Windows Server 2012 R2 wouldn't response SMB Negotiate Protocol Request
Hello
I've got an windows 2012 r2 as a file server, it worked fine with windows client but not with lunix-based client
I first discovered this problem on an Android phone:http://social.technet.microsoft.com/Forums/en-US/b3a8a7f9-f4b7-4b9f-b586-2ec87fc14d71/cant-access-shared-folders-on-win-2012-r2-with-android-phone?forum=winserverPN
then I did some test on a newly installed lunix OS on a VM today, I found that my server do not response SMB Negotiate Protocol Request from my phone or the testing OS at all.
when I try smbclient -L ServerIP, I get
read_socket_with_timeout: timeout read. read error = Connection reset by peer.
Receiving SMB: Server stopped responding
protocol negotiation failed
the wireshark capture are like this:
35 22.704658
192.168.1.20 192.168.1.10
SMB 260
Negotiate Protocol Request
36 22.704745
192.168.1.10 192.168.1.20
TCP 54
microsoft-ds → 41733 [RST, ACK] Seq=1 Ack=195 Win=0 Len=0
37 23.090116
192.168.1.20 192.168.1.10
TCP 74
41734 → microsoft-ds [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSval=8758786 TSecr=0 WS=16
38 23.090237
192.168.1.10 192.168.1.20
TCP 74
microsoft-ds → 41734 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1 TSval=5473099 TSecr=8758786
39 23.090382
192.168.1.20 192.168.1.10
TCP 66
41734 → microsoft-ds [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSval=8758787 TSecr=5473099
I don'tknow what's causing this problem ,is there anyone could help me?
Hi,
If you access files stored on Windows Server 2012 R2 from other non-Windows client computers, you need to use NFS protocol.
Using the NFS protocol, you can transfer files between computers running Windows and other non-Windows operating systems, such as Linux or UNIX.
In Windows Server 2012, NFS includes the components, Server for NFS and Client for NFS. Server for NFS enables a computer running Windows Server 2012 to act as a NFS file server for other non-Windows client computers. Client for NFS enables a Windows-based
computer that is running Windows Server 2012 to access files that are stored on a non-Windows NFS server.
For more detailed information, please refer to the articles below:
Network File System Overview
http://technet.microsoft.com/en-us/library/jj592688.aspx
Server for Network File System First Share End-to-End
http://blogs.technet.com/b/filecab/archive/2012/10/08/server-for-network-file-system-first-share-end-to-end.aspx
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Similar Messages
-
Windows Server 2012: SMB share with transparent failover
Have a nice day to all!
I have 2 HP Proliant DL380P Gen8 servers containing 8 x 1TB disks (with P420i HP Smart Array RAID Controller) in each server.
So, there are 2 arrays on every server:
1. 2 x 1TB in RAID1 (+1 disk for hot swap) - system volume
2. 5 x 1TB in RAID5 (+1 disk for hot swap) - data volume
And I installed Windows Server 2012 Standard on each server.
Than I created a failover two-nodes cluster.
And now I want to create a SMB share with transparent failover for all the second (data) volume (it's about 3.3TB in RAID5 array). How just can I reach this goal? I'm going to use it in future for Hyper-V VMs, so, the main reqirement is powered-on and working
VMs even if one node of SMB share cluster is failed.
I wasn't able to see my volumes in failover cluster manager. I tried to create iSCSI targets, storage pools, virtual disks, etc. but no luck. My failover cluster manager can't see it to create SMB share!
Can anyone advice me something?
Thanks in advance!Have a nice day to all!
I have 2 HP Proliant DL380P Gen8 servers containing 8 x 1TB disks (with P420i HP Smart Array RAID Controller) in each server.
So, there are 2 arrays on every server:
1. 2 x 1TB in RAID1 (+1 disk for hot swap) - system volume
2. 5 x 1TB in RAID5 (+1 disk for hot swap) - data volume
And I installed Windows Server 2012 Standard on each server.
Than I created a failover two-nodes cluster.
And now I want to create a SMB share with transparent failover for all the second (data) volume (it's about 3.3TB in RAID5 array). How just can I reach this goal? I'm going to use it in future for Hyper-V VMs, so, the main reqirement is powered-on and working
VMs even if one node of SMB share cluster is failed.
I wasn't able to see my volumes in failover cluster manager. I tried to create iSCSI targets, storage pools, virtual disks, etc. but no luck. My failover cluster manager can't see it to create SMB share!
Can anyone advice me something?
Thanks in advance!
You need to have your storage you want to export as being a shared storage visible to your cluster (part of CSV). Then you'll configure failover file shares using content accessible from both cluster nodes. Refer to this manual for diagrams (ignore StarWind
and replace it logically with your existing shared storage you've used to create your cluster):
http://www.starwindsoftware.com/configuring-ha-file-server-on-windows-server-2012-for-smb-nas
Also see these manuals from MS on how to create failover file server:
http://technet.microsoft.com/en-us/library/cc753969.aspx
http://technet.microsoft.com/en-us/library/cc731844(v=ws.10).aspx
http://blogs.technet.com/b/askcore/archive/2010/08/19/working-with-file-shares-in-windows-server-2008-r2-failover-clusters.aspx
However if you want to use existing storage located on the both nodes you're out of luck. Microsoft does not provide anything representing local DAS to the cluster nodes. If you want to use existing DAS then you'll have to stick with a third-party product
like StarWind, SteelEye or DataCore. To create something like in this picture:
So you'll have a configuration with only two nodes, no physical shared hardware (SAS JBOD, FC or iSCSI) and vSAN. Refer to this manual:
http://www.starwindsoftware.com/ns-configuring-ha-file-server-for-smb-nas
Hope this helped :)
StarWind iSCSI SAN & NAS -
Not working properly Computer Browser service in Windows Server 2012
Good afternoon.
Migrated from 2003 to 2012 Active Directory, all is good, but the service Computer Browser in Windows Server 2012 is not working properly.
Online, there are several hundred computers, one network, no segments. PDC is the Master Browser, it is in my list of all the computers, but gives customers or Backup Browser computers only part, and in alphabetical order, giving the first 70 computers and
all.
Looked packet sniffer:
Microsoft Windows Lanman Remote API Protocol
Entry Count: 70
Available Entries: 251
So on Master Browser shows 251 computer, and the client 70.
If disabled on Windows Server 2012 Service Computer Browser, Master Browser is a computer running Windows Server 2003. He gives all computers.
What is the problem, how to get Windows Server 2012 to work correctly as a Master Browser?More info. I have high lighted in bold where the issue is. This is a massive headache for me at the moment
Frame: Number = 377, Captured Frame Length = 182, MediaType = ETHERNET
- Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-13-72-52-6E-A1],SourceAddress:[00-1E-0B-2B-68-DD]
- DestinationAddress: Dell Inc. 526EA1 [00-13-72-52-6E-A1]
Rsv: (000000..)
UL: (......0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
- SourceAddress: 001E0B 2B68DD [00-1E-0B-2B-68-DD]
Rsv: (000000..)
UL: (......0.) Universally Administered Address
IG: (.......0) Individual address (unicast)
EthernetType: Internet IP (IPv4), 2048(0x800)
- Ipv4: Src = 10.44.46.101, Dest = 10.44.44.14, Next Protocol = TCP, Packet ID = 14025, Total IP Length = 168
- Versions: IPv4, Internet Protocol; Header Length = 20
Version: (0100....) IPv4, Internet Protocol
HeaderLength: (....0101) 20 bytes (0x5)
- DifferentiatedServicesField: DSCP: 0, ECN: 0
DSCP: (000000..) Differentiated services codepoint 0
ECT: (......0.) ECN-Capable Transport not set
CE: (.......0) ECN-CE not set
TotalLength: 168 (0xA8)
Identification: 14025 (0x36C9)
- FragmentFlags: 16384 (0x4000)
Reserved: (0...............)
DF: (.1..............) Do not fragment
MF: (..0.............) This is the last fragment
Offset: (...0000000000000) 0
TimeToLive: 128 (0x80)
NextProtocol: TCP, 6(0x6)
Checksum: 0 (0x0)
SourceAddress: 10.44.46.101
DestinationAddress: 10.44.44.14
- Tcp: Flags=...AP..., SrcPort=65372, DstPort=NETBIOS Session Service(139), PayloadLen=128, Seq=1910965363 - 1910965491, Ack=580319796, Win=252 (scale factor 0x8) = 64512
SrcPort: 65372
DstPort: NETBIOS Session Service(139)
SequenceNumber: 1910965363 (0x71E70473)
AcknowledgementNumber: 580319796 (0x2296FA34)
- DataOffset: 80 (0x50)
DataOffset: (0101....) 20 bytes
Reserved: (....000.)
NS: (.......0) Nonce Sum not significant
- Flags: ...AP...
CWR: (0.......) CWR not significant
ECE: (.0......) ECN-Echo not significant
Urgent: (..0.....) Not Urgent Data
Ack: (...1....) Acknowledgement field significant
Push: (....1...) Push Function
Reset: (.....0..) No Reset
Syn: (......0.) Not Synchronize sequence numbers
Fin: (.......0) Not End of data
Window: 252 (scale factor 0x8) = 64512
Checksum: 0x6F65, Disregarded
UrgentPointer: 0 (0x0)
TCPPayload: SourcePort = 65372, DestinationPort = 139
- Nbtss: SESSION MESSAGE, Length =124
PacketType: SESSION MESSAGE, 0(0x00)
- Flags: Add 0 to Length
Reserved: (0000000.)
Extension: (.......0)Add 0 to Length
Length: 124(0x7C)
- SMB: C; Transaction, Remote Administration Protocol, FileName = \PIPE\LANMAN
Protocol: SMB
Command: Transaction 37(0x25)
- NTStatus: 0x0, Facility = FACILITY_SYSTEM, Severity = STATUS_SEVERITY_SUCCESS, Code = (0) STATUS_SUCCESS
Code: (................0000000000000000) (0) STATUS_SUCCESS
Facility: (...0000000000000................) FACILITY_SYSTEM
Customer: (..0.............................) NOT Customer Defined
Severity: (00..............................) STATUS_SEVERITY_SUCCESS
- SMBHeader: Command, TID: 0x2001, PID: 0x276C, UID: 0x3801, MID: 0x0140
- Flags: 24 (0x18)
LockAndRead: (.......0) LOCK_AND_READ and WRITE_AND_UNLOCK NOT supported (Obsolete) (SMB_FLAGS_LOCK_AND_READ_OK)
NoAck: (......0.) An ACK response is needed (SMB_FLAGS_SEND_NO_ACK[only applicable when SMB transport is NetBIOS over IPX])
Reserved_bit2: (.....0..) Reserved (Must Be Zero)
CaseInsensitive: (....1...) SMB paths are case-insensitive (SMB_FLAGS_CASE_INSENSITIVE)
Canonicalized: (...1....) Canonicalized File and pathnames (Obsolete) (SMB_FLAGS_CANONICALIZED_PATHS)
Oplock: (..0.....) Oplocks NOT supported for OPEN, CREATE & CREATE_NEW (Obsolete) (SMB_FLAGS_OPLOCK)
OplockNotify: (.0......) Notifications NOT supported for OPEN, CREATE & CREATE_NEW (Obsolete) (SMB_FLAGS_OPLOCK_NOTIFY_ANY)
FromServer: (0.......) Command - SMB is being sent from the client (SMB_FLAGS_SERVER_TO_REDIR)
- Flags2: 51207 (0xC807)
KnowsLongFiles: (...............1) Understands Long File Names (SMB_FLAGS2_KNOWS_LONG_NAMES)
KnowsEas: (..............1.) Understands extended attributes (SMB_FLAGS2_KNOWS_EAS)
SmbSecuritySignature: (.............1..) Security signatures enabled (SMB_FLAGS2_SMB_SECURITY_SIGNATURE)
Compressed: (............0...) Compression Disabled for REQ_NT_WRITE_ANDX and RESP_READ_ANDX (SMB_FLAGS2_COMPRESSED)
SecuritySignatureRequired: (...........0....) Security Signatures are NOT required (SMB_FLAGS2_SMB_SECURITY_SIGNATURE_REQUIRED)
Reserved_bit5: (..........0.....) Reserved (Must Be Zero)
IsLongName: (.........0......) DO NOT use Long File Names (SMB_FLAGS2_IS_LONG_NAME)
Reserved_bits7_9: (......000.......) Reserved (Must Be Zero)
ReparsePath: (.....0..........) NOT a Reparse path (SMB_FLAGS2_REPARSE_PATH)
ExtendedSecurity: (....1...........) Aware of extended security (SMB_FLAGS2_EXTENDED_SECURITY)
Dfs: (...0............) NO DFS namespace (SMB_FLAGS2_DFS)
Paging: (..0.............) Read operation will NOT be permitted unless user has permission (NO Paging IO) (SMB_FLAGS2_PAGING_IO)
NTStatus: (.1..............) Using 32-bit NT status error codes (SMB_FLAGS2_NT_STATUS)
Unicode: (1...............) Using UNICODE strings (SMB_FLAGS2_UNICODE)
PIDHigh: 0 (0x0)
SecuritySignature: 0x0
Unused: 0 (0x0)
TreeID: 8193 (0x2001)
ProcessID: 10092 (0x276C)
UserID: 14337 (0x3801)
MultiplexID: 320 (0x140)
- CTransaction:
WordCount: 14 (0xE)
TotalParameterCount: 32 (0x20)
TotalDataCount: 0 (0x0)
MaxParameterCount: 8 (0x8)
MaxDataCount: 4200 (0x1068)
MaxSetupCount: 0 (0x0)
Reserved: 0 (0x0)
- Flags: Do NOT disconnect TID
Disconnect: (...............0) Do NOT disconnect TID
NoResponse: (..............0.) Server response to the client
Reserved: (00000000000000..) Reserved
Timeout: 5000 milli sec(s)
Reserved2: 0 (0x0)
ParameterCount: 32 (0x20)
ParameterOffset: 92 (0x5C)
DataCount: 0 (0x0)
DataOffset: 0 (0x0)
SetupCount: 0 (0x0)
Reserved3: 0 (0x0)
ByteCount: 61 (0x3D)
- RemoteAPIBuffer:
- FileName: \PIPE\LANMAN
- Align: 1 Bytes
AlignBytes: Binary Large Object (1 Bytes)
Name: \PIPE\LANMAN
Pad1: Binary Large Object (2 Bytes)
- RAPRequest: NetServerEnum2 Request, InfoLevel = 1, SV_TYPE_ALL: All in NSNET
RAPOpcode: NetServerEnum2
- ParameterDescriptor: WrLehDz; 4 send, 1 receive parameter
Param: (W) WORD (send parameter, 16 bit integer)
Param: (r) Receive buffer (format in data descriptor) (receive data, 0 bit integer)
Param: (L) Receive buffer length (send/receive parameter, 16/16 bit integer)
Param: (e) Entries read (receive data, 0 bit integer)
Param: (h) WORD (receive parameter, 16 bit integer)
Param: (D) DWORD (send parameter, 32 bit integer)
Param: (z) ASCIIZ (send parameter, 8 bit integer)
Param: ASCII NUL (string terminator)
- DataDescriptor: B16BBDz; data bytes send: 0, receive: 34
- Datum: (B) BYTE[16] (receive data, 8 bit integer)
Datum: (B) BYTE (receive data, 8 bit integer)
Digit: 1
Digit: 6
Datum: (B) BYTE (receive data, 8 bit integer)
Datum: (B) BYTE (receive data, 8 bit integer)
Datum: (D) DWORD (receive data, 32 bit integer)
Datum: (z) ASCIIZ* (receive data offset, 32 bit integer)
Datum: ASCII NUL (string terminator)
- NetServerEnum2: SV_TYPE_ALL: All in NSNET
InfoLevel: (1) SERVER_INFO_1
ReceiveBufferSize: 4200 (0x1068)
- ServerType: SV_TYPE_ALL: All
Workstation: (...............................1) All workstations
Server: (..............................1.) All computers with the server service running
Sqlserver: (.............................1..) All running Microsoft SQL Server
DomainCtrl: (............................1...) All primary domain controllers
DomainBakctrl: (...........................1....) All backup domain controllers
TimeSource: (..........................1.....) All Time servers
AFP: (.........................1......) All Apple File Protocol servers
Novell: (........................1.......) All Novell servers
DomainMember: (.......................1........) All LAN Manager 2.x domain members
PrintqServer: (......................1.........) All print servers
DialinServer: (.....................1..........) All dial-in servers
ServerUnix: (....................1...........) All Unix/Xenix servers
NT: (...................1............) All Windows NT workstations or servers
WFW: (..................1.............) All Windows for Workgroups servers
ServerMFPN: (.................1..............) All Microsoft File and Print for NetWare servers
ServerNT: (................1...............) All non-domain controller servers
PotentialBrowser: (...............1................) All servers that can run the browser service
BackupBrowser: (..............1.................) All backup browsers
MasterBrowser: (.............1..................) All master browsers
DomainMaster: (............1...................) All domain master browsers
Reserved1: (..........11....................)
Windows: (.........1......................) All Windows 95 or later
DFS: (........1.......................) All DFS root servers
ClusterNT: (.......1........................) All NT Clusters
Terminalserver: (......1.........................) All Terminal Servers
ClusterVSNT: (.....1..........................) All NT Cluster Virtual Server Names
DCE: (....1...........................) AllIBM DSS (Directory & Security Services)
Reserved2: (...1............................)
AlternateXport: (..1.............................) Return list for alternate transport
LocalListOnly: (.1..............................) Return local list only
DomainEnum: (1...............................) Enumerate primary domain
Domain: NSNET
Then the reply;
Frame: Number = 378, Captured Frame Length = 1514, MediaType = ETHERNET
+ Ethernet: Etype = Internet IP (IPv4),DestinationAddress:[00-1E-0B-2B-68-DD],SourceAddress:[00-13-72-52-6E-A1]
+ Ipv4: Src = 10.44.44.14, Dest = 10.44.46.101, Next Protocol = TCP, Packet ID = 27036, Total IP Length = 1500
+ Tcp: Flags=...A...., SrcPort=NETBIOS Session Service(139), DstPort=65372, PayloadLen=1460, Seq=580319796 - 580321256, Ack=1910965491, Win=253 (scale factor 0x8) = 64768
+ Nbtss: SESSION MESSAGE, Length =2013
+ SMB: R; Transaction, Remote Administration Protocol
- RAPResponse: NetServerEnum2 Response, Count = 31
Win32ErrorCode: 0x00000000 - ERROR_SUCCESS - The operation completed successfully.
Converter: 2251 (0x8CB)
- NetServerEnum2: Count = 31
EntriesReturned: 31 (0x1F)
EntriesAvailable: 31 (0x1F)
+ NetServerInfo1: APOLLO
+ NetServerInfo1: ARTEMIS
+ NetServerInfo1: ASKLEPIOS
+ NetServerInfo1: CASTOR
+ NetServerInfo1: DCC4503-131L
+ NetServerInfo1: DCC4503-155L
+ NetServerInfo1: DCC4503-157L
+ NetServerInfo1: DCC4503-161L
+ NetServerInfo1: DCC4503-171L
+ NetServerInfo1: DCC4503-172L
+ NetServerInfo1: DCC4503-175L
+ NetServerInfo1: DCC4503-177L
+ NetServerInfo1: DCC4503-183L
+ NetServerInfo1: DCC4503-184L
+ NetServerInfo1: DCC4503-185L
+ NetServerInfo1: DCC4503-188L
+ NetServerInfo1: DCC4503-196L
+ NetServerInfo1: DCC4503-197L
+ NetServerInfo1: DCC4503-199L
+ NetServerInfo1: DCC4503-202L
+ NetServerInfo1: DCC4503-203L
+ NetServerInfo1: DCC4503-205L
+ NetServerInfo1: DCC4503-210L
+ NetServerInfo1: DCC4503-213L
+ NetServerInfo1: DCC4503-219L
+ NetServerInfo1: DCC4503-220L
+ NetServerInfo1: DCC4503-228L
+ NetServerInfo1: DCC4503-233L
+ NetServerInfo1: DCC4503-234L
+ NetServerInfo1: DCC4503-236L
+ NetServerInfo1: DCC4503-241L
StringData: Binary Large Object (586 Bytes) -
Learning Windows server 2012 R2 & 2012 core
Hi,
How do i configure a fast and standard solution with 1domain (Windows
Server 2012 R2) and 1subdomain(Windows Server 2012 Core) implemented with a webserver and security for dns?
ThxHi
Maybe this can help,
Nslookup test:
cmd => nslookup => set type=mx => host.net.
Organizational unit:.be
Active directory users and computers openen => rmb op domeinnaam => new => organtizational unit aanmaken => Protection uitvinken
Computer Manueel toevoegen aan domein:
1)DNS veranderen naar 192.168.1.1 van het domein zelf
2)Add-Computer -domainname host -cred administrator@host -passthru -verbose
GPO voor chrome installeren:
1)Group policy management => in OU PC's => new policy aanmaken
2)rmb policy en klik edit
3)onder computer => software => new package => pad ingeven waar je msi bestand hebt gezet van chrome => \\S1\netlogon\msi\chrome.msi
4)client heropstarten en aanmelden met domeingebruiker => powershell => Restart-Computer
5)mapje waar MSI in zit => security => domain controller (user) toevoegen met volledig beheer
GPO voor browser block chrome:
3)block listed urls..
4)op client gpupdate
Failed login events:
1)Group policy instellen op OU Servers: Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ ==> Failed logins aanzetten
2)gpupdate /force
1)powershell
2)get-windowsfeature => install-windowsfeature SMTP-Server
3)Internet information services => S1 => Domain RMB => properties => Acces tab => Relay => Add => Group computers => IP: 192.168.1.1 subnet 255.255.255.0 => Ok => ok
3b)Eens afmelden en aanmelden met fout wachtwoord zodat er een log geschreven wordt met audit failure in de security log van event viewer
4)Eventviewer security log => op failed audit log RMB => attach => Geef andere naam => next => next start program => program: powershell.exe =>
open the propery dialog aanvinken
5)Run wheter user is logged in or not aanvinken => tabke conditions: start the task only if AC power afvinken! => ok => paswoord administrator ingeven
6)powershell: get-executionpolicy => resultaat moet remotesigned zijn => view tabke => script pane aanzetten =>
Script geven: $smtpServer = ìsmtp2.school.beî
$msg = New-Object Net.Mail.MailMessage
$smtp = New-Object Net.Mail.SmtpClient($smtpServer)
$msg.From = ì[email protected]î
$msg.ReplyTo = [email protected]î
$msg.To.Add([email protected]î)
$msg.subject = ìhacking attempt?î
$msg.body = ìlogin/pwd failure on S1.î
$smtp.Send($msg)
7)Script opslaan in mapje op C schijf => powershell cd naar mapje met script => ls commandoTo configure the time source for the forest
8)Task scheduler openen => naar event viewer tasks => login => rmb properties => actions => powershell.exe edit => add arguments: -command "C:\Script\login.ps1" => ok => password admin ingeven
9)Testen
*Op welke manier kan je je MX records controleren met NSLOOKUP
cmd => nslookup => set type=mx => host.net.
*Commando powershell om Client toe te voegen aan het domein:
Add-Computer -domainname host -cred administrator@host -passthru -verbose
Best practice analyzer:
1)Server manager => klik op dns en op ADDS => Scroll naar onder tot bij BPA => Task start scan => bekijk resultaten:
Vraagje: Welke suggesties zou je kunnen oplossen:
DNS server should have scavenging enabled
De PDC emulator master moet geconfigureerd worden
1)To configure a domain controller in the parent domain as a reliable time source
*W32tm /config /reliable:yes /update
2)To configure the time source for the forest
*w32tm /config /computer:s1.host.net /manualpeerlist:ntp.belnet.be /syncfromflags:manual /update
Tijd moet gelijk zijn van S1 en S2!!
Corefig opstarten in powershell:
1)cd C:\corefig
2)execution policy aanpassen: Set-ExecutionPolicy bypass
3).\corefig.ps1
4)naam veranderen in corefig
Commando om S2 toe te voegen aan het domein in de OU servers:
1)DNS instellen
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.1
2)Toevoegen aan OU servers
Add-Computer -domainname sdhost -cred administrator@host -OUPath "OU=Servers,OU=OU,DC=Host,DC=net"
Herstarten
OPPASSEN HIERMEE ALS S2 ZELF DC MOET WORDEN!
Voorzie je server van de DNS-rol via windows powershell:
1)Import-Module Servermanager
2)Get-WindowsFeature
2)Add-WindowsFeature "DNS" -restart
Remoteaccess:
S1 remote access geven voor administrators bij active directory
view => advanced features enablen
=> Remote management users => HOST\Administrator toevoegen met full rechten
=> Remote Desktop users => HOST\Administrator toevoegen met full rechten
Bekijk welke firewall regel op dit moment Remote Management nog blokkeert en laat
die communicatie toe:
1)Op S2 in powershell: Configure-SMRemoting.exe -enable
2)op S1 => Server manager => manage => add servers => S2 ingeven => ok
3)Active directory installeren op s2 via add roles (via S1)
4)S2 promoveren to domain controller
5)credentials van s1 gebruiken => naam subdomain 'premium'
6)DSRM passwoord: P0wnerken
7)PREMIUM
DNS instellen van s2 zelf
Set-DnsClientServerAddress -InterfaceAlias "Ethernet" -ServerAddresses 192.168.1.2
C2)DNS server instellen op S2 : 192.168.1.2
Toevoegen aan domein premium.host.net => inloggen met admin account van s2 domein
herstarten van C2
Maak†van†deze†tweede†server†nu†een†domeincontroller†voor†het†nieuwe†domein
ìpremiumî.†Daar†zijn†twee†werkwijzen†voor.†Zoek†deze†methodes†op†en†noteer†deze
summier†hieronder:
- Werken met DCPROMO.exe
- Werken met GUI vanop S1
Je†mag†zelf†kiezen†welke†methode†je†toepast.†Noteer†hier†wel†de†commandoís†die†je
toepast:
Werken met GUI: new existing domain to current forest => naam PREMIUM
Netwerkkaarten toevoegen:
VCLOUD => Niet customizen!!!
Firewall disablen S2:
netsh firewall set opmode disable
Op S1 => chrome => ip in url : https://192.168.1.150:446 => proceed => logingegevens:
naam: openfiler
pass: password
Services => CIFS / NFS => Enable => Start
manage volumes => 1GB volume => start cyl = 1, end cyl = 128 => ongeveer 1GB
Add volume group => NFS als naam en 1GB volume toevoegen => Add volume => naar onder scrollen:
Naam: NFS
Bestandssysteem: EXT4 kiezen
*Add new physical volume 10GB: MINSTENS 35 CYLINDERS TUSSENLATEN!!!!
Start cyl = 164, end cyl = 1469, is ongeveer 10GB
Volume groups => Nieuwe aanmaken met SMB als naam => Add volume => volume selecteren en toevoegen => naar uw smb volume group gaan
=> SMB volume kiezen => naam: SMB => MAX Geheugen => EXT4 bestandssysteem
1)Clocksettings zetten via ntp server: ntp.belnet.be (Moet gelijk zijn met domaincontroller waarin je hem toevoegd)
2)DNS zetten van S2
Hostname: of
Primary DNS: 192.168.1.2
Secondary DNS: 192.168.1.1
Gateway: 192.168.1.254
3)Accounts:
Expert view!
*Use windows domain controller and authentication aanvinken
Security Mode: Active directory
Domain / workgroup: PREMIUM
Domain controllers: s2.premium.VAhost.net
ADS realm: PREMIUM.HOST.NET
Join domain: aanvinken
Administrator username: Administrator
Administrator password: Azerty123
*Naar onder scrollen tot kerberos 5: Aanvinken
Realm: premium.host.net
KDC: s2.premium.host.net
Admin server: s2.premium.VAhost.net
Share aanmaken:
1)Shares => klikken op SMB / NFS => Nieuwe subfolder aanmaken: SMBshare / NFSshare
2)subfolder klikken => maak share => bij rechten naar beneden scrollen => Domain admins: PG & RW, Domain users: RO
3)Update
Systeem beveiliging:
1)system => Network access configuration => Nieuw netwerk toevoegen
Name: Sharenetwork
Network/host: 192.168.1.0
Netmask: 255.255.255.0
Type: Share
2)Update
Protocol aanzetten:
Shares => subfolder smbshared => Volledig vanonder scrollen => SMB/CIFS protocol op rw zetten
Connect to share met:
root
Azerty123
Connect Z-schijf met SMB share:
1)RMB op SMB share
2)Map network drive
3)Pad SMB share intypen
4)connecten met share account of finish 1)Private storage en manueel ip adres ingeven
Beveiliging backup:
1)Active directory van S1
2)OP s1 zelf volledig nieuwe OU: "TEMP Accounts" aanmaken => accidentally delete afzetten!!
3)2USers aanmaken die lid zijn van de groep ("member of") Guest
4)Op S1 => C schijf => nieuwe map map aanmaken en delen
5)Op advanced sharing van gedeelde map => Guest 1 Full control => Everyone alleen read rechten
6)Testen op client of je op Guest1 tekstbestand kan aanmaken en via Guest2 op die share map niet.
7)Als het werkt Guest1 verwijderen en bekijk sharing permissions op Guest1 map
*Wat stel je vast bij verwijderen Guest1 via active directory:
De guest account wordt vervangen door een ander account met een lange naam
die full control heeft over de map
8)Guest1 terug opnieuw aanmaken, wat stel je vast?
Guest1 heeft geen rechten meer over de map en de aangemaakte account blijft staan
Recycle BIN:
1)Open Active directory administrative center
2)Klik op uw domein links
3)Rechts => enable Recycle Bin
4)Verwijder Guest1 op AD
5)Guest1 komt te staan bij deleted users/objects op Recycle Bin
6)Mogelijkheid om te restoren
7)Delete OU Temp accounts => Lukt niet onmiddellijk => Omdat er nog objecten in zitten
*Zoek op welke technieken je kan toepassen om een backup te nemen van je Active Directory. Bekijk uiteraard ook welke 2 manieren
er zijn om een backup van je AD terug te plaatsen (Authoritative en non-authoritative):
-13.1.1 Authoritative Restore
Dit proces herstelt de AD na bc een wijziging die ongedaan gemaakt moet worden.
AD wordt hersteld vanaf de backup, de backup overschrijft dan alle andere DC's met eventuele nieuwere informatie.
-13.1.2 Non-Authoritative Restore
Terugzetten van gegevens van de backup. Nadien ontvangt de DC updates van andere DC's die gemaakt zijn sinds de backup.
Backup S1:
Eerst probleem openfiler oplossen:
1)openfiler opstarten vanuit vmcloud
2)cd /etc/samba
3)vim smb.conf (toevoegen: strict allocate = yes) => eerst i voor insert => opt einde escape => :wq voor opslaan
4)/etc/init.d/smb restart
Backup zelf
1)Install windows backup in server manager => add roles => features
2)Open windows backup
3)Action => backup once
4)Different options => Custom kiezen => System State backuppen
5)Remote disk kiezen
6)pad share: \\of\smb.smb.SMBshare
7)Als backup mislukt, de aangemaakte files door de backup manueel verwijderen en backup terug opnieuw proberen
!!!Als openfiler ineens verdwijnd van domein, moet je de tijd nakijken van beiden systemen (moeten gelijk zijn met max 5min verschil)
Restore backup (authoritatief ingesteld)
http://technet.microsoft.com/ru-ru/library/cc816878(v=ws.10).aspx
1)Herstart de domeincontroller in Directory Services Restore Mode Remotely
=> run => Msconfig.msc => stapkes staan in url: http://technet.microsoft.com/ru-ru/library/cc794729(v=ws.10).aspx
2)Restore uw ADDS van je backup a.d.h.v. een non-authoritatieve restore.
Dit zorgt ervoor dat de domeincontroller terug in de staat komt waarop de objecten die verwijderd zijn
er terug bijstaan.
http://technet.microsoft.com/ru-ru/library/cc794755(v=ws.10).aspx
in cmd:
=>wbadmin get versions -backuptarget:\\of\smb.smb.SMBshare
=>wbadmin start systemstaterecovery -version:12/03/2013-12:37 -backuptarget:\\of\smb.smb.SMBshare -quiet
3)Markeer objecten als authoritatief zodat ze niet worden overschreven bij het restoren door synchronisatiefouten
tussen de verschillende domeinen.
http://technet.microsoft.com/ru-ru/library/cc816813(v=ws.10).aspx <== hieraan beginnen
=> open run => ntdsutil
=> activate instance ntds => enter
=> authoritative restore => enter
=> restore subtree "OU=Stagiairs,DC=Host,DC=net" => enter
=> quit => enter
=> Start terug op met de domaincontroller in normale modus dus dsrm opstartmode uitschakelen: Safe boot uitvinken
Nakijken of beide OU's Stagiairs en Guests er nog staan
(In dit geval is OU guests wel verwijderd doordat we maar 1 DC hebben dus de informatie
wordt niet gesynchroniseerd met een 2de DC)
- Debian Machine toevoegen:
Netwerkgegevens: NIC0 / Private management network / static - manual / IP = 192.168.1.3
Als Machine aangemaakt is, nieuwe netwerkkaart toevoegen:
NIC1 / Private storage network / static - manual / IP = 172.16.0.13
op Debian machine:
1)su - => enter => pass: Azerty123 => enter
2)commando: pico /etc/network/interfaces
Voeg volgende lijntjes toe aan het bestand
iface eth0 inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.254
iface eth1 inet static
address 172.16.0.13
netmask 255.255.255.0
CTRL + O (opslaan) => CTRL + X (afsluiten)
3)pico /etc/resolv.conf
veranderd de bestaande lijntjes naar deze:
domain host.net
search host.net
nameserver 192.168.1.1
4)ifdown / ifup van eth0/eth1
IPV6 instellen:
Zelf gekozen ULA subnet:
fdac:1fff:b0b0 (tot dit gedeelte mag random gegenereerd worden vanaf 'fd')
Subnet 1: fdac:1fff:b0b0:4bd0:: /64
Subnet 2: fdac:1fff:b0b0:4bd1:: /64
/sbin/ip
Remote settings toewijzen voor domain users aan clients (en eventueel toevoegen aan domein als dit nog niet gebeurt is)
IPV6 instellen via Netwerkinstellingen (Default gateway openlaten)
NIC0 NIC1
S1: fdac:1fff:b0b0:4bd0::1 /64 fdac:1fff:b0b0:4bd1::11 /64
dns: ::1 dns: fdac:1fff:b0b0:4bd1::11
S2: fdac:1fff:b0b0:4bd0::2 /64 fdac:1fff:b0b0:4bd1::12 /64
(dns: ::1) (dns: fdac:1fff:b0b0:4bd1::12)
Openfiler: fdac:1fff:b0b0:4bd0::150 /64 fdac:1fff:b0b0:4bd1::1 /64
S3: fdac:1fff:b0b0:4bd0::3 /64 fdac:1fff:b0b0:4bd1::13 /64
C1: fdac:1fff:b0b0:4bd0::101 /64
dns: S1
C2: fdac:1fff:b0b0:4bd0::102 /64
dns: S2
Voor windows server core:
*powershell
netsh interface ipv6 add address "Ethernet" fdac:1fff:b0b0:4bd0::2
netsh interface ipv6 add address "Ethernet 2" fdac:1fff:b0b0:4bd1::12
Voor linux: (zowel openfiler als debian)
VOOR DEBIAN 7 (alleen ifup commando gebruiken niet ifdown):
/sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::3/64 dev eth0 (voor debian)
/sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::13/64 dev eth1 (voor debian)
of statisch in /etc/network/interfaces:
iface eth0 inet6 static
address fdac:1fff:b0b0:4bd0::3
netmask 64
iface eth1 inet6 static
address fdac:1fff:b0b0:4bd1::13
netmask 64
pico /etc/resolv.conf => lijntjes toevoegen
=> domain host.net
=> search host.net
=> nameserver 192.168.1.1
=> nameserver fdac:1fff:b0b0:4bd0::1
VOOR OPENFILER eth0: vim /etc/sysconfig/network-scripts/ifcfg-eth0
=> IPV6_AUTOCONF=no
=> IPV6INIT=yes
=> Toevoegen: fdac:1fff:b0b0:4bd0::150/64
VOOR OPENFILER eth1: vim /etc/sysconfig/network-scripts/ifcfg-eth1
=> IPV6_AUTOCONF=no
=> IPV6INIT=yes
=> Toevoegen: fdac:1fff:b0b0:4bd1::1/64
~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd0::150/64 dev eth0 (voor openfiler)
~~ /sbin/ip -6 addr add fdac:1fff:b0b0:4bd1::1/64 dev eth1 (voor openfiler)
Risico's gedeelde application pool:
-1 proces per application pool (=>zwaar proces dat veel resources nodig heeft)
(als dit proces vastloopt alle websites geimpacteerd)
-gebruikers kunnen in principe aan elkaars bestanden
1)IIS installeren op S2 via server manager op S1
2)Role services in setup, volledig vanonder => management service aanvinken (dit staat remote management toe)
3)Op S1 Web server zoeken en enkel van IIS de management console installeren zodat IIS van S2 beheerbaar is
4)Powershell op S2:
Invoke-command -ScriptBlock{Set-ItemProperty -Path HKLM:\SOFTWARE\Microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1}
Invoke-command -ScriptBlock {Set-Service -name WMSVC -StartupType Automatic}
Invoke-command -ScriptBlock {Start-service WMSVC}
In IIS manager op S1 => Add connection => S2.premium.sdhost.net => account: administrator van S2
In IIS Manager => Sites => new Website, 2 website aanmaken
-'klant1.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant1 => hostname = Klant1.host.net
-'klant2.sdhost.net' Physical path => C:\inetpub\wwwroot\Klant2 => hostname = Klant2.host.net
In DNS A-record toevoegen:
-hostname: www
-IP: 192.168.1.2
Voor toegang via IPv6 ook een AAAA-record toevoegen:
-hostname: www
-IP: fdac:1fff:b0b0:4bd0::2
Voor elke site ook een een CNAME-record aanmaken:
-Alias name: klant1, FQDN: www.host.net
-Alias name: klant2, FQDN: www.host.net
In deze standaardopstelling schuilen enkele risicoís. Geef twee risicoís die de huidige
configuratie (gedeelde application pool) met zich mee kan brengen:
- Als je een website hebt die zwaar CPU belastend is (zoals foto's herschalen) heeft dit ook effect op je andere websites
- Omdat je websites binnen dezelfde apppool zitten hebben ze eenzelfde identiteit en kun je geen aparte permissies opzetten.
GROUP MANAGEMENT SERVICE ACCOUNT:
New-ADServiceAccount IISPool1 -DNSHostName s1.amhost.net -PrincipalsAllowedToRetrieveManagedPassword Administrator -KerberosEncryptionType RC4, AES128, AES256
Install-ADServiceAccount IISPool1
Maybe you can do this tutorial to, it is a tuto for learning DFS & DNSSEC..
Wat betekent de optie “dnssecok”
-> Deze optie stelt de dnssecOK bit in voor deze query
-> Dit verteld de server that de client dnssec verstaat en dat deze server hiervan gebruik kan maken met deze client
Krijg je een bevestiging dat dit een secure antwoord is? (RRSIG)
-> Neen want de zone is nog niet gesigneerd
Controleer of de client C1 ingesteld is om secure responses af te dwingen bij zijn DNS
caching server: get-dnsclientnrptpolicy. Resultaat?
-> Het resultaat is niks, vermoedelijk omdat er geen instellingen zijn hiervoor
Probeer opnieuw een request op C1 voor S1 met ResolveDNSName. Is het signeren
van de zone voldoende om secure antwoorden te krijgen op de client?
-> Er komt opnieuw geen RSIG record dus dit is niet voldoende
Om secure DNS responses op de client voor het domein securezone.lab af te dwingen
wordt in het domein Host.net een GPO ingesteld. (nieuwe GPO voor hele domein).
zoek op en stel deze GPO in voor responses van securezone.lab.
-> default domain policy -> Edit => -> Computer Configuration > Policies > Windows Settings > Name Resolution Policy.
"In the details pane, under Create Rules and To which part of the namespace does this rule apply, choose Suffix from the drop-down list and type sec.contoso.com next to Suffix."
"On the DNSSEC tab, select the Enable DNSSEC in this rule checkbox and then under Validation select the Require DNS clients to check that name and address data has been validated by the DNS server checkbox."
"In the bottom right corner, click Create and then verify that a rule for sec.contoso.com was added under Name Resolution Policy Table."
=> GPupdate /force uitvoeren
=> Dan kan de policy bekeken worden
Je zorgt er uiteraard ook voor dat deze policy toegepast werd op de client (C1) en controleer dit opnieuw met get-dnsclientnrptpolicy.
=> GPupdate /force
=> get-dnsclientnrptpolicy => levert hetzelfde resultaat als op de server
Opnieuw: ResolveDnsName s1.securezone.lab server S1 dnssecok Wat krijg je als antwoord te zien? Wat is de oorzaak?
(Distribueer) Kopieer de trust achor data van de secure.lab zone op S2 naar S1 en importeer die op de DNS van S1 als trusted anchor. (keysetsecurezone.lab)
http://technet.microsoft.com/en-us/library/hh831411.aspx
opnieuw: ResolveDnsName s1.securezone.lab server S1 dnssecok Krijg je nu een (beveiligd antwoord)?
->Ik krijg nu een beveiligd antwoord van de DNS server gesigneerd door securezone.lab met geldigheidstermijn
p23 Distributed File System
Installeer op beide server de “file services role”.
-> Add roles and features
-> File services
-> DFS
Maak een namespace aan (DOCUMENTATION) in je domein hOst.net. Stel de sharepermissions zo in dat de groep ‘auteurs’ schrijfrechten heeft. gewone gebruikers
mogen enkel leesrechten hebben.
-> DFS manager
-> Namespaces => Add namespace
maak een folder aan in de namespace DOCUMENTATION met als naam PDF
-> Add folder
maak een tweede target aan voor de PDF folder
-> Add target to folder
stel replicatie in tussen de twee folder targets. De inhoud wordt vanaf nu dus gesynct.
-> Automatisch bij 2de target volg de wizard
Welke andere stappen zijn nodig om een volledig redundant DFS systeem op te zetten?
-> De folder moeten via DFS geschared staan
-> De replicatie moet ingesteld worden
maak een diagnostisch raport aan over hoe replicatie gebeurt, en corrigeer eventue vastgestelde problemen.
-> Rechtermuisknop op de replication object
-> Create diagnostic report
-> kies de reports
stel quota’s in. In de map PDF maak je een subfolder CATALOGS aan, maar zorg dat die niet groter dan 10MB kan worden. Stel hiervoor een harde limiet in.
-> install FSRM bij file services
-> klik quotas => add quota => kies het bestand
-> nieuwe quota => 10mb hard aanvinken
-> save
http://technet.microsoft.com/en-us/library/cc875787(v=ws.10).aspx
omdat we willen vermijden dat de volledige bandbreedte ingenomen wordt door DFS,beperken we de replication speed tot 2MBps.
-> Klik op de replication -> rechterkolom kies vor edit replication group
-> Stel de 2MBps in -
SharePoint Foundation 2013 installed on Windows Server 2012 not sending out email notification
I have a server where i installed SP Foundation 2013 on top of Windows Server 2012. I have configured the SMTP as well as the outgoing SMTP in Central Administration
of SharePoint. When i create an alert on a document library, its did not sent any email notification on the changes made to the document in the document library. So, i created a workflow to send out email using SPD2013. The workflow run, but it cannot sent
out email with error saying that outgoing email is not configured correctly. I have checked with another server which i installed SP foundation 2013 on top of Windows Server 2008 R2 - its sending out email just fine using same configuration and outgoing SMTP.
I need help to resolve this issue or at least the cause of the problem.
Any help is greatly appreciated.
Try below:
http://social.technet.microsoft.com/wiki/contents/articles/13771.troubleshooting-steps-for-sharepoint-alert-email-does-not-go-out.aspx
Go to Central Admin ---->Operations----->outgoing email settings and verify that SMTP server is mentioned correctly
2) Test the connectivity with the SMTP server.
In order to do that follow these steps:
Open cmd
telnet <SMTP server name> 25 ( We connect smtp server to the port 25)
you should see a response like this 220 <servername> Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at date and time
Beware that different servers will come up with different settings but you will get something
If you dont get anything then there could be 2 possible reasons, either port 25 is blocked or
the smtp server is not responding.
For testing response from your server
For testing response say ehlo to it.
Type :
ehlo <servername>
output:
250 <servername> Hello [IP Address]
Now a test mail can be sent from that SharePoint server.
Now we need to enter the From address of the mail.
Type :
mail from: [email protected]
output:
250 2.1.0 [email protected]….Sender OK
It's time to enter the recepient email address.
Type : rcpt to: [email protected]
output:
250 2.1.5 [email protected]
Now we are left with the data of the email. i.e. subject and body.
Type : data
output:
354 Start mail input; end with <CRLF>.<CRLF>
Type:
subject: this is a test mail
Hi
This is test mail body
I am testing SMTP server.
Hit Enter, then . and then Enter.
output:
250 2.6.0 <<servername>C8wSA00000006@<servername>> Queued mail for delivery
Type: quit
output:
221 2.0.0 <servername> Service closing transmission channe
3) Check alerts are enabled for your web application
verify if the windows timer service is running or not.
Run this stsadm command to check that
Stsadm.exe -o getproperty -url http://SharePoint-web-App-URL -pn alerts-enabled
This should return <Property Exist="Yes" Value="yes" />
If you don’t get this, Enable alerts by:
stsadm.exe -o setproperty -pn alerts-enabled -pv "true" -url http://SharePoint-web-App-URL
If its already enabled, try turn off and turn on it back.
4) Check the Timer job and Properties
Go to
MOSS 2007: Central Administration > Operations > Timer Job Definitions (under Global Configuration)
In SharePoint 2010: Central Administration > Monitoring > Review Job Definitions
Check whether the "Immediate Alerts" job is enabled for your web application. check these properties:
job-immediate-alerts
job-daily-alerts
job-weekly-alerts
stsadm.exe -o getproperty -url "http://Your-SharePoint-web-App-URL" -pn job-immediate-alerts
The expected output is:
<Property Exist="Yes" Value="every 5 minutes between 0 and 59"/>.
If you don’t get this, run the following command to set its value.
stsadm.exe -o setproperty -pn job-immediate-alerts -pv “every 5 minutes between 0 and 59" -url http://Your-SharePoint-web-App-URL
5) Check whether the account is subscribed for alerts and it has a valid email account. This should be the first thing to check if the problem persists for some users not for all.
6) Then check if at all those users have at least read permission for the list. Because the first mail should go out for every user without security validation but the next ones won't be delivered unless the user has at least read
permission.
7) If it is happening for one user, can also try to delete and re add the user in the site.
8) Most importantly , you should try this one.
Run this SQL query to the content db < Select * from Timerlock>
This will give you the name of the server which is locking the content database and since when.
In order to get rid of that lock
Go to that server which is locking the content db and then restart the windows timer service.
within some time it should release the lock from content db, if not then at the most stop the timer job for some time
Once the lock will be released then try to send some alerts
You will surely get the email alert.
I found this is the most probable reason for alert not working most of the time. We should start troubleshooting with above steps before coming to this step for any alert email issue but from step 1 to step 7 are best for new environments or new servers.
If the issue is like this ,alert was working before and suddenly stopped working without any environmental change then above conditions in step 1-7 should be ideally fine.
Even after this if it is not working, then you can try these few more steps too
9) Try re-registering the alert template:
stsadm -o updatealerttemplates -url http://Your-SharePoint-Web-App-URL -f "c:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\XML\alerttemplates.xml" -LCID 1033
10) Try to clear the configuration cache
If this helped you resolve your issue, please mark it Answered -
Our company recently moved to Office 365 which mean our on premise exchange server went away as well with the move. I am trying to configure my new sql server (OS-Windows Server 2012 R2, DBMS- SQL 2014 Std Edtion). After some searching I found
this article (http://blogs.technet.com/b/meamcs/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx) and have followed these steps exactly, but to no avail. I did some further research
on the SMTP relay I setup and found a way to test it (listed here http://technet.microsoft.com/en-us/library/dn592151(v=exchg.150).aspx at the bottom of the article). If I drop the email.txt file in the pickup folder, it gets sent out no problem.
I have configured my db email exactly as describe here(http://blogs.technet.com/b/meamcs/archive/2013/02/25/how-to-configure-sql-database-mail-so-send-emails-using-office-365-exchange-online-a-walkthrough.aspx). But keep getting an unable to connect
to SMTP server error. I have even tried completely shutting down firewall to see if that is the issue and multiple restarts. Any ideas how to get this to work on Office 365?
DB Mail error log:
Date 6/10/2014 10:28:41 PM
Log Database Mail (Database Mail Log)
Log ID 46
Process ID 2196
Mail Item ID 19
Last Modified 6/10/2014 10:28:41 PM
Last Modified By xx
Message
The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2014-06-10T22:28:41). Exception Message: Cannot send mails to mail server. (Failure sending mail.).Hi,
I followed this blog and got the below error message in the Database Mail Log.
“The mail could not be sent to the recipients because of the mail server failure. (Sending Mail using Account 2 (2014-06-11T19:34:00). Exception Message: Cannot send mails to mail server. (Mailbox unavailable. The server response was: 5.7.1 Unable to relay
for [email protected]).”
If you are getting the same error message, you can try the below steps to resolve the issue.
1. Open the IIS 6.0 management console. Right click on the SMTP server and open the properties window.
2. Click on the Access tab, click Relay button under Relay restrictions. loopback IP address (i.e 127.0.0.1).
Then the email should be sent out from Database Mail without problem.
Thanks.
Tracy Cai
TechNet Community Support -
Intermittent loss of UNC path access on Windows Server 2012
Hi All,
I hope someone can help with a major headache we've been having on two Windows Server 2012 boxes since September this year. Basically, these servers will intermittently lose the ability to browse network shares from windows explorer and the only way we have
found to resolve this is to reboot. When the issue happens, we can't even log into the server as it sits at 'applying user settings' - presumably as it is failing to access the netlogon share on our DCs. If we have an active RDP session when the issue occurs,
we can connect. In this instance we see that if you enter a UNC path in Windows explorer and hit enter, nothing happens - no error messages or anything. The only way I can get any response is when trying to access the IPC$ share on another server, which gives
the following response:
\\server\ipc$ is not accessible. You might not have permission to use this resource, Contact the administrator of this server to find out if you have access permissions.
The parameter is incorrect.
Everything looks right from a physical network perspective, as we can ping from the affected servers and DNS queries are working fine. I can even run net view from powershell and see the local servers and shares on these, however any attempt to access shares
just hangs the powershell session.
If I look in the SMBClient event logs, I can see entries like the following:
Event ID 30805
The client lost its session to the server.
Error: The transport connection is now disconnected.
This is made worse by the fact that when this issue happens, we can't even cleanly reboot the server (it just hangs) and have to perform a cold boot.
The firewall has been turned off and we have taken off our antivirus software to eliminate it as a possible cause. We have even rebuilt one of these servers on a clean install of 2012 R2, but the issue re-appeared. We have also tried using different NIC
drivers (Broadcom NICs installed) to no avail. We have also tried disabling IPv6.
We have logged a ticket with Microsoft support, who have come back telling us that this could be related to a known bug with DFS in 2012 for which a fix is being tested prior to release in a few weeks. However, I can't sit around on my hands until then on
the off chance that this fix will resolve our problem. These servers are hosting our production Lync 2013 front end service and when this issue occurs it breaks the address book search and response group services, so this issue is of critical importance for
us to get resolved asap.
Any help on this would be greatly appreciated.Hi,
That's right, if you hit enter absolutely nothing happens, no error messages. It makes no difference if I try name or IP address - even trying \\localhost doesn't work. A few minutes later after trying, an entry appears in the SMBClient event logs as mentioned
in my original post. To me it looks like something deep within the networking operations of the OS is randomly breaking. Also, if I try to browse the network from Windows explorer, it just hangs. When I try to restart the workstation service, it just gets
permanently stuck in a stopping state and the server has to be cold booted. Once it boots up, everything is working fine again....until the next time. There is absolutely nothing appearing in the application or system event logs indicating the root cause.
I've checked and DNS resolution is working OK and I can telnet to other hosts on all the required ports.
I had originally thought it might be related to the Broadcom NICs as we've had issues with them in the past, but we switched over to use the 2012 inbox driver for them and the same issue happens. I should also mention that one server is a blade and the other
a rackmount box. Dell support have run full diagnostics on both and have come up clean, so it doesn't appear to be a hardware issue. The even more baffling thing is that we have a third server with identical spec and config that does not have the problem.
The only difference with this third server is that it is not part of a Lync pool pairing using DFS and sits in a remote location on a different LAN.
I had thought of trying to drop back to use SMB1 by disabling SMB2 and 3, but I'm not sure if this would adversely affect any other services.
This one really has me stumped. -
Sharepoint 2013 comes with prerequisitesinstaller.exe to install the software required for the actual Sharepoint installation.
I 've installed Windows server 2012 in the R2 edition as well as Standard edition, but installing the prerequisites ends with an issue for the Microsoft Identity Extensions (MIE) on both versions (screenshot).
The 2012 R2 server has been updated with all latest files by executing Windows update.
In case of the Server 2012 R2, MIE is already installed , but somehow the Sharepoint installation is missing something.
I al;so tried removing default install to let prerequisiteinstaller.exe to install it's own version, but that did not help.
When I skip the prerequisites remaining items, the Sharepoint installation stops directly , requesting the missing items.
I've tried several Sharepoint server installation files, including the 180 days free version.
Screenshots will be uploaded after my account has been checked......Hi Jay,
Installing SharePoint Server 2013 on a computer that is running Windows Server 2012 R2 could lead to unexpected behavior, therefore, Microsoft does not support SharePoint Server 2013 in Windows Server 2012 R2.
SharePoint Server 2013 with Service Pack 1 and SharePoint Foundation 2013 with Service Pack 1 will offer support for Windows Server 2012 R2.
Refer to:
SharePoint 2013 Support for Windows Server 2012 R2
In addition, as Dave suggested, for the sharepoint server issue, please post in the dedicated forum for a better response.
Best Regards,
Anna Wang
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
File systems available on Windows Server 2012 R2?
What are the supported file systems in Windows Server 2012 R2? I mean the complete list. I know you can create, read and write on Fat32, NTFS and ReFS. What about non-Microsoft file systems, like EXT4 or HFS+? If I create a VM with a Linux OS, will
I be able to acces the virtual hard disk natively from WS 2012 R2, or will I need a third party tool, like the one from Paragon? If I have a drive formated in EXT4 or HFS+, will I be able to acces it from Windows, without any third party tool? Acces it,
I mean both read and write on them. I know that on the client OS, Windows 8.1, this is not possible natively, this is why I am asking here, I guess it is very possible for the server OS to have build-in support for accesing thoose file systems. If Hyper-V
has been optimised to run not just Windows VMs, but also Linux VMs, it would make sense to me that file systems like thoose from Linux or OS X to be available using a build-in feature. I have tried to mount the vhd from a Linux VM I have created in HyperV,
Windows Explorer could not read the hard drive.Installed Paragon ExtFS free. With it loaded, tried to mount on Windows Explorer a ext4 formated vhd, created on a Linux Hyper-V vm, it failed, and Paragon ExtFS crashed. Uninstalled Paragon ExtFS. The free version was not supported on WS 2012 R2
by Paragon, if Windows has no build-in support for ext4, this means this free software has not messed around anything in the OS, I guess.
Don't mess with third-party kernel-mode file systems as it's basically begging for troubles: crash inside them will make whole system BSOD and third-party FS are typically buggy... Because a) FS development for Windows is VERY complex and b) there are very
few external adopters so not that many people actually theist them. What you can do however:
1) Spawn an OS with a supported FS inside VM and configure loopback connectivity (even over SMB) with your host. So you'll read and write your volume inside a VM and copy content to / from host.
(I personally use this approach in a reversed direction, my primary OS is MacOS X but I read/write NTFS-formatted disks from inside a Windows 7 VM I run on VMware Fusion)
2) Use user-mode file system explorer (see sample links below, I'm NOT affiliated with that companie). So you'll copy content from the volume as it would be some sort of a shell extension.
Crashes in 1) and 2) would not touch your whole OS stability.
HFS Explorer for Windows
http://www.heise.de/download/hfsexplorer.html
Ext2Read
http://sourceforge.net/projects/ext2read/
(both are user-land applications for HFS(+) and EXT2/3/4 accordingly)
Hope this helped :)
StarWind VSAN [Virtual SAN] clusters Hyper-V without SAS, Fibre Channel, SMB 3.0 or iSCSI, uses Ethernet to mirror internally mounted SATA disks between hosts. -
Windows Search Service Crashes on Windows Server 2012 R2
Hi,
I'm running Windows Search service on a Windows Server 2012 R2 (24GB RAM, 8-core proc). The index catalog has a little over 2 million items (files and folders indexed).
Every once in a while this service crashes, and either remains in limbo or automatically recovers and restarts the index from zero. I'm trying to find out information about what may be causing the crashes and about how to prevent them. Unfortunately, I don't
seem to be able to find much about the Windows Search service on Windows Server 2012 R2. So anyone who may have input on this, please chip in.
Additional info:
- As mentioned above, the server OS is Windows Server 2012 R2. This is a physical server with 24GB RAM, 8-core proc and over 2TB of storage.
- This server acts as a DC and as a File Server. In addition to this and Windows Search service, there are no other major services running here
- Symantec Endpoing protection is installed and running on this server, but I've made sure to exclude the Window Search database from SEP
Here are some of the errors that are generated when the issue happens:
The error below may show up in the event logs. If it shows up more than once, the indexing service has likely crashed and won't recover.
Log Name: System
Source: Service Control Manager
Date: 1/23/2015 3:32:15 PM
Event ID: 7011
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: myserver.mydomain.local
Description:
A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
I attempted to stop the indexing service, but it didn't stop. I noticed though that the indexing GUI started responding as soon as the
the service stop command failed. The indexing service seems to have picked up where it was (~300K items) and continued indexing.
Logs sequence:
Log Name: Application
Source: ESENT
Date: 1/23/2015 3:57:01 PM
Event ID: 102
Task Category: General
Level: Information
Keywords: Classic
User: N/A
Computer:
myserver.mydomain.local
Description:
SearchIndexer (18232) Windows: The database engine (6.03.9600.0000) is starting a new instance (0).
====
Log Name: Application
Source: ESENT
Date: 1/23/2015 3:57:01 PM
Event ID: 300
Task Category: Logging/Recovery
Level: Information
Keywords: Classic
User: N/A
Computer:
myserver.mydomain.local
Description:
SearchIndexer (18232) Windows: The database engine is initiating recovery steps.
====
Log Name: Application
Source: ESENT
Date: 1/23/2015 3:57:01 PM
Event ID: 301
Task Category: Logging/Recovery
Level: Information
Keywords: Classic
User: N/A
Computer:
myserver.mydomain.local
Description:
SearchIndexer (18232) Windows: The database engine has begun replaying logfile X:\IndexingService\Search\Data\Applications\Windows\edb0053D.log.
====
Log Name: Application
Source: ESENT
Date: 1/23/2015 3:57:01 PM
Event ID: 301
Task Category: Logging/Recovery
Level: Information
Keywords: Classic
User: N/A
Computer:
myserver.mydomain.local
Description:
SearchIndexer (18232) Windows: The database engine has begun replaying logfile X:\IndexingService\Search\Data\Applications\Windows\edb0053E.log.
====
Log Name: Application
Source: ESENT
Date: 1/23/2015 3:57:02 PM
Event ID: 301
Task Category: Logging/Recovery
Level: Information
Keywords: Classic
User: N/A
Computer:
myserver.mydomain.local
Description:
SearchIndexer (18232) Windows: The database engine has begun replaying logfile X:\IndexingService\Search\Data\Applications\Windows\edb.log.
====
Log Name: Application
Source: ESENT
Date: 1/23/2015 3:57:02 PM
Event ID: 302
Task Category: Logging/Recovery
Level: Information
Keywords: Classic
User: N/A
Computer:
myserver.mydomain.local
Description:
SearchIndexer (18232) Windows: The database engine has successfully completed recovery steps.
====
Log Name: Application
Source: ESENT
Date: 1/23/2015 3:57:02 PM
Event ID: 105
Task Category: General
Level: Information
Keywords: Classic
User: N/A
Computer:
myserver.mydomain.local
Description:
SearchIndexer (18232) Windows: The database engine started a new instance (0). (Time=1 seconds)
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.000, [4] 0.032, [5] 1.046, [6] 0.094, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000.
====
Log Name: Application
Source: ESENT
Date: 1/23/2015 3:57:02 PM
Event ID: 326
Task Category: General
Level: Information
Keywords: Classic
User: N/A
Computer:
myserver.mydomain.local
Description:
SearchIndexer (18232) Windows: The database engine attached a database (1, X:\IndexingService\Search\Data\Applications\Windows\Windows.edb).
(Time=0 seconds)
Internal Timing Sequence: [1] 0.000, [2] 0.000, [3] 0.016, [4] 0.000, [5] 0.000, [6] 0.000, [7] 0.000, [8] 0.000, [9] 0.000, [10] 0.000, [11]
0.000, [12] 0.000.
Saved Cache: 1 0Hi,
Thanks for your post.
To resolve this problem, use the Registry Editor to change the default timeout value for all services.
http://social.technet.microsoft.com/wiki/contents/articles/13765.event-id-7011-service-timeout.aspx
Please note before making changes to the registry, you should back up any valued data.
Regards.
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected] -
Install 2008 R2 on Windows Server 2012
Hi,
I am trying to install SQL Server 2008 R2 SP1 on Windows Server 2012 Datacenter.
However, I get below warning when running setup.exe:
"your version of microsoft sql server (2008 and 2008 r2) isn't compatible with this version of windows"
How do I find what prerequisite I need?
ThanksHi,
Apologies for very late response. SQL Server 2008 R2 is x64 and Windows Server 2012 Datacenter is x64.
When I try to install SQL Server I get this...
I click 'Run the program without getting help' and all looks ok...
Any ideas?
Thanks!
As you can see all rule check is fine you can move ahead.I usually get this message during installation but installation never fails
Please mark this reply as the answer or vote as helpful, as appropriate, to make it useful for other readers -
Hi,
A backup job has been setup on Windows Server 2012 (Platform: Win32NT; ServicePack: ; Version: 6.2.9200.0; VersionString : Microsoft Windows NT 6.2.9200.0) via Windows Backup Software UI (Local Backup 1.0).
It is appearing as a scheduled task "\Microsoft\Windows\Backup\Microsoft-Windows-WindowsBackup" belonging to user 'nt authority\system' in task scheduler.
The problem is that the Backup job never start despite the scheduled task running and completing successfully (when run automatically or manually)!
Would you be able to explain why and assist in resolving that issue?
Here is what we know:
When the backup is run manually via the Windows Backup Software UI, it works fine.
When the backup is run via command line (as set in schedule task) in a cmd command prompt (as local/domain 'administrator' or as 'nt authority\system' which is possible by running command prompt via 'PsExec.exe -i -s cmd'), something like "%windir%\System32\wbadmin.exe
start backup -templateId:{f11eb3aa-74e7-4ff4-a57b-d8d567ee3f77} -quiet", it works fine.
If you manually run the preset scheduled task while logged in as administrator, the task run and complete successfully but the backup job does not start.
Idem if you schedule task is run automatically at scheduled time.
The schedule task run and complete successfully but the backup job does not start.
It is confirmed by running the following in a command prompt as 'nt authority\system':
schtasks /run /tn "\Microsoft\Windows\Backup\Microsoft-Windows-WindowsBackup"
SUCCESS: Attempted to run the scheduled task "\Microsoft\Windows\Backup\Microsoft-Windows-WindowsBackup".
Despite success result, the Backup job does not start running...
No errors or warning appears anywhere in Event Logs (Microsoft > Windows > Backup or Task Scheduler) nor in the scheduled task History tab. The schedule task complete successfully but no Backup job is run...
If scheduled task automatically set by Windows Backup software is duplicated (copied) and set manually it runs fine as 'administrator' and as 'nt authority\system' (subject that 'nt authority\system' is added to the 'Backup Operators' AD group).
Here is an export of the current pre-set schedule task, is there any settings that need to be changed to make it works?
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.4" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Author>MYDOMAIN\SERVER1</Author>
<SecurityDescriptor>D:AR(A;OICI;GA;;;BA)(A;OICI;GR;;;BO)</SecurityDescriptor>
</RegistrationInfo>
<Triggers>
<CalendarTrigger id="Trigger 1">
<StartBoundary>2014-07-14T21:00:00</StartBoundary>
<Enabled>true</Enabled>
<ScheduleByDay>
<DaysInterval>1</DaysInterval>
</ScheduleByDay>
</CalendarTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<UserId>S-1-5-18</UserId>
<RunLevel>HighestAvailable</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>true</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>false</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
<UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>P3D</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>%windir%\System32\wbadmin.exe</Command>
<Arguments>start backup -templateId:{f11eb3aa-74e7-4ff4-a57b-d8d567ee3f77} -quiet</Arguments>
</Exec>
</Actions>
</Task>
Thank you in advance for your feedback.Once again, the issue is not to run the backup manually from the command line but to have it run via the scheduled task setup by the Windows Backup software.
By default, the schedule task is to be run as NT Authority\System, and when run under this account, the backup does not start (even though account is member of Backup Operators) and job can manually be run via elevated command prompt. This is not a normal
behavior and constitute a major bug in Windows Server 2012.
From my understanding the NT Authority\System account is a built-in account from Windows that should by default be part of the Administrators group (built-in) even though it does not explicitly appears like it in AD by default.
This account shall have by default Administrators rights and Backup Operators rights (via the Administrators group) without being explicitly added to those groups (http://msdn.microsoft.com/en-gb/library/windows/desktop/ms684190%28v=vs.85%29.aspx). By design
it is supposed to be the most powerful account which has unrestricted access to all local system resources. If that is not the case (as it seems) then this would constitute a major bug in Windows Server 2012 edition.
As said previously and as you confirmed, currently by default NT Authority\System on Windows 2012 server cannot start backup manually via an elevated command prompt unless it is manually added to Backup Operators (or Administrators) group. But wouldn't that
constitute a bug of Windows Server 2012?
Our server has not yet been restarted since I added NT Authority\System account to the Administrators group explicitly manually so I cannot yet confirmed it would sort the issue. Indeed it is heavily in use so cannot easily be restarted. Will confirm when
done.
We also have an additional problem where after a while of last reboot, part of the Exchange ECP can no longer be properly loaded in the web browser due to compilation error (compilation is done via NT Authority\System account which seems to no longer have
sufficient right to compile .NET code). What is strange is that it works at first and then stop working at some point... I am hopeful that adding NT Authority\System to the Administrators group would sort this issue as well but once again, that shall not be
needed!!!
Could a Windows Server 2012 update introduced some security policy changes or else that prevent NT Authority\System to have full power? -
Windows 8.1 SOFTWARE registry hive load failed on Windows Server 2012
Hello,
I am participated in custom Windwows Software backup/restore project development that requires load of Windows SOFTWARE/SYSTEM registry hives from target OS system drive connected to Windows system.
On all Windows version except Windows 8.1 program works correctly but when host system (on that programm run on) is Windows Server 2012 or Windows 8 and target system is Windows 8.1 registry hive load failed with following error:
Failed to load f:\Windows\System32\config\software: [1009] The configuration registry database is corrupt.
After run of 'chkdsk /r' error still remained. All requred security privileges (SE_BACKUP, SE_RESTORE) are applied. All systems are 64-bit.
Generally even system registry editor (regedit) could not open SOFTWARE hive from Windows 8.1 with following error:
Cannot Load f:\Windows\System32\config\software: Error while loading hive.
But when host system is Windows 7 or Windwos Server 2008 then SOFTWARE hive loaded without any problem.
So is there some Windows 8/8.1 registry hives validation mechanism or additional security checks tha prevents load of registry hives fromother OS instance?Sorry for later response. I was busy with other tasks.
The procMon tool shows RegLoadKey is failed when it tried to load the hive on Windows 8.1 (8.1 based WinPE also). On Windows 7, I didn't see the error (Shows Success instead of REGISTRY CORRUPT). Once the hive is load & unloaded on Windows 7 OS, the
check sum of the hive is changed, and I can load the updated hive with regedit in Windows 8.1 OS.
"reg.exe","752","RegCloseKey","HKLM\SOFTWARE\Microsoft\SQMClient\Windows","SUCCESS",""
"reg.exe","752","RegQueryKey","HKLM","SUCCESS","Query: HandleTags, HandleTags: 0x0"
"reg.exe","752","RegOpenKey","HKLM\Software\Microsoft\Rpc","SUCCESS","Desired Access: Query Value"
"reg.exe","752","RegQueryValue","HKLM\SOFTWARE\Microsoft\Rpc\IdleTimerWindow","NAME NOT FOUND","Length: 144"
"reg.exe","752","RegCloseKey","HKLM\SOFTWARE\Microsoft\Rpc","SUCCESS",""
"reg.exe","752","QueryNameInformationFile","C:\Dhoni","SUCCESS","Name: \Dhoni"
"reg.exe","752","RegQueryKeySecurity","HKLM","SUCCESS",""
"reg.exe","752","RegLoadKey","HKLM\target1","REGISTRY CORRUPT","Hive Path: C:\Dhoni\SYSTEM1" -
Hello,
we are currently migrating from Windows Server 2012 to 2012 R2 and are not able to get the new Direct Access Service up and running. Our goal is to establish DirectAccess connection for a handful of clients using the IPHTTPS-adapter on the default port 443.
Errors:
There is actually no error showing up. It seems the infrastructure tunnel cannot be created but none of the IPv6-transition adapters is connecting (teredo and 6-to-4 are down) and the IPHTTPs adapter gives no informations about a problem:
>Get-DAConnectionStatus
Status : Error
Substatus : CouldNotContactDirectAccessServer
>Get-NetIPHttpsState
LastErrorCode : 0x0
InterfaceStatus : Failed to connect to the IPHTTPS server; waiting to reconnect
Setup:
Our setup is a virtualized Windows Server 2012 R2 Standard running on Hyper-V. It is located behind a NAT having the Port 443 mapped to the server. The only role installed after the basic install is RRAS including DirectAccess and VPN. The assistants completed
successfully (running the configuration for DirectAccess and VPN). Operation Status says everything is green und working (for multiple days in the meanwhile). A previous direct access installation (on a different machine running Windows Server 2012) has
been removed before installing the new server. The new installation is using a different router, so this might also be the cause of a problem.
The client is a Windows 8.1 notebook located outside the company network accessing the internet through another NAT-device. The client has been able to connect to the previous DirectAccess setup but has never been able to establish a connection after the
setup of the new Direct Access server. The device has no outbound constraints concerning the NAT-device and is only running the integrated Windows Firewall.
Diagnosis:
So far I've done some basic DNS and connectivity checks. The DNS-name can be resolved correctly and the router even responds to pings. The port forward is working and HTTPs connections are generally possible (temporarily routed the port to
access the NLS-Website located on the server, which worked fine).
Network monitor shows that both computers are communicating, traffic on the expected Port 443 is incoming on the server and responses from the server reach the client.
Opening the IPHTTPs-url and in an endless page load. Sometime the browser page closes but I've never seen any result. Using telnet on the port shows that the server is accepting connections. I've even build a small test application that does a GET-Request
on the URL returning HTTP-200 and no content.
I'm currently running out of ideas what to do and since no error occurs this is kind of a bit frustrating. Any help appreciated.
Regards
MatthiasHi,
In addition, have you disabled the DA client components on the DA client? If no, please also check
the settings on the Name Resolution Policy Table.
More information:
DirectAccess
Client Location Awareness – NRPT Name Resolution
In addition, error 0x4C9 means the remote computer refused the network connection. It may be due to the invalid
registry or corrupt drivers. For more detailed information, please refer to the link below:
Error 1225 - Error Code 0x4C9
Note:
Microsoft is providing this information as a convenience to you. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
Best regards,
Susie -
Windows server 2008 R2 to Windows server 2012 R@ Upgrade
We have Team Foundation server 2010 server configured in our environment.
operating system: windows server 2008 R2 Datacenter
Server installed: Team foundation server 2010 with share point services 3.0.
we need to upgrade this server with windows server 2012 R2 and Team foundation server 2010 as it is.
need to upgrade as below:
operation system windows server 2012 R2 Datacenter
Server Installed : Team foundation server 210 with sharepoint services 3.0 as it is.
I have tried to direct upgrade by running a setup of windows server 2012 R2 but it shows error message if : "
When you upgrade Windows Server 2008 to Windows Server 2012, you receive the following error message:
Windows won’t install unless each of these things is taken care of. Close Windows Setup, take care of each one, and then restart Windows Setup to continue.
Windows needs to be restarted so necessary changes to system files can be made before continuing.
Make these changes:
Turn off these Windows features.
Windows SharePoint Services 3.0 – Please read Microsoft Knowledge Base article: 962216
I have installed sharepoint 3.0 with sp3. but still I am geeing same error.
we need to upgrade operating system,n in place.
Kindly request you for the quick response.Hi,
To understand more clearly regarding upgrading issue here providing you link for more information.
Upgrade Options for Windows Server 2012 R2
http://technet.microsoft.com/en-us/library/dn303416.aspx
Install and Deploy Windows Server 2012 R2 and Windows Server 2012
http://technet.microsoft.com/en-us/library/hh831620.aspx
Hope it helps!
Regards.
Maybe you are looking for
-
PL/SQL function. ORA-00933: SQL command not properly ended
This is my first attempt at pl/sql functions with dynamic sql. It will compile, but when I try to test it I get the ORA-00933 error at line 147. line 147 is OPEN retval FOR report_query; Please take a look and let me know what it wrong! thanks {CREAT
-
Java + MS Excel + MS Outlook
How can we use Java to access contents in an excel file and convert the info into a message and mail this through MS Outlook? Plz reply to [email protected]
-
Outlook 2010: show subfolders in Favorites for a folder in Public Folders
I have a folder in Public Folders / All Public folders that I would like to see in my mail items favorites. I right clicked on it, clicked "Add to Favorites" and selected the options to show subfolders (i.e. "Add subfolders of this folder"). It the
-
Hi all, I am new to ABAP HR, I want to understand the functionality of LDB and HR Reporting. If anyone have some knowledgable documents on ABAP HR please provide me. Thanks Sanket sethi
-
Why doesnt the MOD/PLSQL do this?
When using database authentication the users of my htmlDB applications all have an actual Oracle Database account. The passwords are set to Expire every X number of days and all that stuff. When one of my users lets their password expire instead of