I have a Win2k3 DC that has one of my DNS servers on it.  I have removed all of the FSMO roles and confirmed they are removed.  The user is a part of the Enterprise Admin group.   When i try to remove the DC through dcpromo I get the following error in the dcpromo.log.  I would like to keep from using /forceremoval but is this a sign of something wrong in my AD or just on the DC i am trying to remove.

My server is a windows server 2008 R2, it is my application server that runs MS SQL 2008 on it.

I noticed that at night by exactly 12:33:00am the server restart on its own and when this happen it disrupt operations.

I did not set any task schedule in my windows.

I went to event viewer to know what was the cause of the problem, this was what I got:

The process C:\Windows\system32\shutdown.exe (DATABASE)has initiated the restart of computer DATABASE on behalf of user NT AUTHORITY\SYSTEM for the following reason: No title for this reason could be found

Shutdown type: restart

I'm having trouble running scheduled tasks on a Windows Server 2003 R2 server.

Searching the responses in the forum provided some insights, but nothing that fixed the problem.

Several of the responses on the forum indicated that the scheduled tasks should be logging to "%systemroot%\Schedlgu.txt". I tried to locate this file, but I couldn't find it. Since it seemed reasonable that a scheduled task might not run without the log file being available, I created the log file and made sure that it was writeable.

I also made sure that the Task Scheduler service was running under a Local System Account.

When I run the "schtasks" command from the command line, all of the tasks are shown with a status of "Could not start". The Event logs show nothing and the "%systemroot%\Schedlgu.txt" file is empty.

The tasks that I want to run on a scheduled basis are both ".bat" files and both work properly when launched manually from the commmand line.

Any assistance would be greatly appreciated.

Thanks in advance.

Hello,

We have 2 vmware virtual machines running an evaluation version of windows server 2016 standard.  Are we able to license them with windows server 2016 datacenter licenses?  

Hi,

try these ----

1. connect to a remote desktop by using mstsc with remote audio play on this computer, everything is fine.

2. disconnect. 

3. play something on local desktop, NO SOUND AT ALL, even system sounds.

4. everything goes fine after reboot.

we must schdule a reboot because we have no choice on a SERVER SYSTEM. that's  annorying

how to fix it ?

Hi

we have AD based on windows server 2012 R2 and we need to change the domain name , we have to consider the below

• There are Exchange 2013 4 nodes with DAG
• There are SQL Always On 3 Nodes
• There are Hyper V failover cluster with 6 hosts
• Certificate authority server in place and certificates have been generated to multiple services.
• There is no DFS or file redirection
• There are 700 machines joined to this domain.
• There is no bit-locker has been configured
• 1 forest with 1 domain , no child domains or trees

I want to know the best way to change the domain name to new name and what is the considerations?

Thanks

MCP MCSA MCSE MCT MCTS CCNA

We are using Qualys for scanning patch compliance for Windows Server 2016. Though we have installed latest Cumulative update on 2016 server is still showing as non complaint with .Net frame work updates. 

Even after upgrading the .Net framework to 4.8 and installing cumulative patches related to 4.8 still machine are flagging as vulnerable. Qualys is detecting vulnerability by showing  this folder %windir%\Microsoft.NET\Framework64\v2.0.50727. Can you please help what this folder is related to and is it necessary to keep in Win 2016 server.

Can i upgrade my hyper-v server 2016 (free hypervisor) to hyper-v server 2019 (core preview) without doing a clean installtion?

ISO: Windows_InsiderPreview_ServerHypercore_17692

I plan to use rufus to create a bootable USB using the aforementioned ISO on previous upgrades i just boot from the USB and it indicated the the verison on the USB is newer then than the one istalled so it offered my and upgrade, is it the same with this corepreview?

Thank you, God speed

Hi all,

I've a Windows Server 2003 hosting a standalone root CA and I think that its secure channel with the domain is corrupted. I can log on in this machine only with the local administrator, no domain user can log on. When, logged as local administrator, I try to run the "Test-ComputerSecureChannel" cmdlet I get this error:

Good Morning,

   I'm working on resolving issues in the event logs of some of the servers for one of our clients and came across this.  I've seen this error before, but what makes this one different is that the Domain Controllers are mostly Server 2003, not 2008 R2, where I saw this the last time.

I followed the instructions of http://support.microsoft.com/kb/977695 which had me add IIS AppPool\ to the DefaultAppPool in the GptTmpl.inf file located in C:\WINDOWS\SYSVOL\sysvol\domain.name\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows NT\SecEdit but this has had no effect on the issue.  I have run "gpupdate /force" on the server to confirm that it is getting the updated copy of the template file, and it is.

I have also checked the other SceCli threads, but most of them are related to Server 2008 R2, and when they made the recommended changes in the KB article it worked.  Any assistance would be appreciated.  Thank you.

I am including the relevant files / logs.

EVENT LOG ERROR:

Event Type:Warning

Event Source:SceCli
Event Category:None
Event ID:1202
Date:3/15/2012
Time:11:14:51 AM
User:N/A
Computer:servername
Description:
Security policies were propagated with warning. 0x534 : No mapping between account names and security IDs was done.


Advanced help for this problem is available on http://support.microsoft.com. Query for "troubleshooting 1202 events". 


Error 0x534 occurs when a user account in one or more Group Policy objects (GPOs) could not be resolved to a SID.  This error is possibly caused by a mistyped or deleted user account referenced in either the User Rights or Restricted Groups branch of a GPO.  To resolve this event, contact an administrator in the domain to perform the following actions: 


1.Identify accounts that could not be resolved to a SID:


From the command prompt, type: FIND /I "Cannot find"  %SYSTEMROOT%\Security\Logs\winlogon.log


The string following "Cannot find" in the FIND output identifies the problem account names.


Example: Cannot find JohnDough.


In this case, the SID for username "JohnDough" could not be determined. This most likely occurs because the account was deleted, renamed, or is spelled differently (e.g. "JohnDoe"). 


2.Use RSoP to identify the specific User Rights, Restricted Groups, and Source GPOs that contain the problem accounts:


a.Start -> Run -> RSoP.msc
b.Review the results for Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment and Computer Configuration\Windows Settings\Security Settings\Local Policies\Restricted Groups for any errors flagged with a red X.
c.For any User Right or Restricted Group marked with a red X, the corresponding GPO that contains the problem policy setting is listed under the column entitled "Source GPO". Note the specific User Rights, Restricted Groups and containing Source GPOs that are generating errors. 


3.Remove unresolved accounts from Group Policy


a.Start -> Run -> MMC.EXE
b.From the File menu select "Add/Remove Snap-in..."
c.From the "Add/Remove Snap-in" dialog box select "Add..."
d.In the "Add Standalone Snap-in" dialog box select "Group Policy" and click "Add"
e.In the "Select Group Policy Object" dialog box click the "Browse" button.
f.On the "Browse for a Group Policy Object" dialog box choose the "All" tab
g.For each source GPO identified in step 2, correct the specific User Rights or Restricted Groups that were flagged with a red X in step 2. These User Rights or Restricted Groups can be corrected by removing or correcting any references to the problem accounts that were identified in step 1.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

*********************************

C:\WINDOWS\SYSVOL\sysvol\domain.name\Policies\{6AC1786C-016F-11D2-945F-00C04fB984F9}\MACHINE\Microsoft\Windows NT\SecEdit\GptTmpl.inf

[Unicode]
Unicode=yes
[Event Audit]
AuditSystemEvents = 1
AuditLogonEvents = 3
AuditObjectAccess = 1
AuditPrivilegeUse = 1
AuditPolicyChange = 1
AuditAccountManage = 1
AuditProcessTracking = 1
AuditDSAccess = 1
AuditAccountLogon = 3
[Version]
signature="$CHICAGO$"
Revision=1
[Registry Values]
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\EnableSecuritySignature=4,1
MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Parameters\RequireSecuritySignature=4,0
MACHINE\System\CurrentControlSet\Services\LDAP\LDAPClientIntegrity=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\RequireSignOrSeal=4,0
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SealSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters\SignSecureChannel=4,1
MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\LDAPServerIntegrity=4,1
MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters\RequireSecuritySignature=4,0
[Privilege Rights]
SeAssignPrimaryTokenPrivilege = *S-1-5-21-2673940390-3640934957-3831995314-6138,IIS AppPool\DefaultAppPool,*S-1-5-21-2673940390-3640934957-3831995314-3107,*S-1-5-21-2673940390-3640934957-3831995314-9604,*S-1-5-20,*S-1-5-19,*S-1-5-21-2673940390-3640934957-3831995314-1316,*S-1-5-21-2673940390-3640934957-3831995314-2606,*S-1-5-21-2673940390-3640934957-3831995314-6137,*S-1-5-21-2673940390-3640934957-3831995314-6139
SeAuditPrivilege = IIS AppPool\DefaultAppPool,*S-1-5-20,*S-1-5-19
SeBackupPrivilege = *S-1-5-32-551,*S-1-5-32-544
SeBatchLogonRight = *S-1-5-21-2673940390-3640934957-3831995314-1617,*S-1-5-21-2673940390-3640934957-3831995314-6138,*S-1-5-21-2673940390-3640934957-3831995314-6137,*S-1-5-32-568,*S-1-5-21-2673940390-3640934957-3831995314-9604,*S-1-5-21-2673940390-3640934957-3831995314-2606,*S-1-5-21-2673940390-3640934957-3831995314-1316,*S-1-5-21-2673940390-3640934957-3831995314-3107,*S-1-5-21-2673940390-3640934957-3831995314-2042,*S-1-5-21-2673940390-3640934957-3831995314-2605,*S-1-5-21-2673940390-3640934957-3831995314-1315,*S-1-5-21-2673940390-3640934957-3831995314-3106,*S-1-5-21-2673940390-3640934957-3831995314-1317,*S-1-5-21-2673940390-3640934957-3831995314-3778,*S-1-5-21-2673940390-3640934957-3831995314-1120,*S-1-5-21-2673940390-3640934957-3831995314-6139
SeChangeNotifyPrivilege = *S-1-5-21-2673940390-3640934957-3831995314-6138,*S-1-5-21-2673940390-3640934957-3831995314-9604,*S-1-5-32-547,*S-1-5-32-544,*S-1-1-0,*S-1-5-32-551,*S-1-5-32-545,*S-1-5-21-2673940390-3640934957-3831995314-6137,*S-1-5-21-2673940390-3640934957-3831995314-6139,*S-1-5-21-2673940390-3640934957-3831995314-6141
SeCreatePagefilePrivilege = *S-1-5-32-544
SeCreatePermanentPrivilege =
SeCreateTokenPrivilege =
SeDebugPrivilege = *S-1-5-32-544
SeIncreaseBasePriorityPrivilege = *S-1-5-32-544
SeIncreaseQuotaPrivilege = *S-1-5-21-2673940390-3640934957-3831995314-6138,IIS AppPool\DefaultAppPool,*S-1-5-21-2673940390-3640934957-3831995314-3107,*S-1-5-21-2673940390-3640934957-3831995314-9604,*S-1-5-32-544,*S-1-5-20,*S-1-5-19,*S-1-5-21-2673940390-3640934957-3831995314-1316,*S-1-5-21-2673940390-3640934957-3831995314-2606,*S-1-5-21-2673940390-3640934957-3831995314-6137,*S-1-5-21-2673940390-3640934957-3831995314-6139
SeInteractiveLogonRight = *S-1-5-21-2673940390-3640934957-3831995314-2605,*S-1-5-21-2673940390-3640934957-3831995314-1315,*S-1-5-32-547,*S-1-5-32-551,*S-1-5-32-544,*S-1-5-32-545,*S-1-5-21-2673940390-3640934957-3831995314-3106,*S-1-5-21-2673940390-3640934957-3831995314-2042
SeLoadDriverPrivilege = *S-1-5-32-544
SeLockMemoryPrivilege =
SeMachineAccountPrivilege =
SeNetworkLogonRight = *S-1-5-21-2673940390-3640934957-3831995314-3107,*S-1-5-21-2673940390-3640934957-3831995314-2605,*S-1-5-21-2673940390-3640934957-3831995314-1315,*S-1-5-21-2673940390-3640934957-3831995314-1316,*S-1-5-32-547,*S-1-5-9,*S-1-5-32-544,*S-1-1-0,*S-1-5-32-551,*S-1-5-32-545,*S-1-5-21-2673940390-3640934957-3831995314-2606,*S-1-5-21-2673940390-3640934957-3831995314-3106
SeProfileSingleProcessPrivilege = *S-1-5-32-547,*S-1-5-32-544
SeRemoteShutdownPrivilege = *S-1-5-32-544
SeRestorePrivilege = *S-1-5-32-551,*S-1-5-32-544
SeSecurityPrivilege = *S-1-5-32-544,*S-1-5-21-2673940390-3640934957-3831995314-1109
SeServiceLogonRight = *S-1-5-21-2673940390-3640934957-3831995314-6140,*S-1-5-21-2673940390-3640934957-3831995314-6138,*S-1-5-21-2673940390-3640934957-3831995314-6137,*S-1-5-21-2673940390-3640934957-3831995314-6134,IIS AppPool\DefaultAppPool,*S-1-5-20,*S-1-5-21-2673940390-3640934957-3831995314-3809,*S-1-5-21-2673940390-3640934957-3831995314-1730,*S-1-5-21-2673940390-3640934957-3831995314-1617,*S-1-5-21-2673940390-3640934957-3831995314-9604,*S-1-5-21-2673940390-3640934957-3831995314-6125,*S-1-5-21-2673940390-3640934957-3831995314-10132,*S-1-5-21-2673940390-3640934957-3831995314-1120,*S-1-5-21-2673940390-3640934957-3831995314-6135,*S-1-5-21-2673940390-3640934957-3831995314-6139,*S-1-5-21-2673940390-3640934957-3831995314-6141
SeShutdownPrivilege = *S-1-5-32-547,*S-1-5-32-551,*S-1-5-32-544
SeSystemEnvironmentPrivilege = *S-1-5-32-544
SeSystemProfilePrivilege = *S-1-5-32-544
SeSystemTimePrivilege = *S-1-5-32-547,*S-1-5-32-544,*S-1-5-19
SeTakeOwnershipPrivilege = *S-1-5-32-544
SeTcbPrivilege =
SeDenyInteractiveLogonRight =
SeDenyBatchLogonRight =
SeDenyServiceLogonRight =
SeDenyNetworkLogonRight =
SeUndockPrivilege = *S-1-5-32-547,*S-1-5-32-544
SeSyncAgentPrivilege =
SeEnableDelegationPrivilege = raphael,*S-1-5-21-2673940390-3640934957-3831995314-1617,*S-1-5-21-2673940390-3640934957-3831995314-512

*****************************************************************

Latest winlogon.log entry:

Hi, I love the MMC to manage my servers very much. I installed the RSAT, and the MMC is a very good utility to manage the services on the severs remotely. You can see the following screenshot. Many services are managed by my console.

However, when I tried to save the event logs as evtx format from remote server to my local laptop with MMC, it failed. I cannot understand why Microsoft doesn't allow it. I have to RDP to every server and save the event logs. It's too troublesome. And I believe Mircorosft originally recommend us to use RAST and MMC to manage remote servers!

• Servers: Windows Server 2008 R2
• My laptop: Windows 7

Windows Server 2008 R2

we've been educating users on proper file naming so that Windows will not complain but you still end up with users having deep folders and long fileanames (minutes for sales meeting for customers in north area for June 2019.xls).

we can place quotas on disk space usage but can we place limits on file/folder name lengths to use?

Hi Team, 

Can anybody confirm what this the current version of MSMQ in Windows Server 2016.

Last version was 6.3 in Windows Server 2012 R2.

Naveed Amir

Hi Experts!

How can i manage migrating Nutanix cluster in prism console ? What we have in nutanix cluster is same with our hypervisor failover cluster. Compose of host and VM's that required for us to migrate/ move to new domain since we're decommissioning the old domain. Can some please give me the best practices and best approach on the steps on how to migrate through web console of nutanix in prism. 

Scenario is not the same with MS hyper-v fail-over cluster. Moving Nutanix cluster to different domain is not easy for me. Is there any step by step procedure on how to do that ? . 

Homer Sibayan

Hi I would like help in setting up the task scheduler in window server 2008 to run an event which is a php script when a new file is received in a particular folder. This file is copied via FTP ad moved into a particular folder. I would like every time a file arrives to trigger the script to run. There is the chance that more than one file might be received at the one time and so to keep things manageable i would like only one instance or a maximum of say two instances of this task to be created and run simultaneously. if more files are received then the task would be triggered once the first ones have completed. Can someone please help me in setting something like this up?any help would be greatly appreciated.

thanks

What is TechNet Guru Competition?

Each month Microsoft TechNet Wiki council organizes a contest of the best articles posted that month. This is your chance to be announced as MICROSOFT TECHNOLOGY GURU OF THE MONTH!

One winner in each category will be selected each month for glory and adoration by the MSDN/TechNet Ninjas and community as a whole. Winners will be announced in dedicated blog post that will be published inMicrosoft Wiki Ninjas blog, a tweet fromMicrosoft Wiki Ninjas Twitter account, links will be published atMicrosoft TNWiki group on Facebook, and other acknowledgement from the community will follow.

Some of our biggest community voices and many MVPs have passed through these halls on their way to fame and fortune.

If you have already made a contribution in the forums or gallery or you published a nice blog, then you can simply convert it into a shared wiki article, reference the original post, and register the article for the TechNet Guru Competition. The articles must be written in July 2019 and must be in English. However, the original blog or forum content can be from beforeJuly 2019.

Come and see who is making waves in all your favorite technologies. Maybe it will be you!

Who can join the Competition?

Anyone who has basic knowledge and the desire to share the knowledge is welcome. Articles can appeal to beginners or discusse advanced topics. All you have to do is to add your article to TechNet Wiki from your own specialty category.

How can you win?

1. Please copy/Write over your Microsoft technical solutions and revelations to TechNetWiki.
2. Add a link to your new article on THIS WIKI COMPETITION PAGE (so we know you've contributed)
3. (Optional but Recommended) Add a link to your article at the TechNetWiki group on Facebook to get feedback and tips from the council members and from the community. The group is very active and people love to help. You can even get direct improvements to your article before the contest starts.

Do you have any question or want more information?

Feel free to ask any questions below, or Join us at the official MicrosoftTechNet Wiki groups on facebook. Read More about TechNet Guru Awards.

If you win, people will sing your praises online and your name will be raised as Guru of the Month.

PS: Above top banner came from James van den Berg.

Please, If you think your question has been answered click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.

A client has two 2008 R2 SP1 domain controllers behind a pfSense firewall. Outgoing access for the DCs is whitelisted by destination port and domain. I've added the usual Windows Update sites to the whitelist:

• download.windowsupdate.com
• download.microsoft.com
• download.windowsupdate.com
• wustat.windows.com
• ntservicepack.microsoft.com
• go.microsoft.com

DNS on the domains shows several possible forwards to other domains, including

• sls.row.update.microsoft.com.akadns.net
• fe2.update.microsoft.com.nsatc.net
• www.update.microsoft.com.nsatc.net
• a23-209-176-51.deploy.static.akamaitechnologies.com

and others. I have also added those domains to the whitelist, but the firewall is still blocking the DCs from getting updates. However, if I change the filter to allow all destination domains without changing the allowed port list, the DCs can get updates.

While this may be an issue with pfSense, and I will investigate that possibility elsewhere, I must consider the possibility that other domains are involved that must be whitelisted. Is there a definitive list of domain names used by Microsoft for updates?