Light

hello! fellow co-worker , have built in-house server running windows server 2012 r2 our small business , trying set remote access able run applications , access files home. have never worked server before we've been learning go, picking information various sources. what we're having trouble understanding (or @ least people tend vague about) setting vpn certificate. need certificate able access server remotely via our laptops? thought certificates more websites , want few people able access server. can create 1 or need purchase one? if purchase 1 sort of properties should in it? i appreciate can in regard, thank time! hi  slmallory >do need certificate able access server remotely via our laptops? thought certificates more websites , want few people able access server. can create 1 or need purchase one? if purchase 1 sort of properties should in it? according description, want set vpn , confused certificate. generally, may set nps server authenticate vpn con

hi , we getting multiples events 6 of kerberous- the kerberos sspi package generated output token of size 54c3 bytes, large fit in 2ee0 buffer provided process id 0 please suggest registry editing best practice  production servers fix issue , acc microsoft  recommendation maxtokensize should 65535, value ok production servers.? hello, if token size getting big mentioned option way go. add thison user machines. we have adjusted setting run same error message. best regards meinolf weber mvp, mcp, mcts microsoft mvp - directory services my blog : http://msmvps.com/blogs/mweber/ disclaimer: posting provided no warranties or guarantees , confers no rights. Windows Server  >  Group Policy

hi,   there ad server group contains around 200k users. job export these users 5 attributes("sn", "givenname","mail","c","telephone") on daily basis. first, have come c# solution. code below. directoryentry directoryobject = getdirectoryentry(); foreach (directoryentry child in directoryobject.children) { string childpath = child.path.tostring(); string sn = childpath.remove(0, 7); alobjects.add(sn);   //get distinguishname, query ad again 5 attributes, slow. console.writeline(childpath); child.close(); child.dispose(); } directoryobject.close(); directoryobject.dispose();   realize slow in performance. 3mins 1500 users. tried csvde, problem seems server not allow me export amount of users.throws except

due size limitations on asking questions i've had make a multi-part question i trying install fonts via login script , gpo. for test purposes fonts.cmd creates log file<o:p></o:p> @echo off set log = /temp/sam.txt echo %0 starting %date% @ %time% >%log% echo echo moved network share >>%log% echo echo %0 ending %date% @ %time% >%log%<o:p></o:p> on test machine gpupdate /force and sign out administrator and in, there no log file in temp. i've tried a non-administrator well.. output from gpresult /v <o:p></o:p> <o:p></o:p> <o:p></o:p> Windows Server  >  Group Policy

i've followed article here delegate moving users group. set permissions of 'source ou' , 'destination ou' @ same high level ou (for example 'officea'), group move users around between departments ous inside 'officea' ou. when move user, if user inside ou last ou in tree (no other child ou inside it), works fine. if user inside ou has others child ous (not last 1 in tree), 'access denied' error when moving. permissions inheriting correctly top child ous. can't figure out whats going wrong, can anyone  enlighten me? are sure access has been granted top ou , inheritance not blocked? nosh mernacaj, identity management specialist Windows Server  >  Directory Services

first tried upgrading system prepared windows 7 , transferred setting replace existing machine test windows 10.  once upgraded windows 10, 1 of mapped drives on domain can not connect.  have mapped drive 2003 server, a windows 7 pc, , 2012 server share that work fine.  drive can not connect on server 2008 r2 file server.  share on 2008 server can accessed xp, window 7, , windows 8.1. thought may have gone wrong in upgrade process did clean install of windows 10, , results same.  missing something? hi poshkid, thanks sending me other set of traces, in analyzing connection attempts have been able narrow down issue. reason encountering issue server2003 fileshare server not listening on tcp port 445 either directly being blocked firewall or network device blocking traffic. in reviewing reason why windows 10 attempting use tcp 445, noticed when establishes connection on tcp port 139 sends negotiate response indicating versions of smb supports. when server responds back, indi

hello - have following hw assignment, hoping help. thanks! use get-service cmdlet display status (running, stopped) of configuration manager remote control service. (all cmdlets return objects , objects have properties. in case, want display particular property of get-service object. can pipe get-service get-member,  get-service | get-member, list properties of object. i agree mike said completely.  i'll out make sure understand happening in command. have replace service name adobearmservice service name looking for, have google. get-service -name adobearmservice | select-object -property status using get-member after get-service show of properties can use after select-object -property. methods like: start, stop... Windows Server  >  Windows PowerShell

this message keeps appearing in event logs of  windows server 2003 server. microsoft has provided fix windows server 2000. there fix or way stop error in server 2003  the master browser has received server announcement computer xxxxxxxxxx believes master browser domain on transport netbt_tcpip_{6e5d7bde-77db. master browser stopping or election being forced. more information, see , support center @ http://go.microsoft.com/fwlink/events.asp . data: 0000: 00 00 00 00 03 00 4e 00 ......n. 0008: 00 00 00 00 43 1f 00 c0 ....c..À 0010: 00 00 00 00 00 00 00 00 ........ 0018: a4 00 00 00 00 00 00 00 ¤....... 0020: 00 00 00 00 00 00 00 00 ........ regards, moved by pbbergs [msft] wednesday, july 25, 2012 9:02 pm wrong forum (from:directory services)

remove alert | edit | change type 0 we on windows environment below -  server - - win2k8 std r2, - sql 2008, - sp 2010 foundation sp2 client - - win 8.1 64 bit os, - browser - ie 11 - ms office - 2010  - 14.0.4763.1000 problem -  while opening links word document(ctrl+click) , error message "an unexpected error had occured". , link not opened. using client using remote desktop. any ideas on this? does microsoft provided fixes this? shwetank hi, have tried hyperlinks in other office programs outlook , powerpoint? work well? you may need run the fix in kb below: http://support.microsoft.com/kb/310049/en-us you can try steps in section "let me fix myself". although kb written outlook, may in scenario well. i hope useful. regards, melon chen technet community support Mi

our windows 2008 r2 server ran problem in ms kb982210.  applied hotfix registry remain large , server taking forever start up.  seems need run devnodeclean command clean registry.  know utility? hi leslie, far know, not available anywhere on internet download based on google , bing searches. microsoft should able email copy if open support case them , refer them kb982210. brent hu, technet subscriber support in forum if have feedback on our support, please contact tngfb@microsoft.com Windows Server  >  Network Infrastructure Servers

i'm having issue wds. have vm running server 2008 r2 sp1 wds installed. rebuilt server scratch after starting acting up. server no longer adds clients domain; puts them in workgroup. workgroup these clients end on matches name of domain supposed join (so if domain's name "domain", workgroup end on "domain"). can find information other admins using unattend file; not. , apologize rather new wds , original install done tech left. things have checked: the server wds has been selected "trust delegation" the server part of domain admin group in wds config asks require admin approval (this has stopped well) under ad ds tab, "same domain windows deployment services server" radio button filled under client tab, "do not join client domain after installation" un-checked any appreciated! hi, there 2 things should pay attention to: the computer name should less 15 characters. the computer name can contain standard c

hopefully there can answer this. i have box running hyper-v hosting 2 more servers (a third planned) the problem is seems impossible connect internal network thru vpn. the setup is; box running hyper-v 2012  ip=192.168.9.8 2 physical adapters 1 beeing used virtual adapter      1 sbs 2008 connected virtual adapter ip=291.168.9.1      1 server 2012 std edition connected virtual+"physical" adapter acting router , remote access ip=192.168.9.254 the 2012 std ed has nat & vpn installed. the problem following; if remote router connects vpn cannot access local network @ all, can access 192.168.9.1, 192.168.9.8 & 192.168.9.254 nothing beyond that. on other hand if open command-box on 2012 std can ping entire network not other side of vpn (windows server 2008 std). nat'ed traffic entire network no problem @ traffic coming thru vpn also note "physical" adapter virtual connected routing server (and ofcourse host itself). i have checked (and rec

via power shell using gwmi object folders , size support@mytechnet.me hi, get-childitem | measure-object -sum length | select-object count, sum more details: http://blogs.technet.com/b/heyscriptingguy/archive/2012/05/25/getting-directory-sizes-in-powershell.aspx windows powershell tip of week http://technet.microsoft.com/en-us/library/ff730945.aspx regards, yan li yan li technet community support Windows Server  >  Windows PowerShell

i not able install software. using vista 64 bit sp1. & windows ® installer. v 4.00.6001.0 if try install sp2 says "the name of attribute in identity not within legal range"0x8007370b if try uninstall windows installer msiexec command says "this installation package count not opened.verify package exists , can access it, or contact application vendor verify valid windows installer package" if try install new version i.e. 4.5 of windows installer file "windows6.0-kb942288-v2-x64", says "the update doesn't apply system". already tried "kb 315346" , didn't resolved issue. dllcache file doesn't exists on system. already tried "kb 2642495"  , didn't resolved issues again. need urgent help. can't wipe off current windows installer ? , have no clue why new version 4.5 showing not supported. checksur may able correct issue you: http://support.microsoft.com/kb/947821/en-us don (please tak

having difficulties winrm on 1 server in particular. basic breakdown servers 2-20 can succesfully connect eachother via winrm (2 can connect 3, 3 can connect 2 etc..) server 1 cannot connect anything, although can connect server 1. (2 can connect 1, 1 cannot connect 2, 3 etc..) server 1 cannot connect localhost whereas other servers can. connectivity tested via winrm id -r:servername , via powershell enter-pssession -computername 'servername' before started let me outline of steps have taken: winrm qc confirms service running , setup remote management. windows firewall service started, , firewalls turned off. client settings confirmed via registry , winrm winrm/config/client. registry/client settings identical across machines, working , not. settings are: networkdelayms = 5000 urlprefix = wsman allowunencrypted = false auth basic = true digest = true kerberos = true negotiate =  true certificate = true credssp = true defaultports http = 598

hi, i execute following intent determine if get-aduser found samaccountname in directory. is better check data using method below or there safer, more accurate way test existence of data , cmdlet successful? $aduser = "" $aduser = get-aduser -filter 'samaccountname -eq "jflary"' if($aduser) { write-host "string not empty" } else { write-host "string empty or null" } thanks help! sdedot hi, that's method use. have had problems or question out of curiosity? Windows Server  >  Windows PowerShell

all servers 2008 r2. users logging in desk-tops , thin clients 3 vm farm. no longer reconnected disconnected sessions. broker appears working. no event log errors. example: timecreated  : 8/28/2013 6:55:54 am providername : microsoft-windows-terminalservices-sessionbroker id           : 787 message      : session user nj\d.naloev added rd connection broker's database.                target name = njts2.nj.kearfott.com                session id = 7                farm name = njts timecreated  : 8/28/2013 6:55:52 am providername : microsoft-windows-terminalservices-sessionbroker id           : 801 message      : rd connection broker processed connection request user nj\d.naloev. redirection                info:                target name = njts2                target ip address = 172.18.1.32                target netbios = njts2                target fqdn = njts2.nj.kearfott.com                disconnected session found = 0x0 timecreated  : 8/28/20

server 2008 sp2 not r2 server standalone server non-admin user (same problem admin user) current updates, installed ie9 skipped ie8 (not sure if have effect) have seen multiple posts regarding this. hcu\software\microsoft\windows\currentversion\explorer\cabinetstate settings = (reg_binary) 0c, 00, 02, 00 0a, 01, 00, 00, 60, 00, 00, 00 fullpath = (reg_dword) 0x00000000 other hacks i've tried googling , forth: running "sfc /scannow" administrator runnign ie9 administrator turning off folders pane things i've tried: turning off panes setting classic folders setting "open folders in new windows" applying all, setting "same window" , appying again. http://social.technet.microsoft.com/forums/en-us/w7itproui/thread/d2d212b1-01cd-4e84-81af-71f01398f2c3 about 3/4 way down page reply 'whup':   hi guys. kevin's workmate here :p core issue here can create multitude of problems on system. registry chan

dear all, i have dc (windows 2000 server), i plan migrate windows 2008. but when check dc using dcdiag command, show error following. i run command on primary dc (named ssv01). i have secondary dc (ssv03). you please me fix it. thanks, peace. ----------------------------------- microsoft windows 2000 [version 5.00.2195] (c) copyright 1985-2000 microsoft corp. c:\documents , settings\administrator.ttn>dcdiag dc diagnosis performing initial setup:    done gathering initial info. doing initial non skippeable tests    testing server: default-first-site-name\ssv01       starting test: connectivity          although guid dns name          (2534442d-e3c4-49f9-9512-6b5e6ec5cc08._msdcs.ttn.com)          resolved ip address (72.52.194.126), not pinged,          server name (ssv01.ttn.com) resolved ip address          (10.235.65.30) , pinged.  check ip address is          registered correctly dns server.          ......................... ssv01 failed test connectivity doing primary test

we have rds farm setup follows: 1 - web access server 1 - connection broker 1 - gateway 2 - session hosts overall implementation works perfectly, however, on time we've noticed taking longer launch application. cases whether access app via remoteapp published desktop or via webaccess. when click app remoteapp window opens , "details" button grayed out. after 30 - 45 seconds details button becomes available , login process (which can see if click details) take 5 seconds. subsequent launches of applications takes few seconds there session established on rd session host. if end session you're in 30 - 45 second delay next time launch app. this not case when first implemented rds farm. change network upgrading domain 2008 (still 2003 domains in env) any suggestions? hi, if publish internal remote app such calculator.exe? this kind of issue caused network or workload.pls try make sure network latency less 20ms.contact nic vendor latest driv

hello @all working client , bit limited on action (no access gpo/active directory etc). admin of rds 2012r2 system server can find server folder on d:\users_profiles\*.vhdx have put 1 file (or more later) in each vhdx/user profile each users. manually it's easy. double click on vhdx it's open me tree folder have copy/paste. but have 300 vhdx... idea make powershell script.  get-childitem  *.vhdx -recurse | % {mount-vhd $ copy-item ...txt -destination ....) something that try find solution on web , try command mount-vhd it's seems link hyper service not available on server because virtual machin. have tools or idea me ? lot  regards   friday, november 06, 2015 12:56 pm reply

my desktops combination of winxp , win7, need enable formats tab, on region , languge. i creating gpo disable canonical name microsoft.regionandlanguage but this configuration on win7 shows additional tabs 1 need, shows options change date , time. thks help, andres, andresz sounds want disable tabs except "formats" tab? how setting following policies in user -> administrative templates -> control panel -> regional , language options "enabled" hide regional , language options administrative options hide geographic location option hide select language group options Windows Server  >  Group Policy

<!-- /* font definitions */ @font-face {font-family:"cambria math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:1; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:variable; mso-font-signature:0 0 0 0 0 0;} @font-face {font-family:calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-520092929 1073786111 9 0 415 0;} /* style definitions */ p.msonormal, li.msonormal, div.msonormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin-top:0cm; margin-right:0cm; margin-bottom:10.0pt; margin-left:0cm; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"calibri","sans-serif"; mso-ascii-font-family:calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:calibri; mso-fareast-theme-font:minor-latin; mso-hansi-font-family:calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:&qu

hi, i have installed wsus 3.1 first time. shows tonnes of updates old , new. lot of updates applied clients. how sort these updates not sure if applied clients or not? approve updates , there workstations/servers download ones need? or best method follow? thanks celtic i suggest following: 1. first, start security updates, they're critical organization. 2. in security updates view, make sure superseded column displayed. big help. 3. filter security updates view approval=unapproved , status=needed. 4. sort on superseded column new (not superseded) updates @ top of list. 5. select of unapproved/needed/notsuperseded security updates , approve them. 6. resort on superseded column invert column , select other group of not superseded updates. 7. repeat step #2 thru #6 critical updates using critical updates view. 8. repeat step #2 thru #6 remainder of updates using updates view. after known needed updates have been installed, return updates view and filter on approval=unapproved , stat

hi, i testing functions of powershell in ad. have script works way wanted. trying extract group , nested groups user memebr of user , assumed line here should able provide information  $i.properties.item("memberof"). can me understand how achieve this?  $domainname = [adsi]""  $searcher = new-object directoryservices.directorysearcher($domainname)  $searcher.filter = "(&(objectclass=user)(name=*my*))"  $user = $searcher.findall()  $groupn = [adsi] " ldap://cn=ctxgroup,ou=ctx,dc=home,dc=lab "     foreach ($i in $user)     {         $userdn = $i.properties.distinguishedname         $guserdn = " ldap://$userdn "         $groupn.add($guserdn)     }           $i.properties.item("memberof")         hey,   the simplest way approach other way around. have query find groups instead of finding user , processing memberof.   e.g.   $ldapfilter = "(&(objectcategory=group)(

i have virtual server running 2k12 r2 running directaccess. has public ip v4 , private v4 in dmz. i have connection established on win10 laptop, throughput shocking , testing on 100meg connection see 1meg if im lucky. it using ip-https surely performance cant expected. there no way users accept it. can me? hi, sorry delay. testing in lab. it seems speed of directaccess  in lab normal. here screenshot of lab: have tested windows 8.1 clients? if windows 8.1 has issue, means there wrong directaccess deployment. first, please check if da server overload.(cpu, ram, etc) if server ok, please check if there firewall between server , client. i've seen case hardware firewall drops directaccess packets due policy. may perform network capture on client , server check if there tcp retransmission. to download network monitor, please click link below: http://www.microsoft.com/en-us/download/details.aspx?id=4865 best regards. steven lee please remember mark replies a

hi everyone before 2 days appliyed account lockout threshold policy, made 4 time attempts. aftert got lot of complains users when open outlook asking password , put correct password not accepting, disabled policy , still till not applied mean still having passowrd issue. , if user put wrong password 4 times account locked . i dont know how can stop policy heat :( thanks in advance .  hi, since have disabled account lockout policy in gpo account lockout issue still persists. current issue might because multiple gpos have account lockout policy defined , linked domain level. although have disable 1 set before, other gpos might still in function, leads account lockout issue. further clarification, suggest check following information can more concrete idea issue. gpmc.log ================== a. on domain controller, click start ->run, type gpmc.msc, load gpmc console. b. right click on "group policy result" , choose wizard generate report problematic

hello , having ibm blade s series server nas configure ,i trying load windows 2008 r2 64bit os ibm utl installation guide got stuck on while installing file ,sometime not start installation ..pls guide me..we trying install trial version copy later going register microsoft. pls suggest solotuin   regds wasi syed hi,   since using ibm tool install system, not best resource troubleshoot issue. suggest contacting ibm direct assistance.   tim quan Windows Server  >  Setup Deployment

i can't add  network policy server in features roll, windows server 2012 release candidate, no wifi connection. error 0x800f0922. hi vassine, thanks posting here. may know actual system prompt message when attempted add nps feature besides error id?   perhaps screen shot preferred. could try install running powershell command “ add-windowsfeature npas-policy-server -includemanagementtools ”? thanks. tiger li tiger li technet community support Windows Server  >  Windows Server 2012 General

hi community out there. i new have windows 2008 r2 server connect via rdp. used use in such way sound plays using rdp host computer (i understand computer connect server with) have been able new usb speakers want able play sounds on server itself, if have rdp connection open. point cycle also, on rdp connection hear windows sounds , other sounds play them, software running , want alert me audible alarm not play sound on rdp. i hoping there can me sound playing directly on speakers installed on server when logged on via rdp server computer. there seem lot of people out there have had similar problems , rundown or checklist step-by-step of ensure needed best. (quick note: server is not connected internet , cannot connect it internet). thanks in advance. hi, according description, understanding want able hear sound played on remote server, correct? if yes, doesn’t seem possible me speaker connected server instead of local system. you may connect speaker local syste

hello i have 2 tiered pki structure. 1 offline standard root ca.  , 2 enterprise issuing subordinate ca.  of them running microsoft software key storage provider 256 hash algorithm. also new certs issued issuing ca has hash256. root ca , intermediate subordinate certs on sha1 though actual web server cert has hash256 . an error on chrome running sha1.  if renew root , subordinate ca cert error go away? also understand enterprise sub ca send new intermediate root cert automatically computers in domain.  but how push offline root ca cert computers in domain. when issue new cert, have new intermediate cert , root cert in chain?  what best solution address this thanks > how push offline root ca cert computers in domain you can use certutil: certutil -dspublish -f cacertfile.crt rootca , after group policy update clients receive new root ca certificate. vadims podāns, aka powershell cryptoguy weblog: www.sysadmins.lv powershell pki module: pspki.codeplex.com

can upgrade windows xp sp2 windows vista , windows 7 ? please elaborate. pravric hello, direct upgrade windows vista, yes. more details in: http://windows.microsoft.com/en-us/windows-vista/upgrading-from-windows-xp-to-windows-vista http://technet.microsoft.com/en-us/library/cc748915(ws.10).aspx direct upgrade windows 7, no. more details in: http://windows.microsoft.com/en-us/windows7/help/upgrading-from-windows-xp-to-windows-7 http://technet.microsoft.com/en-us/library/dd446674(ws.10).aspx http://technet.microsoft.com/en-us/library/dd772579(ws.10).aspx additional keep in mind forum windows server related questions, in case please use microsoft answers forum next questions: http://answers.microsoft.com/en-us/default.aspx best regards meinolf weber disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights. Windows Server

hi there, i read lot of post here , google problem, didn´t solution. via wsus rolled out ie9 2008 r2 servers in our environment. had trouble outlook today view , other applications. if uninstall of ie9 can´t roll former version. after uninstallation , reboot there no other version of ie available. is there way roll back? thanks markus administrator for ie9 queries, post here. http://social.technet.microsoft.com/forums/en-us/ieitprocurrentver/threads thanks Windows Server  >  Windows Server General Forum