Quantcast
Channel: Management forum
Viewing all 2460 articles
Browse latest View live

Task Scheduler places all tasks into Queued status

January 12, 2015, 1:52 pm
$
0
0

I've been experiencing some problems with some newly imaged 2012 R2 servers. Any scheduled task will attempt to run on it's schedule but will place the task into a queued status with an event id of 325, "Launch Request Queued". This is true for Microsoft tasks such as certificate enrollment as well as manually created tasks. If the task is ended (or in a Ready state) and is run manually, it works without error. No log seems to contain anything of interest.

I've tried to disable the windows update server per this post. However, no progress was made.

The windows time seems to be functioning correctly and the server is otherwise functioning just fine in a domain environment. Any advise is very much appreciated.

Search

Can you auto shrink quotas on a volume for a particular user until it reaches a limit?

January 13, 2015, 6:57 am
$
0
0

On a Server 2012R2 machine, we use quotas on the root of a drive to limit the amount of space users have in their home directory.  Some users we have to temporarily increase their quota if they are working on a big project.  But is there any mechanism or script or scheduled task that we could use that will on a regular basis check that users quota, and if there is room to lower it, it will, but only lower it back down to a set value (or as close as it can get to that set value at the time it runs)?

That way eventually they will get back down to what their "normal" quota was, before we had to temporarily bump it.

Managing Offline Availability of Network Shares

January 14, 2015, 10:50 am
$
0
0

I'm trying to manage the Offline availability and caching settings for certain network shares. I've selected "Only the files and programs that users specify are available offline".

However, I'm seeing these same directories getting added in the Sync Center under Offline Files on my Win7 clients. I don't want these to be available offline unless directly specified by the user, but it seems like it is happening automatically when these shares are accessed (see below)? Any suggestions on where I might be missing something? Do I need to configure anything in GP so this stops happening on these Win7 client machines?

CPU usage is high on only few Servers on Multi-CPU environment.

January 15, 2015, 8:19 am
$
0
0

Hi all.

I'm managing Game Servers, and the specs are as below.

Host Machine : VMWare

No. CPU on Guest Machines : 4

Guest Machine OS : Windows Server 2003 SP2

We only have high load on one server which has the most connected users.

We are experiencing sudden drop on Network almost everyday which leads to drop on Connected Users.

There is an issue on RSS on Windows 2003, so RSS is turned off, which leads to load on network packet is directed to only one CPU.

One strange thing is the two CPU which has high load has "Processer /% User Time" statistics are upside down (CPU 0 is high when CPU 2 is low, low when CPU 2 is high)


We also have a very high "Processor / DPCs queued/sec " on CPU 2. (3000/sec)

But "Processor /%DPC time" and "Processor /% Interrupt Time" of CPU 2 stays low (8%, 1%)

My question is

1. Is there any way to distribute Network Packet handling to all CPUs on Windows Server 2003 Environment?

2. Even though "Processor /%DPC time" and "Processor /% Interrupt Time" stays low, is it possible to cause problem when there is high  "Processor / DPCs queued/sec " and " "Processor / interrupt/sec" ?

Thank you in advance!

Only One domain controller, Remote Registry service keeps DISABLING itself. Where in the registry could this be set?

January 15, 2015, 12:43 pm
$
0
0

This is killing my remote management. I have 4 server 2012R2 domain controllers.  Only one of them is being affected with this problem.  Almost everytime I check, the remote registry service is disabled again.  It seems like there is a corrupt group policy preference that keeps on attacking during a policy refresh, but I can't imagine setting a group policy to disable this service.  It is needed for our remote management.  Also the IP Tunnel service is also disabling.  Another strange artifact is that when I set a Windows Firewall policy to add an exception for remote administration in a group policy to my Admin workstation, it seemed to set a firewall rule in other computers to block remote administration.  I can not figure out where else this strange Windows Firewall rule Blocking remote administration could have come from.  These may be related or they may not, but they are occuring on the same domain controller.  I am able to set the RemoteRegistry service to enabled and to start it (which I have done too many times now), but it constantly is being changed back to disabled.  I am searching the registry to find any invalid entries or artifacts that may be affecting these two annoying effects, but I cannot find anything yet. Any ideas?  I need to know what policies will disable the remoteregistry service OR the IPTunelling service, or where in the registry this could be set to enact this during a policy refresh.  Of course, any other ideas are welcome, I have spent several days troubleshooting this, and need to conquer this by tomorrow if possible, thank you. James

Cannot connect to Windows Server 2003 domain on Windows 7

January 16, 2015, 3:23 pm
$
0
0

Hey everyone!

I am trying to connect to a domain with Windows Server 2003 Standard Edition to a Windows 7 Professional PC but I keep getting an error message.  The error message is below.  

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "cotlw.local".

The error was: "An existing connection was forcibly closed by the remote host."
(error code 0x00002746 WSAECONNRESET)

The query was for the SRV record for _ldap._tcp.dc._msdcs.cotlw.local

Event tracking for add/remove certificate

December 12, 2014, 5:05 am
$
0
0

Hi,

I have a user who is managing ADFS server had replaced some relying party trust public certificate.

after which sometime some of our application failed to authenticate, not relevant to the above.

but when digging into the problem, found another certificate used to authenticate to our one of the app was deleted/not found.

all we did is imported the cert again and its working.

Now to do RCA the user is saying he did not deleted the certificate, though problem occurred after his activity.

Need help to check history of activities on that server from logon till logout

Thanks

Ragav

Unable to install August Rollup (KB2975719) on 2012 R2 servers

December 17, 2014, 11:47 am
$
0
0

We have a number of Windows Server 2012 R2 Standard servers that we have been deploying Citrix XenApp services on.  I have so far been unable to install the August Rollup (KB2975719) on these servers.  I have done the following:

- Moved servers out of the OU we use for Citrix servers (to try to eliminate group policy restrictions on these machines)
- Logged in as a local admin account (in case there was some funky folder for roaming profiles; this was also tried after moving the server out of the Citrix server OU)
- Downloaded the updates manually from http://www.microsoft.com/en-us/download/details.aspx?id=44051.  I confirmed that update 2993651 is installed per the instructions on that site
- Verified that none of the updates listed at http://support.microsoft.com/kb/2975719 under "Known Issue 2" were installed.

I'm not sure what else to try.  When trying to install this update (either via Windows Update or via the manual download) the servers have not had any users on them, and I was performing the updates via the console.  Any thoughts?  Thanks in advance.

Search

How to connect Server manager from windows 8.1 computer

December 18, 2014, 2:33 am
$
0
0

Hi everyone !! I would like managed my client's servers with server management. All servers are out of my office.

Actually, we manage that servers with Remote Destop Service. But now, i would like use server manager.When i try to add my client's server at my console. I've an error message with the WinRm...

What can i do for resolved this error message without reduc the security..

Many thanks for your Help !

Problem Federation on ADFS 3.0 with SAML 2.0 web LMS

January 18, 2015, 8:54 pm
$
0
0

I'msetting up aFederationServiceADFS3.0(WindowsServer 2012R2) withSAML2.0 from LMS

I havemade all the necessarysettings andthere seems tobe a problem inclaims-rules thatI used,since bydoing workin conjunction withLMSsupporthas detected thatalwaysis sendingthe user'sUPNmode (user@domain.com) buttheLMSrequires that yousendthe userthe typesAMAccountName(user), ihave made severalchanges inthe claims rulesbutalways delivered tothe user'sUPNLMStype.Accesshas been validatedby creating a temporaryuser in theSAMLconsoletypeLMSuser@domain.comand access issatisfactory(lightshows that therehasassignedcoursesbutis normal behavior)

Theclaims-rulesused are:

1.-

c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer == "AD AUTHORITY"]
 => issue(store = "Active Directory", types = ("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"), query = ";userPrincipalName;{0}", param = c.Value);

2.-

c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"]
 => issue(Type = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType, Properties["http://schemas.xmlsoap.org/ws/2005/05/identity/claimproperties/format"] = "urn:oasis:names:tc:SAML:2.0:nameid-format:transient");

Please support to correct this problem where I stopped.

Thanks in advance for your support and time provided

Regards

_TNT_

 

Will WS2012R2 User CALs be compatible with the next Windows Server CALs?

January 19, 2015, 12:14 am
$
0
0

We plan to get a new server now and it will be installed with Windows Server 2012 R2. We will get also some User CALs.

I wanted to know if when we upgrade the server from Windows Server 2012 R2 to the next version of Windows Server, if those User CALs are still usable.

Thank you

Using robocopy to copy files from a network share over a WinRS command line session

February 9, 2009, 4:43 pm
$
0
0
Hello,

Preface: Using server 2008 enterprise.

I can't seem to get robocopy to function over WinRS and I'm not sure where the problem actually lies.  Running robocopy locally on the computer does work fine, but as soon as I try to run it through a remote command prompt through the WinRS client or directly with the WinRS client I get an access denied message (error 5).

I've tried using runas while logged into the remote command prompt as well, thinking that it could have been some sort of permissions inheritence issue.

I've checked the permissions on the remote file share, I've even given 'Everyone', 'Anonymous Logon' and the computer's active directory account full control over the folder and the file I'm trying to copy, but still get the access denied error.

I've tried using /COPY:DT since I read that usually resolved error 5 issues.

None of these things have worked.

I'm kind of out of ideas, I've read some blogs of people who have written powershell scripts which use winrm/robocopy so I figure I'm missing something stupid.  Or maybe I've stumbled upon a bug?

C:\>robocopy \\192.168.100.1\share c:\test example.exe

-------------------------------------------------------------------------------
   ROBOCOPY     ::     Robust File Copy for Windows

-------------------------------------------------------------------------------

  Started : Mon Feb 09 17:35:32 2009

2009/02/09 17:35:32 ERROR 5 (0x00000005) Getting File System Type of Source \\192.168.100.1\share\
Access is denied.

   Source - \\192.168.100.1\share\
     Dest : c:\test\

    Files : example.exe

  Options : /COPY:DAT /R:1000000 /W:30

------------------------------------------------------------------------------

2009/02/09 17:35:32 ERROR 5 (0x00000005) Accessing Source Directory \\192.168.100.1\share\
Access is denied.

Error 1719 during Office 2010 Silent installation

January 19, 2015, 2:06 pm
$
0
0

Hi, 

I have created a logoff vbs script enforced through GPO for a silent installation of office 2010 SP. The main part of the script run the following command: 

SetupCommand = ShareDir & "\x86\setup.exe /config " & ShareDir & "\x86\ProPlus.WW\config.xml"
ReturnValue = oShell.run(SetupCommand, 1, True)

installation files are located on a network share (permissions: full control for everyone)

The installation seems to work correctly until installation of updates when I get error 1719 Windows Installer service could not be accessed preceded by a warning event 1530: 

Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

DETAIL - 
2 user registry handles leaked from \Registry\User\S-1-5-21-682003330-507921405-725345543-4463:
Process 2760 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-682003330-507921405-725345543-4463
Process 2760 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-682003330-507921405-725345543-4463\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts


I've tried the script on 5 different hosts and I always get the same error. I've tried once to use the same script at logon and it worked.

If I run the command manually it works. Do you have any idea why the script is not working at logoff? do you have any workaround to suggest? 

DSC powershell xwindowsprocess to execute batch file under different user account

January 20, 2015, 4:18 am
$
0
0

DSC powershell run under "NT AUTHORITY\SYSTEM".
 I am trying to execute a batch file under different user account using xwindowsprocess in DSC resource kit.
 I created a custom dsc resource with 3 parameters namely Exepath, Arguments, Credential.
 I received those parameter values in settargetresource method.

CallPInvoke
 [Source.NativeMethods]::CreateProcessAsUser(("$ExePath "+$Arguments), $Credential.GetNetworkCredential().Domain, $Credential.GetNetworkCredential().UserName, $Credential.GetNetworkCredential().Password)

I tested it by invoking a batch file and writing username under which it executes to a text file.
 After executing, the output text file still contains the "Systemname$".

Mouse right-click doesn't work in Server Manager "Servers" window

October 16, 2014, 11:36 am
$
0
0

Hi,

I'm running Windows 8.1 with the latest RSAT 8.1 tools installed. At some point, right-clicks (these are actually left-clicks because I use the mouse left-handed, but I have the same problem when I switch to default) no longer bring up the context menu in the Servers window (the top window) in the Server Manager details pane. I am able to right-click and get the context menu in lower panes such as Events and Services, but they have far less functionality.

As a result, if I click on the All Servers scope icon in the left pane, I (for example) cannot restart servers. If I click on the AD DS icon, I can't right-click on a single server and launch (for example) AD tools in the resulting Server window.

I've uninstalled / reinstalled RSAT for 8.1 several times, with reboots, to no avail. I've also confirmed that my hardware does work correctly when I use Server Manager via RDP, so it seems to be with my local 8.1 installation.

Search

Server 2008 R2 Event Log Subscription Access Denied

January 20, 2015, 11:39 am
$
0
0
Server 08 R2 server in a domain that is the event log "forwarding" computer.  Server in another domain that is the event log collector computer.  Created a service account in the "forwarding" domain that is only a member of the domain users group.  Configured an event log subscription on the event log collector server to use the service account.  This works if the service account is a member of the local "Event Log Readers" group on the "forwarding" server.  Want the service account to use least permissions possible so it is only able to read the application event log.  Believe I followed instructions here:

http://blogs.technet.com/b/janelewis/archive/2010/04/30/giving-non-administrators-permission-to-read-event-logs-windows-2003-and-windows-2008.aspx

to make this possible, however get an "Access denied" error when it tries to pull.  If I put the service account back into the Event Log Readers group on the "forwarding" server it works so I think I am missing a permission somewhere.

If it helps the output of "wevtutil gl application" reads in part:

channelAccess: O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;S-1-5-21-nnnnnnnnn-nnnnnnnnnn-nnnnnnnnnn-nnnn)

where the last entry is  the SID of the service account.

Can anyone show me what I'm missing.

Thank you in advance for any help.

Activation Not Being Remembered After System Has Been Shutdown On Windows Server 2012 R2 x64 VM

January 20, 2015, 11:06 pm
$
0
0

Hi,

I am experiencing an interesting problem related to Windows activation.

I used activation keys provided by my MSDN subscription and not a KMS server, and I have never seen this problem before.

Whenever I successfully activate a Windows Server 2012 R2 x64 virtual machine and then shutdown the system, after bringing it back online, the activation is no longer present and the system informs that it need to be activated again. ~ This happens every time the system is shutdown and not when it is restarted.

Each time the system is re-activated, it takes the same activation key without problems and informs of a successful activation.

The virtual machine has been created from a Master template, the VM hardware and MAC Address are static.

Please advise and thanks in advance,

Unable to Expand Drive

January 21, 2015, 7:03 am
$
0
0

Hello,

I am trying to extend a partition on a server. The space is unallocated. To be clear this is a virtual machine on a VMWare ESXi box. I have verified that the server has more than enough storage space as I'm only increasing the drive by 10 GB and there are 333 GB available. I do not believe this is an issue with VMWare as much as it is with the VMs OS. I was able to expand a different VMs system drive on the same ESXi box. The OS version is Server 2003 Standard SP2. When I try the diskpart utility I get a 'disk cannot be expanded' error.

Thanks in advance,

How to run I.E. under admin acct in WS2012 R2?

January 21, 2015, 8:02 pm
$
0
0

Hello Community

    On WS2012 R2 I have I.E.11

    The problem is that when I try to run it, it says
I can't run I.E. under the admin account.  So I run it
as a different user.

    Why can't I run I.E.11 in WS2012 R2 under my admin
account in WS2012 R2?


    Thank you
    Shabeaut

Windows Event Collection using WinRM in multple trusted domain environment

August 3, 2012, 12:59 pm
$
0
0

Let me begin by stating that I have spent the last 3 days searching across the Internet for answers, and have found many, but have not been able to tie this all together.

I am trying to install a log analysis system for a corporate entity that has several subsidiary entities. Part of that system needs to review the Windows Event logs, or at least some of them.

Here are some of the specs:

1) There are several forests that all have two way trusts set up between them. Each forest only has one domain in it, some have child domains.

2) The Event Collecter resides on a Windows Server 2008 R2 64 bit server. WinRM 2.0 is installed, and it is joined to a 2008 functional level domain.

3) I can successfully create a functioning subscription for a 2008 R2 server in the same domain by doing the following:

     a) In the collector's domain (domain A) I add the computer account of the collector to the Event Log Readers builtin group.
     b) On the collector I run:
                "winrm quickconfig" and answer yes to the prompts.
                "wecutil qc" and answer yes to the prompts.

     c) On the source computer I run:
                "winrm quickconfig" and answer yes to the prompts.
                "wevtutil sl security /ca:0:BAG:SYD:(A;;0xf0005;;;SY)(A;;0x5;;;BA)(A;;0x1;;;S-1-5-32-573)(A;;0x1;;;S-1-5-20)"
                     (- apparently this gives the Network Service account rights to the Event Logs)

     d) I set up the subscription and select the Security Events log to be forwarded and it works just fine.
               

4)  Now, one of the domains (domain B) that I need to forward from is at Windows 2003 functional level, and the server is a Windows Server 2003 R2 box.  According to what I have read it should be able to function however there are some holes that I need explained if anyone has done this.

     a) The 2003 domain does not have an Event Log Reader group. So what needs to be done to give the collector permissions to read the event logs on the servers in this domain?  I have tried issueing the wevtutil command as stated above on the source computer, and I have tried putting the collector's computer account in the Doman B's "Domain Admins" group.  No luck.

If this was all within one domain, I think I could get it to work from what I have already learned, but I just can't seem to find all of the steps for the cross-domain (forest) environment.

If this is spelled out somewhere, please direct me to it as I have not been able to find it.

ANY help would be greatly appreciated!

Bryan Carter





Viewing all 2460 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>