i have a server installed on win server 2003 and this server is shutdown many times. after i start it, the server still on about 1 hour then shutdown it self. i need if there is a way to solve this issue.
↧
server problem
↧
Keyset is not defined with smart card and service in Windows Server 2008/2012
I'm trying to use the Capicom API and the MSXML5 API to sign a XML with a certificate stored in a smartcard within a service application running under Windows Server 2008 or 2012. It works fine when I'm testing in Windows 8 or as application, but as service
it fails with the error Keyset is not defined.
The method that fails is "createKeyFromCSP" from the "IXMLDigitalSignature" interface of the MSXML5.DLL.
Some points I've tried so far :
-Tried with the smart card through WTS and in the server machine. Failed in both cases.
-Checked drivers and funcionality of the smart card reader. I think that there are no problems here, because it works fine as application, as I've said.
-Changing the CAPICOM store openning flag CAPICOM_CURRENT_USER_STORE to CAPICOM_SMART_CARD_USER_STORE. It fails and doesn't find any certificates even with current user credentials informed in service properties in services.msc.
-Starting the service as Local System and impersonate the current user with LOGON32_LOGON_INTERACTIVE flag. Failed too.
-Giving permission to the event "Global\Microsoft Smart Card Resource Manager Started" through the use of the ACL API and AddAceToObjectsSecurityDescriptor (https://blogs.msdn.microsoft.com/alejacma/2011/05/19/scardestablishcontext-fails-with-scard_e_no_service-error/).
Failed.
-Looking for permissions for the private keys in certificate manager console, but as the private key of the certificate is within the smart card, I couldn't find any option to set permissions to specific users.
-Giving permissions to all users for the folders under "C:\Users\Administrador\AppData\Roaming\Microsoft\Crypto" (Administrador is the current user). Failed.
Debugging with the WinDbg debugger, I've seen that the problem is within the said method "createKeyFromCSP". It calls internally an CryptoAPI method called "CryptAcquireContext" and this method fails returning the said error (NTE_KEYSET_NOTDEF
or Keyset is not defined).
From my search, I think it should be some permission issue implemented from Windows Server 2008, however I couldn't find any more things that could cause this problem. Does anyone knows what could be causing this error and if it's some configuration that I
could do in the system to solve this error?
PS: I'm working with delphi, so the solution couldn't use any .NET solutions. It could be avaliable through some WinAPI, however.
Thanks in advance.
↧
↧
Collecting Eventlogs off hours
<p>Hi,</p><p>I need a program that will collect eventlogs from about 150 Window servers (of various OS levels) to a central filer location. I need each Eventlog to be categorized under the various server folders. I
was using an old program called EventSave, but its ancient.</p><p>EventSave was smart enough to collect Eventlogs Application/Security/Security from a server, collecting them into month and year.</p><p>I'm looking for a replacement
to EventSave.</p><p>I don't need any analysis for Eventlogs.</p>
↧
The suitable amount of memory usage by RPCSS in a file server.
Hello.
What is the suitable amount of memory usage by RPCSS in Windows Server 2008 R2 that act as a File Server? My RPCSS used 900MB of Memory and I want to know is it Normal?
Thank you.
↧
Hidden Recycle files Cleanup
Hi All,
How to clean up hidden recycle bin files for multiple servers , Most of the users will delete the files and again it is landing to recycle bin ,we need to navigate to folder options and need to the clean up .Whether it can be automated using a script which can be pushed through SCCM to make this happen.
↧
↧
Outlook 2010 issue with ESET addin when forwarding mail
in outlook 2010 if the ESET addin is enabled it says contacting server for information when forwarding mail from FedEx
Any help is appreciated.
↧
Exchange takes 1 to 5 seconds to send an email
Hello there.
We had a newsletter sending from our Ms Exchange 2010 server. We had a script that sent 80 emails every 2 minutes. A month ago, without any change to the server or to the script, the emails could not be sent. Through the monitoring tools, we saw that the server takes 1 to 5 seconds to send an email each time. Is this a normal behaviour or is this something that must concern us? How can i search for a solution and how can i learn what happened all of a sudden that caused the issue?
Thank you in advanced,
Kind regards,
Panos Georgakopoulos
↧
Windows Server - offline (i.e. no Internet Access for Security reasons) - How can I ensure server gets latest Trusted Root CAs with the new Microsoft Trusted Root Certificate Program
I recently dealt with an issue that ended up being caused by a missing root certificate in the root certificate store on one of my servers. There was a delay introduced as the server tried to poll externally (to the akami CDN in fact) that was getting dropped as it presumably was trying to download the missing root certificate. This caused delays (15 seconds) for certain calls.
I was under the impression that the root certificate store was updated via Windows updates and there was no need to have Internet access to allow the automatic updating of this store (WUS server could control this say).
Looking into recent changes it appears this may not be the case anymore, for example:
- https://technet.microsoft.com/en-us/library/cc751157.aspx
>"Starting with the release of Windows Vista, root certificates are updated on Windows automatically. When a user visits a secure Web site (by using HTTPS SSL), reads a secure email (S/MIME), or downloads an ActiveX control that is signed (code signing)
and encounters a new root certificate, the Windows certificate chain verification software checks the appropriate Microsoft Update location for the root certificate. If it finds it, it downloads it to the system. To the user, the experience is seamless. The
user does not see any security dialog boxes or warnings. The download happens automatically, behind the scenes."
Are root certificate updates provided by Windows Updates or is there now a requirement to allow all servers Internet Access to Microsoft to download certificates automatically?
What is the current best practice to ensure server root certificate stores are up to date for servers with no direct outgoing Internet access?
There also appears to be a setting that prevents these external lookups being made - I imagine this is advisable to enable for offline servers - https://technet.microsoft.com/en-us/library/cc749331(WS.10).aspx#BKMK_Controlling - to avoid unnecessary delays
etc.?
↧
Microsoft server 2008 R2
Hello,
How do I find out the following information on my Microsoft server 2008 R2
1. Nb of server
2. Nb of processor per server
3. Nb of core per server
4. Nb of core per microprocessor
Thank you
Kind Regards
Juraj
↧
↧
WLK File Filter Driver - Oplocks Test Failure
I have been running WLK Test, and I have completed all tests except Oplocks Test.
i selected my file filter driver in "Software Device".
And in "Tests", I selected all playlists.
- Anonymous Pipe
- Antivirus Installable File System Filter Test
- File IO 2 Tests
- HyperVisor Code Integrity Readiness Test
- Installable File System Filter Test
- IntegrityStream test
- Mailslot Basic
- Mapped File IO 2
- Named Pipe Basic
- Named Pipe Kernel Security
- Named Pipe Reject Remote Clients
- Named Pipe State
- Object ID test
- Oplocks Test
- Registry Callback Tests
- ReparsePoints
- ScrubTest
- Syscache Test
- TDI filters and LSPs are not allowed
- Txfs2
- Winsock Core Functional Test
After running all the tests above, I have only failure in Oplocks Test.
I couldn't find any clues in the forum.
When I look in to the details of the test report, I could read following error message.
| Runtime | 9/23/2016 12:22:24.782 PM | _ | |
|---|---|---|---|
| Runtime Index: | 4003582698 | ||
| Machine: | DESKTOP-LTVD96R | ||
| Process Name: | C:\hlk\JobsWorkingDir\Tasks\WTTJobRun600FD5BE-3A82-E611-80BB-08002790B852\enhancedoplocks.exe | ||
| Process ID: | 3816 | ||
| Thread ID: | 5296 | ||
| Message | 9/23/2016 12:22:24.782 PM | EE8.14B0 : INFO : enhancedoplocks.cxx(6132):GLE 87: 09/23/2016::19:22:24.782 HelperThreadBreak_RW_Oplock Launched | |
|---|---|---|---|
| Message | 9/23/2016 12:22:25.834 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3779):GLE 2: 09/23/2016::19:22:25.829 After Other_Thread_Caused_Break, Oplock IoStatus=0x0 Broken=1 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:25.844 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3842):GLE 2: 09/23/2016::19:22:25.829 Our oplock code: ioinformation=0x7 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:25.855 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3843):GLE 2: 09/23/2016::19:22:25.845 Our oplock actualLevel 0x7, expected 0x8 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:25.865 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3855):GLE 2: 09/23/2016::19:22:25.861 Sleeping for 1 second to give our peer thread a change to issue I/O | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.890 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3860):GLE 2: 09/23/2016::19:22:26.886 Our acknowledge for the oplock Status=0x103 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.900 PM | EE8.14B0 : INFO : enhancedoplocks.cxx(6180):GLE 87: 09/23/2016::19:22:26.886 Break_RW_Helper_Create Status =0x0 | |
|---|---|---|---|
| Error | 9/23/2016 12:22:26.910 PM | EE8.704 : VAR[SEV2 ] 47 : enhancedoplocks.cxx(3863):GLE 2: 09/23/2016::19:22:26.886 FAILURE: We effectively hold an R oplock [RW->R], not correct. | |
|---|---|---|---|
| File: | base\fs\test\shared_libs\stresslog\loggersource\logger.cxx | Line: 461 | |
| Error Type: | |||
| Error Code: | 0x0 | ||
| Error Text: | Error 0x00000000 | ||
| Message | 9/23/2016 12:22:26.920 PM | EE8.14B0 : INFO : enhancedoplocks.cxx(6232):GLE 87: 09/23/2016::19:22:26.901 HelperThreadBreak_RW_Oplock Finished | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.934 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3962):GLE 2: 09/23/2016::19:22:26.932 ----------------------------------------------------------------------- | |
|---|---|---|---|
| Start Test | 9/23/2016 12:22:26.937 PM | HelperBreakLegacyL1 | |
|---|---|---|---|
| Error | 9/23/2016 12:22:26.947 PM | EE8.704 : +VAR+SEV2 47 : HelperBreakLegacyL1 | |
|---|---|---|---|
| File: | base\fs\test\shared_libs\stresslog\loggersource\logger.hxx | Line: 283 | |
| Error Type: | |||
| Error Code: | 0x0 | ||
| Error Text: | Error 0x00000000 | ||
| End Test | 9/23/2016 12:22:26.950 PM | HelperBreakLegacyL1 | |
|---|---|---|---|
| Result: | Fail | ||
| Repro: | enhancedoplocks.exe -path i: -all /logpass /logfile FileOplocks-CNTFS.log | ||
| Message | 9/23/2016 12:22:26.961 PM | EE8.704 : VAR[INFO ] 48 : enhancedoplocks.cxx(3657):GLE 2: 09/23/2016::19:22:26.948 Variation 5 subvariation 4 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.971 PM | EE8.704 : VAR[INFO ] 48 : enhancedoplocks.cxx(3662):GLE 2: 09/23/2016::19:22:26.964 HelperBreakLegacyL1: BREAK_RW_NONE_BY_WRITE(24581) | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.981 PM | EE8.704 : VAR[INFO ] 48 : enhancedoplocks.cxx(3677):GLE 2: 09/23/2016::19:22:26.979 File Open Status = 0x0 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:29.998 PM | EE8.704 : VAR[INFO ] 48 : enhancedoplocks.cxx(3693):GLE 2: 09/23/2016::19:22:29.994 Oplock Created: Status=0x103, broken=0 | |
|---|---|---|---|
Any clues to where to fix?
↧
RPCSS cause my Windows Server crashed.
Hello.
I posted a question about RPCSS usage: "Windows Server RPCSS service used all of my memory" but not take any reply. It is a serious problem and cause my Windows crash :(. I updated the Windows too but problem exist.
How can I solve it?
Thank you.
↧
VAMT 3.1 - WMI Access Denied when discovering products on another domain
Hi,
I have searched around this forum and Google beforehand looking into this.
Ok so I have VAMT installed on Windows Server 2012 R2 with keys imported. The server is running on company.local domain which is our main network. I can query machine names and activate products without any issues this way.
We have another domain under a different domain controller but in AD we can query both domains without having to change the domain so they are trusted/paired/joined.
In VAMT I change the domain to company2.local and search for the machine under the other domain but get access denied.
I have used wbamtest and it works well as espected on company.local domain but access denied on company2.local
I checked that DCOM was set right and WMI. Everything seems ok.
https://technet.microsoft.com/en-us/library/cc771387(v=ws.11).aspx
https://msdn.microsoft.com/en-us/library/aa822854(v=vs.85).aspx
Is there anything im missing here or anything you recommend I can look into?
I have attached WMIdiag test if this helps. http://pastebin.com/dezDSJzj - Done from the 2012 server with VAMT on it.
To note I am domain admin on the machines under our domain but not under domain2, im also admin on the VAMT server. I tried using an admin account for domain2 in wbemtest but still access denied.
Thanks very much.
↧
kms client connects to non existent in DNS _vlmcs KMS server name
I uninstalled MAK and installed GVLK one Server 2012 R2
after running ato I found that it activated from the KMS of Parent domain.
DNS entries in NIC are correct (for machine's domain).
NSLOOKUP for KMS servers shows right KMS and KMS of parent domain is not in the list.
Sure I can just to redirect the machine to appropriate KMS, but want to know what could cause this behavior.
Was this machine forced to connect to parent domain's KMS before MAK activation? or else...Thanks.
--- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis
↧
↧
Need help with picking server hardware
Hello guys.
I need help with the best practices for what kinds of services I could potentially set on the same servers
Here are the services I'm going to implement:
two times AD domain controllers
DHCP, primary and secondary
File server
Exchange Server
SQL server with Dynamic Nav
I'm assuming some of these services can be done on the same server, but I'm still confused as to which ones. I'm considering blade servers since they seem to have good scalability for the future.
thanks in advance
↧
boot manager giving error cmimcext.sys ..help someone
boot manager giving error cmimcext.sys ...after install optional window updates.server 2012 r2 standard x64
↧
Change Identity on Computer
I am having email issues with Incredimail and was told by Incredimail to change my identity under tools and that I can easily change back to original identity if necessary however I don't know where to find this identity area or if this will create massive
issues. I am not technically savvy so someone please advise me. Thanks, Sharon
↧
Server 2008r2 randomly loses connection to domain
My organization has a Windows 2008 R2 Standard server that loses connection to our domain every 6-8 weeks; this has been going on for a year now and it is stumping us. About 6-8 hours before the computer loses connection to the domain we start seeing GPO errors, first Event ID 1030, then every few minutes event ID 1055.
Our domain: Windows 2008R2 functional level. We have 4 DCs in 2 datacenters, they are connected via a 10 Gbps link. They are fully patched, and no other server that we no of has this issue.
The server in question is Windows 2008 R2 Standard 64 bit running on VMWare. It has a single virtual adapter with a manual IP configuration: One DC from each datacenter are its DNS servers. It is fully patched.
I can't find any kerberos errors around either the time it stops processing GPO or around the time it actually gives the RPC Connection error that alerts us to the domain connection failing.
I'll be happy to post any logs/events people are curious about.
zarberg@gmail.com
↧
↧
Cannot Open ADUC or Sites and Services on a DC
On one of my Windows Server 2012 R2 domain controllers, I cannot open ADUC or Sites and Services (error boxes below). I would like to try removing and reinstalling RSAT on this DC (AD Admin Center would also have to be removed) , but want to make sure that doesn't break anything. I don't see anything in event viewer.
I can't seem to post images yet. The error is: "MMC could not create the snap-in. The snap-in might not have been installed correctly. Name: ADUC or Sites and Services, along with a unique CLSID."
Thanks.
↧
Two domains on same network, one DHCP server
Hi,
Is it possible to have two AD domains on the same network with only one DHCP server? I'm trying to add a second AD domain with just AD and DNS and add a small set of computers to the new domain. Is there any documentation on how to get this completed without causing issues?
Thanks
↧
network drives and printers not showing, windows 10
after creating a fresh image of windows 10 and joining a fresh copy of of a windows 10 machine to the network domain , the network drives and printers do not show and DO NOT connect automatically when logging in , example the Q: drive should be "\\computer\data the L: Drive should be \\computer2\data2, the share is available via UNC and we can map the drive shares and printers locally, but we have to deploy several 100 machines, and the each user has a different network drives and printers available
to them so this solution would be problematic
When the user logs in to a different windows 7 or 8 machine all, drives and printer populate correctly
So Far I have tried the following solutions and none have worked
*verified that the user has access to the shared drives and printers on windows 10
*Disconnected and reconnected the machine on the domain
* did a group policy force update gpupdate /force
*verified that network discovery is on and working
*created a new image
any help would be appreciated,,,,
When the user logs in to a different windows 7 or 8 machine all, drives and printer populate correctly
So Far I have tried the following solutions and none have worked
*verified that the user has access to the shared drives and printers on windows 10
*Disconnected and reconnected the machine on the domain
* did a group policy force update gpupdate /force
*verified that network discovery is on and working
*created a new image
any help would be appreciated,,,,
↧