pjhutch

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 137 total)
  • Author
    Posts
  • Avatar
    pjhutch
    Member
    in reply to: Unable to reinstall WSUS – windows server 2016 #312785

    What is drive F: pointing to? Is this a local drive or partition or a network share? BTW, it should NOT be a network share.

    Avatar
    pjhutch
    Member
    in reply to: Certificate Services #312784

    You should not have two Enterprise CAs. The solution is decommission the old CA, and only use the new CA and re-enrol any new certificates that had used the old CA. You can use GPOs to ensure all required servers are enrolling from the new CA and you can also push out the new CA root certificate to computers and servers.

    Existing certificates will continue to work but will not be able to verify CRL (certificate revocation list) or issue new certificates from the old CA. REplacing the old certificates shouldn’t take long. Templates can be exported and imported to the new CA.

    Avatar
    pjhutch
    Member

    1. Run DCdiag on the primary server
    2. Open DNS manager and make sure the the NS (name server) and SRV records are present for ADDS to work:
    https://blogs.msdn.microsoft.com/servergeeks/2014/07/12/dns-records-that-are-required-for-proper-functionality-of-active-directory/
    3. Run NetDom Query Fsmo to ensure all the roles are on the live DC.
    4. Run Net Share to ensure SYSLOG and NETLOGON are mounted.

    Avatar
    pjhutch
    Member
    in reply to: Exchange Mailbox Database is Expanding (Alarmingly) #312782

    I found that users using mobile devices with wrong sync time ranges can cause a large amount of transaction log generation. Usersought to only sync the last 3 days work, not a week or certainly not unlimited. A tool such as Exchange User Monitor will help: https://technet.microsoft.com/en-us/library/bb508855(v=exchg.65).aspx.
    Moving the transaction logs on their own disks will help a lot.

    Avatar
    pjhutch
    Member
    in reply to: Error 1129 – NON_IPM_SUBTREEOFFLINE ADDRESS BOOK #312781

    I woul dcheck the Public Folders database(s) which is where the Offline address book is stored. Make sure the stores are up and mounted, there should be no max size configured for System Folders.

    Avatar
    pjhutch
    Member
    in reply to: Outlook 2007 Stopped working With Ex2003 #312780

    Check all the services on the Exchange server(s) esp Information Store, System Attendant, SMTP service etc.

    Avatar
    pjhutch
    Member
    in reply to: Recent updates broke CIFS/SMB mapping from CentOS #312779

    Which version of CIFS or SMB does it work on?
    You can check / change SMB configuration using Powershell – https://www.petri.com/configure-smb-security-windows-server-2012.

    Avatar
    pjhutch
    Member
    in reply to: Several Transport Hub servers #312778

    Re: Several Transport Hub servers

    Yes, you can have more than one MX record, with different priorities or even have 2 or more with same priority to load balance them.

    Avatar
    pjhutch
    Member
    in reply to: Single Label domain #312777

    Re: Single Label domain

    To use short names, you need to have a WINS (Windows Internet Naming Service) installed which allows use of NetBIOS names on Windows. Then you can use names like DSI. Also, Windows 7 and later now use the full FQDN mostly.

    Avatar
    pjhutch
    Member
    in reply to: Web Security Software [Free]? #312776

    Re: Web Security Software [Free]?

    Personally, I would change to Ubuntu Server and install Squid Proxy for what you need to do for free.
    https://help.ubuntu.com/lts/serverguide/squid.html

    Avatar
    pjhutch
    Member
    in reply to: Moving from 2000 DC to 2003 DC #312775

    Re: Moving from 2000 DC to 2003 DC

    You need to update the forest functional level which is done in the AD Domains and Trusts console which is a seperate step from the domain functional level update.

    See http://technet.microsoft.com/en-us/library/cc772570.aspx

    Avatar
    pjhutch
    Member
    in reply to: Fresh install 2013 CU2 fails to mount database #312774

    Re: Fresh install 2013 CU2 fails to mount database

    You can check the AD Permissions for a database using Get-ADPermission, Add-ADPermission for objects in Exchange including Databases. You can also use ADSIEdit.msc to view permissions in the Configuration partition of AD.

    Avatar
    pjhutch
    Member
    in reply to: Hebdos on win 8 #312773

    Re: Hebdos on win 8

    Have you tried installing DOSBox from http://www.dosbox.com/ to run your old DOS commands?

    Avatar
    pjhutch
    Member

    Re: What will be best way to migrate 2003 sbs domain into 2012 standard domain

    Have you tried adding the 2012 server to the SBS domain and then make it a DC?
    Then you can transfer everything across easily.

    It doesn’t affect the SBS limitations as the 2012 server will not be a different domain, a parent domain not a child domain, just the same domain.
    Since the 2012 server is not a SBS server, it will not have the limitations of the original SBS server.

    Avatar
    pjhutch
    Member

    Re: New server added for redundancy and spam is now coming through.

    What role did you install on second server?
    If it is an Edge Transport server, then you need to remove and re-add a new subscription to pick up the new server.
    Also if you have rules set up and spam settings you need to configure them again for the new server, as they are not automatically copied to every server.

    Avatar
    pjhutch
    Member
    in reply to: Windows server 2012 standard – Anti Virus #312770

    Re: Windows server 2012 standard – Anti Virus

    You can install Microsoft Forefront Protection which should be available for installing on Servers. Although these are discontinued.
    http://technet.microsoft.com/en-us/forefront/Bb852242

    ClamAV is no good as it does not do On Access protection.
    TRy third party products such as McAfee, Symantec, Kaspersky etc

    Avatar
    pjhutch
    Member
    in reply to: AD DC redundancy #312769

    Re: AD DC redundancy

    What about the 5 FSMO roles? Are they moved to the active DCs?
    Roles: PDC, Infrastructure master, rid master, schema master, Domain naming master!
    For DNS working, you should have it installed on all the DCs and make sure that all of them are added as DNS servers in DHCP scope options so PCs pick them up.

    Avatar
    pjhutch
    Member
    in reply to: Using a PC as 2008R2 DC #312768

    Re: Using a PC as 2008R2 DC

    Yes, it certainly could work as a DC. You are not forced to use a rack mountable server as a DC. I have used less worth machines as a NT4 DC…

    Avatar
    pjhutch
    Member
    in reply to: Unable To Login Into DSRM #312767

    Re: Unable To Login Into DSRM

    Can you check that the Administrator user has not been disabled, renamed or that the password has expired in safe mode?

    Avatar
    pjhutch
    Member

    Re: Default Web Server Cert is valid only for 2 years. Can it be extended by default

    Yes, you can all you need to do is load the Certificate Templates console, select the Web Server template and select Duplicate (if you already have a duplicate, you can change the Validity period), then give it a new name and set the Validity period for longer e.g. 6 years.

    Avatar
    pjhutch
    Member
    in reply to: When GPO’s don’t work…do you….? #312765

    Re: When GPO’s don’t work…do you….?

    To deploy software, you would normally use MSI packages to deploy software to the computers (NOT to users, as it would only appear in Add/Remove Programs ready to install).

    The MSI should install ok without any input from users. Not all MSIs are GPO friendly and may requirement developing a deployable MSI from the install files using thirty party tools.

    The second method is to run the installation via the Startup script via GPO. Just point to a installation file or script to install the program.

    Avatar
    pjhutch
    Member
    in reply to: adding a 2008R2 DNS server to a 2003 Domain #312764

    Re: adding a 2008R2 DNS server to a 2003 Domain

    What type of DNS service is on the 2003 domain? Is a Domain Integrated DNS, a Primary or a Secondary or a stub (cached) DNS?

    If its a Domain Integrated, then the 2008 R2 server will have to be Domain Controller so that the DNS zone data can be replicated to the new server.

    If the 2003 server is a Parimary DNS server then you need to configrre zone transfer to replicate the data to the Secondary DNS server on the 2008 R2 server.

    See http://technet.microsoft.com/en-us/library/cc772774(v=WS.10).aspx

    Avatar
    pjhutch
    Member
    in reply to: rebuild Default Web Site #312763

    Re: rebuild Default Web Site

    I had a similar problem with a web site on a server.

    Solution:
    1. Open IIS Manager
    2. Select Web Page tab
    3. Change IP address to All unassigned
    4. If the web site also has 443 (SSL) configured, click on Advanced tab and make sure IP addresses for 443 is also set to All Unassigned
    5. Stop/start default web site or www service.

    Avatar
    pjhutch
    Member
    in reply to: Can I write script to configure group policy in Windows7 #312762

    Re: Can I write script to configure group policy in Windows7

    The RSAT tools with Windows 2008 R2 and 7 provide some scripting functionality:

    http://technet.microsoft.com/en-us/library/ee461027.aspx

    Avatar
    pjhutch
    Member
    in reply to: Windows 2008 AD Parent / child Won’t sync #312761

    Re: Windows 2008 AD Parent / child Won’t sync

    A child domain is a completely new domain in its own right, so I would expect it would be empty to start with.

    If you want another DC with the same users and groups as the parent domain then you would add that DC to the parent domain and it would replicate all the users and groups etc to the new DC. This does not happen for child domains.

    A child domain has its own name space, will have its own DNS zone and have its own users and groups but will be fully trusted with its parent domain (transitive trust).

    Avatar
    pjhutch
    Member
    in reply to: after upgrade , problem with DNS and Ad #312760

    Re: after upgrade , problem with DNS and Ad

    Sounds like problems with DNS and its getting itself confused.

    1. Open Network adapter and make sure its properties are set correctly and make sure that its own address is in the DNS list.
    2. Open cmd prompt and run IPCONFIG /RegisterDNS to re-register itself in DNS
    3. Open DNS Mgmt console and check everything:

    a) Make sure that the Host (A) address and reversable addresses and names are correct.
    b) At the root make sure that its own address is correct and names match and
    c) Check all SRV records are correct.
    d) Run the SETSPN on its account to fix any SPN errors.

    Avatar
    pjhutch
    Member
    in reply to: OCS 2007 error creating pool #312759

    Re: OCS 2007 error creating pool

    The pool name in OCS 2007 has to match the full FQDN of the server that has OCS 2007 installed e.g. myserver.mycompany.com.

    Avatar
    pjhutch
    Member
    in reply to: Resource Kit Tools and Support Tools #312758

    Re: Resource Kit Tools and Support Tools

    Only a small number of old tools from the Win 2003 rk work on 2008, Replmon will work on 2008. Some are included with 2008.

    For more tools, incl Subinacl try:
    http://www.microsoft.com/download/en/details.aspx?id=23510

    Sysinternal tools:
    http://technet.microsoft.com/en-us/sysinternals/default.aspx

    Avatar
    pjhutch
    Member

    Re: Help Please! Web Base Domain user password management using IIS

    You can enable the IISADMPWD feature on Windows 2003 here:
    http://www.petri.com/enable_password_changing_through_owa_in_exchange_2003.htm

    Avatar
    pjhutch
    Member
    in reply to: CMD box just splash then keep disappearing #312756

    Re: CMD box just splash then keep disappearing

    Check for the existance of the Autoexec.nt file in C:Windowssystem32. Make sure it exists and does not contain any exit commands or other things that may prevent access.

Viewing 30 posts - 1 through 30 (of 137 total)