Light

all, have external ad forest created in dmz, 1 dc (2012 r2), running windows ca , adds , ldaps port 636 enabled other network. there 1 2008 r2 web server in workgroup, application (java based)running on box connects dc through ldaps user authentication\user account creationn\deletion using ldaps service account (used inside application). setup , working fine. it’s been found per ad policy auto unlock of ad account not working after 30 minutes (in ad policy set after 3 wrong password, lock account , policy unlock account after 30 minutes). after troubleshooting found that, accounts able authenticate ad has below sequence of events. 4776-credential validation 4648-explict credential logon audit. 4624- successful logon audit 4634- logoff event user have tried wring password more 3 times has below scenario 1. after 3 bad password attempts, users not able login. 2. accounts not getting locked (no account lockout event) in ad. 3. administrator logge...

hello folks, i have 2 vps machine running windows server 2012 r2. 1. ad server vpn 2. anti-virus server when connect anti-virus server ad server via vpn, vpn connects lost remote desktop connection of anti-virus server. is there way me connect vpn on machine while having remote desktop connection simultaneously? i appreciate help! thanks & regards, ali hi ali, when connect anti-virus server ad server via vpn, vpn connects lost remote desktop connection of anti-virus server. >>>are there error message when lost connection? if yes, please post further research. best regards, jay please remember mark replies answers if help. if have feedback technet subscriber support, contact tnmff@microsoft.com . Windows Server  >  Windows Server 2012 Gene...

we designing our new cluster environment on hp blades 6 ethernet , 2 hba connections: ethernet  = 2 x on board and  4 x quad port hba =  1 x dual port i have been advised configuring live migration  on management network along cluster heartbeat. cluster heart beat , management protected using qos. qos set using gpo on ou contains hyper v hosts. the gpo be provide route for live migrations between nodes , ensure the cluster heartbeat , mgmt services not compromised i have no experience of using gpo qos in server 2012. can 1 provide incite or if there better way deliver qos on management network that have heart beat , live migration services.   hi, based on research, can configure quality of service in group policy management applies computers or users, can find group policy under: computer configuration\windows settings\policy-based qos or user configuration\windows settings\policy-based qos ....

we have application requires continual login.   think best way handle setup unique acct in our terminal server continually logged in , application running in background.   however, if need review status of application need login disconnect make sure application remains running.  question can keep acct in disconnect indefinitely?  and, if there issues consider? if application requires this, create policy sets correct time limits (no time limit) here: user configuration\administrative templates\windows components\remote desktop services\remote desktop session host\session time limits\ you can within user configuration or computer configuration, best apply policy on account (or group contains account) using security filtering on gpo other users not affected. just remember logon account again , start application after reboot. kind regards, freek berson http://microsoftplatform.blogspot.com/ ...

so question... there documentation on setting vpn server protected firewall on dmz or isolated vlan vpn client connecting remotely via outside interface , having access internal devices? preferrably cisco pix/asa due microsoft being such partners cisco. the instructions nap_vpn_stepbystep works great in controlled lab environment described in document. the network scenario designed have routing configured client has full ip connectivity internal network no limitations post nap enforcement. when "vpn" interface configured , launched on client1, policies enforced via nps server , health checks run , golden. did mention vpn server has software routing between internal , internet subnets because there interface in each network.... how conveniant... *****this breaks down!!! in real world, there no guaranteed physical connectivity vpn client home computer same subnet on vpn servers internet interface. in fact, interface should enabled on vpn server in real world should 1 interface...

i using msrdpclient8 establish remote session , launch application on server using ms remote app mechanism. it found after setting below gpo  ,it possible establish multiple remote session , launch same application using remote app mechanism . restrict remote desktop services users single remote desktop services session  --> enabled i want know if expected , why behaves ? is documented in ms site ? somaraj hi amy, i not able restrict application launching multiple remote app sessions . i take input , try further identify reason . for time being close , make answered. thanks support , input. regards somaraj Windows Server  >  Remote Desktop Services (Terminal Services)

hi everyone have repeatedly problems loosing trust domain of 2008r2 servers in specific site 2 dcs in same site. in virtual env of vmware. serve iis , have particular services.. event id 5719 logged on servers whenever occurs servers cannot remote  domain user @ same time (receiving- "trust relationship between.................fails") when login locally , checking telnet dc - not successful in ports run tcpviw / other tools determine problem - cannot see common - no huge endpoint connected on tcp ports restart server fixing it. occurs every +-2weeks - need restart servers (it in prod env!!!) familiar with.. please advice thanks abed time synced ok on server ? regards, philippe don't forget mark answer or vote helpful identify information. ( linkedin endorsement never hurt :o) ) answer interesting quest ion ? create wiki article it! Windo...

hello all, not find statement in technet far; trying find whether member server,  2012 r2 (especially failovercluster/hyperv) supported when joined 2012 domain or not, (or in scenario, 2012 domain controller need upgraded 2012 r2 if there feature requires 2012 r2?) i appreciate help. in advance.  hi, i think may want ask or not server 2012r2 can join domain 2012 domain level? answer yes, server 2012r2 domain controller require least domain functional level 2003. the similar thread: can't add server 2012 existing domain http://social.technet.microsoft.com/forums/windowsserver/en-us/084593d4-e15c-4494-a9ca-ccc52c48828f/cant-add-server-2012-to-existing-domain?forum=winserverds hope helps. we trying better understand customer views on social support experience, participation in interview project appreciated if have time. helping make community forums great place. Windo...

i need hide explore from right click start. i enabled hide specified drives in my comp. but drives accessible form explore. thx.  hi, this expected behavior. policy (user configuration\administrative template\windows components\windows explore\hide these specific drives in computers prevents users accessing drives in computer, not in explore.   besides, based on research, not such group policy allows disable explore right-clicking menu of start. restrict user access drive, can consider using acl. more information, please visit:   still able use drives after applying hide drives policy http://support.microsoft.com/default.aspx?scid=kb;en-us;234897 Windows Server  >  Group Policy

i want replace words in config files, replace valor value in csv file example: user      new user abc        qwr wer       123456 i want search word  "abc" , replace "qwr" i write not know how add $configfiles=get-childitem . *.config -rec foreach ($file in $configfiles) { $file.pspath >> log.log $a= "" + $file.pspath + ".bkp" cp $file.pspath $a (get-content $file.pspath) | foreach-object {$_ -replace "decchi", "mono"} | set-content $file.pspath } adecchi can try , explain little better?  once run replace have write data file.  more exact explanation of problem helpful. hope helps! jason Windows Server  >  ...

i'm using esxi 5.0 serial port concentrator feature.  once configure virtual machines on esxi 5.0 add network serial port, can access vms remotely using telnet.  have tried riverbed virtual steelhead, , ubuntu. for riverbed virtual steelhead, don't need special configuration on virtual steelhead , works. for ubuntu, need redirect kernel console ttys0 adding  grub_cmdline_linux="console=tty0 console=ttys0, 9600" /etc/default/grub.   question:  need configure on window server 2008 r2 make work serial port concentrator? e.g. how redirect kernel console network serial port? i using vspc.py , avocent serial port concentrator telnet proxy telnet remotely.   thanks in advance. hello, for me belongs vmware , not microsoft, vmware has prepare passthrough windows server 2008 r2 vm. best regards meinolf weber mvp, mcp, mcts microsoft mvp - directory services my blog : http://msmvps.com/blogs/mweber/ disclaimer: posting ...

this started on 2008 ad server. after 10 logons server error occurs. "user profile service service failed logon. no more threads can created in system". after reboot no problem 10 logons. hi there useful article on topic http://answers.microsoft.com/en-us/windows/forum/windows_vista-security/user-profile-service-service-failed-the-logon-user/4ed66b21-c23e-42f1-98b2-706dcf931fae   if unsure of instructions please come here , post.   best regards, martin   if find information useful, please rate it. :-) Windows Server  >  Windows Server General Forum

i have a root domain ca on windows 08 r2 not allowing certs child domain due permissions.  there artical on how this? thanks! shawn   hi, please verify security permission configured correctly on certificate template: http://technet.microsoft.com/en-us/library/cc758774(ws.10).aspx#bkmk_10 posting provided "as is" no warranties, , confers no rights. please remember click “mark answer” on post helps you, , click “unmark answer” if marked post not answer question. can beneficial other community members reading thread. Windows Server  >  Security

0 down vote favorite i keep getting gpo error 0x80070bcb on windows 10 pro clients when trying install brother shared network printer. apparently error means can't find driver (or can't install it). the printer shared windows server 2012 r2 machine, dc in domain. printer defined in gpo in user configuration -> preferences -> control panel settings -> printers simple shared printer no special settings. i have downloaded latest driver brother website, claims driver whql certified. i have installed both 64-bit , 32-bit version of driver print server. i have enabled point , print restrictions via gpo in computer configuration -> policies -> administrative templates -> printers, , specified aforementioned print server authorized source of drivers. additionally, users can print machines in forest, , have disabled warnings , elevation prompts when installing new printer (warning enabled updating driver). printing works fine server. w...

password policy resides in computer settings. just wondering , how users affected through password policy thanks biswajit excellent postings.  understanding how password policies processed key in proper managment of users.  there no in-depth information on subject matter in typical books find available.  need use logic , common sense figure 1 out. the summary should take away that: password policy applied computers , not users.  user accounts defined on computer objects affected.  domain users affected password policy because policy applied domain controller computer objects.   visit blog: anitkb.com , knowledge base. Windows Server  >  Group Policy

hi have wifi network users laptop use wifi cisco acs authenticate ad through ias proxy. there users start use windows 8 , feed got problem authenticated. it's said it's related win8 , ias. advice on this? compatible? thanks , best regards, -- kf hi, thanks post. please check both client , ias server, see if there related errors recorded in event viewer. interpreting ias-formatted log files http://technet.microsoft.com/en-us/library/cc785145(v=ws.10).aspx troubleshooting ias radius server http://technet.microsoft.com/en-us/library/cc786978(v=ws.10).aspx ias log file http://technet.microsoft.com/en-us/library/cc958015.aspx best regards, aiden if have feedback on our support, please click here aiden cao technet community support Windows Server  >  Network Ac...

can below accomplished , how? we have domain has secondary zone domain b. users on domain b have been set in domain , there can access programs being hosted domain a. question becomes on how can have users in domain b authenticate in such way allow them access drive mappings on domain without having them manually run batch file that would map them neccessary drives?  hello, to access resources of domain, have create trust relationship. for drive mapping, can use gpp. this posting provided "as is" no warranties or guarantees , , confers no rights. microsoft student partner 2010 / 2011 microsoft certified professional microsoft certified systems administrator: security microsoft certified systems engineer: security microsoft certified technology specialist: windows server 2008 active directory, configuration microsoft certified technology specialist: windows server 2008 network infrastructure, configuration mi...

i've got rras installed , remote access manager installed well. vpn , rd gateway connections server work fine. trying enable direct access following errors: unable add interface {e2607698-921c-480e-a1cb-c72fe155c2ec} router manager ip protocol. following error occurred: cannot complete function. unable add interface {e2607698-921c-480e-a1cb-c72fe155c2ec} router manager ipv6 protocol. following error occurred: cannot complete function. i've tried permutations of changing settings ipv4 enable lan routing , lan/demand dial routing. 1 recommendation suggests disabling ipv6 on internal interface unclear how disable ipv6 on loopback interface. the direct access wizard ends red x next statement "the parameter incorrect" any appreciated very unsatisfying answer msft support "don't try , run direct access on dc". created vm , direct access installed , configured fine, i've got change bunch of router settings work. ...

hello, i have wsus server (windows server 2012 r2) , windows 10 client (1511) running in network. client side on windows 10 computer feels updates installed , everthing ok. if search new updates, windows tells me there no new updates. on server side, inside wsus console can see excatly same client has 118 updates (!) remaining. last contact server today?! now tried allready (client side): i run command: wuauclt /resetauthorization /detectnow i deleted registry keys: reg delete "hklm\software\microsoft\windows\currentversion\windowsupdate" /v susclientid /f reg delete "hklm\software\microsoft\windows\currentversion\windowsupdate" /v susclientidvalidation /f i run again command: wuauclt /resetauthorization /detectnow i deleted c:\windows\softwaredistribution directory and tried server side: i installed windows8.1-kb3095113-x64.msu , windows8.1-kb3095113-v2-x64.msu update enable windows 10 on older server installations. after no result activated...

we startup , finding increasingly having purchase new hardware support various environments , initiatives. toying idea of using hyper-v dell poweredge r905, have no experience either. because new stuff, wondering experience has been may have used either... , recommend development environment? also, how hyper-v compare other vm's, such vmware? (i price, @ least) finally, curious backup using veritas... there big cost upgrade hit here? can backup/restore entire vm? ohers may reply here re experiences, started: re hardware:   hyper-v planning , deployment guide:  http://technet.microsoft.com/en-us/library/cc794762.aspx to find list of supported server configs: go http://www.windowsservercatalog.com/ . select certified servers on right hand side. select wi ndows server 2008 (x64) on left hand side. select hyper-v on left hand side. the performance tuning guidelines windows server 2008 has been updated include perf guidelines virtualization servers: http://www.microso...

hi, i'm trying use dotnetzip, i'm getting strange error when use 'save' method. similar error icsharp zip assembly, , error looks powershell-specific, i'm posting here initially. i perform following steps documented on few different blogs without issues: [system.reflection.assembly]::loadfrom("$workingdir\lib\dotnetzip\ionic.zip.dll") $zipfilename = "test.zip" $zipfile = new-object ionic.zip.zipfile($zipfilename) $zipfile.addfile("test.txt") so far, no issues. everything's fine. when try call 'save' method write zip file disk, following occurs: ps c:\ziptemp> $zipfile.save() exception getting "formatvaluelist": "microsoft.powershell.commands.internal.format.freeformatentry.formatvaluelist" + categoryinfo : notspecified: (:) [out-lineoutput], getvalueinvocationexception + fullyqualifiederrorid : catchfrombaseadaptergetvalue,microsoft.powershell.commands.outlineoutputcomm...