ikon

Forum Replies Created

Viewing 30 posts - 31 through 60 (of 91 total)
  • Author
    Posts
  • Avatar
    ikon
    Member
    in reply to: User Account Lock Out Oddity #354261

    Re: User Account Lock Out Oddity

    here is something i just found that migth explain a little better.

    http://207.46.16.252/en-us/magazine/2009.07.windowsconfidential.aspx

    Avatar
    ikon
    Member
    in reply to: User Account Lock Out Oddity #354260

    Re: User Account Lock Out Oddity

    I believe this is default behaviour, since the user is logged on the credentials are cached, the cahced crednetials are only destroyed at Log-off or when the machine shutsdown, unlocking the workstation uses cached credentials, unless unlocking the workstation as the Administartor then a full kerberos logon will take place with the DC.

    Avatar
    ikon
    Member
    in reply to: Add 2003 DC to 2008 Network #354259

    Re: Add 2003 DC to 2008 Network

    You cant add 2003 DC’s to 2008 Domain Function level Domains.

    thats why you need to post your Domain function level.

    Avatar
    ikon
    Member
    in reply to: Reduce DNS Traffic #354258

    Re: Reduce DNS Traffic

    Another Though..

    Are you using Root Hints if no forwarder is avaliable, check your forwarders configuration make sure its working correctly, or even try different forwarder, using root hints will cause every non cached lookup to be recursive, apart from zone related lookups.

    Avatar
    ikon
    Member
    in reply to: a ip address points to multiple machine names #354257

    Re: a ip address points to multiple machine names

    Most likely you have multiple A records in DNS pointing to 1 IP Address, common cause for this is DHCP.

    you can open up the DNS Snap in and sort the field IP Address you can easily see the 3 IP address and the host names, delete the incorrect machines, then ipconfig /registerdns on the machines that where invalid.

    Make sure you have secure dynamic updates in DNS properties for your domain.

    and in DHCP Properties make sure Allow Dynamic updates is enabled.

    Thanks

    Avatar
    ikon
    Member
    in reply to: Reduce DNS Traffic #354256

    Re: Reduce DNS Traffic

    Are your servers open to the Internet for DNS?

    Thats a lot of Recursive queries.

    Recursive queries should only happen when the client or server have no cache or information in its zone for the requested domain.

    they are very intensive queries, im wondering if you are being attacked.

    check that you have “Secure cache againts Polution” enabled in DNS this will help against DNS Polution attacks.

    Try to find out where the traffic is coming from, and how often, run Wireshark on the DNS server.

    Avatar
    ikon
    Member
    in reply to: User lockdown #354255

    Re: User lockdown

    http://support.microsoft.com/kb/278295

    Maybe this will help you.

    :idea:

    Avatar
    ikon
    Member
    in reply to: ESXi iSCSI Solution #354254

    Re: ESXi iSCSI Solution

    For now 1 server will be connected to the SAN, untill i setup ESXi on our DL380 G5, which will be very soon.

    Thanks for your reply.

    Avatar
    ikon
    Member
    in reply to: User Account Lock Out Oddity #354253

    Re: User Account Lock Out Oddity

    Im pretty sure this is to do with kerberos Tickets, once the user is authenticated the Client will store the Session Key and TGT in Volatile memory the Ticket has a lifetime.

    so the client has pre-authenticated, work station locked and was able to open with saved session keys.

    in the reverse the client tried to log in, has no session key or has expired and authenticates with DC, DC says you are locked Go Away.

    This is how i believe it to work.

    There are some kerberos Tools avaliable to diagnose.

    Avatar
    ikon
    Member
    in reply to: how to run Server 2008 R2 as a DC in Windows 2003 domain #354252

    Re: how to run Server 2008 R2 as a DC in Windows 2003 domain

    My Original Post was meant to say there is a Bug with Exchang 2007 SP2 using Windows Server 2008 R2 DC’s, the Bug is only if you habe nothing but 2008 R2 DC’s.

    The problem

    http://www.howexchangeworks.com/2009/09/problems-with-exchange-2007-sp2-setup.html

    The FIX

    http://msexchangeteam.com/archive/2009/09/15/452494.aspx

    Avatar
    ikon
    Member
    in reply to: MPLS WAN issue #354251

    Re: MPLS WAN issue

    Link a hub between the MPLS and Network2, install Wireshark to a PC and connect it to the hub.

    you will have to graphically monitor the Through-put for a few days to see if there is any consistancy in the slow downs, i use tools like cacti and MRTG using snmp.

    here is a basic guide to wireshark.

    http://portforward.com/networking/wireshark.htm

    maybe you have some better tools in your arsenal like solarwinds.

    Im affraid its one of those fault finding issues, there is always a rational explanation.

    Good Luck.

    Avatar
    ikon
    Member
    in reply to: User lockdown #354250

    Re: User lockdown

    How are your users configured, what access levels?

    Avatar
    ikon
    Member
    in reply to: Problem with GPresult /RSOP #354249

    Re: Problem with GPresult /RSOP

    Can you post you RSoP logs for Planning Mode and Logging mode?

    Thanks

    Avatar
    ikon
    Member
    in reply to: how to run Server 2008 R2 as a DC in Windows 2003 domain #354248

    Re: how to run Server 2008 R2 as a DC in Windows 2003 domain

    You can run Windows 2008 DC’s with 2003 DC’s you just cant raise the domain function level to Windows 2008.

    Here is a post i did on the whole process

    http://forums.petri.com/showthread.php?t=39841

    I know there is an Issue with Windows 2008 R2 Only domain controllers, its an MS bug, so if your planning Moving to 2008 R2 only DC’s wait for the Fix (not sur eif theer is a fix yet without calling MS)

    you have 2003 DC with excange 2007 installed so your ok.

    although i wouldnt personally have exchange installed on a DC.

    Im not sure if after you upgrade to 2008 Schema you have to re run exchange forestprep or domanprep, i dont think so but this will be answered by someone im sure.

    Avatar
    ikon
    Member
    in reply to: Dual ISP with Cisco ASA 5505 #354247

    Re: Dual ISP with Cisco ASA 5505

    You could try Policy based routing using the “set next hop”

    access-list 101 permit ip host x.x.x.x any

    route-map internet2 permit 101
    match ip address 101
    set ip next-hop x.x.x.x

    ive never done it but worth a shot

    Avatar
    ikon
    Member
    in reply to: Windows 7 WSUS SP2 Office 2007 SP2 Update!! #354246

    Re: Windows 7 WSUS SP2 Office 2007 SP2 Update!!

    Yes Daemon Tools was installed on all 3 machines, but it has been installed for a while.

    i only got this problem after the SP2 for office 2007, seems strange and could be co-incidence.

    L4ndy thanks it was a type-o the KB was “953195” not “953194”

    I think then that deamon tools and SP2 for office 2007 and or one of a few other Office cirital updates that where installed coul of caused the issue.

    and funnily enough in my VM windows 7 i have installed the updates with no problem without daemon tools installed.

    well thanks guys

    i guess ill re-format and cancel the MS ticket as they wont care for 3rd party apps in any case.

    Avatar
    ikon
    Member
    in reply to: Clustering help #354245

    Re: Clustering help

    You CAN Extend Basic Disks…

    I see what your asking but you are TELLING us that Basic Disks cannot be extended and they can, only boot volumes can’t be extended or Data Volumes that have a page file, the page file must be moved first.

    There are RULES for Expanding that is all.

    http://support.microsoft.com/kb/325590

    Avatar
    ikon
    Member
    in reply to: Problem with GPresult /RSOP #354244

    Re: Problem with GPresult /RSOP

    Ok

    Run “gpotool” on one of your DC’s gpotool.exe is found in the windows 2003 resource kit.

    This tool will show any problems with GPO accorss your DC’s

    also your log you generated was logging mode, logging mode shows you Currently applied GPO’s

    Planning mode will show you what you should recieve from new GPO’s like a compare.

    Please post both.

    Thanks

    Avatar
    ikon
    Member
    in reply to: Active Directory #354243

    Re: Active Directory

    This looks like an exam question is this something you ar elooking to do or do you need a general answer?

    With ADSIedit, i know you can change the default for new users created so the display name is “Lastname , Firstname” instead if “Firstname, Last name”

    But to change 3000 existing users you would need some sore of ADSI script.

    Well im pretty sure anyway.

    Avatar
    ikon
    Member
    in reply to: Windows 7 WSUS SP2 Office 2007 SP2 Update!! #354242

    Re: Windows 7 WSUS SP2 Office 2007 SP2 Update!!

    Yes it was definately “The 2007 Microsoft Office Suite Service Pack 2” KB 953194

    Ive created a Virtual Machine with windows 7 and im going to replicate the problem again using WSUS.

    Microsoft contacted me late last night when i was out of the office so ill call them today.

    Avatar
    ikon
    Member
    in reply to: Clustering help #354241

    Re: Clustering help

    1st Google search http://support.microsoft.com/kb/304736

    2nd Google search; First of all, you should extend the LUN in the Storage Contoller

    Maybe this helps or maybe you have seen this already..

    Avatar
    ikon
    Member
    in reply to: Windows 7 WSUS SP2 Office 2007 SP2 Update!! #354240

    Re: Windows 7 WSUS SP2 Office 2007 SP2 Update!!

    I have got an MS Support ticket open for this, ill let you know how it goes. :confused:

    Avatar
    ikon
    Member
    in reply to: list of users in security groups and distribution groups #354239

    Re: list of users in security groups and distribution groups

    you can use csvde to export an OU to csv file and read the attributes.

    http://www.computerperformance.co.uk/Logon/Logon_CSVDE.htm

    Avatar
    ikon
    Member
    in reply to: Migrating from in house to hosted exchange #354238

    Re: Migrating from in house to hosted exchange

    It depends on the tools you mya get from the hosting company.

    Generally you configure outlook with a .PRF file from the Host, this sets up Outlook with RPC over HTTPS, so your clients can communicate with the new exchange server.

    for the time being you can have 2 profiles, one for local exchange other for the new Hosted exchange, untill you are ready to remove exchange entirely from your network.

    you can create a .PST of each users inbox using ex-merge or manually.

    then import the .pst into the hosted excange profile of each user, depending on the size of the mailbox it cant take a while to synch.

    You are best to ask the exchange host what tools are avaliable to migrate.

    Hope this helps.

    Avatar
    ikon
    Member
    in reply to: Unable to restore windows 2003 active directory backup #354237

    Re: Unable to restore windows 2003 active directory backup

    It’s nice to see someone with a plan before they start messing with AD…

    yeah as L4ndy said seems liek your trying to restore to different hardware.

    Avatar
    ikon
    Member
    in reply to: Active Directory Problems #354236

    Re: Active Directory Problems

    I cant stress enough how important replication is, you should run netdom query fsmo on all DC’s make sure they all report the same information.

    also use replmon and repadmin to check replication before you start shutting down DC’s.

    transfering a role and shutting the server down is not good practise without performing the above steps.

    Avatar
    ikon
    Member
    in reply to: Problem with GPresult /RSOP #354235

    Re: Problem with GPresult /RSOP

    http://forums.petri.com/showthread.php?t=40473

    The post above should help you, see the last reply.

    Avatar
    ikon
    Member
    in reply to: Optimal Disk Config #354234

    Re: Optimal Disk Config

    Thanks for the advice ++

    I have some DL380 G5’s with similar stats, smaller memory, we just wanted to use the DL580 as its a beast and 1 Server will not fill its boots.

    The external raid controller or DAS is a very good idea that i will consider, at the moment im stuck with what ive got.

    most of the guests will be Linux machines, Squid proxy, Nagios, 1 however will be running LAMP with a 1GB Mysql database, and other a Windows File Server.

    Good thing about Virtual Machines is they can be moved around i guess, so i will go ahead for now.

    Thanks again for advice.

    Avatar
    ikon
    Member
    in reply to: Problem with GPresult /RSOP #354233

    Re: Problem with GPresult /RSOP

    Your Problem is because you Global policy setings are “Not Defined” meaning that that can be changed by the user.

    so what yo have done is moved your workstation to a GPO object OU and that policy was applied, i.e. firewall and proxy, when you move out of this container the policy you have is now not defined but you still have the setting applied as you have not changed it.

    Working as intended.

    change the Proxy settings manually and Firewall or make you global policy define the settings you want globally.

    hope this helps

    Avatar
    ikon
    Member
    in reply to: 2008 DC not starting… #354232

    Re: 2008 DC not starting…

    1 option would be to install over the top of existing installation, then restore from backup.

    You could try using “msconfig” to selectively load certain services and try to faut find your problem.

    try running a chkdsk /r

    Hope this may help.

Viewing 30 posts - 31 through 60 (of 91 total)