Robert R.

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 63 total)
  • Author
    Posts
  • Avatar
    Robert R.
    Participant
    in reply to: Windows 10, Login Screen, Don’t Show List of Users #353195

    Yes, I had. It does work. However …

    … the hidden account names, which in my case are the administrator accounts, are also not available in User Account Control dialog box which asks users “Do you want to allow this app to make changes to your device?” In fact, the “Yes” option is not there, either.

    image: https://photos.google.com/share/AF1Q…c1RmNvU1F3YnRR

    If this device was for my household, it wouldn’t be a problem, since I can simply open a command prompt and runas /user:admin-parent01 . This method does still work(fortunately, since it was the only way I was able to undo the change).

    But opening a command prompt and running applications from the command line is not something I can expect these people to do.

    Avatar
    Robert R.
    Participant
    in reply to: Message Delivered, But NDR Generated #353194

    Re: Message Delivered, But NDR Generated

    I removed myself from the distribution list last week, as noted above.

    Today, a message was sent to the distribution list.

    I did not receive a copy (no surprise), but the sender received an NDR regarding me again.

    This makes me think that there is some “cruft” in Active Directory, but I cannot find it using the obvious methods (ie, Active Directory Users and Computers –> search for “Robert R.”)

    Avatar
    Robert R.
    Participant
    in reply to: User Name and Password Is Incorrect #353193

    Re: User Name and Password Is Incorrect

    This problem seems to have spontaneously resolved itself.

    I’m not complaining that it’s working now. But it bothers me that I don’t know the root cause or what changed to make it start working again.

    Very strange.

    Avatar
    Robert R.
    Participant
    in reply to: Message Delivered, But NDR Generated #353192

    Re: Message Delivered, But NDR Generated

    Quote:
    I suggest that you remove yourself from the DL and add yourself back in again.

    Done.

    Since it’s a system wide distribution list, I can’t send test messages.

    But I’ll let you know what happens the next time somebody sends a message to the list.

    Avatar
    Robert R.
    Participant
    in reply to: Message Delivered, But NDR Generated #353191

    Re: Message Delivered, But NDR Generated

    The recipient in question is me.

    So per your suggestion, I did check the e-mail properties of my Active Directory object, to make sure that forwarding isn’t enabled [which I should have checked before but didn’t]. No forwarding is enabled.

    It’s probable that at one time in the past, I had a test account or contact object with my name pointing to my G-mail account for testing purposes, but it’s no longer in Active Directory (unless there’s some hidden “cruft” somewhere).

    Since last week, two other people who have sent an e-mail to the all-employees distribution list have received the same NDR saying that the e-mail wasn’t delivered to me, even though I did receive the messages they sent.

    When they send an e-mail directly to me, instead of the distribution list, they do not receive an NDR.

    Avatar
    Robert R.
    Participant
    in reply to: User Name and Password Is Incorrect #353190

    Re: User Name and Password Is Incorrect

    Except for printer driver errors when logged in via Remote Desktop but not the console, both PROD.x.tld and OFFICE.x.tld domain passed dcdiag tests.

    Directory Server Diagnosis

    Performing initial setup:

    Trying to find home server…
    Home Server = dcp01
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-NameDCP01

    Starting test: Connectivity
    ……………………. DCP01 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-NameDCP01

    Starting test: Advertising
    ……………………. DCP01 passed test Advertising

    Starting test: FrsEvent
    ……………………. DCP01 passed test FrsEvent

    Starting test: DFSREvent
    ……………………. DCP01 passed test DFSREvent

    Starting test: SysVolCheck
    ……………………. DCP01 passed test SysVolCheck

    Starting test: KccEvent
    ……………………. DCP01 passed test KccEvent

    Starting test: KnowsOfRoleHolders
    ……………………. DCP01 passed test KnowsOfRoleHolders

    Starting test: MachineAccount
    ……………………. DCP01 passed test MachineAccount

    Starting test: NCSecDesc
    ……………………. DCP01 passed test NCSecDesc

    Starting test: NetLogons
    ……………………. DCP01 passed test NetLogons

    Starting test: ObjectsReplicated
    ……………………. DCP01 passed test ObjectsReplicated

    Starting test: Replications
    ……………………. DCP01 passed test Replications

    Starting test: RidManager
    ……………………. DCP01 passed test RidManager

    Starting test: Services
    ……………………. DCP01 passed test Services

    Starting test: SystemLog

    An error event occurred. EventID: 0x00000457
    Time Generated: 11/15/2011 14:32:23
    Event String:
    Driver TP PS Driver 749F6D8709A2418eA3867536AC2AA2A3 required for printer 192.168.201.202#:1 is unknown. Contact the administrator to install the driver before you log in again.

    An error event occurred. EventID: 0x00000457
    Time Generated: 11/15/2011 14:32:26
    Event String:
    Driver HP LaserJet 5Si required for printer HP LaserJet 5Si is unknown. Contact the administrator to install the driver before you log in again.

    An error event occurred. EventID: 0x00000457
    Time Generated: 11/15/2011 14:48:37
    Event String:
    Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

    An error event occurred. EventID: 0x00000457
    Time Generated: 11/15/2011 14:48:38
    Event String:
    Driver HP LaserJet 9050 PCL 6 required for printer !!printserver!UIS-HPLJ9050_3rd_fl is unknown. Contact the administrator to install the driver before you log in again.

    An error event occurred. EventID: 0x00000457
    Time Generated: 11/15/2011 14:48:39
    Event String:
    Driver HP Color LaserJet CP6015 PCL 6 required for printer !!printserver!UIS-HPCP6015xh_2nd_fl is unknown. Contact the administrator to install the driver before you log in again.

    An error event occurred. EventID: 0x00000457
    Time Generated: 11/15/2011 14:48:39
    Event String:
    Driver KONICA MINOLTA bizhub C35 PCL6 required for printer !!printserver!LIT-KMC35 is unknown. Contact the administrator to install the driver before you log in again.

    ……………………. DCP01 failed test SystemLog

    Starting test: VerifyReferences
    ……………………. DCP01 passed test VerifyReferences

    Running partition tests on : DomainDnsZones

    Starting test: CheckSDRefDom
    ……………………. DomainDnsZones passed test CheckSDRefDom

    Starting test: CrossRefValidation
    ……………………. DomainDnsZones passed test

    CrossRefValidation

    Running partition tests on : prod

    Starting test: CheckSDRefDom
    ……………………. prod passed test CheckSDRefDom

    Starting test: CrossRefValidation
    ……………………. prod passed test CrossRefValidation

    Running partition tests on : ForestDnsZones

    Starting test: CheckSDRefDom
    ……………………. ForestDnsZones passed test CheckSDRefDom

    Starting test: CrossRefValidation
    ……………………. ForestDnsZones passed test

    CrossRefValidation

    Running partition tests on : Schema

    Starting test: CheckSDRefDom
    ……………………. Schema passed test CheckSDRefDom

    Starting test: CrossRefValidation
    ……………………. Schema passed test CrossRefValidation

    Running partition tests on : Configuration

    Starting test: CheckSDRefDom
    ……………………. Configuration passed test CheckSDRefDom

    Starting test: CrossRefValidation
    ……………………. Configuration passed test CrossRefValidation

    Running enterprise tests on : x.tld

    Starting test: LocatorCheck
    ……………………. x.tld passed test LocatorCheck

    Starting test: Intersite
    ……………………. x.tld passed test Intersite

    Avatar
    Robert R.
    Participant
    in reply to: User Name and Password Is Incorrect #353189

    Re: User Name and Password Is Incorrect

    The problem has been re-occurring on a few servers.

    In one instance, the server r25.prod.x.tld , I removed it from and re-joined it to the prod.x.tld domain last night after 6:00 pm.

    User OFFICEsmith was able to log in with her Active Directory credentials.

    This morning, she could not, and neither could I.

    There are no errors or warnings in the Application event viewer since the change last night.

    In the System event viewer I found the following, although it looks more like a symptom than a cause:

    Log Name: System
    Source: GroupPolicy
    EventID: 1030
    Level: Error
    User: OFFICEsmith
    OpCode: (1)
    Logged: 11/15/2011 7:50:53 AM
    Task Category: None
    Computer. r25.prod.x.tld

    The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look into the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An evet will be logged when Group Policy is successful.

    – EventData
    SupportInfo1 1
    SupportInfo2 2070
    ProcessingMode 0
    ErrorCode 1326
    ErrorDescription Logon failure: unknown user name or bad password
    DCName \dc01.office.x.tld

    Log Name: System
    Source: TermDD
    EventID: 56
    Level: Error
    User: N/A
    Logged: 11/15/2011 11:20:25 AM
    Task Category: none
    Keywords: Classic
    Computer: r25.prod.x.tld

    The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 192.168.205.85

    Avatar
    Robert R.
    Participant
    in reply to: Renew Expired Certificate (Windows 2003) #353188

    Re: Renew Expired Certificate (Windows 2003)

    Public certificate, issued by Comodo.

    Avatar
    Robert R.
    Participant
    in reply to: When Did A Password Expire? #353187

    Re: When Did A Password Expire?

    From the link provided by Blood above, I found this:

    Quote:
    http://blogs.technet.com/b/askds/archive/2011/04/12/you-probably-don-t-need-acctinfo2-dll.aspx

    You probably don’t need ACCTINFO2.DLL

    Rate This
    star-left-on.pngstar-right-on.pngstar-left-on.pngstar-right-on.pngstar-left-on.pngstar-right-on.pngstar-left-on.pngstar-right-on.pngstar-left-on.pngstar-right-on.png
    NedPyle [MSFT]
    12 Apr 2011 10:54 AM

    Hi folks, Ned here again. Customers periodically ask us for a rumored replacement for the Windows 2000 acctinfo.dllthat works on 64-bit Windows 7 and Windows Server 2008 R2. That old DLL added an extra tab to the Active Directory Users and Computers snap-in to centralize some user account info:

    Ned brings up a good argument against using acctinfo2.dll :

    Quote:
    You will find a great many copies of acctinfo2.dll floating around, but none hosted on Microsoft websites (we never released it publically, it was just a side-project for a Support engineer here in Charlotte). Before you install those, consider this: you plan to load a DLL from some random place on the Internet into one of your most powerful AD admin tools, and then run that tool as a Domain Admin. And you have no way to know if that’s some leaked MS version of the file or one adulterated by hackers.

    and recommends using Active Directory Administrative Center , “another new component introduced by Windows Server 2008 R2.”

    But as one of Ned’s readers points out, ADAC does not show when a password is set to expired or has expired. This concern has been considered and dismissed as not important.

    Quote:
    You can see Password Last Set easily if you just turn on the attribute editor -it will display PwdLastSet in human-reable plain text and show date, time, and time zone.
    But Password Expires will require mental gynamstics. “She set her password on the April 25th 2011 and we have a 42 day max password age so it will require change on Sunday June 6.”
    My main question would be: why do I care? The user will be warned in advance at every logon once their password is close to expiration and when it expires, they will have a very clear message (for them or their help desk) explaining why they cannot logon and that they are required to change their password.
    Are you mainly looking for feature parity or do you have a business process that makes this useful? If the latter I’d like to hear about it so I can get DSAC improved.

    Some of us care for troubleshooting purposes, when we suspect that the policies are not being applied correctly. And users who use Active Directory credentials to SSH into Linux hosts do not get a warning message that their password is going to expire soon. Oh well.

    Note: I haven’t used the Active Directory Administrative Center yet. ADAC requires the Active Directory Web Services service to be running, which for some reason won’t start on my Windows 2008 R2 domain controller.

    Windows could not start the Active Directory Web Services service on Local Computer.
    Error 1067: The process terminated unexpectedly.

    …another problem to solve.

    Avatar
    Robert R.
    Participant
    in reply to: Giving Users Right To Join Computers To Domain #353186

    Re: Giving Users Right To Join Computers To Domain

    “you can use the delegation of authority wizard.”

    Thanks. That was quick.

    Avatar
    Robert R.
    Participant
    in reply to: Exchange 2010 SP1 Edge Subscription File #353185

    Re: Exchange 2010 SP1 Edge Subscription File

    To verify that I have the proper permission, per Microsoft’s “Transport Permissions: Exchange 2010 SP1 Help” article :

    [PS] C:Windowssystem32>Get-ManagementRoleAssignment

    The term ‘Get-ManagementRoleAssignment’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:29
    + Get-ManagementRoleAssignment < <<<
    + CategoryInfo : ObjectNotFound: (Get-ManagementRoleAssignment:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    [PS] C:Windowssystem32>

    I am a member of (local) Administrators and (local) Backup Administrators (and also domain Domain Admins and forest Enterprise Admins).

    Avatar
    Robert R.
    Participant
    in reply to: Uninstall Exchange 2010 Mailbox Server #353184

    Re: Uninstall Exchange 2010 Mailbox Server

    Great Success!

    [PS] C:Windowssystem32>New-MoveRequest -Identity “FederatedEmail.4c1f4d8b-8179-4148-xxxx-xxxxxxxxxxx”

    DisplayName Status TotalMailboxSize TotalArchiveSize PercentComplete






    Microsoft Exchange Fed… Queued 0 B (0 bytes) 0

    When I repeated the command for the next mailbox, I got the same error message about the object not found on the domain controller. Repeating the SetAdServerSettings command (see post above) did the trick. Does that setting have a time limit?

    [PS] C:Windowssystem32>New-MoveRequest -Identity “SystemMailbox{1f05a927-77df-4cca-xxxx-xxxxxxxxxxxx}” -TargetDataBase “Mailbox Database 0480460219”

    DisplayName Status TotalMailboxSize TotalArchiveSize PercentComplete






    Microsoft Exchange App… Queued 0 B (0 bytes) 0

    [PS] C:Windowssystem32>New-MoveRequest -Identity “SystemMailbox{e0dc1c29-89c3-4034-xxxx-xxxxxxxxxxxx}” -TargetDataBase “Mailbox Database 0480460219”

    DisplayName Status TotalMailboxSize TotalArchiveSize PercentComplete






    Microsoft Exchange Queued 904 B (904 bytes) 0

    [PS] C:Windowssystem32>Get-MoveRequest

    DisplayName Status TargetDatabase




    Microsoft Exchange Approval Assistant Completed Mailbox Database 0480460219
    Microsoft Exchange Completed Mailbox Database 0480460219
    Microsoft Exchange Federation Mailbox Completed Mailbox Database 0480460219

    Once the move requests are completed, they must be removed.

    [PS] C:Windowssystem32>Get-MoveRequest -SourceDataBase “Mailbox Database 1420323595” | Remove-MoveRequest

    Confirm
    Are you sure you want to perform this action?
    Removing completed move request “Microsoft Exchange Approval Assistant”.
    [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is “Y”): y

    Confirm
    Are you sure you want to perform this action?
    Removing completed move request “Microsoft Exchange”.
    [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is “Y”): y

    Confirm
    Are you sure you want to perform this action?
    Removing completed move request “Microsoft Exchange Federation Mailbox”.
    [Y] Yes [A] Yes to All [N] No [L] No to All [?] Help (default is “Y”): y

    [PS] C:Windowssystem32>

    After this, I was able to uninstall Exchange 2010 SP1 from mailbox server # 2.

    Avatar
    Robert R.
    Participant
    in reply to: Uninstall Exchange 2010 Mailbox Server #353183

    Re: Uninstall Exchange 2010 Mailbox Server

    After a lot of searching, I have some progress to report. The trick to seeing the Arbitration Mail Boxes is to Set-AdServerSettings:

    [PS] C:Windowssystem32>Set-AdServerSettings -ViewEntireForest $True
    [PS] C:Windowssystem32>Get-Mailbox -Arbitration -Database “Mailbox Database 1420323595”

    Name Alias ServerName ProhibitSendQuota
    —-




    FederatedEmail.4c1f4d8… FederatedEmail.4c… exmbox-02 1 MB (1,048,576 bytes)
    SystemMailbox{1f05a927… SystemMailbox{1f0… exmbox-02 unlimited
    SystemMailbox{e0dc1c29… SystemMailbox{e0d… exmbox-02 unlimited

    To see the full name of the mail box, pipe to either Format-List (fl) or Format-Table (ft) :

    [PS] C:Windowssystem32>get-mailbox -arbitration -database “Mailbox Database 1420323595” | Format-Table name,servername

    Name ServerName
    —-


    FederatedEmail.4c1f4d8b-8179-4148-xxxx-xxxxxxxxxxxx exmbox-02
    SystemMailbox{1f05a927-77df-4cca-xxxx-xxxxxxxxxxxx} exmbox-02
    SystemMailbox{e0dc1c29-89c3-4034-xxxx-xxxxxxxxxxx} exmbox-02

    [PS] C:Windowssystem32>

    Thanks to Jedi Hammond.

    UPDATE: Some days, I just truly hate Windows.

    [PS] C:Windowssystem32>New-MoveRequest -Identity “SystemMailbox{1f05a927-77df-4cca-xxxx-xxxxxxxxxxxx}”

    The operation couldn’t be performed because object ‘SystemMailbox{1f05a927-77df-4cca-xxxx-xxxxxxxxxxxx}’ couldn’t be found on ‘dc.prod.x.tld’.
    + CategoryInfo : NotSpecified: (0:Int32) [New-MoveRequest], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : AC9B6CCB,Microsoft.Exchange.Management.RecipientTasks.NewMoveRequest

    Avatar
    Robert R.
    Participant
    in reply to: Exchange 2003 to Exchange 2010 In New Forest #353182

    Re: Exchange 2003 to Exchange 2010 In New Forest

    I appreciate the responses.

    But for the time being, creating a trust between the two Active Directories is out of the question. Solutions that depend on a trust relationship cannot be implemented.

    That being said, I just got off the phone with an admin from another organization who has one of our former users. While still a manual migration, his solution saves the steps of creating a PST, copying the PST to the new location, and then importing the PST into the new mailbox.

    Have the user open the old mailbox and new mailbox in the same instance of Outlook. This assumes network connectivity to both Exchange servers is available (either directly, via Outlook RPC-HTTPS, or via VPN).

    Then simply move the messages from one mailbox to another within Outlook.

    Avatar
    Robert R.
    Participant
    in reply to: MS Access 2007: ODBC Call Failed #353181

    Re: MS Access 2007: ODBC Call Failed

    UPDATE: Somebody in our office who used to do a lot of development in MS Access suggested moving the file HelpDesk2000.mdb to the local hard drive of the workstations where this is a problem, instead of opening it from a network share.

    Lo and behold, it worked — although nobody really understands why.

    Since the .mdb file references data that’s on a backend somewhere else, copying this file to local hard drives for each user does not affect the integrity of the data (something I did not know, which is why if this did occur to me during my troubleshooting, I wouldn’t have tried it).

    Avatar
    Robert R.
    Participant
    in reply to: Active Directory Migration Tool : Password Service Error #353180

    Re: Active Directory Migration Tool : Password Service Error

    After stepping back for a day and starting with a (somewhat) clear head, I found something useful (emphasis in original):

    http://www.markwilson.co.uk/blog/2007/12/migrating-passwords-with-the-active-directory-migration-tool.htm

    9. This is the step that’s not in the instructions – even though the password encyption file was supplied during the installation of the ADMT Password Migration DLL, it still needs to be imported manually on the PDC Emulator, by shelling out to a command prompt and entering the following commands:

    cd %systemroot%ADMT
    admt key /option:import /sourcedomain:domainname /keyfile:filename.pes

    Sure enough, it’s not in the instructions. And for some reason, Mark Wilson’s blog was the first result from Google this afternoon, but wasn’t even in the top 20 last night. Or maybe I’m just getting old and forgetful.

    Unfortunately, I get the following error

    c:admt>admt key /option:import /sourcedomain:dev /keyfile:admtkeyx.pes

    Unable to import key. The specified network password is not correct. (0x80070056)

    Avatar
    Robert R.
    Participant
    in reply to: winbind Across Trusted Domains #353179

    Re: winbind Across Trusted Domains

    I’m not going to pretend to understand what the Unix admins did, but the workaround at this point is to have the users log in with their credentials in the format of

    OFFICE+userID

    when they need to access Unix/Linux hosts and applications.

    Logging into Windows hosts and applications works as expected with OFFICEuserID and userID@x.tld credentials.

    Avatar
    Robert R.
    Participant
    in reply to: Trust Between Domains In Forest #353178

    Re: Trust Between Domains In Forest

    Long story short (leaving out a lot of details):

    Rather than using forwarders, I set up the DNS zones to replicate across the entire forest, not just within their domains and then relying on forwarders to resolve between domains.

    It seemed to have worked.

    Since DNS that is something that was handled by the Unix group for many years, moving to Windows-based DNS servers and having to take on this responsibility has definitely been a learning experience.

    Avatar
    Robert R.
    Participant
    in reply to: Trust Between Domains In Forest #353177

    Re: Trust Between Domains In Forest

    “dns needs to be tweaked”

    One of the network administrators came to me today saying that DNS lookups, while resolving, were taking an unusually long time — although he didn’t quantify it for me.

    What tools do you recommend for troubleshooting Windows DNS performance issues? For many years, DNS has been administered by our Unix admins, so using Windows DNS is something that’s relatively new for our organization.

    Thanks.

    Avatar
    Robert R.
    Participant
    in reply to: Trust Between Domains In Forest #353176

    Re: Trust Between Domains In Forest

    v-2nas,

    Thanks. That worked.

    The issue I’m having now is when I log in to a PROD member server using OFFICE credentials, it takes about 10+ minutes:

    ~ 2 minutes at the “Welcome” screen
    ~ 2 minutes at the “Please wait for the User Profile Service” screen
    ~ 7 minutes at the “Applying user settings” screen

    At first I thought this might be related to creating the user profile for the first time, but it happens when I use the same credentials over and over.

    This is not an issue when logging in as [email protected] — that only takes a few seconds.

    Currently, the x.tld, office.x.tld, and prod.x.tld domain controllers are all in the same physical location (they’re VMware virtual machines on the same hardware).

    Avatar
    Robert R.
    Participant
    in reply to: Message Delivered and NDR Generated #353175

    Re: Message Delivered and NDR Generated

    Below is a screenshot of Exchange message tracking for one of the messages from another user at Mindy’s company.

    The message was not delivered to Julie. Tyler, who was cc’ed in the e-mail, did receive it.

    Quote:
    Possible Cause: Local mail is refused because the message is too big. An absent Master Account Security ID number (SID) on the recipient can also cause this error message.

    There is an objectSid associated with Julie’s active directory account; objectSid = S-1-5-21-XXXXXXXX-XXXXXXXXXX-XXXXXXXXX-XX32

    There is no Master Account SID attribute for Julie. But according to Microsoft, “Only disabled accounts should have a user who has the msExchMasterAccountSid attribute.” Julie’s account is not disabled (obviously).

    Could those “ghost UIDs” (or whatever they’re called) — see the screen shot above from my post yesterday — have something to do with this? Can they be safely deleted from “Mailbox Rights”?

    Avatar
    Robert R.
    Participant
    in reply to: Message Delivered and NDR Generated #353174

    Re: Message Delivered and NDR Generated

    The users at Mindy’s company get the following message:

    Delivery has failed to these recipients or groups:

    Julie
    There’s a problem with the recipient’s mailbox. Please try resending this message. If the problem continues, please contact your helpdesk.

    Diagnostic information for administrators:

    Generating server: ex2k3.ad.[julie’s company]

    [email protected][julie’s company]
    # #SMTP#

    The only thing out of place in the Mailbox Rights for Julie’s AD user object are two “ghost UIDs” (or whatever they’re called, see attached screen shot).

    E-mails are sent directly from the user, not an application server.

    Avatar
    Robert R.
    Participant
    in reply to: Certificate Won’t Stay Deleted #353173

    Re: Certificate Won’t Stay Deleted

    Rather than waste any more time troubleshooting the problem, we just decided to rename PSCSTERM.DEV to PSTERM.DEV within Windows.

    Problem solved.

    Since there haven’t been any complaints so far, it appears that no applications were dependent on the server name.

    Avatar
    Robert R.
    Participant
    in reply to: Windows Installer on Windows 2008R2 Terminal Server #353172

    Re: Windows Installer on Windows 2008R2 Terminal Server

    To test whether this was a PeoleSoft problem or a Windows Installer problem, I attempted to install Office 2010 Professional, 32-bit edition, as a terminal service application.

    I got the following error (both from the Office installation wizard and in the event log):

    Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

    The Windows Installer settings in the service and registry were not altered, but there was definitely something wrong with the Windows Installer.

    After changing the registry value for HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesMSIServerWOW64 from 1 (the default) to 0, I was able to install Office without any problem.

    At this point, the Windows Installer was working correctly.

    An attempt to re-install PeopleSoft resulted in the same problems as above (failure, changing of Windows Installer settings), and changed the value of WOW64 from 0 back to 1.

    Since I was able to install other applications correctly (Office, and the Oracle 10g client without any problems beforehand), this definitely appears to be a PeopleSoft problem, and not a Windows problem.

    Avatar
    Robert R.
    Participant
    in reply to: Windows Installer on Windows 2008R2 Terminal Server #353171

    Re: Windows Installer on Windows 2008R2 Terminal Server

    PS

    In the System log there is another Windows Installer error (see below).

    Per Microsoft’s instructions, I unchecked the “Allow service to interact with desktop” box, but the results are the same.

    Log Name: System
    Source: Service Control Manager
    Date: 2/11/2011 8:57:36 AM
    Event ID: 7030
    Task Category: None
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: psterm.dev.CO.TLD
    Description:
    The Windows Installer service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    Event Xml:

    7030
    0
    2
    0
    0
    0x8080000000000000

    4289

    System
    psterm.dev.CO.TLD

    Windows Installer

    Avatar
    Robert R.
    Participant
    in reply to: DHCP Manager for Windows 2008 #353170

    Re: DHCP Manager for Windows 2008

    Some quick searching of the error message found this suggestion to add the /netonly switch

    runas /netonly /user:devrobertr mmc

    which opens up the mc without any error messages.

    But why I try to manage the DEV DHCP server, I get the server icon with a red circle, and the “There are no items to show in this view” message in the view pane.

    Avatar
    Robert R.
    Participant
    in reply to: DHCP Manager for Windows 2008 #353169

    Re: DHCP Manager for Windows 2008

    from my PROD workstation:

    Microsoft Windows [Version 6.1.7600]
    Copyright (c) 2009 Microsoft Corporation. All rights reserved.

    C:>runas /user:devrobertr mmc

    Enter the password for devrobertr:

    Attempting to start mmc as user “devrobertr” …

    RUNAS ERROR: Unable to run – mmc
    1787: The security database on the server does not have a computer account for this workstation trust relationship.

    C:>

    The result is the same whether I use dev or dev.company.tld

    Avatar
    Robert R.
    Participant
    in reply to: Storage Server 2003: Cannot Access Microsoft Web Sites #353168

    Re: Storage Server 2003: Cannot Access Microsoft Web Sites

    Quote:
    Any anti virus on the Servers?

    Microsoft Forefront, which replaced CA Anti-Virus (aka eTrust).

    Unfortunately, Forefront can’t update because the server can’t connect to Microsoft.com

    I installed Firefox 3.6.13 on one of the servers this weekend, and it has the same — can connect to other websites, just not any Microsoft.com web site.

    We have several Windows 2003 Standard file servers, and none of them have this problem. Only the Storage Center servers do.

    UPDATE: Neither web access, both Internet Explorer and Firefox, nor ping, works by I.P., either from the Storage Center servers.

    Microsoft Windows [Version 5.2.3790]
    (C) Copyright 1985-2003 Microsoft Corp.

    C:>ping microsoft.com
    Ping request could not find host microsoft.com. Please check the name and try again.

    C:>ping 207.46.197.32

    Pinging 207.46.197.32 with 32 bytes of data:

    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.

    Ping statistics for 207.46.197.32:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

    C:>

    Avatar
    Robert R.
    Participant
    in reply to: Storage Server 2003: Cannot Access Microsoft Web Sites #353167

    Re: Storage Server 2003: Cannot Access Microsoft Web Sites

    For the two servers with Internet Explorer 7, the trusted sites are

    about:internet
    [url]http://*.update.microsoft.com[/url]
    [url]http://*.windowsupdate.com[/url]
    [url]http://*.windowsupdate.microsoft.com[/url]
    http://go.microsoft.com
    http://msdn.microsoft.com
    http://oca.microsoft.com
    http://runonce.msn.com
    http://support.microsoft.com
    http://technet.microsoft.com
    http://update.microsoft.com
    http://windowsupdate.microsoft.com
    http://www.google.com
    http://www.yahoo.com
    [url]https://*.update.microsoft.com[/url]
    [url]https://*.windowsupdate.com[/url]
    https://oca.microsoft.com
    https://windowsupdate.microsoft.com

    For the one server with Internet Explorer 8, there are no sites listed in the Trusted Sites.

    Avatar
    Robert R.
    Participant
    in reply to: Demote Windows 2008 R2 Server Core domain controller #353166

    Re: Demote Windows 2008 R2 Server Core domain controller

    Still no joy.

    I set both the local and domain administrator password to

    [email protected]@ssw0rd2

    and get the same error message.

    Since this is a test network, it’s not going to affect anything permanently. The Active Directory will be wiped out and rebuilt from scratch regardless.

    But it is an annoyance, since this is one of those things that should work, but doesn’t.

Viewing 30 posts - 1 through 30 (of 63 total)