kgoering

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 92 total)
  • Author
    Posts
  • Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386611

    Doesn’t seems this is related to this(https://support.microsoft.com/en-us/help/4093492/credssp-updates-for-cve-2018-0886-march-13-2018) becoz changing nla to less secure option didn’t help taking the remote which worked for other patched servers/clients.

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386610

    Finally changing encryption level from FIPS Compliant to Client compatible solved the issue. Thanks….

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386609

    account used is a member of administrator. But, here the username & password page itself is not prompting.

    MSTSC -> (Server IP) -> “This computer can’t connect to the remote computer.

    Try connecting again. if the problem continues, contact owner or network administrator”

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386608

    Physical machine

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386607

    Already tried the above steps using the doc

    netsh int tcp set global chimney=disabled

    netsh int tcp set global rss=disabled

    Added EnableTCPA registry entry to 0

    didn’t find NetDMA

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386606
    biggles77;n517198 wrote:
    Is it a physical server or is it a Virtual Machine?

    Oooo, found this.

    Already tried the above steps using the doc

    netsh int tcp set global chimney=disabled

    netsh int tcp set global rss=disabled

    Added [SIZE=14px]EnableTCPA registry entry to 0

    didn’t find NetDMA

    Regards,
    Anishk[/SIZE]

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386605
    biggles77;n517198 wrote:
    Is it a physical server or is it a Virtual Machine?

    Oooo, found this.

    It is a physical server. Tried those steps already.

    netsh int tcp show global

    netsh int tcp set global chimney=disabled

    netsh int tcp set global rss=disabled

    added entry EnableTCPA registry

    didn’t find NetDMA.

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386604
    Ossian;n517190 wrote:
    Has the IP address changed?
    Can you ping etc. to the computer?

    Event ID 50 is generated in the server eventlog TermDD “The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client” while client tries rdp to the server.

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386603
    Ossian;n517190 wrote:
    Has the IP address changed?
    Can you ping etc. to the computer?

    Also, In system event logs, Event ID 50 TermDD is generated when rdp is taken “The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client”.

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote after rebooting 2008 server #386602
    Ossian;n517190 wrote:
    Has the IP address changed?
    Can you ping etc. to the computer?

    Ip address is same. iam able to ping the server and also able to take share.

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: Windows 2012 Licencing #386601
    Ossian;n516399 wrote:
    If you mean “can you use the unlimited VM license”, AFAIK the answer is no – that is only for the same OS as the host, so you will need separate 2012R2 licenses (or a 2012R2 datacentre license)
    If you mean “will they work”, the answer is yes

    Disclaimer: I am not a Microsoft Licensing expert. For an authoritative answer, get it (a) direct from Microsoft (b) in writing and (c) choose the most cost effective of the three totally different options you will get from the two salespeople you speak to.

    Also, would like to know whether upgrading existing 2012 datacenter edition to 2012 R2 Datacenter will impact the existing running VM on it.

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: Windows 2012 Licencing #386600
    Ossian;n516399 wrote:
    If you mean “can you use the unlimited VM license”, AFAIK the answer is no – that is only for the same OS as the host, so you will need separate 2012R2 licenses (or a 2012R2 datacentre license)
    If you mean “will they work”, the answer is yes

    Disclaimer: I am not a Microsoft Licensing expert. For an authoritative answer, get it (a) direct from Microsoft (b) in writing and (c) choose the most cost effective of the three totally different options you will get from the two salespeople you speak to.

    Here, the concern is we are having host OS as 2012 and VM required to be installed is 2012 R2.

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: Black Screen even after setting desktop wallpaper #386599
    Ossian;n508455 wrote:
    And the gpresult?

    Under gpresult, the policy is listed under applied ‘Applied group policy objects’

    When right clicking desktop and selecting personalisation option, i can see old as well as new wallpapers are selected. The shuffle option is enabled and to change the picture every 30 minutes by default. Could this cause the issue for getting black screen or old wallpapers ?

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: Black Screen even after setting desktop wallpaper #386598
    Ossian;n508453 wrote:
    Do you mean “it is working on non-Win7 PCs”? (if so, which OS?) Or it is working on some PCs but not all, regardless of OS?

    What does a gpresult give?

    Hi Ossian,

    It is not working for any windows 7 computers though if i right click the desktop and check for personalisation option, the correct wall paper is loaded. In some other win 7 computers, even under personalisation, the new image is not available. Most of win 8/Win 10 machines is working. Some win 8/win 10 are also not showing up like win 7 computers.

    Avatar
    kgoering
    Member
    in reply to: AD users getting locked out frequently. #386597
    Ossian;n507610 wrote:
    Really it could be anything – user stupidity, malware, hack attacks, cached credentials, poor password policies….

    Tell us a bit more about your network – what OS, how many DCs, how distributed to start with
    What do the event logs show you – where do the lockouts come from (internal or external, just a few clients…)

    When you say users are all getting locked out, do you REALLY mean all users are locked at the same time?

    Yes, All users are getting locked. It is happening in one of my colleagues company. They are using windows server 2008 R2. Single site and single domain controller. Total 200 users.

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: User policies not getting updated #386596

    Also, the issue is only with the client machines in a particular site. The client machines in other sites are updating both user and computer policy without any issues.

    Anishk;n505363 wrote:
    Hi,

    None of the user policies are getting updated. While typing, gpupdate /force, getting the following message:

    computer Policy update has completed successfully
    User Policy could not be updated successfully. The following errors were encount
    ered:

    The processing of Group Policy failed. Windows attempted to read the file \ABC.COMSysVolabc.comPolicies{5D971646-9A99-47D8-B836-AFFFGGGFFF}gpt.ini from a
    domain controller and was not successful. Group Policy settings may not be appli
    ed until this event is resolved. This issue may be transient and could be caused
    by one or more of the following:
    a) Name Resolution/Network Connectivity to the current domain controller.
    b) File Replication Service Latency (a file created on another domain controller
    has not replicated to the current domain controller).
    c) The Distributed File System (DFS) client has been disabled.

    To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
    rom the command line to access information about Group Policy results.

    Please help. Is there any specific port to be allowed for updating the user policy ?

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: Setting proxy ip to a specific list of computer #386595
    RicklesP;n494359 wrote:
    Once more we turn to the all-seeing/all-knowing mystic that is :google: and we find the answer as a Computer-based setting. Go to this link:
    https://msdn.microsoft.com/en-us/library/ms815135.aspx
    and you’ll see the policy name and description for just what you’re after.

    Thanks, got one way doing this using preference setting without much changes

    Avatar
    kgoering
    Member

    But that will not help us out in our case. we just want to limit the desktop folder size for all users logging into domain computers

    Avatar
    kgoering
    Member

    Sorry, to be more clear, desktop folder of the users have to be limited to a specific limit and not the files placed in the desktop folders . This is just to prevent users placing all the files in desktop. At the same time, user should be able to place the files in their documents and downloads folder.

    RicklesP;n492758 wrote:
    Agree with Blood: while the size of the desktop folder *may* be possible (depending on how your environment is set up), I’ve never seen anywhere that says you can limit the size of any file inside that folder.
    Avatar
    kgoering
    Member
    in reply to: Deleting stale computer accounts #386592
    Ossian;n492133 wrote:
    First, does the DSQUERY (on its own) return the correct list?
    Second, have you tried the alternative syntax here: https://www.petri.com/forums/forum/microsoft-networking-services/active-directory/11533-possible-to-pipe-dsquery-result-into-dsrm

    Yes the dsquery is returning the correct list

    Avatar
    kgoering
    Member
    in reply to: Joining client to natted domain server #386591
    Ossian;n490506 wrote:
    Can the clients ping the DC by IP, NetBIOS name and fqdn?
    If so, try joining using domain.com (fqdn syntax) rather than DOMAIN (NetBIOS syntax)

    We are able to ping by ip (natted – 10.20.50.50) but not to netbios name or fqdn.. Saw some posts by microsoft that joining client machines to domain under natted environment is not recommended and tested. ! but don’t know whether it is possiblr or not ..

    Avatar
    kgoering
    Member
    in reply to: Joining client to natted domain server #386590

    Our AD server is 10.20.30.40 which has been now natted to 10.20.50.50. The client machines which are in a different network say, 10.30.40.100 are now not able to join to domain which were previously joining.

    Regards,
    Anishk

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote desktop #386589
    Ossian;n490312 wrote:
    Sorry for not being psychic, there was no indication in the original post that you were only wanting to revert to the administrative remote desktop option rather than continue using it as a full RDS server

    Have you uninstalled the remote desktop services role? – if you do, it should revert to administrative remote access only

    Thanks ossian, that worked…

    Avatar
    kgoering
    Member
    in reply to: Unable to take remote desktop #386588
    Ossian;n490309 wrote:
    Buy RDS licensesInstall RDS Licenses

    it being a test server, there seems no need buying it at this point. just getting the 2 remote sessions is suffice for now !

    Avatar
    kgoering
    Member
    in reply to: Few domain users getting locked frequently #386587

    Re: Few domain users getting locked frequently

    Hi,

    This is happening for both win 7 and win xp. I checked the stored credential manager but it is empty. Is there any way to remove a particular username password saved/stored from all the computers ?
    These users are getting locked out very fast even without the user trying to login.

    Regards,
    Anishk

    Ossian;284968 wrote:
    Any particular OS?
    Avatar
    kgoering
    Member
    in reply to: Providing internet access to only updated system #386586

    Re: Providing internet access to only updated system

    Thanks Ossian, This will help us

    Ossian;285633 wrote:
    Look into Network Access Protection, available from Server 2008 upwards.
    Clients are put into areas depending on their “health status”, including AV

    Only problem is it must be an AV application that Microsoft recognise

    Avatar
    kgoering
    Member
    in reply to: Unable to join computer accounts #386585

    Re: Unable to join computer accounts

    Hi,

    We have joined more than 1000 computer accounts using this. The problem started all of a sudden today. The user is a member of local admin and has been assigned the permission of joining computer accounts to domain.

    Regards,
    Anishk

    Ossian;285352 wrote:
    Domain Admins can join unlimited computers to the domain.
    Non-admins can only join up to (IIRC) 10, so you have hit this limit.

    It can be changed in Group Policy, so you will need to change to a higher limit, make sure the policy is replicated and applied and then normal service should resume.

    Avatar
    kgoering
    Member
    in reply to: Few domain users getting locked frequently #386584

    Re: Few domain users getting locked frequently

    Ok Osian,

    Is there any way to delete the cached credentials for computers belonging in to a group ?

    Regards,
    Anishk

    ==================

    Ossian;284948 wrote:
    If you are sure they are entering the credentials correctly (remembering most users have the memory of a goldfish when it comes to passwords :twisted:), I would look for cached (old) credentials such as password for web or network resources. Depending on the client OS, you should be able to see cached credentials somewhere in the advanced user properties on the local machine
    Avatar
    kgoering
    Member
    in reply to: To check an installed application #386583

    Re: To check an installed application

    Thanks for the info

    Avatar
    kgoering
    Member
    in reply to: Regional and Languages settings to English (US) #386582

    Re: Regional and Languages settings to English (US)

    Thanks,

    We got it in preference.

    Ossian;282233 wrote:
    Its certainly available through Group Policy Preferences – not sure if there is a GP Policy setting too
Viewing 30 posts - 1 through 30 (of 92 total)