Hello guys.
I need help with the best practices for what kinds of services I could potentially set on the same servers
Here are the services I'm going to implement:
two times AD domain controllers
DHCP, primary and secondary
File server
Exchange Server
SQL server with Dynamic Nav
I'm assuming some of these services can be done on the same server, but I'm still confused as to which ones. I'm considering blade servers since they seem to have good scalability for the future.
thanks in advance
I have a question regarding the radius server that I built for our wifi. My OS is windows 2008 Standard R2. We have a huawei wlc and Ruckus Zone director for our Access Controller. Both Controllers support PAP and CHAP
I have two NPS policies one is Secure Wireless Connections and the other I named PAP-CHAP.
I browsed on the event viewer for events 6273 access denied users and need somebody to explain me about this event. I do not understand why there is a computer authentication. Does this mean the user was authenticated and the computer was not?
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID:
Account Name:
Account Domain:
Fully Qualified Account Name: Domain\GLxxxxx$
Client Machine:
Security ID:
Account Name:
Fully Qualified Account Name: -
OS-Version:
Called Station Identifier:
Calling Station Identifier:
NAS:
NAS IPv4 Address:
NAS IPv6 Address:
NAS Identifier:
NAS Port-Type:
NAS Port:
RADIUS Client:
Client Friendly Name:
Client IP Address:
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: -
Authentication Provider: Windows
Authentication Server:
Authentication Type:
EAP Type:
Account Session Identifier:
44564F414230373030303030303030
Logging Results:
Reason Code:
Reason:
Hello Support,
I want to configure Key management server in server 2012 r2 domain environment. I want to know what is requirement for this .
Hello everyone.
I have a asp.net core application that run localy. When I deploy it on my server (Windows server 2008 R2) I have this error in the log file. Any clue will be VERY APPRECIATE !
Application startup exception: System.DllNotFoundException: Unable to load DLL 'api-ms-win-core-registry-l1-1-0.dll': The specified module could not be found. (Exception from HRESULT: 0x8007007E)
at Interop.mincore.RegOpenKeyEx(SafeRegistryHandle hKey, String lpSubKey, Int32 ulOptions, Int32 samDesired, SafeRegistryHandle& hkResult)
at Microsoft.Win32.RegistryKey.InternalOpenSubKeyCore(String name, RegistryRights rights, Boolean throwOnPermissionFailure)
at Microsoft.AspNetCore.DataProtection.RegistryPolicyResolver.ResolveDefaultPolicy()
at Microsoft.Extensions.DependencyInjection.DataProtectionServices.<GetDefaultServices>d__0.MoveNext()
at Microsoft.Extensions.DependencyInjection.Extensions.ServiceCollectionDescriptorExtensions.TryAdd(IServiceCollection collection, IEnumerable`1 descriptors)
at Microsoft.Extensions.DependencyInjection.DataProtectionServiceCollectionExtensions.AddDataProtection(IServiceCollection services)
at Microsoft.Extensions.DependencyInjection.AuthenticationServiceCollectionExtensions.AddAuthentication(IServiceCollection services)
at Microsoft.Extensions.DependencyInjection.IdentityServiceCollectionExtensions.AddIdentity[TUser,TRole](IServiceCollection services, Action`1 setupAction)
at Safety.Startup.ConfigureServices(IServiceCollection services)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Microsoft.AspNetCore.Hosting.ConventionBasedStartup.ConfigureServices(IServiceCollection services)
at Microsoft.AspNetCore.Hosting.Internal.WebHost.EnsureApplicationServices()
at Microsoft.AspNetCore.Hosting.Internal.WebHost.BuildApplication()
Hosting environment: Production
Content root path: D:\inetpub\wwwroot\mwebsite.com\httpdocs
Now listening on: http://localhost:16695
Application started. Press Ctrl+C to shut down.
Hi Team,
Our application is in classic ASP and have the code as Request.servervariable("AUTH_USER") to get the authenticated user details. In IIS 8.5. we have Anonymous authentication and windows authentication enabled in the IIS8.5
Still we are not getting the Server variable values. Could you please check and let us know.
Thanks.
Dear Sir/Ma'am,
I need to share folder which accessible to our users from the domain network.
How can I set users that should be able to create / modify / but not delete files and folders?
Flatform: Windows Server 2008 R2
Best regards
I'm trying to run windows update on my 2012r2 server. It is stuck searching for updates and never finishes.
I've tried running WindowsUpdateDiagnostic.diagcab, KB2937636 (download update) and KB949104 (Windows Update Agent).
Nothing is working. Suggestions are appreciated. ~Bob
Good Morning,
I am trying to get clarification on some options for our situation.
Our domain was originally setup as a .local naming scheme.
We now have more applications that are no longer going to be accepting self assigned certs and require a public domain SSL certifications for LDAPS authentication.
As of right now all our domain controllers are named .local because our domain is named .local. I have searched a lot of articles and see some conflicting information regarding whether it is possible to assign a public cert to a dc named .local. I know you can no longer get directly published certs pointing to .local and most also do not allow the Subject Alternative Name to contain .local either.
I ran across some comments that claim you can simply use split DNS and assign an internal public domain redirect that resolves to that domain controller. Whenever we tried doing this, the SSL cert was still rejected by all clients due to the actual name of the server.
Here is a similar setup to or situation
dc1 - 192.168.1.1 - AD Name dc1.local
cert we purchased was dc1.contoso.com
external dns(public ip) dc1.contoso.com - NAT resolves to internal dc1.local
internal dns dc1.contoso.com also resolves to dc1.local ip address
In the end both external and external dns entries resolve to dc1.local ip address in the end.
We created the dc1.contoso.com cert with the exported information from the dc and then re-imported as instructed. Some commenters suggested you could at this point simply create and internal and external dns reference that points all dc1.contoso.com to the same ip as dc1.local
After experimenting with this we were unable to get this to work. Even though the dns may resolve the same ip of dc1.local, the connection would fail. the error message would indicate that the name did not match. The cert expects a server with a name of dc1.contoso.com but gets one with the real name of dc1.local which makes sense.
My question - Is there any legitimacy to this method? If so, how do you get around the error of the server always returning it's real name of .local and causing SSl authentication failure?
Any help would appreciated in this matter.
We have an HP ProLiant 580 G5 running Windows 2008 x64 with Hyper-V. The server is a host for 7 Virtual Servers running combination of 2008 and 2003. Currently the server has an embedded P400 controller which came with the server when we purchased it; this controller has the following configurations:
Raid 1 as C drive (OS)
Raid 5 as D drive where virtual servers are located.
I wanted to install additional drives on the servers so I installed a second P400 controller with (4) 300 GB Drives and rebooted the server. During reboot I went to RBSU and created logical drive for the hard drives connected to second P400 controller that I installed, next I saved settings and continued with rebooting the server. After I logged to the server I opened My Computer window and did not see new drives I added for second P400 controllers, I am only able to see C and D partition. I opened Server Manager>Storage> Disk Management and I got a popup screen with the following info:
You must initialize a disk before logical disk management can access it.
Select Disk:
Disk 0 (check box here)
Use the following partition style for the selected disks:
MBR (Master Boot Record) or
GPT (GUID Partition Table)
I did not initialize the new disk yet since I am not sure if I setup the controller correctly or not. It seemed also that the second controller and drives attached to it are now listed as Disk 0 since I see the following new configuration:
Disk 0 – unknown – 838 GB – Not Initialized – Unallocated
Disk 1- Basic – 136 GB NTFS – C: - Healthy (System Boot, Active, Crash Dump, Primary Partition)
Disk 2 – Basic – 546 GB NTFS – Healthy (Page File, Primary Partition)
Before adding the second P400 controller I had the following disks under Server Manager>Storage> Disk Management:
Disk 0 – C Drive - with Status as System Boot, Active, Crash Dump, Primary Partition
Disk 1 – D Drive - with Status as Page File, Primary Partition
In RBSU and under Boot Controller Order menu and I see the following:
Ctrl 1: PCI Embedded HP Smart Array P400 Controller
Ctrl 2: PCI Embedded HP Storage PCI IDE Controller
Ctrl 3: PCI Slot 9 HP Smart Array P400 Controller
I have tried to contact HP several times with no luck on resolving this issue of why the drives for second P400 controllers are showing as Disk 0 and not disk 3 or 4.
The people at HP Support have indicated that this is an issue with Microsoft but I don't think the issue is related to the OS but could be wrong.
Please advice and thanks in advance for your input.
B
OS : All windows versions
I have suffered on huge file server. virus affected and it changed the production files as encrypted.
it changed the file extensions as below
Original file : test.xls , temp.doc
encrypted Virus affected as : test.xls.igfkxm tempdoc.wsdytr
randomly virus changing the multiple extension with random letters but the letters count is same 6 letters for all virus files.
I can restore the original files from available backup.
My problem is i could not execute the robocopy to move all the virus encrypted files to delete.
I am using the below robocopy command to move the encrypted files for same single extension files.
robocopy "source" "Destination" /s *.enc /mov
But here i faced mixed extension files problem. ( like test.xls.igfkxm tempdoc.wsdytr )
Anyone can help me. Please advise i need to give more information.
Thanks
Muthu Kumar
I have been running WLK Test, and I have completed all tests except Oplocks Test.
i selected my file filter driver in "Software Device".
And in "Tests", I selected all playlists.
- Anonymous Pipe
- Antivirus Installable File System Filter Test
- File IO 2 Tests
- HyperVisor Code Integrity Readiness Test
- Installable File System Filter Test
- IntegrityStream test
- Mailslot Basic
- Mapped File IO 2
- Named Pipe Basic
- Named Pipe Kernel Security
- Named Pipe Reject Remote Clients
- Named Pipe State
- Object ID test
- Oplocks Test
- Registry Callback Tests
- ReparsePoints
- ScrubTest
- Syscache Test
- TDI filters and LSPs are not allowed
- Txfs2
- Winsock Core Functional Test
After running all the tests above, I have only failure in Oplocks Test.
I couldn't find any clues in the forum.
When I look in to the details of the test report, I could read following error message.
| Runtime | 9/23/2016 12:22:24.782 PM | _ | |
|---|---|---|---|
| Runtime Index: | 4003582698 | ||
| Machine: | DESKTOP-LTVD96R | ||
| Process Name: | C:\hlk\JobsWorkingDir\Tasks\WTTJobRun600FD5BE-3A82-E611-80BB-08002790B852\enhancedoplocks.exe | ||
| Process ID: | 3816 | ||
| Thread ID: | 5296 | ||
| Message | 9/23/2016 12:22:24.782 PM | EE8.14B0 : INFO : enhancedoplocks.cxx(6132):GLE 87: 09/23/2016::19:22:24.782 HelperThreadBreak_RW_Oplock Launched | |
|---|---|---|---|
| Message | 9/23/2016 12:22:25.834 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3779):GLE 2: 09/23/2016::19:22:25.829 After Other_Thread_Caused_Break, Oplock IoStatus=0x0 Broken=1 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:25.844 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3842):GLE 2: 09/23/2016::19:22:25.829 Our oplock code: ioinformation=0x7 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:25.855 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3843):GLE 2: 09/23/2016::19:22:25.845 Our oplock actualLevel 0x7, expected 0x8 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:25.865 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3855):GLE 2: 09/23/2016::19:22:25.861 Sleeping for 1 second to give our peer thread a change to issue I/O | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.890 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3860):GLE 2: 09/23/2016::19:22:26.886 Our acknowledge for the oplock Status=0x103 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.900 PM | EE8.14B0 : INFO : enhancedoplocks.cxx(6180):GLE 87: 09/23/2016::19:22:26.886 Break_RW_Helper_Create Status =0x0 | |
|---|---|---|---|
| Error | 9/23/2016 12:22:26.910 PM | EE8.704 : VAR[SEV2 ] 47 : enhancedoplocks.cxx(3863):GLE 2: 09/23/2016::19:22:26.886 FAILURE: We effectively hold an R oplock [RW->R], not correct. | |
|---|---|---|---|
| File: | base\fs\test\shared_libs\stresslog\loggersource\logger.cxx | Line: 461 | |
| Error Type: | |||
| Error Code: | 0x0 | ||
| Error Text: | Error 0x00000000 | ||
| Message | 9/23/2016 12:22:26.920 PM | EE8.14B0 : INFO : enhancedoplocks.cxx(6232):GLE 87: 09/23/2016::19:22:26.901 HelperThreadBreak_RW_Oplock Finished | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.934 PM | EE8.704 : VAR[INFO ] 47 : enhancedoplocks.cxx(3962):GLE 2: 09/23/2016::19:22:26.932 ----------------------------------------------------------------------- | |
|---|---|---|---|
| Start Test | 9/23/2016 12:22:26.937 PM | HelperBreakLegacyL1 | |
|---|---|---|---|
| Error | 9/23/2016 12:22:26.947 PM | EE8.704 : +VAR+SEV2 47 : HelperBreakLegacyL1 | |
|---|---|---|---|
| File: | base\fs\test\shared_libs\stresslog\loggersource\logger.hxx | Line: 283 | |
| Error Type: | |||
| Error Code: | 0x0 | ||
| Error Text: | Error 0x00000000 | ||
| End Test | 9/23/2016 12:22:26.950 PM | HelperBreakLegacyL1 | |
|---|---|---|---|
| Result: | Fail | ||
| Repro: | enhancedoplocks.exe -path i: -all /logpass /logfile FileOplocks-CNTFS.log | ||
| Message | 9/23/2016 12:22:26.961 PM | EE8.704 : VAR[INFO ] 48 : enhancedoplocks.cxx(3657):GLE 2: 09/23/2016::19:22:26.948 Variation 5 subvariation 4 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.971 PM | EE8.704 : VAR[INFO ] 48 : enhancedoplocks.cxx(3662):GLE 2: 09/23/2016::19:22:26.964 HelperBreakLegacyL1: BREAK_RW_NONE_BY_WRITE(24581) | |
|---|---|---|---|
| Message | 9/23/2016 12:22:26.981 PM | EE8.704 : VAR[INFO ] 48 : enhancedoplocks.cxx(3677):GLE 2: 09/23/2016::19:22:26.979 File Open Status = 0x0 | |
|---|---|---|---|
| Message | 9/23/2016 12:22:29.998 PM | EE8.704 : VAR[INFO ] 48 : enhancedoplocks.cxx(3693):GLE 2: 09/23/2016::19:22:29.994 Oplock Created: Status=0x103, broken=0 | |
|---|---|---|---|
Any clues to where to fix?
Hello,
We have a main shared folder on the network. The share permissions are 'Everyone - Full'. The NTFS permissions are 'Domain Users - Modify'.
We are creating a new set of subfolders (about two levels down of the main folder) that I need to apply much tighter security on, ex.\\mainshare\subfolder1\NEW_tighter securitysubfolderset. I have to allow only a small group of people modify permissions and not allow anybody else.
I created the 'NEW_tightersecuritysubfolderset' folder and told it to NOT inherit permissions from its parent (subfolder1). I created a couple of subfolders to that one and told them to inherit from their parent, i.e. the tighter permissions.
So at this point, without assigning any users or groups to the 'New_tightersecuritysubfolderset' NTFS permissions, any user can go in there from a networked computer and create/delete/change any folder or file within.
This doesn't seem like it should be so. The new subfolder set is not inheriting from its parent and there are no permissions assigned to the new subfolder set that would allow it. It can't be from the Share permissions, right? I always thought that if a user/group is not granted permissions, they are not allowed. I am not granting permissions to these subfolders but yet any user can do whatever.
I must be missing something. Any insight would be much appreciated.
Thanks in advance.
Mike
Our Company use some NAS for folder share before, they need to combine to one window server 2012. Both of them were joined to AD, I tried to use command "robocopy" to move folder, all files were copy to new folder, but folder access right can't move to new folder.
I use command :
@echo off
SET SORC="\\192.4.21.209\test"
SET DEST="D:\test"
SET LOG="D:\testlog.log"
ROBOCOPY %SORC% %DEST% /MIR /SEC /R:1 /W:1 /NP /LOG:%LOG%
@if errorlevel 16 echo ***ERROR *** & goto END
@if errorlevel 8 echo **FAILED COPY ** & goto END
@if errorlevel 4 echo *MISMATCHES * & goto END
@if errorlevel 2 echo EXTRA FILES & goto END
@if errorlevel 1 echo --Copy Successful-- & goto END
@if errorlevel 0 echo --Copy Successful-- & goto END
goto END
:END
testlog:
-------------------------------------------------------------------------------
ROBOCOPY :: Robust File Copy for Windows
-------------------------------------------------------------------------------
已啟動 : Fri Dec 09 12:26:53 2016
來源 : \\192.4.21.209\test\
目的地 : D:\test\
檔案 : *.*
選項 : *.* /S /E /COPY:DATS /PURGE /MIR /NP /R:1 /W:1
-------------------------------------------------------------------------------
10\\192.4.21.209\test\
-------------------------------------------------------------------------------
總計 已複製 略過 不符 失敗 額外
目錄 : 1 0 1 0 0 0
檔案 : 10 0 10 0 0 0
位元組 : 1.49 m 0 1.49 m 0 0 0
時間 : 0:00:00 0:00:00 0:00:00 0:00:00
已結束 : Fri Dec 09 12:26:53 2016
no error popup but new folder were no grand access right.
May I have help?
I am running Windows Server 2003 R2 (I know it's old, I'm in the process of upgrading it now to 2012) on an old HP ProLiant server. It's worked for ages, but yesterday morning it booted up with the blue screen of death, saying:
STOP c0000135 unable to locate component csrsrv.dll not found. Reinstalling the application may fix the problem.
I have tried coping the file from C:\WINDOWS\ServicePackFiles\i386\csrsrv.dll to C:\WINDOWS\system32\ using a WS2003R2 recovery disk, but it still doesn't work. I'm not sure what to do now...
I do have backups, but I'd prefer just to get this server back up and running so that I can continue to migration so that I can decommission it permanently and put it out to pasture...
Any help and guidance is greatly appreciated.
Thanks in advance!
Hi,
I was wondering if it's common practice for companies to disable windows updates completely in the control panel on our terminal server ?
Or should we disable them another way ?
Can we encounter issues afterwards when we do need updates ? (we would temporary re-enable it in the control panel and disable it afterwards)
Thank you
Hello
I need to give one user rights to a subfolder \\nt54\test\2017 and just that 2017 folder nothing above.
using mmc to see shared folders that lives an external device.
the share "test" share permissions has individual users listed. ( no security tab)
using explorer to the \\nt54\test\2017 , the security tab has everyone object with full rights, inherited. I added the user here to this security tab but they don't get rights.
If I add them to the "test" parent share with just READ the can see documents name and then traverse down to the 2017.
how to give just access to the 2017?
How to cleanout the Winsxs\Temp\PendingRenames (8000+ files), PendingDeletes folders? On 2012 R2 VMware VM ran sfc/scannow. Finished without issues. Rebooted a number of times. I ran "Dism.exe /online /Cleanup-Image /StartComponentCleanup" with the TrustedInstaller service running.