an
attribute (specifically, msTPM-OwnerInformation) of the computer object. This is perfectly fine and dandy - in fact, it's clearly documented in a TechNet article (http://technet.microsoft.com/en-us/library/jj131725.aspx#BKMK_AuthValue)
that this behavior is intentional, and the solution is to update to Server 2012 schema. Cool.
The bit that concerns me is that when I try to encrypt an AD-bound Windows 8.1 Enterprise machine, it succeeds under these same circumstances. However, despite the policy setting requiring the TPM backup, it simply doesn't occur - it is neither stored in
the computer attribute, nor is it created as a child object to the computer.
I have not been able to find any documentation that would indicate that Windows 8.1 behaves differently from Windows 8 on this matter. As the mainstream support end date for Server 2008 R2 is not until 01/13/14, I wouldn't expect that Microsoft has intentionally
implemented what I have described. Might this then be an unintended behavior?

Hi,
I made a deep research about this problem today. Here is some new updates below:
According to the library:
http://technet.microsoft.com/en-us/library/dd875529(v=ws.10).aspx
You should also configure AD DS before configuring BitLocker on client computers. If BitLocker is enabled first, recovery information for those computers will not be automatically added to AD DS. If necessary, recovery information
can be backed up to AD DS after BitLocker has been enabled by using either the Manage-bde command-line tool or the BitLocker Windows Management Instrumentation (WMI) provider.
That's to say, If you never initialize the TPM of Windows 8 before, but Windows 8.1 machine did. When you use TPM first time in Domain Environment, the Windows 8 machine may encounter the problem like initialization failed, but Windows 8.1 would works properly.
To verify our inference, you can try to run the command like manage-bde -protectors -adbackup c: -id {xxxx,xxxx,xxxx,xxxxx}
at Windows 8.1 to backup Recovery information to AD to check if it works fine.
Here is another blog which further talking about how to backup recovery information in AD after BitLocker is turned ON in Windows 7. I guess this article would be helpful with your problem:
http://blogs.technet.com/b/askcore/archive/2010/04/06/how-to-backup-recovery-information-in-ad-after-bitlocker-is-turned-on-in-windows-7.aspx
In addition, We need to know that TPM recovery information is backed up when you:
1. Set the TPM owner password during TPM initialization.
2. Change the TPM owner password.
Therefore, please check your situation if it similar with the pheonmenon above, if not, please feel free let us know.
Roger Lu
TechNet Community Support

Similar Messages

Attempted to perform an unauthorized operation error on windows 8.1 while installing SQL server 2008

Hi,
I am getting the error "Attempted to perform an unauthorized operation" on windows 8.1 while installing
SQL server 2008.
The specific error is The error is Attempted to perform an unauthorized operation."
at stepSqlBrowserConfigAction_install_ConfigNonRC_Cpu32 .
I have tried everything from copying to the C drive. I am the admin on the machine. I also checked access in registry. It already has acesss to HKLM\System\CurrentControlSet\Control\WMI\security
Can someone comment on how to resolve this issue. I also tried NT
AUTHORITY\SYSTEM but getting the same error.
Any help would be appreciated.

Hello,
Please note that SQL Server 2008 requires Service Pack 3 (SP3) to make it compatible with
Windows 8.1. Please perform an slipstream installation of SQL Server 2008 + SP3:
http://support.microsoft.com/kb/955392
If it fails again, please share with us the Summary.txt log file and the details.txt log file. The following article
may help you locate those files on disk::
http://msdn.microsoft.com/en-us/library/ms143702(v=sql.100).aspx
Hope this helps.
Regards,
Alberto Morillo
SQLCoffee.com

Cisco LMS 4.1 Installation on Windows Server 2008 R2, Databases not created

Hi There,
As always, I am trying to install LMS 4.1 on windows server 2008 R2 and after the installation and login to the LMS I find the following:
DCRServer is down or may not be completely up. Check if the DCRServer process is running.
And after some troubleshooting I found that the LMS is not creating the CMF database and the other databases. Attached is the installation log file, if someone could help me with it would be appreciated. Please note the following:
1. I have downloaded the installation file from Cisco website twice, so I do not think it is the file that is corrupted, also it is only evaluation license.
2. I have met all the prerequisites and requirement as in the documentation guides, but maybe there is something still wrong.
Thanks,

Also Here is more info output:
C:\Program Files (x86)\CSCOpx>pdshow -brief
Process               State                                     Pid
Tomcat                Program started - No mgt msgs received    1572
TomcatMonitor         Running normally                          2236
Apache                Program started - No mgt msgs received    2436
DataPurge             Administrator has shut down this server   0
DCRServer             Failed to run                             0
CMFOGSServer          Administrator has shut down this server   0
EssentialsDM          Administrator has shut down this server   0
ConfigMgmtServer      Never started                             0
ConfigUtilityService Never started                             0
CTMJrmServer          Administrator has shut down this server   0
ChangeAudit           Never started                             0
SyslogAnalyzer        Program started - No mgt msgs received    2976
ICServer              Running normally                          5096
EnergyWise            Never started                             0
PMCOGSServer          Administrator has shut down this server   0
IPMOGSServer          Administrator has shut down this server   0
IPMProcess            Never started                             0
TISServer             Program started - No mgt msgs received    2544
DFMOGSServer          Program started - No mgt msgs received    876
InventoryCollector    Running normally                          3052
Interactor            Program started - No mgt msgs received    5136
InventoryCollector1   Program started - No mgt msgs received    5144
Interactor1           Program started - No mgt msgs received    5308
PTMServer             Program started - No mgt msgs received    5320
UPMProcess            Never started                             0
TISDiscoveryJobCreate Administrator has shut down this server   0
SyslogCollector       Running normally                          5340
Proxy                 Program started - No mgt msgs received    5348
PMServer              Running normally                          5360
NameServer            Program started - No mgt msgs received    5680
NameServiceMonitor    Running normally                          5876
LicenseServer         Program started - No mgt msgs received    5884
FHPurgeTask           Never started                             0
EventFramework        Program started - No mgt msgs received    5892
EPMServer             Program started - No mgt msgs received    5904
FHServer              Administrator has shut down this server   0
NOSServer             Program started - No mgt msgs received    5580
diskWatcher           Running normally                          5640
DFMMultiProcLogger    Program started - No mgt msgs received    5864
DFMLogServer          Program started - No mgt msgs received    4896
DFMCTMStartup         Administrator has shut down this server   0
DfmBroker             Running normally                          6104
DfmServer             Running normally                          6416
DfmServer1            Running normally                          6424
DCRDevicePoll         Never started                             0
CSRegistryServer      Running normally                          6432
CSDiscovery           Never started                             0
AdapterServer1        Program started - No mgt msgs received    6440
AdapterServer         Program started - No mgt msgs received    6448
C:\Program Files (x86)\CSCOpx>pdshow DCRServer
        Process= DCRServer
        State = Failed to run
        Pid    = 0
        RC     = -3
        Signo = 1073741821
        Start = N/A
        Stop   = 07/02/2012 17:39:06
        Core   = Not applicable
        Info   = Application failed or was registered incorrectly.
C:\Program Files (x86)\CSCOpx>net stop crmdmgtd
The Cisco Prime Daemon Manager service is stopping..........................................
The Cisco Prime Daemon Manager service was stopped successfully.
C:\Program Files (x86)\CSCOpx>bin\perl.exe objects\db\conf\configureDb.pl action=validate dsn=cmf
INFO: C:\PROGRA~2\CSCOpx/objects/db/conf/ConfigureDB.LOCK locked for the operation...
ERROR: [StandardDbUpgrade] : Database cmf is not installed.
INFO: C:\PROGRA~2\CSCOpx/objects/db/conf/ConfigureDB.LOCK released for the future operations...
C:\Program Files (x86)\CSCOpx>bin\perl.exe bin\dbpasswd.pl all
ERROR: There is no database available to change password.
C:\Program Files (x86)\CSCOpx>bin\perl.exe bin\dbRestoreOrig.pl dsn=cmf dmprefix=Cmf npwd=pwd
'cmf' is not a valid data source for the product.

How to resolve a windows authenticated orphaned user in Sql Server 2008 R2?

Hi,
We have some orphaned windows authenticated users(domain) in the database while it had been
migrated from Sql Server 2005 to Sql Server 2008 R2, because there are no corresponding
logins for the users. Will just adding the logins would be sufficient or after adding the
logins should we also run sp_change_users_login @Action='update_one' to resolve any sid
conflict. Thanking you in advance,
With regards
Binny Mathew

Binny
You have issue with orphaned users if you use Mixed Authentication. If you use Windows and move the db to the new server the Windows Login should be exist on the new server already.
Best Regards,Uri Dimant SQL Server MVP,
http://sqlblog.com/blogs/uri_dimant/
MS SQL optimization: MS SQL Development and Optimization
MS SQL Consulting:
Large scale of database and data cleansing
Remote DBA Services:
Improves MS SQL Database Performance
SQL Server Integration Services:
Business Intelligence

Side By Side Configuration Error Windows 7 64 bit and SQL SERVER 2008 R2

Hi,
I keep getting the side by side error... I tried installing the patches, and service packs i reinstalled sql server 2008 r2 like 10 times. It won't go away. I tried the registry edit a few people say works. This has been killing me for a week now,
I cannot run my sql server on my machine its crazy..???
Please help
thanks, NIck
Activation context generation failed for "C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Log Name:      Application
Source:        SideBySide
Date:          2/16/2014 10:36:55 PM
Event ID:      33
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      Nick-PC
Description:
Activation context generation failed for "C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe". Dependent Assembly Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
    <Provider Name="SideBySide" />
    <EventID Qualifiers="49409">33</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2014-02-17T03:36:55.000000000Z" />
    <EventRecordID>505191</EventRecordID>
    <Channel>Application</Channel>
    <Computer>Nick-PC</Computer>
    <Security />
</System>
<EventData>
    <Data>Microsoft.VC80.ATL,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe</Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
    <Data>
    </Data>
</EventData>
</Event>

Hi NickDeNora,
According to your description, we need to verify if you install
Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) and
correct the manifest file. The manifest file is readable (although empty), but we cannot edit it (even if you are an administrator). Only SYSTEM has access to the file. So to be able to edit it, you must first take ownership of
it and grant ACLs. After saving the file, then run the setup again.
For more information , see:
http://blogical.se/blogs/johan/archive/2012/06/23/sql-server-vc-installation-voes.aspx
Regards,
Sofiya Li
Sofiya Li
TechNet Community Support

Server 2008 SP2 will not install Windows Updates

I receive this error:
Installation Failure: Windows failed to install the following update with error 0x8000ffff: Security Update for Windows Server 2008 (KB2653956).
Installation Failure: Windows failed to install the following update with error 0x8000ffff: Cumulative Security Update for Internet Explorer 9 for Windows Server 2008 (KB2675157).
These are two separate attempts to install the two updates listed. The first time it failed on the IE9 update so I unselected it and tried the other with the error above. This has been going on for quite some time. At first it would install
some updates and not others and now it won't install anything.
I have Symantec Endpoint Protection installed, version 11, and the definition files are up to date. I ran Malwarebytes and it found nothing.
I read a post about a hotfix called System Updates Readiness Tool but my error (0x8000ffff) was not listed as one of the errors and I hesitate to install it.
I am way behind on updates and really need to get this fixed, obviously. If anyone has ideas, I would like to hear them. I have not found anything online that is specific to my situation.
thanks

KB2675157 (MS12-023) is a superseded and EXPIRED update and isn't going to install anywhere at anytime. It's been superseded -18- times since it's original release. You should have KB2809289 (MS14-012 -- released this month) approved/installed for IE9
on WS2008 systems.
KB2653956 (MS12-024) is from April, 2012, and should have been installed EONS ago (but it has been revised a couple of times, so make sure that you have Revision 103 approved and not an earlier revision).
If the CURRENT updates are failing, then YES, you should download and run the current version of the System Update Readiness Tool from the Microsoft Download Center and implement any remediations recommended by that tool.
Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
SolarWinds Head Geek
Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
http://www.solarwinds.com/gotmicrosoft
The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

Robocopy on Windows Server 2008 SP2 does not copy folder permissions

When using Robocopy to copy folders and files from one local hard disk to another, using /COPYALL /E /TEE options, the target folder does not contain the source folder's ACL. I've tried other options such as: /COPY:DATSOU or /SECFIX, it made no difference.
Test scenario: Create a folder on C:, Test1. Add to Test1's permissions a local group with Read, e.g. Backup Operators. The ACL list should have permissions inherited from C:\ plus Backup Operators that's not inherited. Use Robocopy to copy Test1 to C:\Test2, check the ACL on Test2. Backup Operators is missing.
It looks like Robocopy cannot override the target folder's permissions inheritance, the folder retains the parent folder's ACL.
I've also disabled User Access Control in troubleshooting this problem.
To add to this issue, there's a workaround can be used to ensure the target folder's ACL is the same as the source folder's ACL. It's a two step process.
1) Use XCOPY source_folder target_folder /I /E /X /T - This lays down the directory structure including the ACLs
2) Use ROBOCOPY source_folder target_folder /COPYALL /SECFIX /E - This will copy over the directories and files, enforcing the files to receive the parent folder's ACL. The target_folder's ACL remain intact, unaltered from XCOPY command.
The end result: the target_folder ACL is identical to the source_folder ACL, the files copied to the target_folder will inherit ACL from their parent folder. Both source and target folders and files ACLs are identical.
ROBOCOPY should do both steps, but doesn't. I've tested this scenario on bare-bones Windows Server 2008, physical and virtual machines.
Darryl Miller

To Wendy23,
Just for clarity, the Windows Server 2008 OS that I ran ROBOCOPY and XCOPY on was the non-R2 version. Microsoft might have fixed this issue in R2.
You'll probably need to logon as local Administrator or use an account belonging to the local Administrators group.
Also, open the Command Prompt using "Run as Administrator" (right-click on Command Prompt), then run the XCOPY and ROBOCOPY commands from within this prompt.
To answer G.Write, the storage is local hard disks.
Thanks, was a long time ago, I was having a problem with robocopy not copying permissions on a SAN, and was wondering if the SAN was the problem, but your method worked fine for me, thanks.

Windows Server 2008 xml sync not working

Windows Server 2008 message - xml sync has stopped working. this is preventing me from having my documents automatically upload to a client website for their viewing. these file are uploaded with FTP automatically when
printed form the computer. I will also get an error that SBS Console has stopped working and restart. The console will then work after clicking restart. These are probably related issues. Appreciate any step by step instructions to
get the XML Sync issue resolved so hopefully documents will upload again.

Hi,
à
Windows Server 2008 message - xml sync has stopped working.
Would you please let me know more details of this issue? Please let me know the complete error message or provide
a screenshot of it. (please hide or remove all private and protected information.) Did you remember which specifc operation had been done before this issue occurred? For examples, install updates or install third-party applications?
à
I will also get an error that SBS Console has stopped working and restart.
For the SBS console issue, please follow the path:
C:\Program Files\Windows Small Business Server\Logs and check Console log file if find more relevant clues.
If any update, please feel free to let me know.
Hope this helps.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Windows Server 2008 R2 Does not boot When Back up drive removed

I have a windows Server 2008 R2 Standard server RAID 10 installed. I have a non raid drive installed as the backup HD. The Backup drive is now failing. When I went to switch it with a new one the system does not boot and is asking for
a boot drive. I have been searching for solutions and cannot find any. Any ideas?

Hi,
Could you confirm if your boot volume is on that non-RAID disk (maybe 2 volumes on that disk and one of them is the boot volume)?
At current situation, first please test to connect the failed disk back to the device and see if it will help.
Or you may need to run a boot-up repair with an installation disk.
If you have any feedback on our support, please send to [email protected]

Windows server 2008 R2 is not showing the second hard disk.

Hi,
We are having two windows server 2008 R2. In that we have, two hard disk and each with 146GB storage capacity. But it is displaying only the storage capacity of a single hard disk. Seems like the second hard disk in not recognized.
What can be done to clear this?
Regards
Manoj S

Hi,
As Burak mentioned, first you need to check if it displayed in Disk Management.
If so, see if you can initial it, create a volume and assign a drive letter.
If not, check if it is recognized in BIOS. Also test if it could be recognized in another computer.
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Script stops automatically on windows server 2008, IE8 is not launched or it doesn't navigate

QTP 11.0 - Script stops automatically on windows server 2008, IE8 and works fine on other standalone machines having Windows 7. Pls advise. It is very weird, it suddenly stops launching IE8. Sometimes it launches IE8 but des not navigate from one step to another. I have scheduled it using a vbscript though windows scheduler. I tired to uninstall QTP, then reinstall, it works fine for first run but stops again.

To Wendy23,
Just for clarity, the Windows Server 2008 OS that I ran ROBOCOPY and XCOPY on was the non-R2 version. Microsoft might have fixed this issue in R2.
You'll probably need to logon as local Administrator or use an account belonging to the local Administrators group.
Also, open the Command Prompt using "Run as Administrator" (right-click on Command Prompt), then run the XCOPY and ROBOCOPY commands from within this prompt.
To answer G.Write, the storage is local hard disks.
Thanks, was a long time ago, I was having a problem with robocopy not copying permissions on a SAN, and was wondering if the SAN was the problem, but your method worked fine for me, thanks.

Server 2008 R2 NIC not holding Static IP

Hello
I have a Dell 2950, Server 2008 R2 SP-1, it is a DC, DHCP, DNS, WINS, Etc
Local Area Connection 1 is the only active NIC with:
IP 10.10.1.50
SM 255.255.255.0
PDNS 10.10.1.50
IPV6 Disabled
Local Area Connection 2 is disabled
I had DHCP, DNS, Etc all working fine, the server was down for 2 weeks for a move, it is a DC and the only server (I know, I know, not a good idea)
When I fired it back up, the static 10.10.1.50 was gone the the NIC defaulted to DHCP
What would cause this? I called Dell about anything configured for this, they said there is none,
Also noticed if I add DG 10.10.1.50 as same (Only 1 server is DC, WINS, DNS, DHCP, the DG returns to empty
Thanks
B.

Hi B.
Based on your description, please make sure that this is not changed by someone else with admin access to the domain controller. Besides, we can check DHCP logs under Applications and Services Logs\Microsoft\Windows\Dhcp-Client in Event Viewer to see if
some related logs were logged.
Moreover, for this question is not related to group policy and more related to network, in order to get better help and analysis, it's recommended that we ask for suggestions in the following forum.
Platform Networking
https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverPN
Best regards,
Frank Shen

Server 2008 R2 does not show Internet Explorer 10/11 Group Policy options

Hello,
I have a Windows Server 2008 R2 server that has IE11 installed. I am attempting to create a GPO to control Proxy settings for IE10/11 clients, however, when I go to User Config>Preferences> Control Panel Settings> Internet Settings and Right click,
I do not see an option for IE10, only IE5 and 6, IE7, and IE8.
I have downloaded and installed the Administrative Templates for Internet Explorer from
here, and followed the installation instructions, but still, the option does not show up. I have ensured that all the latest Windows Updates are installed on the server, and rebooted
the server a couple times.
What am I missing here?
Thanks in advance.

<meta content="text/html; charset=UTF-16" http-equiv="Content-Type" /><title>SFDN\testuser</title> <style type="text/css">body { background-color:#FFFFFF; border:1px solid #666666; color:#000000; font-size:68%;
font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; } table { font-size:100%; table-layout:fixed; width:100%; } td,th { overflow:visible; text-align:left; vertical-align:top; white-space:normal; } .title { background:#FFFFFF;
border:none; color:#333333; display:block; height:24px; margin:0px,0px,-1px,0px; padding-top:4px; ; table-layout:fixed; width:100%; z-index:5; } .he0_expanded { background-color:#FEF7D6; border:1px solid #BBBBBB; color:#3333CC; cursor:hand; display:block;
font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he1_expanded { background-color:#A0BACB; border:1px solid
#BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he1h_expanded
{ background-color: #7197B3; border: 1px solid #BBBBBB; color: #000000; cursor: hand; display: block; font-family: MS Shell Dlg; font-size: 100%; font-weight: bold; height: 2.25em; margin-bottom: -1px; margin-left: 10px; margin-right: 0px; padding-left: 8px;
padding-right: 5em; padding-top: 4px; ; width: 100%; } .he1 { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px;
margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he2 { background-color:#C0D2DE; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em;
margin-bottom:-1px; margin-left:30px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; } .he3 { background-color:#D9E3EA; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%;
font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:40px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4 { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block;
font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:50px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4h { background-color:#E8E8E8; border:1px solid #BBBBBB;
color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; } .he4i { background-color:#F9F9F9;
border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-bottom:5px; padding-left:21px; padding-top:4px; ; width:100%; } .he5 { background-color:#E8E8E8;
border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:60px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ;
width:100%; } .he5h { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; padding-right:5em; padding-top:4px; margin-bottom:-1px; margin-left:65px; margin-right:0px;
; width:100%; } .he5i { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:65px; margin-right:0px; padding-left:21px; padding-bottom:5px; padding-top:
4px; ; width:100%; } DIV .expando { color:#000000; text-decoration:none; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:normal; ; right:10px; text-decoration:underline; z-index: 0; } .he0 .expando { font-size:100%; } .info, .info3, .info4,
.disalign { line-height:1.6em; padding:0px,0px,0px,0px; margin:0px,0px,0px,0px; } .disalign TD { padding-bottom:5px; padding-right:10px; } .info TD { padding-right:10px; width:50%; } .info3 TD { padding-right:10px; width:33%; } .info4 TD, .info4 TH { padding-right:10px;
width:25%; } .info TH, .info3 TH, .info4 TH, .disalign TH { border-bottom:1px solid #CCCCCC; padding-right:10px; } .subtable, .subtable3 { border:1px solid #CCCCCC; margin-left:0px; background:#FFFFFF; margin-bottom:10px; } .subtable TD, .subtable3 TD { padding-left:10px;
padding-right:5px; padding-top:3px; padding-bottom:3px; line-height:1.1em; width:10%; } .subtable TH, .subtable3 TH { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; } .subtable .footnote { border-top:1px solid #CCCCCC;
} .subtable3 .footnote, .subtable .footnote { border-top:1px solid #CCCCCC; } .subtable_frame { background:#D9E3EA; border:1px solid #CCCCCC; margin-bottom:10px; margin-left:15px; } .subtable_frame TD { line-height:1.1em; padding-bottom:3px; padding-left:10px;
padding-right:15px; padding-top:3px; } .subtable_frame TH { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; } .subtableInnerHead { border-bottom:1px solid #CCCCCC; border-top:1px solid #CCCCCC; } .explainlink { color:#000000;
text-decoration:none; cursor:hand; } .explainlink:hover { color:#0000FF; text-decoration:underline; } .spacer { background:transparent; border:1px solid #BBBBBB; color:#FFFFFF; display:block; font-family:MS Shell Dlg; font-size:100%; height:10px; margin-bottom:-1px;
margin-left:43px; margin-right:0px; padding-top: 4px; ; } .filler { background:transparent; border:none; color:#FFFFFF; display:block; font:100% MS Shell Dlg; line-height:8px; margin-bottom:-1px; margin-left:53px; margin-right:0px; padding-top:4px; ; } .container
{ display:block; ; } .rsopheader { background-color:#A0BACB; border-bottom:1px solid black; color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-bottom:5px; text-align:center; } .rsopname { color:#333333; font-family:MS Shell
Dlg; font-size:130%; font-weight:bold; padding-left:11px; } .gponame{ color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; } .gpotype{ color:#333333; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; padding-left:11px;
} #uri { color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; } #dtstamp{ color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; text-align:left; width:30%; } #objshowhide { color:#000000; cursor:hand; font-family:MS
Shell Dlg; font-size:100%; font-weight:bold; margin-right:0px; padding-right:10px; text-align:right; text-decoration:underline; z-index:2; word-wrap:normal; } #gposummary { display:block; } #gpoinformation { display:block; } @media print { #objshowhide{ display:none;
} body { color:#000000; border:1px solid #000000; } .title { color:#000000; border:1px solid #000000; } .he0_expanded { color:#000000; border:1px solid #000000; } .he1h_expanded { color:#000000; border:1px solid #000000; } .he1_expanded { color:#000000; border:1px
solid #000000; } .he1 { color:#000000; border:1px solid #000000; } .he2 { color:#000000; background:#EEEEEE; border:1px solid #000000; } .he3 { color:#000000; border:1px solid #000000; } .he4 { color:#000000; border:1px solid #000000; } .he4h { color:#000000;
border:1px solid #000000; } .he4i { color:#000000; border:1px solid #000000; } .he5 { color:#000000; border:1px solid #000000; } .he5h { color:#000000; border:1px solid #000000; } .he5i { color:#000000; border:1px solid #000000; } } v\:* {behavior:url(#default#VML);}
</style> <script language="vbscript">  </script> <script language="javascript">
 </script>
Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS
Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding- height:24px; } .path { margin- margin- margin-bottom:5px;width:100%; } .info { padding-width:100%; } table { font-size:100%; width:100%; border:1px solid #999999;
} th { border-bottom:1px solid #999999; text-align:left; padding- height:24px; } td { background:#FFFFFF; padding- padding-bottom:10px; padding- } .btn { width:100%; text-align:right; margin- } .hdr { font-weight:bold; border:1px solid #999999; text-align:left;
padding- padding- height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; background:#FFFFFF; padding- padding-bottom:10px; padding- border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS
Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
<button accesskey="P" name="Print" onclick="window.print()">Print</button>
<button accesskey="C" name="Close" onclick="window.close()">Close</button>
No explanation is available for this setting.
Supported On:
Not available
Group Policy Results
SFDN\testuser
Data collected on: 12/14/2014 1:00:12 PM
Summary
Computer Configuration Summary
No data available.
User Configuration Summary
General
User name
SFDN\testuser
Domain
SFD.local
Last time Group Policy was processed
12/14/2014 12:59:22 PM
Group Policy Objects
Applied GPOs
Name
Link Location
Revision
Local Group Policy
Local
AD (1), Sysvol (1)
Default Domain Policy
SFD.local
AD (6), Sysvol (6)
Test
SFD.local/SFD-Restricted-Users
AD (10), Sysvol (10)
Limit Downloads
SFD.local/SFD-Restricted-Users
AD (2), Sysvol (2)
SFD Restricted Users
SFD.local/SFD-Restricted-Users
AD (59), Sysvol (59)
Denied GPOs
Name
Link Location
Reason Denied
None
Security Group Membership when Group Policy was applied
SFDN\Domain Users
Everyone
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
CONSOLE LOGON
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
Mandatory Label\Medium Mandatory Level
WMI Filters
Name
Value
Reference GPO(s)
None
Component Status <v:group alt="Warning" class="vmlimage" coordsize="100,100" style="width:15px;height:15px;vertical-align:middle;"><v:shape class="vmlimage" fillcolor="yellow"
strokecolor="yellow" style="width:100;height:100;"><v:path v="m 50,0 l 0,99 99,99 x e"></v:path></v:shape> <v:rect class="vmlimage" fillcolor="black" strokecolor="black" style="width:10;height:35;"></v:rect>
<v:rect class="vmlimage" fillcolor="black" strokecolor="black" style="width:10;height:5;"></v:rect> </v:group>
Component Name
Status
Last Process Time
Group Policy Infrastructure
Success
12/14/2014 12:59:46 PM
Folder Redirection
Failed
12/14/2014 12:59:46 PM
Folder Redirection failed due to the error listed below.
Cannot complete this function.
Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 12/14/2014 12:59:23 PM and 12/14/2014 12:59:46 PM.
Group Policy Internet Settings
Success
12/14/2014 12:59:46 PM
Registry
Success
12/12/2014 10:28:23 AM
Computer Configuration
No data available.
User Configuration
Policies
Windows Settings
Security Settings
Software Restriction Policies
Winning GPO
SFD Restricted Users
Enforcement
Policy
Setting
Apply software restriction policies to the following
All software files except libraries (such as DLLs)
Apply software restriction policies to the following users
All users
When applying software restriction policies
Ignore certificate rules
Designated File Types
File Extension
File Type
ADE
Microsoft Access Project Extension
ADP
Microsoft Access Project
BAS
BAS File
BAT
Windows Batch File
CHM
Compiled HTML Help file
CMD
Windows Command Script
COM
MS-DOS Application
CPL
Control panel item
CRT
Security Certificate
EXE
Application
HLP
Help file
HTA
HTML Application
INF
Setup Information
INS
INS File
ISP
ISP File
LNK
Shortcut
MDB
Microsoft Access Database
MDE
Microsoft Access MDE Database
MSC
Microsoft Common Console Document
MSI
Windows Installer Package
MSP
Windows Installer Patch
MST
MST File
OCX
ActiveX control
PCD
PCD File
PIF
Shortcut to MS-DOS Program
REG
Registration Entries
SCR
Screen saver
SHS
SHS File
URL
Internet Shortcut
VB
VB File
WSC
Windows Script Component
Trusted Publishers
Trusted publisher management
Allow all administrators and users to manage user's own Trusted Publishers
Certificate verification
None
Software Restriction Policies/Security Levels
Policy
Setting
Winning GPO
Default Security Level
Unrestricted
SFD Restricted Users
Software Restriction Policies/Additional Rules
Path Rules
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%
Security Level
Unrestricted
Description
Date last modified
9/30/2011 12:34:27 PM
Winning GPO
SFD Restricted Users
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%
Security Level
Unrestricted
Description
Date last modified
9/30/2011 12:34:27 PM
Winning GPO
SFD Restricted Users
Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.
Control Panel
Policy
Setting
Winning GPO
Network/Network Connections
Policy
Setting
Winning GPO
This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.
Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.
Note: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to
users.
Note: Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting." gpmc_settingname="Prohibit access to properties of a LAN connection" gpmc_settingpath="User Configuration/Administrative
Templates/Network/Network Connections" gpmc_supported="At least Windows 2000 Service Pack 1" href="javascript:void();" onclick="javascript:showExplainText(this); return false;">Prohibit access to properties of a LAN connection
Enabled
SFD Restricted Users
If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that
a connection uses.
Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
If you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables
the component.
Note: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.
Note: Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting." gpmc_settingname="Prohibit Enabling/Disabling components of a LAN connection" gpmc_settingpath="User
Configuration/Administrative Templates/Network/Network Connections" gpmc_supported="Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only" href="javascript:void();" onclick="javascript:showExplainText(this);
return false;">Prohibit Enabling/Disabling components of a LAN connection
Enabled
SFD Restricted Users
Windows Components/Internet Explorer
Policy
Setting
Winning GPO
If you enable this policy setting, the user will not be able to configure proxy settings.
If you disable or do not configure this policy setting, the user can configure proxy settings." gpmc_settingname="Prevent changing proxy settings" gpmc_settingpath="User Configuration/Administrative Templates/Windows Components/Internet
Explorer" gpmc_supported="At least Internet Explorer 5.0" href="javascript:void();" onclick="javascript:showExplainText(this); return false;">Prevent changing proxy settings
Enabled
SFD Restricted Users
Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone
Policy
Setting
Winning GPO
Allow file downloads
Disable
Extra Registry Settings
Display names for some settings cannot be found. You might be able to resolve this issue by updating the .ADM files used by Group Policy Management.
Setting
State
Winning GPO
Software\Policies\Microsoft\office\14.0\outlook\ForceOSTPath
P:\My Documents\Outlook Files
SFD Restricted Users
Software\Policies\Microsoft\office\14.0\outlook\ForcePSTPath
P:\My Documents\Outlook Files
SFD Restricted Users

SQL Server 2008 R2 Replication - not applying snapshot and not updating all repliacted columns

We are using transactional replicating on SQL Server 2008 R2 (SP1) using a remote distributor. We are replicating from BaanLN, which is an ERP application to up to 5 subscribers, all using push publications.
Tables can range from a couple million rows to 12 million rows and 100's of GBs in size.
And it's due to the size of the tables that it was designed with a one publisher to one table architecture.
Until recently it has been working very smooth (last four years)) but we have come across two issues I have never encountered.
While this has happen a half dozen times before, it last occurred a couple weeks ago when I was adding three new publications, again a one table per publication architecture.
We use standard SS repl proc calls to create the publications, which have been successful for years.
On this occasion replication created the three publications, assigned the subscribers and even generated the new snapshot for all three new publications.
However, while it appeared that replication had created all the publications correctly from end to end, it actually only applied one of the three snapshot and created the new table on both of the new subscribers (two on each of the
publications). It only applied the snapshot to one of the two subscribers for the second publications, and did not apply to any on the third.
I let it run for three hours to see if it was a back log issue.
Replication was showing commands coming across when looking at the sync verification at the publisher and
it would even successfully pass a tracer token through each of the three new publications, despite there not being tables on either subscriber on one of the publishers and missing on one of the subscribers on another.
I ended up attempting to reinitialize roughly a dozen times, spanning a day, and one of the two remaining publications was correctly reinitialized and the snapshot applied, but the second of the two (failed) again had the same mysterious result, and
again looked like it was successful based on all the monitoring.
So I kept reinitializing the last and after multiple attempts spanning a day, it too finally was built correctly.
Now the story only get a little stranger. We just found out yesterday that on Friday the 17th
at 7:45, the approximate time started the aforementioned deployment of the three new publications,
we also had three transaction from a stable and vetted publication send over all changes except for a single status column.
This publication has 12 million rows and is very active, with thousands of changes daily.
, The three rows did not replicate a status change from a 5 to a 6.
We verified that the status was in fact 6 on the publisher, and
5 on both subscribers, yet no messages or errors. All the other rows successfully updated.
We fixed it by updating the publication from 6 back to 5 then back to 6 again on those specific rows and it worked.
The CPU is low and overall latency is minimal on the distributor.
From all accounts the replication is stable and smooth, but very busy.
The issues above have only recently started. I am not sure where to look for a problem, and to that end, a solution.

I suspect the problem with the new publication/subscriptions not initializing may have been a result of timeouts but it is hard to say for sure. The fact that it eventually succeeded after multiple attempts leads me to believe this. If this happens
again, enable verbose agent logging for the Distribution Agent to see if you are getting query timeouts. Add the parameters
-OutputVerboseLevel 2 -Output C:\TEMP\DistributionAgent.log to the Distribution Agent Run Agent job step, rerun the agent, and collect the log.
If you are getting query timeouts, try increasing the Distribution Agent -QueryTimeOut parameter. The default is 1800 seconds. Try bumping this up to 3600 seconds.
Regarding the three transactions not replicating, inspect MSrepl_errors in the distribution database for the time these transactions occurred and see if any errors occurred.
Brandon Williams (blog |
linkedin)

Windows Server 2008 R2 SP1 not have "Unix Attributes tab".

Hello Folks.
How can I enable "Unix Attributes tab" in Windows 2008 R2 SP1 without any reset or disconnect?
Tnx.

Is this what you're looking for?
Manage UNIX related attribute w/o installing Server for NIS or through script in windows 2008
http://blogs.technet.com/b/sfu/archive/2010/02/18/manage-unix-related-attribute-w-o-installing-server-for-nis-or-through-script-in-windows-2008.aspx
Merv Porter
=========================

Windows 8.1 TPM ownership on Server 2008 R2 schema - not to spec?

Similar Messages

Maybe you are looking for