Most of my servers are running Windows 2012-2019.  I want to enable Kerberos encryption via Group Policy.

In the past, I tested this on a few MSSQL servers and had problems with service accounts until I realized that I needed to enable the "This Account supports Kerberos AES 128-256 bit encryption." option on the Active Directory Service Accounts.

I want to enable this on my entire network now.  Would enabling the 2 options for AD Service Accounts potentially have any negative impact? 

I'm not going to enforce Kerberos Encryption quite yet using Group Policy.  I first just want to enable the:

This Account supports Kerberos AES 128 bit encryption.

This Account supports Kerberos AES 256 bit encryption.

We have 3 DFS servers in our network. Each is at a different site. Today we noticed that one of the servers isn't getting updates from the main server. I create a file on the main server but it never appears on Server B. I then discovered that there is about a 70000 file backlog for Server B. I tried restarting the replication service on both the main server and server B. I also checked the DFS Replication logs. I have these errors.

Event ID 4304: The DFS Replication service has been repeatedly prevented from replicating a file due to consistent sharing violations encountered on the file.

Event ID 4202: The DFS replication service has detected that the staging space in use for the replicated folder is above the high watermark.

These errors showed up about 2 days ago but haven't come up since then. I increased the staging space to 20gb as well. I did notice that server B can still replicate to the main server. It's just that the main server can't replicate to server B. Everything seems to be fine between Main server and server C. I am going to try rebooting the main server tonight to see if that makes any difference. I ran a health diagnostic report in DFS on server b and it came back clean. If I run the same report on main server, it tells me about event id 4304. 

Any help would be much appreciated.

Hi

We have a subset of users that will take their domain joined laptops offsite and therefore will not have domain connectivity for upto 6 months.

Will there be any issues in terms of them logging in to the machines?

All users will have logged in to there laptops with a domain account when on the network so their credentials will be cached (we have the default GPO of 10 cached logons)

Would we have any issues with the devices after a period? 

I do recall seeing "no log on server available" messages appear in other instances - would this happen in this case?

Jay

in place upgrade of windows 2008R2SP1 VM to server 2012 failing  with error InstallWindows:Error Type = 3211266

Tried everything - any help needed as the server has some legacy config so new server build cant be an option 

Sample of  setupact.log

020-04-07 02:32:59, Info       [0x090086] PANTHR pWorkerThreadFunc -- Stopping
2020-04-07 02:32:59, Info       [0x090086] PANTHR pWorkerThreadFunc -- Stopping
2020-04-07 02:33:00, Info                  PANTHR DeleteCriticalSection for pExecQueue->csLock;
2020-04-07 02:33:00, Info       [0x0500bd] DU     Module_Term_DU called
2020-04-07 02:33:00, Info       [0x050081] DU     Done with DU. DUMgr is cleaning up...
2020-04-07 02:33:00, Info       [0x050082] DU     Cleanup completed
2020-04-07 02:33:00, Info       [0x0605a6] IBS    Requested UI to hide the language and locale selection pages.
2020-04-07 02:33:00, Info       [0x06010d] IBS    Module_Term_Productkey: Valid product key in blackboard, show property set to hide.
2020-04-07 02:33:00, Info       [0x090081] PANTHR Destroying any unreferenced modules! (SEQ6)
2020-04-07 02:33:00, Info       [0x0601d7] IBS    InstallWindows:Error Type = 3211266
2020-04-07 02:33:00, Info       [0x090009] PANTHR CBlackboard::Close: c:\windows\panther\setupinfo.

output of setuperr.log

2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\IMKRMIG.DLL) gle=0
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\CHXMIG.DLL) gle=126
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\CHXMIG.DLL) gle=0
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\TableTextServiceMig.dll) gle=126
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\TableTextServiceMig.dll) gle=0
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\IMJPMIG.DLL) gle=126
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\IMJPMIG.DLL) gle=0
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\IMKRMIG.DLL) gle=126
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\IMKRMIG.DLL) gle=0
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\CHXMIG.DLL) gle=126
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\CHXMIG.DLL) gle=0
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\TableTextServiceMig.dll) gle=126
2020-04-07 02:13:14, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\TableTextServiceMig.dll) gle=0
2020-04-07 02:13:27, Error      [0x0808fe] MIG    Plugin {65cbf70b-1d78-4cac-8400-9acd65ced94a}: CreateProcess(s) failed. GLE = d
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\IMJPMIG.DLL) gle=126
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\IMJPMIG.DLL) gle=0
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\IMKRMIG.DLL) gle=126
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\IMKRMIG.DLL) gle=0
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\CHXMIG.DLL) gle=126
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\CHXMIG.DLL) gle=0
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\TableTextServiceMig.dll) gle=126
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\TableTextServiceMig.dll) gle=0
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\IMJPMIG.DLL) gle=126
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\IMJPMIG.DLL) gle=0
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\IMKRMIG.DLL) gle=126
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\IMKRMIG.DLL) gle=0
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\CHXMIG.DLL) gle=126
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\CHXMIG.DLL) gle=0
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibraryEx error (C:\$WINDOWS.~BT\Sources\ReplacementManifests\Microsoft-Windows-TextServicesFramework-Migration\TableTextServiceMig.dll) gle=126
2020-04-07 02:13:31, Error      [0x0808fe] MIG    Plugin {0b23c863-4410-4153-8733-a60c9b1990fb}: LoadLibrary error (C:\Windows\system32\TableTextServiceMig.dll) gle=0
2020-04-07 02:17:08, Error      [0x0808fe] MIG    Plugin {ee036dc0-f9b7-4d2d-bb94-3dd3102c5804}: BRIDGEMIG: CBrgUnattend::CollectBridgeSettings failed: 0x1, 0
2020-04-07 02:17:16, Error      [0x080389] MIG    Failure while calling IDiscovery->Gather for Plugin={ServerPath="Microsoft-Windows-DeviceAssociationFramework\dafmigplugin.dll", CLSID={C939EC0F-2F56-4CE8-AF56-2336596A5FA7}, ThreadingModel=Apartment}. Error: 0x80010105
2020-04-07 02:31:26, Error                 MIG    COnlineWinNTPlatform::AddPathToSearchIndexer - Failed to create CSearchManager instance, error: 0x80040154[gle=0x000003f0]
2020-04-07 02:32:35, Error                        MigApply caught exception: FormatException: CFilePattern::ValidateAndSavePattern, Invalid pattern C:\Windows.old\Windows\SysWOW64 [ror: 40 - could not open a connection to sql server) ---> the system cannot find the file specifiedEmCliSrv_Rejected.xml:$DATA] void __cdecl Mig::CFilePattern::ValidateAndSavePattern(class UnBCL::String *,class UnBCL::String *)
2020-04-07 02:32:35, Error                 MIG    pDoOnlineApply: Apply operation failed. Error: 0x00000004
2020-04-07 02:32:35, Error      [0x0802f5] MIG    CMediaManager::Close: m_pSelectedTransport->Close(1) failed with Exception Win32Exception: Device was open with readonly access.: Access is denied. [0x00000005] void __cdecl Mig::CMediaManager::CloseTransport(int)
void __cdecl Mig::CUNCTransport::Close(int).
2020-04-07 02:32:35, Error                        MigCloseCurrentStore caught exception: Win32Exception: Device was open with readonly access.: Access is denied. [0x00000005] void __cdecl Mig::CMediaManager::CloseTransport(int)
void __cdecl Mig::CUNCTransport::Close(int)
2020-04-07 02:32:36, Error                 MIG    Callback_ApplyNewSysMachineSpecific: Migration phase failed.

Had a go with the clean bootlogged in as local Administrator and no joy , Looks like the same result . gets to the end and after stuck on “getting ready” screen . Then its rolled back

i have a windows server 2008 enterprise SP2, on this server is installed visual studio 2010, and the sharepoint 2010. i installed the mysql connector net 8.0. 19 because i need them for my bdc on external database in sharepoint but this application mysql connector 8.0.19 is not appopriate i need older version of this application. i tryed with installation the mysql connector net 6.64 but i receive message like on picture

i tryed with uninstall the mysql connector net 8.0.19 but every time i receive error in event viewer

Windows Installer removed the product. Product Name: MySQL Connector Net 8.0.19. Product Version: 8.0.19. Product Language: 1033. Removal success or error status: 1603.

i used third party application the geek and i removed this application but in control panel/programs and features i found that my version 8.0.19 exists. every time when i try that i uninstall this application application make roll-up and i cannot uninstall them..

i tryed with next command

msiexec /x mysql-connector-net-8.0.19.msi /L*v c:\UninstallLog.txt

i have the log file.

I'm planning to migrate my current KMS Host(Windows Server 2019) to another Windows Server 2019 coz current machine is kind of corrupted while I do that I have below questions which I believe should be answered while I do that:-

1. Can I find out how many machines have been activated via my current KMS host & can I get the machine names or IP address ?

2. I also see VAMT installed on the KMS host, does that mean anything ? Like I'm trying to understand what VAMT has to do with KMS host ?

3. Can I see what all products can be activated via my current KMS host, like just server or office or windows 10 as well ?

4. Does KMS host keeps a track of machines its activating, if so where ?

5. Can I somehow verify what all keys are installed on the KMS host , like can I view them on the host ?

6. What does partial product key here, is that the part of actual key from MS VLSC ?

7. The attachment says WS16Channel, does that mean it cannot activate Windows Server 2019 but only till Windows Server 2016 ?

Sharing the output of slmgr /dlv all in case that helps.

We need to restrict WinRM access to workstations from specific subnet, for everyone (including Domain Administrators)

Set-Item wsman:\localhost\client\trustedhosts 19.20.30.*

But access is possible from every subnet, after some research i found out above command limits only outgoing connection.

We tried following:

Windows Components/Windows Remote Management (WinRM)/WinRM Service

IPv4 filter: workstation subnet only

if in IPV4 filter is any other subnet, i can't WinRm to machines in worksation subnet

Can WinRm from any subnet to workstation subnet

How to limit WinRM for specific  subnet only

Hello, 

is it officialy supported to have a Windows 2019  Domaincontroller and Terminalserver one the same Hardware?

is it officialy supported to have a Windows 2019  Terminalserver  (without Domaincontroller) ?

Hello ,

I have checked on my domain and i saw that i have some computers accounts which have this flag "65536" which means "Do not expire passwords"set beside "workstation trust account" flag .

As i know all windows computers  from Windows 2000 until Windows Server 2016 automatically change their password every 30 days. I want to enforce for all computers accounts with this flag to change their password after 30 days but besides of windows system i have Linux OS.

Exist the possibility to have an negative impact if i will try to "delete" this flag 65536, for example to broke the secure channel and lose the connection with Domain Controller.

Since Windows Server 2003 has passed end of life support, can it still be activated?  I reinstalled (new installation) the OS on the same machine it was originally installed on, and it needs to be activated.

Due to security patches, etc..., I don't plan on connecting it to the internet, I plan on using it with some older motion control hardware that we still use.

Thanks.

When logged in and member of the administrators groups, if I try to save a file I get 

'You don’t have permission to save in this location. Contact the administrator to obtain permission. Why do I get this result and how do I fix this problem. 

Hello!

I need to create a scheduled task on client computers via gpo. For this I created the scheduled task according to this - https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008\/cc725745(v=ws.11)?redirectedfrom=MSDN -Computer Configuration\Preferences\Control Panel Settings\Scheduled Tasks. The result: gpresult /h says the gpo is applied and the gpo log displays this:

Starting Group Policy Scheduled Tasks Extension Processing.

List of applicable Group Policy objects: (No changes were detected.)

TestTask

...but the scheduled task TestTask does not get created. No errors in the logs... - What should I check in this case?

Thank you in advance,
Michael

Hello Guys ,

I have a question about IIS ARR + backend server farm member route.

I know that client could comminucate with ARR server with HTTPS protocol . What i need to configure and setup correctly for route this traffic to my backend server in the same protocoll HTTPS. 

ARR - Client   ---- HTTPS

ARR - Backend farm server member Web server  ----- HTTPS

By default i think its going through HTTP protocoll between ARR and backend servers

Where i need to configure certificate and also binding ?

Thank you !

We have a few Citrix/RDS servers where we use login and logout scripts to roam some user settings to the home drive.  We reference the home location using the %HOMESHARE% variable.  This isn't an issue under most circumstances but we have found that if the home share is not available for any reason, the %HOMESHARE% variable becomes the root of C:.  Is this the expected behavior of %HOMESHARE% if the home drive is not available?

Obviously you might imagine how this can cause some interesting things to happen with regard to scripts because now instead of a user getting their own custom settings, they could get settings from the previously logged off user.  For the time being we addressed this problem by using the drive letter mapping of the home drive but we would much prefer not do it this way.

Thanks in advance

Seems like there is a known Server 2016/Windows 10 task scheduler bug but no KB associated with it. Can we get an official KB and ETA on the fix for this? This has a huge impact on applications that rely on the task scheduler. We've had to decommission new 2016 servers and replace them with 2012 R2 because of this.

The link below describes the issue but is only posted on the Japanese technet site. Just translate it.

https://blogs.technet.microsoft.com/askcorejp/2017/12/11/mouthly_tasks_issue/

rb

Hi,

In case of lab setup; root domain, additional domain, child domain and client systems must be in the same network and sometimes we do disable firewall.

As per realistic scenarios, this setup is just like a hypothetical or dummy setup.

In realistic scenarios; root domain, additional domain, child domain and client systems all these can be in different network or in different locations. Moreover, third party firewall, router and switches are also involved.

Is it possible, I can understand the topology of the complex setup?

I believe my question requires broad explanations.

Sometimes, I feel disappointment with the dummy lab setup.

That’s why I request for your patience and help me to understand the topology of complex setup.

With Regards

MrGNS

InTechSys

Hello,

I am looking for a way to add a global security group to the BUILTIN group called schemas.microsoft.com/powershell/Microsoft.PowerShell.

You can access this group by running the below PowerShell command.

Set-PSSessionConfiguration -Name Microsoft.PowerShell -ShowSecurityDescriptorUI -Force 

Reason for needing to do this is based on this article which shows how to allow a non-admin account access to remote PowerShell Windows Endpoint access:

https://helpcenter.gsx.com/hc/en-us/articles/202447926-How-to-Configure-Windows-Remote-PowerShell-Access-for-Non-Privileged-User-Accounts

Hello!

I'm using two Windows Server 2019 hosts (deployed in 2019) which host many VMs, some of these VMs have Windows Server 2019 as a guest OS. During all this time I haven't had any issues with restarting virtual machines with WinServer 2019. A couple of days ago I tried to restart a vm with WinServer2019 and it stuck at the Choose OS to start screen - the only way to make it boot was to hit Enter - exactly as described here.

I then restarted several other VMs (Win2012R2, WinServer2016, Win10) - no issues. I then surmised  that some update might have caused it and decided to deploy a new Windows Server 2019 VM. I downloaded en_windows_server_2019_updated_dec_2019_x64_dvd_16a7884e.iso and created a new VM (gen 2). The result: Windows Server 2019 can not boot up without pressing Enter in Windows Boot Screen that makes it a completely useless OS - at least in Hyper-V (I'm using Windows Server 2019 as host OS but I can'trisk  rebooting it now remotely).

Does anybody know if it's a bug in 2019 or some new "feature" ?

Thank you in advance,
Michael

I've got a Windows 2008 Enterprise 64Bit box running in a test environment…

The system as 2 Seagate 1.5TB drives running as a striped volume and loaded with data.  This morning the volume went offline and both drives show up in the Disk Manager as both being “Invalid”.  When I try to bring the disks back online I get the following error message:

"this operation is not allowed on invalid disk pack"

Can anyone shed light on this error message?  I’ve yet to find anything on it.  Any thoughts on whether I’ll be able to recover the volume or at the very least some of the data?

 Any help would be greatly appreciated.