Dear Team,
This is to inform you that we are unable to change domain user password on one of our terminal server which is OS Server 2008 R2
same as we are uninstalled security patch KB3167679 ( which was created issue for password change.)
Please find the below error.
KIndly help on the issue.
Regards
Vajram Gajengi
Dear Support Team
We have AD on premise and Exchange on O365 & we would like to put a restriction that only selected user should be able to send mail to all group. For that we have discussed with O365 team whereby Mr. Hardik / Anna has advised that there is some issue with Exchange Schema; So we have downloaded " Exchange2010-SP1-X64.exe" tool but its giving an error or unable to extend completely.
So we request your intervention to resolve this issue as earliest as it pending from long time.
Currently, I have two servers 2k12 running AD integrated dns. They're both replicating well with each other. some of my clients use a static IP address.
- Primary server: primary.contoso.net 192.168.100.1
- Secondary server: secondary.contoso.net 192.168.100.2
- Client: 192.168.100.33, preferred dns192.168.100.1/ Alternate dns 192.168.100.2
After primary was down, my client cannot nslookup till my client move Alternate dns(192.168.100.2) to Preferred dns.
Any solution on how it is automatic to let the clients know secondary dns server when the primary is down?
Any advise,
Thanks with Regards,
Sunsami MAO
Hi All,
I want to know how to get the Token number of another user by executing a script .
I have a script from which i can get the token only for the user who runs the scripts but i want to know the token of other user without asking him to run the script
Please assist
Thank you
Viraj
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Hello Support,
Below is our AD environment:
Root Domain has all upgrade to Windows Server 2012
Second Domain all DC has upgrade to Windows Server 2008
The third level all DC is still in Windows Server 2003.
Now we need help to upgrade the third level all DC to Windows Server 2012. Is there any consider we need to know before upgrade process?
Can I know the objectives of default domain policy?
My domain has no Schema Admins and Enterprise Admins groups. Can I recreate these groups, using some advanced method?
I need to recreate these groups to prepare my domain to support Windows 2012 R2.
Brief summary of our topology:
- Several AD sites for regional offices.
- Current domain/forest functional level is Windows Server 2003.
- Currently a mix of 2003, 2008 R2 and 2012 R2 domain controllers (in the process of retiring the 2003 ones).
- Each site has at least one DC, with our HQ having three.
So I wanted to retire the Windows 2003 DC in our Seattle site. I've done this at two other sites without incident:
- I prepped a server and shipped it.
- Once onsite I joined the domain and promoted the server to a DC.
- Migrate DHCP database from old server to new one.
- Shortly thereafter (usually the next day) I'd demote the old server.
- After a few days I'd shut the server down and have it shipped back.
This week I shipped a new server with Windows 2012 R2 installed, joined the domain while onsite and promoted it to a DC. Replication within the site appears to be working fine. The NTDS settings on the existing server (SEA-SERVERA) have automatically
generated connections for DET-DC1 (our primary HQ domain controller) and SEA-SERVERB (the new server I brought online Friday morning). SEA-SERVERB however only has an automatically generated item for SEA-SERVERA, the original 2003 DC in that site.
==================================\
Attempting to manually create a connection in SEA-SERVERB for DET-DC1 and trying to replicate results in the following dreaded error:
The following error occurred during the attempt to synchronize naming context domain.local from Domain Controller DET-DC1 to Domain Controller SEA-SERVERB:
The naming context is in the process of being removed or is not replicated from the specified server.
This operation will not continue.
==================================/
I've looked a number of posts both here and elsewhere and am not seeing anything in my environment that matches what others have experienced. My SYSVOL share is created and operational on SEA-SERVERB and commands like DCDIAG and REPADMIN /SHOWREPL aren't
indicating (to me, anyway) any issues.
I do see the following error in my event log on DET-DC1 from Friday morning, but this is about the time I was completing the DC promotion on SEA-SERVERB:
==================================\
Log Name: Directory Service==================================/
Here is the DCDIAG output from SEA-SERVERB:
==================================\
Directory Server Diagnosis==================================/
Here is the REPADMIN /SHOWREPL output from the same server:
==================================\
Repadmin: running command /showrepl against full DC localhost==================================/
I'm not sure what else to look at. I had this happen once before and just left it overnight and it resolved itself, but this still isn't showing up. One thing to note is that I've set the primary DNS on SEA-SERVERB to be the IP of DET-DC1.
If there's anything else I can provide just let me know. Thank you.
Hi, I hope this is the correct forum for this problem,
I am seeing a few of these errors (error details below) sporadically throughout the system event log on a windows 2008 R2 server. I have seen a number of threads about SChannel errors
http://social.technet.microsoft.com/Forums/en-US/w7itprogeneral/thread/b2e0e110-f9ca-4113-8f4d-f20d6b39b8c7http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/675864e2-2856-44fa-b3bc-ef275d391d45However I can find no clear way of trying to find what exactly causing the error. It would appear that the Schannel is logging errors but that this errors are being caused by other processes. Now I know that this is obviously SSL/TLS related. So my question/s are this.
What exactly is Schannel and what does it do?
How do you identify the actual problem.?
I list the error details below, the pid refereced in the error is the lssas.exe which I believe deals with authentication. Is there anyway to trace what is actually causing the issue?
For reference the PID 604 noted below is lsasss.exe
The General error is
The following fatal alert was generated: 10. The internal error state is 1203.
The Details are
- System
- Provider
[ Name] Schannel
[ Guid] {1F678132-5938-4686-9FDC-C8FF68F15C85}
EventID 36888
Version 0
Level 2
Task 0
Opcode 0
Keywords 0x8000000000000000
- TimeCreated
[ SystemTime] 2010-06-18T04:51:41.830028400Z
EventRecordID 10087
Correlation
- Execution
[ ProcessID] 604
[ ThreadID] 3828
Channel System
Computer<ComputernameRemoved>
- Security
[ UserID] S-1-5-18
- EventData
AlertDesc 10
ErrorState 1203
Hi Team,
Our one of the 2012 R2 DC built recently is having trouble. AD is functioning fine but OS seems to be having issues. Internet explorer just flashes and closes. (I tried to fix this using methods from blogs, but no luck)none of the patches are getting applied(it says not applicable).
Is it possible to directly repair the OS while it is a DC? or do we need to demote and then repair the OS and promote again?
Thanks,
Sarath
Hi,
In my organization one of the two way trust between dc.com andora.com is been removed !
Not sure who has removed the trust, How to find out who has deleted the trust and what all logs need to check for that ?
Any help much appreciated.
Thanks,
Scott
Hello!
Someone tell me how to remove stale SIDs found in user right assignment.
Thanks
Hello everyone,
there is AD build on Windows Server 2012 R2. From that AD the other server (same OS) placed at DMZ should be syncing users,groups,OUs to its LDS database.
Users are synced properly.
OUs are synced properly.
But only GROUPS created in AD (without mail address) are synced. The mail-enabled groups are not synced. It doesn't matter if groups is global or universal.
What is our last idea, to be tested, if the situation gets better after we extend LDS schema....
Does any of you met similar issue, or do you have ideas?
Thank you !
Every 24 hours one of my domain controllers will log the following error in the Directory Services log.
Event ID 1864: This directory server has not recently received replication information from a number of directory servers. The count of directory servers is shown, divided into the following intervals...
So far the environment has not experienced any indication of replication issues, no passwords out of sync, no trust relationship issues, no missing objects on a DC, etc. The interesting aspect is that when running repadmin /showrepl or repadmin /replsummary all replication comes back as successful. I can force replication with repadmin and all commands complete successfully. When running repadmin /showvector /latency "dn=ourdomain,dn=loc" it reports all USNs for the domain controllers as being updated within second and subsequent runs of the command show the USNs increasing. Furthermore, there are no lingering objects or lost and found DCs. All DCDiag tests, replication, DNS, etc. have returned successful. I have already demoted and re-promoted this domain controller and the issue still continues to happen. This is only occurring on one of the 3 DCs in the environment. The environment has only one AD site.
Has anyone experienced the same symptoms? If so were you able to rectify it? Does anyone have any other suggestions?
Thanks.
Hi,
I promoted a Windows 2012 R2 RODC via Powershell script. The server did not reboot after replication or advertise as Domain Controller although I can see EventID 29223 "This server is now a Domain Controller."
I did not find any usefully infomation on the logs in debug folder, and "Active Directory Domain Services was shut down successfully. " on EventID 1004
Any idea to resolve the issue?
Thanks
Hi there... I am getting the above mentioned error with the
Description: dows-DistributedCOM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
Full message is -
Log Name: System
Source: Microsoft-Windows-DistributedCOM
Date: 5/15/2012 1:18:44 PM
Event ID: 10016
Task Category: None
Level: Error
Keywords: Classic
User: NT AUTHORITY\IUSR
Computer: Server.domain.com
Description:
The description for Event ID 10016 from source Microsoft-Windows-DistributedCOM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on
the local computer.
If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event:
application-specific
Local
Activation
{2D527A8C-A4B6-4E74-A63F-E867360D401C}
{B13EFBAE-7504-4938-9ED7-8E8B53E51221}
NT AUTHORITY
IUSR
S-1-5-17
LocalHost (Using LRPC)
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
<EventID Qualifiers="49152">10016</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2012-05-15T19:18:44.000000000Z" />
<EventRecordID>43121</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>Server.Domain.com</Computer>
<Security UserID="S-1-5-17" />
</System>
<EventData>
<Data Name="param1">application-specific</Data>
<Data Name="param2">Local</Data>
<Data Name="param3">Activation</Data>
<Data Name="param4">{2D527A8C-A4B6-4E74-A63F-E867360D401C}</Data>
<Data Name="param5">{B13EFBAE-7504-4938-9ED7-8E8B53E51221}</Data>
<Data Name="param6">NT AUTHORITY</Data>
<Data Name="param7">IUSR</Data>
<Data Name="param8">S-1-5-17</Data>
<Data Name="param9">LocalHost (Using LRPC)</Data>
</EventData>
</Event>
Please let me know any solutions to fix....
Steps, I did try from one of the blogs -
Open Component Services. Got oStart --> Control Panel --> Administrative Tools --> Components Services. Expand the Component Services branch then expand Computers, My Computer and DCOM Config. Right-click on "sms agent host" (my case) and click Properties. Click on the Security tab and under “Launch and Activation Permissions” select "edit" and add user Local Service (Local lunch). Click OK, close the Component Services window.
In the Launch Permission dialog box, make sure that the Everyone group has Remote Launch and Remote Activation permissions.
In the Launch Permission dialog box, make sure that the SMS Reporting Users local group has following permissions:
Local Launch / Remote Launch / Local Activation / Remote Activation
Also added Remote Launch / Remote Activation permission for Network Service (for the SMS_Reporting_Point)
Added Admin Group to the "ConfigMgr Remote Control Users"
VT