Hi All,
As a part of recommendation from my security team, I have been instructed to disable SSLv2 in my Windows server 2008 R2 domain controller. I understand that implications of disabling SSLv2 vary from environment to environment. But if any one could please help me with a generalistic approach about the things I should consider, it would be of great use.
Rakesh Raj
Darshana Jayathilake
I am trying to figure out how to get the Biometric Fingerprint to accept my password from Windows7
Please Help
Thank you,
Sincerely yours,
Lavinia
Hi Guys
A while ago i had a power down on a remote site then the 1 of the domain controllers didnt start up.
i did a domain repair and it worked again i thought.https://www.veeam.com/kb1277
now i found out that the time service and netlogon dont start and system startup.
i didn have problems since we have a second ad in the site.
i can start the services and than it works again.
i have folowing errors when i do a dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = Server
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Inwood\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: Inwood\SERVER
Starting test: Advertising
Warning: SERVER is not advertising as a time server.
......................... SERVER failed test Advertising
Starting test: FrsEvent
......................... SERVER passed test FrsEvent
Starting test: DFSREvent
......................... SERVER passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER passed test SysVolCheck
Starting test: KccEvent
......................... SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: Replications
......................... SERVER passed test Replications
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: Services
w32time Service is stopped on [SERVER]
......................... SERVER failed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x000727A5
Time Generated: 03/01/2016 01:57:06
Event String:
The WinRM service is not listening for WS-Management requests.
An error event occurred. EventID: 0x00000842
Time Generated: 03/01/2016 01:57:36
Event String: The Server service is not started.
An error event occurred. EventID: 0xC0001B6F
Time Generated: 03/01/2016 01:57:36
Event String:
The Netlogon service terminated with the following error:
An error event occurred. EventID: 0xC0001B59
Time Generated: 03/01/2016 01:57:45
Event String:
The Fortinet Single Sign On Agent Service service depends on the Netlogon service which failed to start because of the following error:
A warning event occurred. EventID: 0x00002724
Time Generated: 03/01/2016 01:58:20
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
An error event occurred. EventID: 0x0000002E
Time Generated: 03/01/2016 01:58:20
Event String:
The time service encountered an error and was forced to shut down. The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.
An error event occurred. EventID: 0xC0001B6F
Time Generated: 03/01/2016 01:58:20
Event String:
The Windows Time service terminated with the following error:
An error event occurred. EventID: 0x00000416
Time Generated: 03/01/2016 01:58:40
Event String:
The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain DOMAIN.local, has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this:
An error event occurred. EventID: 0x00000456
Time Generated: 03/01/2016 02:02:15
Event String:
The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.
A warning event occurred. EventID: 0x00001796
Time Generated: 03/01/2016 02:03:24
Event String:
Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
......................... SERVER failed test SystemLog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.local
Starting test: LocatorCheck
......................... DOMAIN.local passed test LocatorCheck
Starting test: Intersite
......................... DOMAIN.local passed test Intersite
can somone help thanks
Hi Experts,
In my environment , I have been asked to get all all AD user details. Due to security reasons, powershell modules are blocked. Hence I am following the way "Peddy1st" suggest in the below link.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/10830091-7098-40ad-b4e1-7deef8297eb8/script-to-list-all-users-in-active-directory-with-user-id-and-date-of-last-logon?forum=winserverpowershell
Here I am able to fetch attributes username, Samaccountname, DN & Description.
And I'm facing issues with attributes like "When created,Password last set, Account status & Account expires". Could you please help me to get this solved.
Here is the model of my script:
Thanks in advance.
Sajoor
repadmin /showobjectmetadata "<objectguid=0d03eba1-0a30-47fe-8844-47c6121eafda>"
I been looking tools quite a while, until now there is no one able to give perfect answers.
Tools able to export list users from security groups.
Export file can be CSV or Excel, with containing "Name of person" and "Email Address"
Hi,
We have a example.com forest running with Windows 2003 functional level. There are multiple subdomains in this forest (fr.example.com, pl.exqample.com ...). We already have deployed Windows server 2012 domain controlers for some subdomains (i.e. fr.example.com).
We know want to deploy a Windows server 2012 domain controler in our polish subdomain pl.example.com that currently only have only Windows server 2003 domain controlers.
During the promotion of the new Polish Windows server 2012 domain controler (runned with an account member of Domain admin group of Polish subdomain), the installation process request for Enterprise Admins account to :
I don't understand why it indicates "Forest and schema preparation". As we already have deployed Windows server 2012 servers in the forest and also domain controllers running this version of Windows OS in other subdomains, we should not have to make any Forest and schema preparation.
Please could you help me understand that point ?
Thanks in advance for your feedback.
Denis
Hi Team,
I have a Physical Domain Controller running on Windows Server 2008 SP2 and current forest and domain functional Levels are 2003. It has a integrated DNS service, GPO and Roaming disk of 1GB for each user configured in user properties.
I have created a New Virtual Machine running 2012 R2 and planning to introduce the same in existing domain controller without any issues.
Kindly advice a best practice and checklist if any.
Regards,
Sundar
Hi
I am using windows server 2008 R2 active directory i want active directory (not server access session logs) users session logs. i.e login time date and logoff time and date 6 month and one year session logs . it is possible or not?.
If it possible kindly guide us how can i do this ?
Thanks
Sohail Zubairi
Hi,
I've inherited a domain which has all Domain Controllers and subnets in a single Site. I've been tasked to create Sites for each datacentre. After speaking to the Networks team they told me that all datacentres have direct physical links to each other in a full mesh and routable with each other with the connections between them are no less than 10Gbps.
Do I create site links between every site or is it best to create the sites and let KCC to decide?
I just noticed an issue that I am seeing consistent with Windows 2012 R2 clients. I am having an issue getting SMB Kerberos auth working when accessing a file server (NAS) in a subdomain of another forest via CNAME...
When trying to browse to the NetBIOS name via CNAME in the other forest (ex. \\nysrv123) I see the client try to fall back to NTLM. There is a reason I saw this and that I need Kerberos to work, but that isn't directly related to this. I did packet capture to inspect the traffic and I see that Windows is submitting a TGS-REQ using the NetBIOS name ONLY. If I browse to the NetBIOS name via the ACTUAL A record name the TGS-REQ contains the FQDN even though. I then took a step back and realized this is happening for all CNAMEs independent of what forest they are in. When accessing a principal in the same forest this isn't an issue because the realm will be able to locate the principal by NetBIOS name as long as the SPNs are set correctly. When it is not in the same forest the KDC can't resolve the NetBIOS name and denies the request. I performed this on a number of other 2012 R2 boxes and found this to be consistent. I went to 2003 and 2008 R2 boxes and they all submit the FQDN when using the NetBIOS name,but for some reason my 2012 R2 boxes only submit the NetBIOS name when accessing via CNAME. I tried to do research on this, but couldn't come up with anything.The only workaround I could figure out was to create a policy using "Computer Configuration > System > Kerberos > Define host name-to-Kerberos realm mappings" to map the NetBIOS name directly to the other realm. This really isn't a solution though because I don't see why 2012 R2 isn't using FQDNs when creating TGS-REQ's.
Hi there,
We are trying to track down which servers/applications use LDAPS against our DCs (as opposed to just LDAP). Can anybody recommend any logging (event logs) we can use to identify the calling address or name of a server issuing an LDAPS query?
Thanks.
We have a group policy configured for restricted groups on our servers OU. However there is a Sub-OU under the servers OU. When I checked one of the servers in the Sub-OU under Servers OU, I see many users and groups added in the local administrator group on the server which are not coming through the restricted group policy. Also these extra users and groups are not being removed from the local admin after some time ( after the policy refresh).
Hi Gang,
We were setting up for an ADMT migration and have noticed in the target domain that executing nslookups for external domains return the incorrect non-authoritative server. It is entirely random, at times the server returns the correct non-authoritative but
99% of the time it does not.
So you know how it currently looks:
Source domain
Domain domain.co.uk
Additional primary zone = mydomain.com > delegated zone = corp (name servers are the three DC/DNS servers in corp.mydomain.com).
Conditional Forwarders (contains the three DC/DNS servers of corp.mydomain.com)
Target Domain
Domain corp.mydomain.com
Conditional forwarder (contains the DNS servers for domain.co.uk)
A nslookup in one of the three domain controllers in corp.mydomain.com returns the wrong non-authoritative zone. I need to append a period to enforce a route search e.g.
Nslookup from corp.mydomain.com domain for www.google.com returns incorrect non-authoritative dns server:
C:\Users\admt>nslookup Default Server: ukdsqdc01.corp.mydomain.com Address: 10.1.11.20 > www.google.com Server: ukdsqdc01.corp.mydomain.com Address: 10.1.11.20 Non-authoritative answer: Name: www.google.com.mydomain.com Address: 52.17.129.89
If I append a period, the nslookup now returns the correct non-authoritative server:
> www.google.com.
Server: ukdsqdc01.corp.mydomain.com
Address: 10.1.11.20
Non-authoritative answer:
Name: www.google.com
Addresses: 2a00:1450:4009:80f::2004
216.58.213.100I have tried unchecking:
Append parent suffixes of the primary DNS suffixes
And added the following DNS suffixes but no luck there:
. Corp.mydomain.com
In the primary zone of mydomain, there is an A record named www which points to 52.17.129.89. This is returned as the non-authoritative server or at least, I think it is if I do not append a period after the FQDN of the external domain/DNS name.
All DC/DNS servers in the target domain point to each other, then themselves and finally a loopback. This is not an issue in the source domain.
Do you guys have any advice?
Big thanks for reading my post!
Daniel
Hi,
we got the report from Mcafee re vulnerability per kb329308. I checked the server which has path variable defined.
If I changed path to %appdata% in system variable, it can not be resolved.
Can anyone provide insight?
Thank you!
-------------------------------------
10558 Microsoft Windows Environment Variable Expansion Library Loading Vulnerability A logic error is present in some versions of Microsoft Windows. Medium "Microsoft Windows is an industry standard operating system.
A logic error is present in some versions of Microsoft Windows. The vulnerability is due to Windows not properly expanding some of the values in the PATH environment variable which can result in unexpanded PATH value being used when loading resources.
Successful exploitation could allow an attacker to execute arbitrary code by tricking a user to open files located on remote WebDAV or SMB share.
" CVE-2007-6753 "The vendor has released an advisory describing a workaround that can be used to mitigate this issue.
More information can be found at:
We have an error on our AD that is stumping us. We have code in a software product that allows the user to change his password after they have logged in.
The code searches the AD and finds the user:
Private Function FindUser(ByVal userName As String) As UserPrincipal
Dim user As UserPrincipal = New UserPrincipal(pContext)
user.Name = userName
Dim searcher As PrincipalSearcher = New PrincipalSearcher(user)
Dim result As UserPrincipal = searcher.FindOne()
Return result
End FunctionThen goes to this command to change the password:
result.ChangePassword(oldPassword, newPassword)
Everything looks ok on the UserPrinciple and we are 100% sure that the old password is correct on the DC, and we also tried it on different servers that were on different sites, however that line returns an error as in the title.
This is not new code it has actually been running for many years and this has appeared. Of course nothing is static with windows updates etc.
Thanks for any help.
James.
Dear friends,
I am running windows server 2012 R2 and what i am basically trying to achieve is to connect all my 60 computers to the server machine in order to administer them from a centralized location.
I have a dedicated static IP from my ISP which is configured on my Microtik router and all the internet traffic to my other wireless clients is granted by this router.
My server machine has two ethernet cards.
What I am trying to achieve is that the microtik router should still be able to route internet traffic to all other clients as well as to my server machine and i can't disable its dhcp server for the reason that the other wireless clients won't get any ip addresses.
How can i configure my server machine so that my other 60 computers get their local ip addresses and internet from the server and I won't have to turn off my microtik router dhcp.
Should I connect my microtik router to the ethernet port 1 of the server and the other lab computers to the ethernet port 2 of the server?
Please share your answers.
Regards,
Hello,
I work as a junior administrator and lately they are some computer losing the connection to an internal Webserver.
They are about 100 computers in the parc.
The problem is experienced by a 3 or 4 computers intermittently ( once a day). after a few minutes everything goes back to normal.
I checked the logs I see the following Error:
I changed the cable, désactivate the adapter and activate it.
I want to make more investigation on this problem, so I will be able to find exactly what is happening ? and why the connection drops ? why no dns résolution?
- 2 DNS servers is Win 2008R2 ( primary and secondary)
- Client stations Windows 7
Thank you for your help