Windows server 2012 R2 replication

Similar Messages

• Windows server 2012 File replication

  Hi All,
  I am SQL DBA. But in my current company I am having a new responsibility called IIS Admin.
  In my organization, I am instructed to do following activity.
  There is a Live Web server(named X) and a user acceptance test Server(named Y)
  There is a folder called "Intranet" in both the servers.
  If any changes done in "Intranet" of X(any new files created, updated or deleted.....) it needs to be automatically updated on "Intranet" of Y also. But not Vice versa, it should be one way.
  At the same time, we need to do changes on Y also.
  Both the servers are installed with windows server 2012(Standard edition).
  What mechanism can we use to achieve the above.
  Please help me in the regard.
  Thanks & Regards,
  K.P.Senthil Kumar

  Hi,
  For the file replication, you could use DFS Replication.
  Introduction to DFS Replication
  http://technet.microsoft.com/en-us/library/cc781091(v=ws.10).aspx
  Regards.
  Vivian Wang

• Best practices for setting up virtual servers on Windows Server 2012 R2

  I am creating a Web server from scratch with Windows Server 2012 R2. I expect to have a host server, and then 3 virtual servers...one that runs all of the web apps as a web server, another as a Database Server, and then on for session state.  I
  expect to use Windows Server 2012 R2 for the Web Server and Database Server, but Windows 7 for the session state.
  I have an SATA2 Intel SROMBSASMR RAID card with battery back up that I am attaching a small SSD drive that I expect to use for the session state, and an IBM Server RAID M1015 SATA3 card that I am running Intel 520 Series SSD's that I expect to
  use for Web server and Database server.
  I have some questions. I am considering using the internal USB with a flash drive to boot the Host off of, and then using two small SSD's in a Raid 0 for the Web server (theory being that if something goes wrong, session state is on a different drive), and
  then 2 more for the Database server in a RAID 1 configuration.
  please feel free to poke holes in this and tell me of a better way to do it.
  I am assuming that having the host running on a slow USB drive that is internal has no effect on the virtual servers after it is booted up, and the virtual servers are booted up?
  DCSSR

  I am creating a Web server from scratch with Windows Server 2012 R2. I expect to have a host server, and then 3 virtual servers...one that runs all of the web apps as a web server, another as a Database Server, and then on for session state.  I
  expect to use Windows Server 2012 R2 for the Web Server and Database Server, but Windows 7 for the session state.
  I have an SATA2 Intel SROMBSASMR RAID card with battery back up that I am attaching a small SSD drive that I expect to use for the session state, and an IBM Server RAID M1015 SATA3 card that I am running Intel 520 Series SSD's that I expect to
  use for Web server and Database server.
  I have some questions. I am considering using the internal USB with a flash drive to boot the Host off of, and then using two small SSD's in a Raid 0 for the Web server (theory being that if something goes wrong, session state is on a different drive), and
  then 2 more for the Database server in a RAID 1 configuration.
  please feel free to poke holes in this and tell me of a better way to do it.
  I am assuming that having the host running on a slow USB drive that is internal has no effect on the virtual servers after it is booted up, and the virtual servers are booted up?
  There are two issues about RAID0:
  1) It's not as fast as people think. So with a general purpose file system like NTFS or ReFS (choice for Windows is limited) you're not going to have any great benefits as there are very low chances whole RAID stripe would be updated @ the same time (I/Os
  need to touch all SSDs in a set so 256KB+ in a real life). Web server workload is quite far away from sequential reads or writes so RAID0 is not going to shine here. Log-structures file system (or at least some FS with logging capabilities, think about ZFS
  and ZIL enabled) *will* benefit from SSDs in RAID0 properly assigned. 
  2) RAID0 is dangerous. One lost SSD would render whole RAID set useless. So unless you build a network RAID1-over-RAID0 (mirror RAID sets between multiple hosts with a virtual SAN like or synchronous replication solutions) - you'll be sitting on a time bomb.
  Not good :)
  StarWind VSAN [Virtual SAN] clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts.

• Hyper-V 2012 High Availability using Windows Server 2012 File Server Storage

  Hi Guys,
  Need your expertise regarding hyper-v high availability. We setup 2 hyper-v 2012 host in our infra for our domain consolidation project. Unfortunately, we don't have hardware storage that is said to be a requirement that we can use to create a failover cluster
  for hyper-v host to implement HA. Here's the setup:
  Host1
  HP Proliant L380 G7
  Windows Server 2012 Std
  Hyper-V role, Failover Cluster Manager and File and Storage Services installed
  Host2
  Dell PowerEdge 2950
  Windows Server 2012 Std
  Hyper-V role, Failover Cluster Manager and File and Storage Services installed
  Storage
  Dell PowerEdge 6800
  Windows Server 2012 Std
  File and Storage Services installed
  I'm able to configure the new feature about Shared Nothing Live Migration - i'm able to move VM's back and fort between my hosts without storage. But this is planned and proactive approach. My concern is to have my hyper-v host to become highly available in
  the event of system failure. If my host1 dies, the VMs should go/move to host2 and vice versa. In setting this up, i believe i need to enable the failover clustering between my hyper-v hosts which i already did but upon validation, it says "No disks
  were found on which to perform cluster validation tests." Is it possible to cluster it using just a regular windows file server? I've read about SMB 3.0 and i've configured it as well i'm able to save VMs on my file server, but i don't think that my hyper-v
  hosts are already highly available.
  Any feedback and suggestions or recommendation is highly appreciated. Thanks in advance!

  Hi Guys,
  Need your expertise regarding hyper-v high availability. We setup 2 hyper-v 2012 host in our infra for our domain consolidation project. Unfortunately, we don't have hardware storage that is said to be a requirement that we can use to create a failover cluster
  for hyper-v host to implement HA. Here's the setup:
  Host1
  HP Proliant L380 G7
  Windows Server 2012 Std
  Hyper-V role, Failover Cluster Manager and File and Storage Services installed
  Host2
  Dell PowerEdge 2950
  Windows Server 2012 Std
  Hyper-V role, Failover Cluster Manager and File and Storage Services installed
  Storage
  Dell PowerEdge 6800
  Windows Server 2012 Std
  File and Storage Services installed
  I'm able to configure the new feature about Shared Nothing Live Migration - i'm able to move VM's back and fort between my hosts without storage. But this is planned and proactive approach. My concern is to have my hyper-v host to become highly available in
  the event of system failure. If my host1 dies, the VMs should go/move to host2 and vice versa. In setting this up, i believe i need to enable the failover clustering between my hyper-v hosts which i already did but upon validation, it says "No disks were
  found on which to perform cluster validation tests." Is it possible to cluster it using just a regular windows file server? I've read about SMB 3.0 and i've configured it as well i'm able to save VMs on my file server, but i don't think that my hyper-v hosts
  are already highly available.
  Any feedback and suggestions or recommendation is highly appreciated. Thanks in advance!
  Your shared storage is a single point of failure with this scenario so I would not consider the whole setup as a production configuration... Also setup is both slow (all I/O is travelling down the wire to storage server, running VMs from DAS is ages faster)
  and expensive (third server + extra Windows license). I would think twice about what you do and either deploy a built-in VM replication technologies (Hyper-V Replica) and apps built-in clustering features that does not require shared storage (SQL Server and
  Database Mirroring for example, BTW what workload do you run?) or use some third-party software creating fault tolerant shared storage from DAS or investing into physical shared storage hardware (HA one of course). 
  Hi VR38DETT,
  Thanks for responding. The hosts will cater a domain controller (on each host), Web filtering software (Websense), Anti-Virus (McAfee ePO), WSUS and an Auditserver as of the moment. Is the Hyper-V Replica somewhat give "high availability" to VMs or Hyper-V
  hosts? Also, is the cluster required in order to implement it? Haven't tried that but worth a try.

• New Windows Server 2012 unable connect to Netlogon Service or update DNS records

  Hi everybody, all of my Windows Servers 2012 decided to collapse after innocuous group policy update that was meant to make user passwords more secure.
  The AD and DNS seem to be functioning "normally", I am able to add new Windows7 and Windows Server 2008 machines to the domain, I can see them in listed in the AD and DNS record are update correctly, however, as soon as I try to join Windows Server
  2012 it breaks.
  The event log is littered on the new server with:
  The system failed to register host (A or AAAA) resource records (RRs) for network adapter
  with settings:
             Adapter Name : {DB7F73CE-E011-4F3C-BEBC-2CE7A871DF51}
             Host Name : CHEETAH
             Primary Domain Suffix : somedomain.com
             DNS server list :
  192.168.0.5
             Sent update to server : <?>
             IP Address(es) :
  192.168.0.15
  The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running
  at this time.
  You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
  and
  Name resolution for the name _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.somedomain.com. timed out after none of the configured DNS servers responded.
  When I try to ping the primary DC (WS2003) it fails, the Secondary DC (WS2012) responds.
  The >nltest /sc_query:somedomain.com on Windows Servers 2012 returns:
  Flags: 0
  Trusted DC Name
  Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
  The command completed successfully
  yet it works on all other machines.
  I tried removing 2012 servers from the domain and rejoining - without success. The cookie crumbled when I added two new installations of Windows Server 2012 & 2008 and 2008 worked fine but 2012 showed same symptoms.
  There is one peculiar thing that I had noticed on all Windows 2012 machines, it constantly showing "Workplace Connection - Connecting" in the networks pane on the right side of the screen, which I can't say i ever noticed before.
  Unfortunately, the secondary DC is a multihoming server with Direct Access role - I am not sure if this may play some part but our existing configuration worked for a year now without any problems. Issue appeared when I changed the password complexity rule,
  which boggles the mind. I wonder if there has been some other changes in GPO that did not propagate from years ago and finally comeback to break things.
  Any suggestions would be really appreciated.
  wmin

  Hello Ace, i wish you a Happy New Year! I hope your break was enjoyable and filled with cheer.
  In the end I had to bite the bullet and reinstall all troublesome servers. Your recommendations from above removed some serious problems with the DA and DNS resolution.
  I was able to attach new server to the domain without any problems and begin painful process of rebuild.
  I have promoted TIGER to full DC controller role, but having some issues with replication. Although running >repadmid /showrepl gives positive
  feedback, the sysvol folder on the secondary DC is empty.
  Also there is a couple of warnings in the event log:
  Event ID 4012
  Log Name: DNS Server
  Source: DNS-Server-Service
  The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial
  synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server
  for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
  - which has not repeated since 3rd of Jan.
  These events occur on the primary DC every few minutes:
  Event ID 1030
  Source: Userenv
  Log Name: NT AUTHORITY\SYSTEM
  Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Event ID 1058
  Source: Userenv
  Log Name: NT AUTHORITY\SYSTEM
  Windows cannot access the file gpt.ini for GPO CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=somedomain,DC=com. The file must be present at the location <\\somedomain.com\sysvol\somedomain.com\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
  (The network name cannot be found. ). Group Policy processing aborted.
  For more information, see Help and Support Center at
  http://go.microsoft.com/fwlink/events.asp.
  Should sysvol folder be shared on the secondary DC? Another interesting thing to point out is that
  \\somedomain.com\sysvol\somedomain.com\Policies\ can be access
  from all other machines except the DC1.
  Cheers!
  kind regards,
  wmin

• Windows Server 2012 Standard entitlement in Microsoft Action Pack Subscription

  In the Microsoft Action Pack Subscription Windows Server 2012 Std shows "2" as the entitlement.
  I'm not sure what this means. A "normal" Server 2012 Std includes:
  1. One activation for the host (Hyper-V)
  2. Two activations for guests on the same host
  ....making a total of three activations
  I'm guess from reading some threads that partners don't get the same as a normal Std license, but it's pretty fuzzy.
  I have two physical servers running Windows 2008R2 with the hyper-V role enabled, each hosts a number of VMs (all with their own licenses). I want to upgrade to Hyper-V v3 (2012). It has been suggested that the two entitlements will not allow me to install
  Win2012Std on both machines, and that I will only be able to install on one of the machines with a 2nd virtual installation on the same machine. I got kinda excited and thought I would be able to install core on each machine, then to install 2 VMs on each
  machine to test replication etc.
  Does anyone know what the story really is?

  You may want to ask them over here.
  https://mspartner.microsoft.com/en/us/pages/support/partner-support-community.aspx
  https://mspartner.microsoft.com/en/us/pages/membership/action-pack-support-contacts.aspx
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Install windows server 2012 DC on Branch office

  Hi ALL,
  i am planning to install a secondary DC on our branch office where currently they are on different domain and forest. our head office is currently on windows server 2008 R2 std, where forest and domain functional level are on windows server 2003. our headoffice
  domain name is:- (corpoffice.org) and branch office domain is:- ssl (its a single level domain on windows server 2003).
  am thinking to upgrade our headoffice DC to windows server 2012 r2 and the same i wanted to do for branch office as well.
  i need some guidance how to proceed with this DC setup as both vlan network is different and all the client settings are different. am getting few query like
  1. should i upgrade my headoffice DC first before i setup the branch office DC.
  2. how the branch office client will communicate to new DC.
  any suggestion and guidance would really helpful.
  Thanks
  srini

  Hi
  You will need to make sure all the ports are open for traffic to move between both DC's. Also need to check that you dont have replication problems, IE, slow link. First step would be to see if you can ping the HO DC from the branch, then once you have established
  that you have all the ports open and your VLAN is routing traffic correctly then you can start with your DC setup.
  You can first upgrade your DC, look at this blog: 
  http://blogs.technet.com/b/kevinholman/archive/2013/09/25/upgrading-domain-controllers-to-windows-server-2012-r2.aspx
  Hope this helps. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Newbie looking to setup home virtual lab to do Windows Server 2012 R2 Labs for school

  Hey all, hopefully someone can point me in the right direction here. Im looking to setup a virtual lab with 3 windows server 2012 r2 machines running, all connected to the internet and within the same network so I can work on labs for class.
  I have all 3 machines installed and running fine together though figuring out how to get them all connected is confusing the hell out of me.
  I've been scouring google and forums and such looking for some sort of guide and i cant seem to find anything. All help is much appreciated thanks!

  Alright sorry for the delay, I was given exact setup instructions so I figured I'd be good to go but I'm still hung up basically at the same spot.
  Here's the setup guide:
  Two servers, a domain controller and an application server. Follow
  the setup instructions below.
  1. Open your server’s Networking and Sharing Center.
  2. Double-click the Ethernet connection to open the Ethernet Status dialog box.
  3. Click Properties to open the Ethernet Properties dialog box.
  4. Double-click Internet Protocol Version 4 (TCP/IPv4) to open the Internet Protocol
  Version 4 (TCP/IPv4) Properties dialog box.
  5. Enter the following information:
  IP address: 192.168.1.50
  Subnet mask: 255.255.255.0
  Preferred DNS server: 192.168.1.50
  6. Click on the Advanced button.
  7. In the IP addresses section, click the Add button.
  8. When the TCP/IP Address dialog box opens, enter the following information:
  IP address: 192.168.100.55
  Subnet mask: 255.255.255.0
  9. Change the name of the server to RWDC0x, where x is the number of your table from
  1 to 6
  Installing Active Directory
  The RWDC0x virtual machine will be the primary Active Directory domain Controller and
  the DNS server. Therefore, to configure the RWDC0x server, use the following steps:
  1. Login to RWDC0x as Administrator.
  2. On the Server Manager console, open the Manage menu and click Add Roles and
  Features.
  3. When the Add Roles and Features Wizard starts, click Next.
  4. On the Select installation type page, click Next.
  5. On the Select destination server page, click Next.
  6. On the Select server roles page, click to select Active Directory Domain Services and
  click Next.
  When the Add Roles and Features Wizard dialog box opens, click Add Features.
  8. Back on the Select server roles page, click to select DNS Server and click Next.
  9. When the Add Roles and Features Wizard dialog box opens, click Add Features.
  10. Back at the Select server roles page, click Next.
  11. On the Select features page, click Next.
  12. On the Active Directory Domain Services page, click Next.
  13. On the DNS Server page, click Next.
  14. On the Confirm installation selections page, click Install.
  15. When the installation is complete, click Close.
  16. On the Server Manager console, click the Tools menu (upper left) and click DNS.
  17. When the DNS Manager console opens, right-click RWDC0x and click New Zone.
  18. When the New Zone Wizard appears, click Next.
  2
  19. On the Zone Type page, Primary zone will already be selected. Click Next.
  20. On the Forward or Reverse Lookup Zone page, Forward lookup zone will already be
  selected. Click Next.
  21. For the Zone name, type contoso.com and click Next.
  22. On the Zone File page, click Next.
  23. On the Dynamic Update page, click Next.
  24. When the wizard is complete, click Finish.
  25. On the Server Manager console, click the Yellow Exclamation Symbol and click
  Promote this server to a domain controller.
  26. When the Active Directory Domain Services Configuration Wizard starts, click Add a
  new forest.
  27. In the Root domain name text box, type contoso.com. Click Next.
  28. On the Domain Controllers Options page, for the Directory Services Restore Mode
  (DSRM) password boxes, type Password01. Click Next.
  29. On the DNS Options page, click Next.
  30. On the Additional Options page, click Next.
  31. On the Paths page, click Next.
  32. On the Review Options page, click Next.
  33. On the Prerequisite Check page, click Install.
  34. After the computer reboots itself, login to RWDC01 as contoso\administrator with the
  password of Password01.
  35. Open the DNS Manager console.
  36. In the DNS Manager console, expand RWDC01, expand Forward Lookup Zones, and
  click contoso.com. Then right-click contoso.com and click Properties.
  37. When the Contoso.com Properties dialog box opens, click the Change button.
  38. When the Change Zone Type dialog box opens, select Store the zone in Active
  Directory and click OK.
  39. When it asks if you want the zone to become Active Directory integrated, click Yes.
  40. For Dynamic Updates, select Non-secure and secure.
  41. Click OK to close the contoso.com Properties dialog box.
  42. Click Reverse Lookup Zones. Then right-click Reverse Lookup Zones and click New
  Zone.
  43. When the wizard opens, click Next.
  44. On the Zone Type page, click Next.
  45. On the Active Directory Zone Replication Scope page, click Next.
  46. On the Reverse Lookup Zone Name page, click Next.
  47. On the Reverse Lookup Zone Name page, type 192.168.1 in the Network ID and click
  Next.
  48. On the Dynamic Update page, click Next.
  49. When the wizard is complete, click Finish.
  Installing DHCP
  The RWDC0x will also be the primary DHCP server for the virtual environment. Therefore,
  use the following steps to install and configure DHCP on the RWDC0x:
  1. Login to RWDC0x as Administrator.
  2. On the Server Manager console, open the Manage menu and click Add Roles and
  3
  Features.
  3. When the Add Roles and Features Wizard starts, click Next.
  4. On the Select installation type page, click Next.
  5. On the Select destination server page, click Next.
  6. On the Select server roles page, click to select DHCP and click Next.
  7. When the Add Roles and Features Wizard dialog box opens, click Add Features.
  8. Back at the Select server roles page, click Next.
  9. On the Select features page, click Next.
  10. On the DHCP page, click Next.
  11. On the DNS Server page, click Next.
  12. On the Confirm installation selections page, click Install.
  13. When the installation is complete, click Close.
  14. Using Server Manager, open the DHCP console.
  15. Expand the rwdc0x.contoso.com node.
  16. Right-click IPv4 and click New Scope.
  17. When the New Scope Wizard starts, click Next.
  18. For the Name, type Main Scope.
  19. For the Start IP address, type 192.168.1.30. For the End IP address, type 192.168.1.40.
  Click Next.
  20. On the Add Exclusions and Delay page, click Next.
  21. On the Lease Duration, change the lease duration to 1 day. Click Next.
  22. On the Configure DHCP Options page, click Yes, I want to configure these options
  now. Click Next.
  23. On the Router (Default Gateway) page, click Next.
  24. On the Domain Name and DNS Servers page, type contoso.com for the Parent domain.
  In the IP address, type 192.168.1.50, and click Add. Click Next.
  25. On the WINS Servers page, click Next.
  26. On the Activate Scope, make sure Yes, I want to active this scope now, and click Next.
  27. When the wizard is complete, click Finish.
  28. In the DHCP console, right-click rwdc01.contoso.com and click Authorize.
  29. Close the DHCP console.
  Creating a Software Folder
  Because you will not have Internet access, you must create a Software folder to hold
  the software and share the folder using the following steps:
  1. On RWDC0x, create a folder called C:\Software.
  2. Open the properties dialog box for the C:\Software folder
  3. Share the Software folder using the name Software.
  4. Assign the Allow Full Control share permission to the Everyone special identity.
  5. Copy all files and folders from the Software folder from your instructor’s thumb drive to
  the Software folder.
  6. Close the Explorer windows.
  Now, configure your application server.
  1. Login to Server01 as Administrator.
  2. Open your server’s Networking and Sharing Center.
  4
  3. Double-click the Ethernet connection to open the Ethernet Status dialog box.
  4. Click Properties to open the Ethernet Properties dialog box.
  5. Double-click Internet Protocol Version 4 (TCP/IPv4) to open the Internet Protocol
  Version 4 (TCP/IPv4) Properties dialog box.
  6. Enter the following information:
  IP address: 192.168.1.60
  Subnet mask: 255.255.255.0
  Preferred DNS server: 192.168.1.50
  7. Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box.
  8. Click Close to close Ethernet Statusdialog box.
  9. Double-click the computer name to open the System Properties dialog box.
  10. Click Change to open the Computer Name/Domain Changes dialog box.
  11. Type Server01 in the Computer name text box.
  12. Click Domain and type Contoso.com in the text box. Click OK.
  13. When it asks for a name and password of an account with permissions to join the
  domain, use contoso.com\administrator and Password01. Click OK.
  14. When the Welcome to the contoso.com domain message appears, click OK.
  15. When a message appears stating that you must restart your computer, click OK.
  16. Click the Close button to close the System Properties dialog box.
  17. When it says that you must restart your computer, click Restart Now.
  I went through this once and I couldnt get past "12. Click Domain and type Contoso.com in the text box. Click OK" without an error.
  I uninstalled all machines and VMware entirely, reinstalled VMware and then reinstalled machines, went though the guide again, same error when trying to connect the app server to the contoso.com domain.
  Here's a screenshot of the error:
  I also tried changing both machines to bridged connection, no luck, as well as NAT connection, still no luck.
  Any help is greatly appreciated... Thanks guys!

• Learning Windows server 2012 R2 & 2012 core

  Hi,
  How do i configure a fast and standard solution with 1domain (Windows
  Server 2012 R2) and 1subdomain(Windows Server 2012 Core) implemented with a webserver and security for dns?
  Thx

  Hi
  Maybe this can help,
  Nslookup test:
  cmd => nslookup => set type=mx => host.net.
  Organizational unit:.be
  Active directory users and computers openen => rmb op domeinnaam => new => organtizational unit aanmaken => Protection uitvinken
  Computer Manueel toevoegen aan domein:
  1)DNS veranderen naar 192.168.1.1 van het domein zelf
  2)Add-Computer -domainname host -cred administrator@host -passthru -verbose
  GPO voor chrome installeren:
  1)Group policy management => in OU PC's => new policy aanmaken
  2)rmb policy en klik edit
  3)onder computer => software => new package => pad ingeven waar je msi bestand hebt gezet van chrome => \\S1\netlogon\msi\chrome.msi
  4)client heropstarten en aanmelden met domeingebruiker => powershell => Restart-Computer
  5)mapje waar MSI in zit => security => domain controller (user) toevoegen met volledig beheer
  GPO voor browser block chrome:
  3)block listed urls..
  4)op client gpupdate
  Failed login events:
  1)Group policy instellen op OU Servers: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ ==> Failed logins aanzetten
  2)gpupdate /force
  1)powershell
  2)get-windowsfeature => install-windowsfeature SMTP-Server
  3)Internet information services => S1 => Domain RMB => properties => Acces tab => Relay => Add => Group computers => IP: 192.168.1.1 subnet 255.255.255.0 => Ok => ok
  3b)Eens afmelden en aanmelden met fout wachtwoord zodat er een log geschreven wordt met audit failure in de security log van event viewer
  4)Eventviewer security log => op failed audit log RMB => attach => Geef andere naam => next => next start program => program: powershell.exe =>
  open the propery dialog aanvinken
  5)Run wheter user is logged in or not aanvinken => tabke conditions: start the task only if AC power afvinken! => ok => paswoord administrator ingeven
  6)powershell: get-executionpolicy => resultaat moet remotesigned zijn => view tabke => script pane aanzetten =>
  Script geven: $smtpServer = ìsmtp2.school.beî
  $msg = New-Object Net.Mail.MailMessage
  $smtp = New-Object Net.Mail.SmtpClient($smtpServer)
  $msg.From = ì[email protected]î
  $msg.ReplyTo = [email protected]î
  $msg.To.Add([email protected]î)
  $msg.subject = ìhacking attempt?î
  $msg.body = ìlogin/pwd failure on S1.î
  $smtp.Send($msg)
  7)Script opslaan in mapje op C schijf => powershell cd naar mapje met script => ls commandoTo configure the time source for the forest
  8)Task scheduler openen => naar event viewer tasks => login => rmb properties => actions => powershell.exe edit => add arguments: -command "C:\Script\login.ps1" => ok => password admin ingeven
  9)Testen
  *Op welke manier kan je je MX records controleren met NSLOOKUP
  cmd => nslookup => set type=mx => host.net.
  *Commando powershell om Client toe te voegen aan het domein:
  Add-Computer -domainname host -cred administrator@host -passthru -verbose
  Best practice analyzer:
  1)Server manager => klik op dns en op ADDS => Scroll naar onder tot bij BPA => Task start scan => bekijk resultaten:
  Vraagje: Welke suggesties zou je kunnen oplossen:
  DNS server should have scavenging enabled
  De PDC emulator master moet geconfigureerd worden
  1)To configure a domain controller in the parent domain as a reliable time source
  *W32tm /config /reliable:yes /update
  2)To configure the time source for the forest
  *w32tm /config /computer:s1.host.net /manualpeerlist:ntp.belnet.be /syncfromflags:manual /update
  Tijd moet gelijk zijn van S1 en S2!!
  Corefig opstarten in powershell:
  1)cd C:\corefig
  2)execution policy aanpassen: Set-ExecutionPolicy bypass
  3).\corefig.ps1
  4)naam veranderen in corefig
  Commando om S2 toe te voegen aan het domein in de OU servers:
  1)DNS instellen
  Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.1
  2)Toevoegen aan OU servers
  Add-Computer -domainname sdhost -cred administrator@host -OUPath "OU=Servers,OU=OU,DC=Host,DC=net"
  Herstarten
  OPPASSEN HIERMEE ALS S2 ZELF DC MOET WORDEN!
  Voorzie je server van de DNS-rol via windows powershell:
  1)Import-Module Servermanager
  2)Get-WindowsFeature
  2)Add-WindowsFeature "DNS" -restart
  Remoteaccess:
  S1 remote access geven voor administrators bij active directory
  view => advanced features enablen
  => Remote management users => HOST\Administrator toevoegen met full rechten
  => Remote Desktop users => HOST\Administrator toevoegen met full rechten
  Bekijk welke firewall regel op dit moment Remote Management nog blokkeert en laat
  die communicatie toe:
  1)Op S2 in powershell: Configure-SMRemoting.exe -enable
  2)op S1 => Server manager => manage => add servers => S2 ingeven => ok
  3)Active directory installeren op s2 via add roles (via S1)
  4)S2 promoveren to domain controller
  5)credentials van s1 gebruiken => naam subdomain 'premium'
  6)DSRM passwoord: P0wnerken
  7)PREMIUM
  DNS instellen van s2 zelf
  Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.2
  C2)DNS server instellen op S2 : 192.168.1.2
  Toevoegen aan domein premium.host.net => inloggen met admin account van s2 domein
  herstarten van C2
  Maak†van†deze†tweede†server†nu†een†domeincontroller†voor†het†nieuwe†domein
  ìpremiumî.†Daar†zijn†twee†werkwijzen†voor.†Zoek†deze†methodes†op†en†noteer†deze
  summier†hieronder:
  - Werken met DCPROMO.exe
  - Werken met GUI vanop S1
  Je†mag†zelf†kiezen†welke†methode†je†toepast.†Noteer†hier†wel†de†commandoís†die†je
  toepast:
  Werken met GUI: new existing domain to current forest => naam PREMIUM
  Netwerkkaarten toevoegen:
  VCLOUD => Niet customizen!!!
  Firewall disablen S2:
  netsh firewall set opmode disable
  Op S1 => chrome => ip in url : https://192.168.1.150:446 => proceed => logingegevens:
  naam: openfiler
  pass: password
  Services => CIFS / NFS => Enable => Start
  manage volumes => 1GB volume => start cyl = 1, end cyl = 128 => ongeveer 1GB
  Add volume group => NFS als naam en 1GB volume toevoegen => Add volume => naar onder scrollen:
  Naam: NFS
  Bestandssysteem: EXT4 kiezen
  *Add new physical volume 10GB: MINSTENS 35 CYLINDERS TUSSENLATEN!!!!
  Start cyl = 164, end cyl = 1469, is ongeveer 10GB
  Volume groups => Nieuwe aanmaken met SMB als naam => Add volume => volume selecteren en toevoegen => naar uw smb volume group gaan
  => SMB volume kiezen => naam: SMB => MAX Geheugen => EXT4 bestandssysteem
  1)Clocksettings zetten via ntp server: ntp.belnet.be (Moet gelijk zijn met domaincontroller waarin je hem toevoegd)
  2)DNS zetten van S2
  Hostname: of
  Primary DNS: 192.168.1.2
  Secondary DNS: 192.168.1.1
  Gateway: 192.168.1.254
  3)Accounts:
  Expert view!
  *Use windows domain controller and authentication aanvinken
  Security Mode: Active directory
  Domain / workgroup: PREMIUM
  Domain controllers: s2.premium.VAhost.net
  ADS realm: PREMIUM.HOST.NET
  Join domain: aanvinken
  Administrator username: Administrator
  Administrator password: Azerty123
  *Naar onder scrollen tot kerberos 5: Aanvinken
  Realm: premium.host.net
  KDC: s2.premium.host.net
  Admin server: s2.premium.VAhost.net
  Share aanmaken:
  1)Shares => klikken op SMB / NFS => Nieuwe subfolder aanmaken: SMBshare / NFSshare
  2)subfolder klikken => maak share => bij rechten naar beneden scrollen => Domain admins: PG & RW, Domain users: RO
  3)Update
  Systeem beveiliging:
  1)system => Network access configuration => Nieuw netwerk toevoegen
  Name: Sharenetwork
  Network/host: 192.168.1.0
  Netmask: 255.255.255.0
  Type: Share
  2)Update
  Protocol aanzetten:
  Shares => subfolder smbshared => Volledig vanonder scrollen => SMB/CIFS protocol op rw zetten
  Connect to share met:
  root
  Azerty123
  Connect Z-schijf met SMB share:
  1)RMB op SMB share
  2)Map network drive
  3)Pad SMB share intypen
  4)connecten met share account of finish 1)Private storage en manueel ip adres ingeven
  Beveiliging backup:
  1)Active directory van S1
  2)OP s1 zelf volledig nieuwe OU: "TEMP Accounts" aanmaken => accidentally delete afzetten!!
  3)2USers aanmaken die lid zijn van de groep ("member of") Guest
  4)Op S1 => C schijf => nieuwe map map aanmaken en delen
  5)Op advanced sharing van gedeelde map => Guest 1 Full control => Everyone alleen read rechten
  6)Testen op client of je op Guest1 tekstbestand kan aanmaken en via Guest2 op die share map niet.
  7)Als het werkt Guest1 verwijderen en bekijk sharing permissions op Guest1 map
  *Wat stel je vast bij verwijderen Guest1 via active directory:
  De guest account wordt vervangen door een ander account met een lange naam
  die full control heeft over de map
  8)Guest1 terug opnieuw aanmaken, wat stel je vast?
  Guest1 heeft geen rechten meer over de map en de aangemaakte account blijft staan
  Recycle BIN:
  1)Open Active directory administrative center
  2)Klik op uw domein links
  3)Rechts => enable Recycle Bin
  4)Verwijder Guest1 op AD
  5)Guest1 komt te staan bij deleted users/objects op Recycle Bin
  6)Mogelijkheid om te restoren
  7)Delete OU Temp accounts => Lukt niet onmiddellijk => Omdat er nog objecten in zitten
  *Zoek op welke technieken je kan toepassen om een backup te nemen van je Active Directory. Bekijk uiteraard ook welke 2 manieren
  er zijn om een backup van je AD terug te plaatsen (Authoritative en non-authoritative):
  -13.1.1 Authoritative Restore
  Dit proces herstelt de AD na bc een wijziging die ongedaan gemaakt moet worden.
  AD wordt hersteld vanaf de backup, de backup overschrijft dan alle andere DC's met eventuele nieuwere informatie.
  -13.1.2 Non-Authoritative Restore
  Terugzetten van gegevens van de backup. Nadien ontvangt de DC updates van andere DC's die gemaakt zijn sinds de backup.
  Backup S1:
  Eerst probleem openfiler oplossen:
  1)openfiler opstarten vanuit vmcloud
  2)cd /etc/samba
  3)vim smb.conf (toevoegen: strict allocate = yes) => eerst i voor insert => opt einde escape => :wq voor opslaan
  4)/etc/init.d/smb restart
  Backup zelf
  1)Install windows backup in server manager => add roles => features
  2)Open windows backup
  3)Action => backup once
  4)Different options => Custom kiezen => System State backuppen
  5)Remote disk kiezen
  6)pad share: \\of\smb.smb.SMBshare
  7)Als backup mislukt, de aangemaakte files door de backup manueel verwijderen en backup terug opnieuw proberen
  !!!Als openfiler ineens verdwijnd van domein, moet je de tijd nakijken van beiden systemen (moeten gelijk zijn met max 5min verschil)
  Restore backup (authoritatief ingesteld)
  http://technet.microsoft.com/ru-ru/library/cc816878(v=ws.10).aspx
  1)Herstart de domeincontroller in Directory Services Restore Mode Remotely
  => run => Msconfig.msc => stapkes staan in url: http://technet.microsoft.com/ru-ru/library/cc794729(v=ws.10).aspx
  2)Restore uw ADDS van je backup a.d.h.v. een non-authoritatieve restore.
  Dit zorgt ervoor dat de domeincontroller terug in de staat komt waarop de objecten die verwijderd zijn
  er terug bijstaan.
  http://technet.microsoft.com/ru-ru/library/cc794755(v=ws.10).aspx
  in cmd:
  =>wbadmin get versions -backuptarget:\\of\smb.smb.SMBshare
  =>wbadmin start systemstaterecovery -version:12/03/2013-12:37 -backuptarget:\\of\smb.smb.SMBshare -quiet
  3)Markeer objecten als authoritatief zodat ze niet worden overschreven bij het restoren door synchronisatiefouten
  tussen de verschillende domeinen.
  http://technet.microsoft.com/ru-ru/library/cc816813(v=ws.10).aspx <== hieraan beginnen
  => open run => ntdsutil
  => activate instance ntds => enter
  => authoritative restore => enter
  => restore subtree "OU=Stagiairs,DC=Host,DC=net" => enter
  => quit => enter
  => Start terug op met de domaincontroller in normale modus dus dsrm opstartmode uitschakelen: Safe boot uitvinken
  Nakijken of beide OU's Stagiairs en Guests er nog staan
  (In dit geval is OU guests wel verwijderd doordat we maar 1 DC hebben dus de informatie
  wordt niet gesynchroniseerd met een 2de DC)
  - Debian Machine toevoegen:
  Netwerkgegevens: NIC0 / Private management network / static - manual / IP = 192.168.1.3
  Als Machine aangemaakt is, nieuwe netwerkkaart toevoegen:
  NIC1 / Private storage network / static - manual / IP = 172.16.0.13
  op Debian machine:
  1)su - => enter => pass: Azerty123 => enter
  2)commando: pico /etc/network/interfaces
  Voeg volgende lijntjes toe aan het bestand
  iface eth0 inet static
  address 192.168.1.3
  netmask 255.255.255.0
  gateway 192.168.1.254
  iface eth1 inet static
  address 172.16.0.13
  netmask 255.255.255.0
  CTRL + O (opslaan) => CTRL + X (afsluiten)
  3)pico /etc/resolv.conf
  veranderd de bestaande lijntjes naar deze:
  domain host.net
  search host.net
  nameserver 192.168.1.1
  4)ifdown / ifup van eth0/eth1
  IPV6 instellen:
  Zelf gekozen ULA subnet:
  fdac:1fff:b0b0 (tot dit gedeelte mag random gegenereerd worden vanaf 'fd')
  Subnet 1: fdac:1fff:b0b0:4bd0:: /64
  Subnet 2: fdac:1fff:b0b0:4bd1:: /64
  /sbin/ip
  Remote settings toewijzen voor domain users aan clients (en eventueel toevoegen aan domein als dit nog niet gebeurt is)
  IPV6 instellen via Netwerkinstellingen (Default gateway openlaten)
          NIC0                    NIC1
  S1: fdac:1fff:b0b0:4bd0::1 /64            fdac:1fff:b0b0:4bd1::11 /64
  dns: ::1                    dns: fdac:1fff:b0b0:4bd1::11
  S2: fdac:1fff:b0b0:4bd0::2 /64            fdac:1fff:b0b0:4bd1::12 /64
  (dns: ::1)                (dns: fdac:1fff:b0b0:4bd1::12)
  Openfiler: fdac:1fff:b0b0:4bd0::150 /64        fdac:1fff:b0b0:4bd1::1 /64    
  S3: fdac:1fff:b0b0:4bd0::3 /64            fdac:1fff:b0b0:4bd1::13 /64
  C1: fdac:1fff:b0b0:4bd0::101 /64
  dns: S1
  C2: fdac:1fff:b0b0:4bd0::102 /64
  dns: S2
  Voor windows server core:
  *powershell
      netsh interface ipv6 add address "Ethernet" fdac:1fff:b0b0:4bd0::2
      netsh interface ipv6 add address "Ethernet 2" fdac:1fff:b0b0:4bd1::12
  Voor linux: (zowel openfiler als debian)
  VOOR DEBIAN 7 (alleen ifup commando gebruiken niet ifdown):
  /sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::3/64 dev eth0 (voor debian)
  /sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::13/64 dev eth1 (voor debian)
  of statisch in /etc/network/interfaces:
  iface eth0 inet6 static
  address fdac:1fff:b0b0:4bd0::3
  netmask 64
  iface eth1 inet6 static
  address fdac:1fff:b0b0:4bd1::13
  netmask 64
  pico /etc/resolv.conf => lijntjes toevoegen
  => domain host.net
  => search host.net
  => nameserver 192.168.1.1
  => nameserver fdac:1fff:b0b0:4bd0::1
  VOOR OPENFILER eth0: vim /etc/sysconfig/network-scripts/ifcfg-eth0
  => IPV6_AUTOCONF=no
  => IPV6INIT=yes
  => Toevoegen: fdac:1fff:b0b0:4bd0::150/64
  VOOR OPENFILER eth1: vim /etc/sysconfig/network-scripts/ifcfg-eth1
  => IPV6_AUTOCONF=no
  => IPV6INIT=yes
  => Toevoegen: fdac:1fff:b0b0:4bd1::1/64
  ~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::150/64 dev eth0 (voor openfiler)
  ~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::1/64 dev eth1 (voor openfiler)
  Risico's gedeelde application pool:
      -1 proces per application pool (=>zwaar proces dat veel resources nodig heeft)
          (als dit proces vastloopt alle websites geimpacteerd)
      -gebruikers kunnen in principe aan elkaars bestanden
  1)IIS installeren op S2 via server manager op S1
  2)Role services in setup, volledig vanonder => management service aanvinken (dit staat remote management toe)
  3)Op S1 Web server zoeken en enkel van IIS de management console installeren zodat IIS van S2 beheerbaar is
  4)Powershell op S2:
  Invoke-command -ScriptBlock{Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1}
  Invoke-command -ScriptBlock {Set-Service -name WMSVC -StartupType Automatic}
  Invoke-command -ScriptBlock {Start-service WMSVC}
  In IIS manager op S1 => Add connection => S2.premium.sdhost.net => account: administrator van S2
  In IIS Manager => Sites => new Website, 2 website aanmaken
      -'klant1.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant1 => hostname = Klant1.host.net
      -'klant2.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant2 => hostname = Klant2.host.net
  In DNS A-record toevoegen:
      -hostname: www
      -IP: 192.168.1.2
  Voor toegang via IPv6 ook een AAAA-record toevoegen:
      -hostname: www
      -IP: fdac:1fff:b0b0:4bd0::2
  Voor elke site ook een een CNAME-record aanmaken:
      -Alias name: klant1, FQDN: www.host.net
      -Alias name: klant2, FQDN: www.host.net
  In deze standaardopstelling schuilen enkele risicoís. Geef twee risicoís die de huidige
  configuratie (gedeelde application pool) met zich mee kan brengen:
  - Als je een website hebt die zwaar CPU belastend is (zoals foto's herschalen) heeft dit ook effect op je andere websites
  - Omdat je websites binnen dezelfde apppool zitten hebben ze eenzelfde identiteit en kun je geen aparte permissies opzetten.
  GROUP MANAGEMENT SERVICE ACCOUNT:
  New-ADServiceAccount IISPool1 -DNSHostName s1.amhost.net -PrincipalsAllowedToRetrieveManagedPassword Administrator -KerberosEncryptionType RC4, AES128, AES256
  Install-ADServiceAccount IISPool1
  Maybe you can do this tutorial to, it is a tuto for learning DFS & DNSSEC..
  Wat betekent de optie “dnssecok”
      -> Deze optie stelt de dnssecOK bit in voor deze query
      -> Dit verteld de server that de client dnssec verstaat en dat deze server hiervan gebruik kan maken met deze client
  Krijg je een bevestiging dat dit een secure antwoord is? (RRSIG)
      -> Neen want de zone is nog niet gesigneerd
  Controleer of de client C1 ingesteld is om secure responses af te dwingen bij zijn DNS
  caching server: get-dnsclientnrptpolicy. Resultaat?
      -> Het resultaat is niks, vermoedelijk omdat er geen instellingen zijn hiervoor
  Probeer opnieuw een request op C1 voor S1 met Resolve­DNSName. Is het signeren
  van de zone voldoende om secure antwoorden te krijgen op de client?
      -> Er komt opnieuw geen RSIG record dus dit is niet voldoende
  Om secure DNS responses op de client voor het domein securezone.lab af te dwingen
  wordt in het domein Host.net een GPO ingesteld. (nieuwe GPO voor hele domein).
  zoek op en stel deze GPO in voor responses van securezone.lab.
      -> default domain policy -> Edit =>    -> Computer Configuration > Policies > Windows Settings > Name Resolution Policy.
      "In the details pane, under Create Rules and To which part of the namespace does this rule apply, choose Suffix from the drop-down list and type sec.contoso.com next to Suffix."
      "On the DNSSEC tab, select the Enable DNSSEC in this rule checkbox and then under Validation select the Require DNS clients to check that name and address data has been validated by the DNS server checkbox."
      "In the bottom right corner, click Create and then verify that a rule for sec.contoso.com was added under Name Resolution Policy Table."
      => GPupdate /force uitvoeren
      => Dan kan de policy bekeken worden
  Je zorgt er uiteraard ook voor dat deze policy toegepast werd op de client (C1) en controleer dit opnieuw met get-dnsclientnrptpolicy.
      => GPupdate /force
      => get-dnsclientnrptpolicy => levert hetzelfde resultaat als op de server
  Opnieuw: Resolve­DnsName s1.securezone.lab ­server S1 ­dnssecok Wat krijg je als antwoord te zien? Wat is de oorzaak?
  (Distribueer) Kopieer de trust achor data van de secure.lab zone op S2 naar S1 en importeer die op de DNS van S1 als trusted anchor. (keyset­securezone.lab)
      http://technet.microsoft.com/en-us/library/hh831411.aspx
  opnieuw: Resolve­DnsName s1.securezone.lab ­server S1 ­dnssecok Krijg je nu een (beveiligd antwoord)?
      ->Ik krijg nu een beveiligd antwoord van de DNS server gesigneerd door securezone.lab met geldigheidstermijn
  p23 Distributed File System
  Installeer op beide server de “file services role”.
      -> Add roles and features
      -> File services
          -> DFS
  Maak een namespace aan (DOCUMENTATION) in je domein hOst.net. Stel de share­permissions zo in dat de groep ‘auteurs’ schrijfrechten heeft. gewone gebruikers
  mogen enkel leesrechten hebben.
      -> DFS manager
      -> Namespaces => Add namespace
  maak een folder aan in de namespace DOCUMENTATION met als naam PDF
      -> Add folder
  maak een tweede target aan voor de PDF folder
      -> Add target to folder
  stel replicatie in tussen de twee folder targets. De inhoud wordt vanaf nu dus gesynct.
      -> Automatisch bij 2de target volg de wizard
  Welke andere stappen zijn nodig om een volledig redundant DFS systeem op te zetten?
      -> De folder moeten via DFS geschared staan
      -> De replicatie moet ingesteld worden
  maak een diagnostisch raport aan over hoe replicatie gebeurt, en corrigeer eventue vastgestelde problemen.
      -> Rechtermuisknop op de replication object
      -> Create diagnostic report
      -> kies de reports
  stel quota’s in. In de map PDF maak je een subfolder CATALOGS aan, maar zorg dat die niet groter dan 10MB kan worden. Stel hiervoor een harde limiet in.
      -> install FSRM bij file services
      -> klik quotas => add quota => kies het bestand
      -> nieuwe quota => 10mb hard aanvinken
      -> save
      http://technet.microsoft.com/en-us/library/cc875787(v=ws.10).aspx
  omdat we willen vermijden dat de volledige bandbreedte ingenomen wordt door DFS,beperken we de replication speed tot 2MBps.
      -> Klik op de replication -> rechterkolom kies vor edit replication group
      -> Stel de 2MBps in

• SharePoint Foundation 2013 installed on Windows Server 2012 not sending out email notification

  I have a server where i installed SP Foundation 2013 on top of Windows Server 2012. I have configured the SMTP as well as the outgoing SMTP in Central Administration
  of SharePoint. When i create an alert on a document library, its did not sent any email notification on the changes made to the document in the document library. So, i created a workflow to send out email using SPD2013. The workflow run, but it cannot sent
  out email with error saying that outgoing email is not configured correctly. I have checked with another server which i installed SP foundation 2013 on top of Windows Server 2008 R2 - its sending out email just fine using same configuration and outgoing SMTP.
  I need help to resolve this issue or at least the cause of the problem.
  Any help is greatly appreciated.

       
  Try below:
  http://social.technet.microsoft.com/wiki/contents/articles/13771.troubleshooting-steps-for-sharepoint-alert-email-does-not-go-out.aspx
  Go to Central Admin ---->Operations----->outgoing email settings and verify that SMTP server is mentioned correctly 
  2) Test the connectivity with the SMTP server.
  In order to do that follow these steps:
    Open  cmd
    telnet <SMTP server name> 25 ( We connect smtp server to the port 25)  
                   you should see a response  like this 220 <servername> Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at date and time
                   Beware that different servers will come up with different settings but you will get something
                   If you dont get anything then there could be 2 possible reasons, either port 25 is blocked or 
                   the smtp server is not responding.
    For testing response from your server
                     For testing response say ehlo to it.
                          Type :
                                      ehlo <servername>
                          output:
                                      250 <servername> Hello [IP Address]
    Now a test mail can be sent from that SharePoint server. 
                        Now we need to enter the From address of the mail.
                        Type :
                         mail from: [email protected]
                         output:
                         250 2.1.0 [email protected]….Sender OK
   It's time to enter the recepient email address.
  Type : rcpt to: [email protected]
  output:
  250 2.1.5 [email protected]
   Now we are left with the data of the email. i.e. subject and body.
  Type : data
  output:
  354 Start mail input; end with <CRLF>.<CRLF>
  Type:
  subject: this is a test mail
  Hi
  This is test mail body
  I am testing SMTP server.
  Hit Enter, then . and then Enter.
  output:
  250 2.6.0 <<servername>C8wSA00000006@<servername>> Queued mail for delivery
  Type: quit
  output:
  221 2.0.0 <servername> Service closing transmission channe
  3)  Check alerts are enabled for your web application
        verify if the windows timer service is running or not.
        Run this stsadm command to check that
        Stsadm.exe -o getproperty -url http://SharePoint-web-App-URL -pn alerts-enabled
       This should return <Property Exist="Yes" Value="yes" />
       If you don’t get this, Enable alerts by:
       stsadm.exe -o setproperty -pn alerts-enabled -pv "true" -url http://SharePoint-web-App-URL
        If its already enabled, try turn off and turn on it back.
  4)  Check the Timer job and Properties
         Go to
         MOSS 2007:  Central Administration > Operations > Timer Job Definitions (under Global Configuration)
         In SharePoint 2010: Central Administration > Monitoring > Review Job Definitions 
         Check whether the "Immediate Alerts" job is enabled for your web application. check these properties:
                     job-immediate-alerts
                     job-daily-alerts 
                     job-weekly-alerts
         stsadm.exe -o getproperty -url "http://Your-SharePoint-web-App-URL" -pn job-immediate-alerts
         The expected output is:
         <Property Exist="Yes" Value="every 5 minutes between 0 and 59"/>.  
         If you don’t get this, run the following command to set its value.
         stsadm.exe -o setproperty -pn job-immediate-alerts -pv “every 5 minutes between 0 and 59" -url http://Your-SharePoint-web-App-URL
  5)  Check whether the account is subscribed for alerts and it has a valid email account. This should be the first thing to check if the problem persists for some users not for      all.
  6)  Then check if at all those users have at least read permission for the list. Because the first mail should go out for every user without security validation but the next ones       won't be delivered unless the user has at least read
  permission.
  7)  If it is happening for one user, can also try to delete and re add the user in the site.
  8)  Most importantly , you should try this one.
        Run this SQL query to the content db < Select * from Timerlock>
        This will give you the name of the server which is locking the content database and since when.
        In order to get rid of that lock 
        Go to that server which is locking the content db and then restart the windows timer service.
        within some time it should release the lock from content db, if not then at the most stop the timer job for some time
        Once the lock will be released then try to send some alerts
        You will surely get the email alert.
  I found this is the most probable reason for alert not working most of the time. We should start troubleshooting with above steps before coming to this step for any alert email issue but from step 1 to step 7 are best for new environments or new servers.
  If the issue is like this ,alert was working before and suddenly stopped working without any environmental change then above conditions in step 1-7 should be ideally fine.
  Even after this if it is not working, then you can try these few more steps too
  9)  Try re-registering the alert template:
  stsadm -o updatealerttemplates -url http://Your-SharePoint-Web-App-URL -f  "c:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\XML\alerttemplates.xml" -LCID 1033
  10)  Try to clear the configuration cache
  If this helped you resolve your issue, please mark it Answered

• ASA and RADUIS on Windows server 2012

  hi i have ASA5505 i want to get the Authentication from Raduis Server using NPS on windows Server 2012 i test the Raduis Server over "Kerio Control VMware Virtual Appliance" its work Perfect for testing my Setting on Raduis  but with the ASA5505 i get this message "Error authentication rejected aaa failure" 
  Running Config
  : Saved
  ASA Version 9.1(3)
  hostname NazcoFW
  domain-name default.domain.invalid
  enable password XgEKS9WizHnI9IUJ encrypted
  xlate per-session deny tcp any4 any4
  xlate per-session deny tcp any4 any6
  xlate per-session deny tcp any6 any4
  xlate per-session deny tcp any6 any6
  xlate per-session deny udp any4 any4 eq domain
  xlate per-session deny udp any4 any6 eq domain
  xlate per-session deny udp any6 any4 eq domain
  xlate per-session deny udp any6 any6 eq domain
  passwd XgEKS9WizHnI9IUJ encrypted
  names
  interface Ethernet0/0
  switchport access vlan 22
  interface Ethernet0/1
  interface Ethernet0/2
  switchport access vlan 12
  interface Ethernet0/3
  interface Ethernet0/4
  shutdown
  interface Ethernet0/5
  shutdown
  interface Ethernet0/6
  shutdown
  interface Ethernet0/7
  switchport access vlan 32
  shutdown
  interface Vlan1
  nameif NAZCO
  security-level 100
  ddns update hostname OSI
  dhcp client update dns server both
  ip address 172.16.200.1 255.255.255.0
  interface Vlan12
  nameif outside4
  security-level 0
  ip address 172.16.4.254 255.255.255.0
  interface Vlan22
  nameif Outside20
  security-level 0
  ip address 172.16.20.254 255.255.255.0
  boot system disk0:/asa913-k8.bin
  ftp mode passive
  dns domain-lookup NAZCO
  dns server-group DefaultDNS
  name-server 10.1.1.1
  name-server 10.1.2.1
  domain-name default.domain.invalid
  same-security-traffic permit inter-interface
  same-security-traffic permit intra-interface
  object network HP5220
  host 10.10.10.105
  object network ak20
  host 10.10.10.110
  object network hp5520
  host 192.168.2.105
  object network HP7000
  host 192.168.2.106
  object network HP5520
  host 192.168.2.105
  object network ak04
  host 10.10.10.110
  object network HP400
  host 192.168.2.107
  object network out04
  range 192.168.2.200 192.168.2.220
  object network AK04
  host 10.10.10.110
  object network oooo
  subnet 10.10.10.0 255.255.255.0
  object network 444
  host 10.10.10.110
  object network OSITOINT
  subnet 10.10.10.0 255.255.255.0
  object-group network OSItoOUT04
  network-object object out04
  access-list outside20_access_in extended permit icmp any4 any4
  pager lines 24
  logging enable
  logging asdm-buffer-size 512
  logging trap informational
  logging asdm informational
  logging host NAZCO 10.10.10.10 17/6161
  logging debug-trace
  logging permit-hostdown
  mtu NAZCO 1500
  mtu Outside20 1500
  mtu outside4 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-721.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (NAZCO,outside4) source dynamic any interface dns
  nat (NAZCO,Outside20) source dynamic any interface dns
  route Outside20 0.0.0.0 0.0.0.0 172.16.20.1 1
  route outside4 0.0.0.0 0.0.0.0 172.16.4.1 11
  timeout xlate 3:00:00
  timeout pat-xlate 0:00:30
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa-server Keefa-Raduis protocol radius
  aaa-server Keefa-Raduis (NAZCO) host 172.16.200.10
  key *****
  radius-common-pw *****
  user-identity default-domain LOCAL
  aaa authentication enable console LOCAL
  aaa authentication http console LOCAL
  aaa authentication serial console LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication telnet console LOCAL
  http server enable
  http 0.0.0.0 0.0.0.0 NAZCO
  snmp-server host NAZCO 10.10.10.196 community ***** version 2c
  no snmp-server location
  no snmp-server contact
  snmp-server community *****
  snmp-server enable traps snmp authentication linkup linkdown
  snmp-server enable traps syslog
  snmp-server enable traps ipsec start stop
  snmp-server enable traps entity fru-insert
  snmp-server enable traps remote-access session-threshold-exceeded
  snmp-server enable traps connection-limit-reached
  snmp-server enable traps cpu threshold rising
  snmp-server enable traps ikev2 start stop
  snmp-server enable traps nat packet-discard
  crypto ipsec security-association pmtu-aging infinite
  crypto ca trustpoint _SmartCallHome_ServerCA
  crl configure
  crypto ca trustpool policy
  crypto ca certificate chain _SmartCallHome_ServerCA
  certificate ca 6ecc7aa5a7032009b8cebcf4e952d491
  308205ec 308204d4 a0030201 0202106e cc7aa5a7 032009b8 cebcf4e9 52d49130
  0d06092a 864886f7 0d010105 05003081 ca310b30 09060355 04061302 55533117
  30150603 55040a13 0e566572 69536967 6e2c2049 6e632e31 1f301d06 0355040b
  13165665 72695369 676e2054 72757374 204e6574 776f726b 313a3038 06035504
  0b133128 63292032 30303620 56657269 5369676e 2c20496e 632e202d 20466f72
  20617574 686f7269 7a656420 75736520 6f6e6c79 31453043 06035504 03133c56
  65726953 69676e20 436c6173 73203320 5075626c 69632050 72696d61 72792043
  65727469 66696361 74696f6e 20417574 686f7269 7479202d 20473530 1e170d31
  30303230 38303030 3030305a 170d3230 30323037 32333539 35395a30 81b5310b
  30090603 55040613 02555331 17301506 0355040a 130e5665 72695369 676e2c20
  496e632e 311f301d 06035504 0b131656 65726953 69676e20 54727573 74204e65
  74776f72 6b313b30 39060355 040b1332 5465726d 73206f66 20757365 20617420
  68747470 733a2f2f 7777772e 76657269 7369676e 2e636f6d 2f727061 20286329
  3130312f 302d0603 55040313 26566572 69536967 6e20436c 61737320 33205365
  63757265 20536572 76657220 4341202d 20473330 82012230 0d06092a 864886f7
  0d010101 05000382 010f0030 82010a02 82010100 b187841f c20c45f5 bcab2597
  a7ada23e 9cbaf6c1 39b88bca c2ac56c6 e5bb658e 444f4dce 6fed094a d4af4e10
  9c688b2e 957b899b 13cae234 34c1f35b f3497b62 83488174 d188786c 0253f9bc
  7f432657 5833833b 330a17b0 d04e9124 ad867d64 12dc744a 34a11d0a ea961d0b
  15fca34b 3bce6388 d0f82d0c 948610ca b69a3dca eb379c00 48358629 5078e845
  63cd1941 4ff595ec 7b98d4c4 71b350be 28b38fa0 b9539cf5 ca2c23a9 fd1406e8
  18b49ae8 3c6e81fd e4cd3536 b351d369 ec12ba56 6e6f9b57 c58b14e7 0ec79ced
  4a546ac9 4dc5bf11 b1ae1c67 81cb4455 33997f24 9b3f5345 7f861af3 3cfa6d7f
  81f5b84a d3f58537 1cb5a6d0 09e4187b 384efa0f 02030100 01a38201 df308201
  db303406 082b0601 05050701 01042830 26302406 082b0601 05050730 01861868
  7474703a 2f2f6f63 73702e76 65726973 69676e2e 636f6d30 12060355 1d130101
  ff040830 060101ff 02010030 70060355 1d200469 30673065 060b6086 480186f8
  45010717 03305630 2806082b 06010505 07020116 1c687474 70733a2f 2f777777
  2e766572 69736967 6e2e636f 6d2f6370 73302a06 082b0601 05050702 02301e1a
  1c687474 70733a2f 2f777777 2e766572 69736967 6e2e636f 6d2f7270 61303406
  03551d1f 042d302b 3029a027 a0258623 68747470 3a2f2f63 726c2e76 65726973
  69676e2e 636f6d2f 70636133 2d67352e 63726c30 0e060355 1d0f0101 ff040403
  02010630 6d06082b 06010505 07010c04 61305fa1 5da05b30 59305730 55160969
  6d616765 2f676966 3021301f 30070605 2b0e0302 1a04148f e5d31a86 ac8d8e6b
  c3cf806a d448182c 7b192e30 25162368 7474703a 2f2f6c6f 676f2e76 65726973
  69676e2e 636f6d2f 76736c6f 676f2e67 69663028 0603551d 11042130 1fa41d30
  1b311930 17060355 04031310 56657269 5369676e 4d504b49 2d322d36 301d0603
  551d0e04 1604140d 445c1653 44c1827e 1d20ab25 f40163d8 be79a530 1f060355
  1d230418 30168014 7fd365a7 c2ddecbb f03009f3 4339fa02 af333133 300d0609
  2a864886 f70d0101 05050003 82010100 0c8324ef ddc30cd9 589cfe36 b6eb8a80
  4bd1a3f7 9df3cc53 ef829ea3 a1e697c1 589d756c e01d1b4c fad1c12d 05c0ea6e
  b2227055 d9203340 3307c265 83fa8f43 379bea0e 9a6c70ee f69c803b d937f47a
  6decd018 7d494aca 99c71928 a2bed877 24f78526 866d8705 404167d1 273aeddc
  481d22cd 0b0b8bbc f4b17bfd b499a8e9 762ae11a 2d876e74 d388dd1e 22c6df16
  b62b8214 0a945cf2 50ecafce ff62370d ad65d306 4153ed02 14c8b558 28a1ace0
  5becb37f 954afb03 c8ad26db e6667812 4ad99f42 fbe198e6 42839b8f 8f6724e8
  6119b5dd cdb50b26 058ec36e c4c875b8 46cfe218 065ea9ae a8819a47 16de0c28
  6c2527b9 deb78458 c61f381e a4c4cb66
  quit
  telnet timeout 5
  ssh scopy enable
  ssh 172.16.200.0 255.255.255.0 NAZCO
  ssh timeout 5
  ssh key-exchange group dh-group1-sha1
  console timeout 0
  management-access NAZCO
  dhcp-client update dns server both
  dhcpd dns
  dhcpd update dns both
  dhcpd address 172.16.200.20-172.16.200.89 NAZCO
  dhcpd dns 172.16.20.1 172.16.4.1 interface NAZCO
  dhcpd lease 1048575 interface NAZCO
  dhcpd update dns both interface NAZCO
  dhcpd enable NAZCO
  threat-detection basic-threat
  threat-detection statistics
  threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
  ssl encryption rc4-sha1 aes128-sha1 aes256-sha1 3des-sha1
  username admin password bZmVDHuxUzzxS3yz encrypted privilege 15
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
  message-length maximum client auto
  message-length maximum 512
  policy-map global_policy
  class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect ip-options
  inspect icmp
  inspect icmp error
  class class-default
  user-statistics accounting
  service-policy global_policy global
  prompt hostname context
  service call-home
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email [email protected]
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
  hpm topN enable
  Cryptochecksum:357b7c6f861e8aa9bb3a3674a789b39b
  : end
  asdm image disk0:/asdm-721.bin
  no asdm history enable

  Hi
    Looks like the AAA configuration is set for local
  aaa authentication enable console LOCAL
  aaa authentication http console LOCAL
  aaa authentication serial console LOCAL
  aaa authentication ssh console LOCAL
  aaa authentication telnet console LOCAL
  Change it to Radius
  aaa-server Keefa-Raduis protocol radius
  aaa-server Keefa-Raduis (NAZCO) host 172.16.200.10
  key *****
  radius-common-pw *****
  for example :
  aaa authentication telnet console Keefa-Raduis LOCAL
  Now when you will do telnet to using Radius credentials, Its Should work, If radius goes down you can use LOCAL username and password as fallback method.
  Cheers!
  Minakshi(Do rate the helpful post)

• Failed to install windows server 2012 in virtual machine hosted in window 8.1

  I installed Hyper-V in windows 8.1, then when I tried to install windows server 2012 R2 or windows server 2008 R2 in virtual machine, I got the following error:
  the following is my virtual machine setting:
  is there anyone an help to resolve it? thank you very much.

  Hi,
  Good to hear that you have solved this issue. Thanks for sharing as it would be helpful to anyone who encounters similar issues.
  Best regards,
  Susie

• How to install Windows Server 2012 as a Virtual Machine on Window 7 64 bit machine

  Hi All,
  I need to install virtual Window Server 2012 on Window 7 machine(8gb ram,64 bit machine).
  Please give me the list of required softwares to install. If possible the please give download link as well. 
  Thanks
  mit

  Since you're on Windows 7 I'd probably go for using VirtualBox
  https://www.virtualbox.org/ to host the virtual machine.
  Downloading 2012 depends what you're after really, if you've got TechNet / MSDN then you can download it from there, otherwise you'd need to have a licenced copy. You can download 180 day evaluation versions from the Microsoft website here :
  2012 - http://technet.microsoft.com/en-gb/evalcenter/hh670538.aspx
  2012 R2 -
  http://technet.microsoft.com/en-gb/evalcenter/dn205286.aspx

• Error in Installing Exchange Server 2013 (w SP1) Mailbox Role on Windows Server 2012 R2

  Hi Team,
  Need urgent help in resolution of following error:
  Environment Details: VMware ESXi 5.5 (vMotion)
  Migration from Exchange Server 2007 (SP3 + RU13) to Exchange Server 2013
  Exchange Server: Exchange Server 2013 with SP1 (Latest Installation Media)
  OS: Windows Server 2012 R2 - Standard (Latest Installation Media)
  Exchange 2013 Roles: Seprated (Mailbox and CAS on Different VMs)
  Prerequisites: Installed
  Error: Installation gives Error at Step 10 during installation of Mailbox Service
  Error Details Below:
  Error:
  The following error was generated when "$error.Clear();
  if ([Environment]::OSVersion.Version.Major -ge 6)
  $WsbBinPath=$RoleInstallPath+"bin\wsbexchange.exe";
  $reg= join-path (join-path $env:SystemRoot system32) reg.exe;
  $servicecmd = join-path (join-path $env:SystemRoot system32) sc.exe;
  if ((get-service wsbexchange* | where {$_.name -eq "wsbexchange"}))
  if ((get-service wsbexchange).Status -eq "Running")
  Start-SetupProcess -Name:"$servicecmd" -Args:"stop wsbexchange";
  Start-SetupProcess -Name:"$servicecmd" -Args:"delete wsbexchange";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKCR\CLSID\{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}`" /t REG_SZ /d `"CExchangeHelper Class`" /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKCR\CLSID\{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}`" /v AppId /t REG_SZ /d `"{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}`" /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKCR\CLSID\{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}\LocalServer32`" /t REG_SZ /d `"$WsbBinPath`" /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKCR\APPID\{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}`" /t REG_SZ /d `"CExchangeHelper Class`" /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKCR\APPID\{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}`" /v LocalService /t REG_SZ /d `"wsbexchange`" /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKCR\APPID\{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}`" /v LaunchPermission /t REG_BINARY /d `"010004806000000070000000000000001400000002004c0003000000000014001f000000010100000000000512000000000018001f000000010200000000000520000000200200000000180003000000010200000000000520000000270200000102000000000005200000002002000001020000000000052000000020020000`"
  /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKCR\APPID\wsbexchange.exe`" /v AppId /t REG_SZ /d `"{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}`" /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKLM\Software\Microsoft\windows nt\currentversion\WindowsServerBackup\Application Support\{76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}`" /v `"Application Identifier`" /t REG_SZ /d
  Exchange /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKLM\Software\Microsoft\windows nt\currentversion\WindowsServerBackup\Application Support\{76fe1ac4-15f7-4bcd-987e-8e1acb462fb7}`" /v CLSID /t REG_SZ /d `"{D8A2E312-3B17-4293-B71E-CD72A7C04BF3}`"
  /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKLM\Software\Microsoft\windows nt\currentversion\WSBAppExchangeHelper`" /v AutoMarkDbRecoverable /t REG_DWORD /d 1 /f";
  Start-SetupProcess -Name:"$reg" -Args:"add `"HKLM\Software\Microsoft\windows nt\currentversion\WSBAppExchangeHelper`" /v AutoMountOnPITRecovery /t REG_DWORD /d 1 /f";
  Start-SetupProcess -Name:"$servicecmd" -Args:"create wsbexchange binpath= `"$WsbBinPath`" type= own start= demand error= ignore obj= LocalSystem DisplayName= `"Microsoft Exchange Server Extension for Windows Server Backup`"";
  Start-SetupProcess -Name:"$servicecmd" -Args:"description wsbexchange `"Enables Windows Server Backup users to back up and recover application data for Microsoft Exchange Server.`"";
  " was run: "Process execution failed with exit code 1.".

  Resolved ! :)
  Root Cause: The user account I was using had all the required privileges for Exchange Installation but was not having access to edit the registry of the server. Enable access to registry edit tools and you are good to go.
  As an alternate you can also try installing using Domain Administrator account if in case there is an IT Policy constraint in the former method.
  Thanks to all.

• WIndows Server 2012 - Server Manager Error CLR20r3

  WIndows Server 2012 - Server Manager Error CLR20r3
  I have just experienced this error of ( CLR20r3) when trying to add or remove server roles.
  Server Manager crashes when trying to go into the Add/ Or Remove server roles
  What I have tried.
  .NET Diag
  .NET Fix
  Lots of research, and didn't find any resolution.
  Apparently this is not strictly tied to Windows Server 2012, as I see that Windows Server 2008 R2 , and even Windows desktop users have experienced this issue. With no direct resolution.
  Here is a screen shot for reference.......
  If anyone should obtain the MS Fix or hear of it, please post so that others who are experiencing this issue can find peace in their day.
  I have given up, ended up performing a reinstall. ( sadly)
  RF

  Hi RF,
  Based on your description, would you please refer to following operations and troubleshoot this issue?
  Please use
  Sytem File Checker tool to scan all protected system files.
  Please
  perform a clean boot to check if some third-party services affected.
  Please backup the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole. Then delete following two registry key (if exist): LeagcyImepersonationLevel and LegacyauthenticationLevel
  Then log off and logon and monitor the result.
  In addition, please navigate to %windir%\logs and check ServerManager and CBS log file if you can find some
  relevant errors.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu