We have added some AWS DC using EC2 and CloudFormation pipeline.
The Reverse IP Addresses are are look like:
ip-0aa202f8-aws.ex.example.net
Where our domain is example.net.
Our on-prem DNS is handled by an external DNS.
Would we expect to encounter any issues from this scenario and if so, what might those be?
As the DNS from AWS is not under our control, how could this be mitigated?
Thanks!
-jim
-jim
Dear Folks,
We are going to upgrade OS from 2012 to 2016, hence we are going to format my remote location AD server and install server 2016.
Please suggest, what we can do the best for the same as I want to format server and create domain with same hostname and IP as earlier.
Yogee.
Hi I was directed here. There is a possibility that we need to create SPNs such that a hop from 1 sql server to another works and stops issuing the dreaded anonymous log on error.
David Postlewhite seems to warn at https://www.youtube.com/watch?v=oY9-qctTMwQ that different time zone clocks on servers participating in such hops can be a problem. But I may have misunderstood. Is there an issue with time zones, hops and Kerberos? My concern is that even if we conclude not, that we might be surprised at some point and wish we'd consulted with experts. I did try to contact David but I haven't heard from him.
Hello, please move if in wrong forum
I have a domain; 7 Domain Controllers, 40 servers and 75 Win10 Desktops. This is a developer’s network and needs rebuilding. I have funding to rebuild as Server 2012 r2 or Server 2016.
I desire to rebuild with Server 2016, but only installed standalone servers as 2016
My Question:
Is 2016 the same as 2012 r2, or with total rebuilding 2016 is there a difficult learning curve?
-Server 2016 Domain Controllers similar to Server 2012 r2, or a learning curve
-Server 2016 SQL similar to Server 2012 r2, or a learning curve
-Server 2016 Exchange similar to Server 2012 r2, or a learning curve
-Server 2016 SharePoint similar to Server 2012 r2, or a learning curve
-Server 2016 friendly with 3<sup>rd</sup> party applications; McAfee, PDQ, Print Drivers, Symantec, Etc
I know this is a loaded question and depends on experience, just asking if Server 2016 across the board is similar to Server 2012 r2
Thank you
Thank you Bruce
Hello,
Does anyone know why the event below triggered?
- User confirmed that Guest account was not utilized.
- No, trace that user created a share with a permission of "Everyone".
==========================================================
Eventlog:
An account failed to log on.
Subject:
Security ID: S-1-2-34-56789123456-56789123456-56789123456-0987
Account Name: Superman
Account Domain: Domain
Logon ID: 0x1234ab12
Logon Type: 3
Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name: Guest
Account Domain: Domain
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xc000006e
Sub Status: 0xc0000072
Process Information:
Caller Process ID: 0x9999
Caller Process Name: C:\Windows\explorer.exe
Network Information:
Workstation Name: Machine
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
Thank you!
Hello,
I am trying to understand the event that we are receiving on the Security log.
Below are the details:
- SQL AD Account is enabled.
- Event happens everyday on a specific time
Subject:
Security ID: S-1-2-34-5678910-12345678-987456-1234
Account Name: SQLACCOUNT
Account Domain: Domain
Logon ID: abcxdef
Logon Type: 3
Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name:
Account Domain:
Failure Information:
Failure Reason: Account currently disabled.
Status: 0xc000006e
Sub Status: 0xc0000072
Process Information:
Caller Process ID: 0x1ab0
Caller Process Name: C:\Program Files (x86)\Microsoft_SQL\SERVERMSSQL\SQLMS\Binnnn\sqlservr.exe
Network Information:
Workstation Name: DC
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Authz
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon request fails. It is generated on the computer where access was attempted.
Questions:
1. Anyone experiencing the same like Account Name under "Account for which Logon Failed" is null? Does this mean that the Account Name on the subject should be the account being referred to here as well?
2. We actually checked and confirmed that the SQLAccount is currently enabled on AD. Anyone knows why this is triggering EVENT ID4625, Sub Status: 0xc0000072 with Logon Type3?
3. How to best handle this as we verified that script is working properly.
Thank you!
Hi All
i have a monitoring solution which threw an alert that LDAP query has failed on the my DC02. There is no much information in the alert. i am not sure what needs to be checked. experts guide me on this.
Hi Can anyone help me to solve this,
the Policies folder at sysvol on my DC1 and DC2, dont replicate
also the CN=DFSR-LocalSettings object at ADSI Edit was Missing
Thank You
why is too easy to DUMP the NTDS.DIT passwords? Get-ADDBAccount and DSInternals
I´ve just tested the DSInternals tool and on an offline research, i was able to see all user´s passwords with a small cmdlet Get-ADDBAccount
When I have enabled my proxy (for work environment), since a couple of weeks it disables the proxy at random intervals. This happens quite a lot during the day.
I have looking at the Event log and found Application Services and logs > Microsoft > Windows > WinHttp > ProxyConfigChanged logs these changes. However, there is not enough information for me to determine what is causing this.
Al the logging statement in the Event log are saying
The description for Event ID 5600 from source Microsoft-Windows-WinINet-Config cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.So I am stuck pinpointing why the proxy keeps disabling. Does anyone have any clue on where to start looking further?
Hi all,
I have a task to create AD organization structure on a way that we see who is the boss over who etc.. Can anyone help?
Dear
In the past this client had only one SBS server. About two years ago, they added a second domain controller (Windows server 2016) to the existing SBS domain.It seems that AD replication was working till last night, but SYSVOL replication never completed to the new2K16 domain controller.Since last night, the SBS domain controller is not working anymore, the only thing he’s doing is answering on a ping, nothing more.
So now we end up with two domain controllers, one SBS which is not working, and one Windows 2016 DC which is not advertising himself as a domain controller.That means that AD is completely down.
I tried to perform an authoritative restore using Burgsflag set to D4 on the 2K16 server. NTFRS is waiting for a sync to complete (which not works) before enabling sysvol and netlogon share.
I cannot force NTFRS or DFSR sync for sysvol as I can’t reach Active Directory through ADSIEdit on neither the SBS not the Windows 2016 DC.
How can we force the Windows 2016 DC to advertise himself as domain controller and enable sysvol and netlogon share and to make Active Directory services available on the 2K16 DC?
Users are not able to get access to any file, printer or application resource because there is no DC available that’s working correctly.
Thanks for the feedback.
Regards
Peter
Peter Van Keymeulen, IT Infrastructure Solution Architect, www.edeconsulting.be
Hello,
Due to some business use cases we have to disable last-logon TIME from the lastlogontimestampattribute on AD 2008 R2.
Could someone please advise what are possibilities disabling this on domain level.
I want to restrict Domain user log-in through multiple computer at a time in domain environment.
I have a domain with three domain controllers(windows server 2008 R2 Standard Edition). For a couple of days they restart at irregular intervals of time (10 minutes, 20 minutes, 1 hour, 12 hours ...).
The restart occurs by an lsass.exe appcrash.
Event ID 1015:
A critical system process, C:\Windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted
Faulting application name: lsass.exe, version: 6.1.7601.24540, time stamp: 0x5ddf363e
Faulting module name: ntdll.DLL, version: 6.1.7601.24540, time stamp: 0x5ddf3f5f
Exception code: 0xc0000374
Fault offset: 0x00000000000bf232
Faulting process id: 0x208
Faulting application start time: 0x01d5b80df8485bf8
Faulting application path: C:\Windows\system32\lsass.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: 5e13fab2-24ad-11ea-af26-005056b8001d
Hi Support,
DNS server was unable to complete directory enumeration of zone xyz.com. DNS is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that Active Directory is functioning properly and repeat enumeration of the zone.
I had recently promoted a new DC but no DNS zone is replicated to my new AD integrated DNS server and error is above. I tried below help, but no luck. any help is highly appreciated, pls.
Arif
Hi all,
everyday, to check Health DCs, i use command "repadmin /replsummary", everything is okay with no fail. One day, i have updated windows and restart, after i run command "repadmin /replsummary" again then have some errors:
Source DSA largest delta fails/total %% errorplease check for me
Thanks!
Hi All,
I need to know the basic and simple steps to give permissions to a domain user which we are using for our ArcSight connector to read logs from event viewer of Windows servers. We need to read Security, System and DNS diagnostic logs. DNS diagnostic (Analytical) logs has been enabled in the server and logs are visible in the event viewer.
Please help with some document or link which shows the necessary steps to be followed in order to read above logs (especially DNS diagnostic logs) from event viewer.
Thanks in Advance.
Regards,
Mitesh Agrawal
I'm trying to set up a disaster recovery backup and I'm testing a recovery scenario in isolation. Here's what I did thus far:
- I've made a bare-metal and system-state backups with Windows Server Backup of one of our DC VMs
- I've placed the backup onto a VHDX drive
- I've created a new HyperV VM; it's connected to a private network (isolated) and attached the VHDX with the backups. Using a Windows Server 2016 ISO I restored the bare-metal backup
- I've reconfigured the network adapter to have the same IP as the original DC VM
- I've entered DC recovery mode and restored the system-state backup as AUTHORITATIVE
- I've seized all domain and forest roles
Now, post boot the server has no SYSVOL and NETLOGON shares. The network is not identified as a domain, but is "unidentified public". DNS is working fine and NSLOOKUP calls seem to be correct. I cannot access the AD Users and Computers MMC because I get a "Naming information cannot be located because the specified domain either does not exist or could not be contacted" error.
Here are the DCDIAG results: https://pastebin.com/dRqZPrGU (it's too long to paste here as there's an error related to Azure AD sync that's spammed all over the log, unfortunately).
Any idea what's going on here? Am I doing something wrong or is there something wrong with the backup? Or is there something wrong with the original DC VM server and it's not a viable source for a DC backup?