Quantcast
Channel: Directory Services forum
Viewing all 31638 articles
Browse latest View live

ADFS error 111 and 364

August 19, 2014, 2:57 am
$
0
0

we have a windows azure server with active directory and adfs (icw Office 365)

this has worked in the past

since yesterday the services stoped working

i checked and saw it wasn't pointing to itself for dns (instead a other dc) and in the eventlog there was a meesage the password for the managed service account wasn't reset

i point the dns to 127.0.0.1 and verified it could resolve local and remote hostnames 
after this i reset the managed service account password and restarted the server

i replaced the company and domain name in the logs bellow

Log Name:      AD FS/Admin
Source:        AD FS
Date:          8/19/2014 11:48:22
Event ID:      111
Task Category: None
Level:         Error
Keywords:      AD FS
User:          domain\ADFS$
Computer:      company-dc01.company.com
Description:
The Federation Service encountered an error while processing the WS-Trust request. 
Request type: http://schemas.microsoft.com/idfx/requesttype/issue 

Additional Data 
Exception details: 
System.TypeInitializationException: The type initializer for 'Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService' threw an exception. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, Object[] args)
   at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
   at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)

System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
Event Xml:<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" /><EventID>111</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000001</Keywords><TimeCreated SystemTime="2014-08-19T09:48:22.405647300Z" /><EventRecordID>1021</EventRecordID><Correlation ActivityID="{00000000-0000-0000-1A00-0080000000C0}" /><Execution ProcessID="3676" ThreadID="4560" /><Channel>AD FS/Admin</Channel><Computer>company-dc01.company.com</Computer><Security UserID="S-1-5-21-2034257005-3014172703-327212626-1115" /></System><UserData><Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events"><EventData><Data>http://schemas.microsoft.com/idfx/requesttype/issue</Data><Data>System.TypeInitializationException: The type initializer for 'Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService' threw an exception. ---&gt; System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable&amp; attributesToGather)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable&amp; attributesToGather)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean&amp; bServiceExists)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark&amp; stackMark)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, Object[] args)
   at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
   at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1&amp; identityClaimSet)

System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable&amp; attributesToGather)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable&amp; attributesToGather)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean&amp; bServiceExists)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()</Data></EventData></Event></UserData></Event>
Log Name:      AD FS/Admin
Source:        AD FS
Date:          8/19/2014 11:48:22
Event ID:      364
Task Category: None
Level:         Error
Keywords:      AD FS
User:          domain\ADFS$
Computer:      company-dc01.company.com
Description:
Encountered error during federation passive request. 

Additional Data 

Protocol Name: 
Saml 

Relying Party: 
http://adfs.company.com/adfs/services/trust 

Exception details: 
System.TypeInitializationException: The type initializer for 'Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService' threw an exception. ---> System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, Object[] args)
   at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
   at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1& identityClaimSet)
   at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1& identityClaimCollection)
   at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri& replyTo, IList`1& identityClaimCollection)
   at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSsoSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken& ssoSecurityToken)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable& attributesToGather)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable& attributesToGather)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean& bServiceExists)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()


Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="AD FS" Guid="{2FFB687A-1571-4ACE-8550-47AB5CCAE2BC}" /><EventID>364</EventID><Version>0</Version><Level>2</Level><Task>0</Task><Opcode>0</Opcode><Keywords>0x8000000000000001</Keywords><TimeCreated SystemTime="2014-08-19T09:48:22.549017600Z" /><EventRecordID>1022</EventRecordID><Correlation ActivityID="{00000000-0000-0000-1A00-0080000000C0}" /><Execution ProcessID="3676" ThreadID="4560" /><Channel>AD FS/Admin</Channel><Computer>company-dc01.company.com</Computer><Security UserID="S-1-5-21-2034257005-3014172703-327212626-1115" /></System><UserData><Event xmlns="http://schemas.microsoft.com/ActiveDirectoryFederationServices/2.0/Events"><EventData><Data>Saml</Data><Data>http://adfs.company.com/adfs/services/trust</Data><Data>System.TypeInitializationException: The type initializer for 'Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService' threw an exception. ---&gt; System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable&amp; attributesToGather)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable&amp; attributesToGather)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean&amp; bServiceExists)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()
   --- End of inner exception stack trace ---
   at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)
   at System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
   at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark&amp; stackMark)
   at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
   at System.Activator.CreateInstance(Type type, Object[] args)
   at Microsoft.IdentityModel.Configuration.SecurityTokenServiceConfiguration.CreateSecurityTokenService()
   at Microsoft.IdentityServer.Web.WSTrust.SecurityTokenServiceManager.Issue(RequestSecurityToken request, IList`1&amp; identityClaimSet)
   at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.SubmitRequest(MSISRequestSecurityToken request, IList`1&amp; identityClaimCollection)
   at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestBearerToken(MSISRequestSecurityToken signInRequest, Uri&amp; replyTo, IList`1&amp; identityClaimCollection)
   at Microsoft.IdentityServer.Web.Protocols.PassiveProtocolHandler.RequestSingleSingOnToken(ProtocolContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSsoSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken, SecurityToken&amp; ssoSecurityToken)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.BuildSignInResponseCoreWithSecurityToken(SamlSignInContext context, SecurityToken securityToken, SecurityToken deviceSecurityToken)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.Process(ProtocolContext context)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.ProcessProtocolRequest(ProtocolContext protocolContext, PassiveProtocolHandler protocolHandler)
   at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

System.NullReferenceException: Object reference not set to an instance of an object.
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetDnsHostNameFromNtdsSettingDN(IDRServerContext context, String distinguishedName)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindAllGCsInDomain(IDRServerContext context)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.GetGCWithLowestGuid(IDRServerContext opContext)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.FindDRServiceObjectInDomain(DRServiceAttributesFlags flags, Hashtable&amp; attributesToGather)
   at Microsoft.DeviceRegistration.ADAdapter.ADStore.IsDRServiceObjectInEnterprise(String serviceName, DRServiceAttributesFlags flags, Hashtable&amp; attributesToGather)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerPhase2(DRServiceContext context, Boolean&amp; bServiceExists)
   at Microsoft.DeviceRegistration.Utilities.DRServiceManager.InitializeServiceManagerForSTS(Boolean forceReInitialize)
   at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService..cctor()</Data></EventData></Event></UserData></Event>


Search

AD 2008 R2 Forest recovery

August 18, 2014, 11:49 pm
$
0
0
I have a single domain, single forest architecture. AD is  - Win2008 R2, 2 sites, 2 DCs in each sites. I have a full backup of system state take from all DCs in place.

AD database got corrupted totally and, and I want to rebuild by AD from scratch from system state backup. I want to know about the  process of full AD recovery and recover all DCs.


AD Replication Issue

August 19, 2014, 12:34 am
$
0
0

Hi,

My AD Server replication is taking too long,

while checking repadmin /replsummary



It is a normal replication ? or any issue in my server ?

While pinning my server in particular site i'm getting Requested time out for every 10 reply, wt may be the issue ??

many thanks

Regards, Hari Prasad.D

Domain Controller service packs

August 19, 2014, 5:05 am
$
0
0

I need to put in a new domain controller on our network which currently consists of a Windows 2003 DC, Windows 2008 R2 server (fsmo roles).

The new server has Windows 2008 R2 SP1 installed and after checking the other 2008 r2 dc this doesn't. Are there any issues with running these 3 dc's?

I will upgrade the current 2008 r2 to sp1 out of hours soon. The 2003 dc can then be retired.

All the other servers running exchange 2010 are already on sp1. I also note that SP2 is out, apart from checking with our software vendors are there any issues with sp2 on dc's?

Thanks in advance?

Guideline on FSMO role transfer

August 19, 2014, 5:14 am
$
0
0

Hello,

Is there a guideline from Microsoft that recommends which way to go when it comes to tranferring FSMO roles? For eg. is it better to transfer the forest roles (2 roles) first and then the domain roles (3 roles) or the other way around?

Thanks

TIA TP


no tombstoneLifetime attribute

August 18, 2014, 9:23 am
$
0
0
Hello!

One of my domains does not have the attribute tombstoneLifetime in cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,dc=
I spot this circumstance out while implementing AD Recycle Bin. Therefore the command for extending the lifetime
Set-ADObject -Identity “CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=com” –Partition “CN=Configuration,DC=contoso,DC=com” –Replace:@{“tombstoneLifetime” = 365}
could not work.

Should I substitute the –Replace with -Create ?
What is the correct behaviour?

Command line window preferences

August 19, 2014, 5:58 am
$
0
0

Hi,

I have problem with settings command line window in computers working in AD. Every time when new computer is connecting to AD, the command line window is small. My question is can I create GPO with settings for CMD window and push to computers?

Sorry for bad English.

Try to Install promote server into domain controller

August 19, 2014, 6:37 pm
$
0
0

Hello, I am trying to promote a Windows Server 2012 R2 Server DataCenter to domain controller from Windows 2003 Server Pack 2 Domain.  On the Windows Server 2012 R2 Server I am getting the error:  Verification of Replica Failed. The Forest Functional Level is Windows 2000. To Install a Windows Server 2012 R2 Domain or Domain Controller the Forest Functional Level must be Windows 2003 or higher.

I raised the Functional Level on the Windows 2003 Server SP 2 Domain Controller to Windows 2003  

However, I am still getting the same error:  Verification of Replica Failed......

Looking for answers. 

Van R. Johnson

Search

Server joined to domain (remotely) sits at please wait screen before ctrl + alt + del for 20 minutes before working, when removed from domain it boots in 15 seconds

August 19, 2014, 12:39 pm
$
0
0

Hi there,

hope this makes sense but I'll try and explain the best I can.

I have set up a windows server 2012 domain controller fresh out the box in our datacenter (not on our local network), nothing fancy and no GPO etc. Just active directory domain services and routing & remote access is set up with a working VPN connection that I can connect into fine.

When I join my windows server 2012 r2 server that is in my home office to the domain (once connected to VPN) the server sits at the please wait with the spinning circle after being powered on for around 20 minutes before finally getting to the CTRL + ALT + DEL screen. As mentioned no local or group policies exist that would cause this and once it eventually goes to the login screen I can sign in using the VPN connection I've made available to all users without issue. Even more confusing is when I remove the server from the domain it boots up instantly as you would expect with a SSD Raid configuration.

I can access the shares and the server via \\servername\c$ etc once signed in and on the VPN with it as a workgroup and rdp to the server via dns name

but Ideally I'd like it on the domain and logging in without waiting a long time.

Does anyone have any suggestions, I've tried the whole disable all startup services and booting however this is a clean install and its not making any difference.

Thanks in advance!

Delegate Control Not Working

August 14, 2014, 9:52 am
$
0
0

I have an AD Group that has 12 users inside of it.  I did a delegate control for this group and here are the settings I allowed them to perform.

I've had users log off and back on yet they still cannot modify user accounts.  They can't move then, they can't change the description field....nothing.    

why not?  what else do I need to grant for them to update/modify User/Computer accounts?  

mqh7

Forest Configuration Operators

August 14, 2014, 12:22 pm
$
0
0
I'm commissioning a new Windows Server 2012 R2 AD DS forest for a customer and have implemented the ten recommended service management roles as per the Best Practice for Delegating Active Directory Administration. The first test of the delegation model was to create a new child domain with a privileged account that's a member of the Forest Configuration Operators Role group. Unfortunately the test failed because the promotion process appears to check to see if the account is a member of the Enterprise Admins security group, which of course it's not. Can I create a child domain with an account that's a member of the Forest Config Ops administrative role or shall I bin this role off and just use EAs?

Cheers,

Tom Houston, UK Identity Management Practice

DC Cannot boot. keeps going into recovery mode

August 16, 2014, 10:00 am
$
0
0
I have a site in ADSS that changed subnets. Its a remote office with only 1 DC.  I did not change the ip of the DC before shutdown and now I cannot login to the DC. any idea what to do?

AD Windows Server 2003 RPC is not available 1722 (0x6ba), 8440 (0x20f8) win32

August 17, 2014, 12:58 am
$
0
0

Hi all, I have only 1 active directory domain and two domain controllers.

 

Domain controllers are Windows Server 2003 SP2 32bit

 

I have two problems:

 

1. GPOs are not applied when I run gpupdate / force, the following error message:

 

Error processing Group Policy. windows could not read the \\ <domain> \ sysvol \ <domain> \ {yyyyyy-xxxxxxxx} \ gpt.ini

 

2 When you run repadmin / syncall / d / e, I get the following error:

 

<nerwork error>: 1722 (0x6ba)

Syncall exited with fatal Win32 error: 8440 (0x20f8):

The co-text of the name specified in the operation is not valid replies

 

greetings

Microsoft Certified IT Professional Server Administrator

Everyone Group on all Shared Folders

August 19, 2014, 11:53 pm
$
0
0
we are trying to pull out a report to find all shared folders in the domain which have Everyone Group assigned to it. Is there a way to do it?

creating a design picture

August 17, 2014, 5:18 am
$
0
0

Guys,

For a technical documentation about AD, i need to create a visio. I need to create a central ou and a local group ou, global groups, workstation with desktop and notebook ou's and a user ou for each department.

Can someone give me an example about how the picture should look? I was thinking about something like this:

Many thanks for a reply


Search

Removing Active Directory Domain Services from Server 2012 Standard

August 17, 2014, 10:43 am
$
0
0

Hi Guys.

i have two Server 2012 Standard Servers DC1 and DC2, i have promoted and installed ADDS on both servers, moved all FSMO roles to DC2, now i want to remove ADDS from DC1 i get DNS "Remove this DNS Zone (This is the last DNS server that hosts the Zone)" but i have DNS role installed on DC2.

Please assist

Regards

NicWaks

Domain Recovery

June 25, 2014, 2:16 pm
$
0
0

BACKGROUND:

I had a domain with two Server 2012 DCs: DC1 and DC2.

 

I decommissioned DC2 by removing the role, and had no problems.  The domain appeared fine afterwards.

 

I then created two new Server 2012 R2 DCs: DC01 and DC02.

 

Again, there did not seem to be any issues with the domain and the three DCs appeared fine.

 

Next i transferred the FSMO roles from DC1 to DC01, then i tried to demote DC1 which complained repeatedly.  I could not get DC1 to demote, and none of the logs showed the sources of the problem, so after following a Perti guide on removing a dead DC, forced the demotion of DC1 (just ticking the tick box to force it).  That is when I realised that DC01 and DC02 were not sufficient, and the domain was lost.]

 

I used a System State backup of DC1 (in Directory Services Recovery Mode) to recover that machine and the domain is back up again, users can log in once more, but there are many errors in DCDiag.  I cannot ping the domain, and when I shut down DC1, the domain is once again inaccessible.

 

The main problems are:

 

Since restoring DC1 the computer object does not exist in the domain

I cannot ping the domain (Home.net)

I cannot manage the domain (AD Users and Computers) from either DC01 and DC02

DC01 and DC02 do not have SYSVOL or NETLOGON shares (appear to never have had since migrating the FSMO roles - why??)

         Warning: DsGetDcName returned information for \\DC1.Home.net, when we were trying to reach DC01.
         SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
         ......................... DC01 failed test Advertising
 
 

WHAT I AM TRYING TO ACHEIVE:

I ultimately want to remove DC1 and keep DC01 and DC02, however, i understand this may not be possible.  It IS an option to completely delete DC01 and DC02 and rebuild those machines from scratch (one physical and once VM).

 

My main concern is that I may lose the domain again.

 
Can anyone help me with this?

thumbnailPhoto Attribute Active Directory Users & Computers

August 20, 2014, 2:50 am
$
0
0
Hi, I have successfully imported user pictures within the AD in respect of the thumbnailphoto attribute and this is being replicated as part of the GC.  Does anyone know of any extensions for Active Directory Users & Computers so that an administrator can view the photo in the way of an extra tab etc.  The Domain and Forest are currently 2012 functional mode. Any help of viewing the photos within AD users & Computers would be great. 

Carl Smith MCITP-EA

ADFS 2012 R2 federationmetadata.xml not available

August 20, 2014, 4:44 am
$
0
0

Hello, i have configured ADFS on a Windows Server 2012 R2 server. I used this howto http://blogs.technet.com/b/rmilne/archive/2014/04/28/how-to-install-adfs-2012-r2-for-office-365.aspx

I'm now at the point that i want to verify that the federation service is operational by browsing to:

https://adfs.<FQDN>/FederationMetadata/2007-06/FederationMetadata.xml

the browser returns: This page can't be displayed

As a FQDN i use a internet routable address which is also the default UPN. I've imported a 3rd party public trusted wildcard certificate. I created adfs as a host record in DNS. I've added the FQDN to trusted sites in iexplorer. The certificates for Service communication, token signing and token decrypting are in place and don't show any errors. I can ping adfs.<fqdn> succesfully. The adfs service is running without errors. When i runnetsh show http urlacl i can see the following:

Reserved URL            : https://+:443/adfs/
    User: NT SERVICE\adfssrv
        Listen: Yes
        Delegate: Yes

I know that the latest ADFS version uses kernel mode http so i cannot use IIS to check any published service for ADFS. 

Now i'm stuck at verifying the federation service. Anyone know what to check next? 

Any help would be appreciated.

Regards

Removing a 2003 DC and replacing it with 2008R2 DC

August 19, 2014, 8:05 am
$
0
0

hi all. 

i have been doing a lot of reading and think i know the correct process, i just wanted to double check with the community.

we have 2 DC's in our environment DC1 and DC2 

DC1 is 2008r2 and hosts ADDS/DNS/DHCP/GC and all FSMO roles

DC2 is 2003 and hosts ADDS/DNS/GC and is there for redundancy

DC2 is a bit on the old side and i would like to remove it and replace it with a newer 2008r2 DC, from what i have read it seems the best process for this would be to run DCPROMO from DC2 and demote it and remove then promote a new server

DC3 is the server in waiting so running DCPROMO to promote it to a DC and allow replication to do its stuff and job done.

are there any steps that i am missing?

cheers

Gordon

Viewing all 31638 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>