[ActiveDir] cannot login into win2k server bec of domain controller problem
Hi, I had this famous AD problem in my win2k server: LSASS.EXE - System Error, security accounts manager initialization failed because of the following error: Directory Service cannot start. Error status 0xc2e1. Please click OK to shutdown this system and reboot into directory services restore mode, check the event log for more detailed information. And as you can guess, I couldn't get into the win2k server's normal mode. There are quite a number of sources on the net suggesting various ways to get the server. I've tried the following links: - http://www.jsiinc.com/SUBF/Tip2500/rh2599.htm - http://support.microsoft.com/default.aspx?kbid=258062 - http://www.experts-exchange.com/Operating_Systems/ Win2000/Q_20809496.html But none of them worked for me. I've even tried doing a lossy repair of AD dbase using esentutl. But I still couldn't get into normal mode. Dcpromo surely doesn't work in drectory service restore mode. What should I do ? I don't have a backup unfortunately. It was a test machine, so I didn't have a thought at all to make backup (I should have done it..sigh) This is not the first time I had this problem. I had the same problem a few months ago, and I had to reinstall the win2k server... It's the last option that I want to do now... I wonder as well what caused this problem... As far as I can remember, I did a configuration using ksetup (for cross realm auth)...and so did I a few months ago before it failed. Could ksetup cause the corruption ? Can I do ksetup in win2k server actually ? Please help lara = La vie, voyez-vous, ca n'est jamais si bon ni si mauvais qu'on croit - Guy de Maupassant - __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD and printer admins
The easiest way of figuring out what rights you need to do anything on a member server, AD, service right delegation etc, etc, is to turn on auditing on success/failure and try what you're doing again. Read the security event log, and the rights that are missing are exposed in the failure log. This allows you to isolate the rights/special rights or ACL's required to accomplish your task. You'll see some interesting changes between win2k/win2k3 as some things have become simpler, e.g. only three delegated object rights needed to delegate Authorise DHCP, or one special right on the domain object to allow use of SidHistory, etc. But I digress -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: 27 July 2004 11:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD and printer admins That lets them modify current printers yes. But not create new ones. Which is my dilemma. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Tuesday, July 27, 2004 4:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD and printer admins Make an OU for desktop support add users there In printer propertiessecurity tab add OU there and give full rights... Never tried but guess that's the way. Gr J -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Cothern Jeff D. Team EITC Verzonden: dinsdag 27 juli 2004 22:21 Aan: [EMAIL PROTECTED] Onderwerp: [ActiveDir] AD and printer admins Is there a way within AD and other security settings to allow a Desktop Support section the ability to create and maintain printers without putting them into the local admin group on the servers. Currently we are not using the Printers OU for AD. The printers are added the old way thru the add printer wizard. Jeff List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] AD and printer admins
What is the full detail of what the solution needs to be able to accomplish? Also, have you seen what the built-in Print Operators group can do for you? :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Cothern Jeff D. Team EITC Sent: Tuesday, July 27, 2004 5:21 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD and printer admins That lets them modify current printers yes. But not create new ones. Which is my dilemma. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Quatro Info Sent: Tuesday, July 27, 2004 4:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] AD and printer admins Make an OU for desktop support add users there In printer propertiessecurity tab add OU there and give full rights... Never tried but guess that's the way. Gr J -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Cothern Jeff D. Team EITC Verzonden: dinsdag 27 juli 2004 22:21 Aan: [EMAIL PROTECTED] Onderwerp: [ActiveDir] AD and printer admins Is there a way within AD and other security settings to allow a Desktop Support section the ability to create and maintain printers without putting them into the local admin group on the servers. Currently we are not using the Printers OU for AD. The printers are added the old way thru the add printer wizard. Jeff List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] OT: NAS and WSS
I have to say that Dennis makes some very good points. One that wasn't made as the concept of anti-virus. This has been a sticking point for many of the NAS devices for years. I haven't heard how WSS gets past that, but in the end, it seems cheaper and more reliable for adding a few devices, to just use the full-blown OS so I can add anti-virus applications. WSS says it has support for this, but how is that support implemented. Some past solutions were so stripped down or mutated OS's that you had to deploy extra Windows Servers for the Anti-virus. Exchange on a NAS? Why? What would be the point? Would it be because you only have 30 users anyway? If you want to scale it, as Dennis mentions, Disk is critical. Anything over 150 users and I personally would consider the effort not worth the result. Besides, the Exchange team was forced into that solution. Not sure I'd like to be the customer that proves to upper management that it wasn't a sound technical decision, but rather a business decision only. Personally, I have yet to see the value of a NAS device in many organizations. It's supposed to be cheap space for those low performance applications such as file and print. I can solve that so much more easily, cheaply, and more completely without NAS. If you need to provision TB of data that is relatively static and doesn't have reliability concerns, NAS is a cheaper way to provision it vs. SAN but compared to straight OS, it's often cheaper and easier to use the straight OS out of the box since you'll inevitably want some auditing solution (sarbox?) that NAS is going to have more issues with. WSS may have solved this, but it's something to check. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Tuesday, July 27, 2004 3:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: NAS and WSS I haven't used WSS, but I have used its predesessor which ran on Windows 2000 embedded. From an Active Directory perspective, it looks like any other member server. I would hope with WSS they would make a change so the OS looks like it is a WSS server. The NIC bottle neck would depend on how much data you are trying to push and what type of network you have. I have the benefit of GigE for all my server. This has not been an issue. The number of users per device would depend on how much each user is using this machine. In the SATA vs. SCSI, most of the data on the NAS is probably static with a small percentage of the data actually being changed regularly. In this senario I like the SATA drives much better than SCSI. While the SCSI provides better performance, when dealing with user data, I usually want quantity not quality. I would never place an Exchange database on NAS. I think I would quit first! This might be OK for a smaller shop. Exchange is very disk intensive. You need to think about the performance hit of placing your Exchange data on a NAS device. Also most corruption in the Exchange databases occurs because of problems writing to the disk. Do you want to add network traffic as another area to check? My personnal preference is to avoid the Windows based NAS devices. (or any NAS device for that matter) We have about 4500 employees and I try to keep the OS landscape as simple as possible. There will be peculiarities with the WSS devices. If you plan on installing several of these deivices, then it may be worth it. If you only plan to install 1 or 2, I would stay with Windows 2003. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Tuesday, July 27, 2004 2:44 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] OT: NAS and WSS Hello all - I am looking to expand the amount of storage space on the network and am considering a NAS solution running Windows Storage Server 2003 (WSS). I am looking for feedback on NAS in general and WSS in particular. Are there any AD or licensing issues with WSS? (My hunch is that AD views this as just another member server). Dell offers an OEM version. Any issues there? It seems that the NIC would be a huge bottleneck. Is that the case? Do people run these as multihomed hosts? If just using it for file service (as opposed to hosting a database), how many users do you figure per NAS device? Many of the NAS devices seem to be SATA. How does this perform compared to SCSI? I know that you are supposed to be able to stick an Exchange database on NAS but is anyone really using this? It seems the timing demands might be too much for it. Thanks. nme -- Noah M. Eiger EIS Consulting for PRBO Conservation Science 510-717-5742 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive:
[ActiveDir] Accented characters in a CSVDE output
When using CSVDE to output a .csv file, any 'sn' and 'givenname' entries with an accented character are displayed in the CSV file as something like this: X'41c3af737361746f75' when opened in Excel. Is this an Excel or CSVDE problem? Anyone tell me how to display such names properly? When I go into AD and remove the accented character the sn or givenname displays correctly. Maybe there is a better tool than CSVDE? Here are a couple of examples of the CSVDE command: C:\WINDOWS\system32csvde -s 12.34.56.78 -f D:\IMG\IUCNEmail\Exchange\CSVDE\csvde1.csv -r ((objectclass=user)(proxyaddresses=SMTP*)) -l cn,mail,physicalDeliveryOfficeName - C:\WINDOWS\system32csvde -s 12.34.56.78 -f D:\IMG\IUCNEmail\Exchange\CSVDE\csvde1.csv -r ((objectclass=user)(proxyaddresses=SMTP*)) -l displayname,mail,physicalDeliveryOfficeName -o DN (The -o to omit the DN output appears not to work) Dan Hinckleyt: (41 22) 999 0183 Information Management Groupf: (41 22) 999 0010 IUCN, The World Conservation Union e: [EMAIL PROTECTED] 1196 Gland, Switzerland w: http://iucn.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Accented characters in a CSVDE output
Is the character on this list? http://support.microsoft.com/?kbid=841091 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan HINCKLEY Sent: Wednesday, July 28, 2004 10:12 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Accented characters in a CSVDE output When using CSVDE to output a .csv file, any 'sn' and 'givenname' entries with an accented character are displayed in the CSV file as something like this: X'41c3af737361746f75' when opened in Excel. Is this an Excel or CSVDE problem? Anyone tell me how to display such names properly? When I go into AD and remove the accented character the sn or givenname displays correctly. Maybe there is a better tool than CSVDE? Here are a couple of examples of the CSVDE command: C:\WINDOWS\system32csvde -s 12.34.56.78 -f D:\IMG\IUCNEmail\Exchange\CSVDE\csvde1.csv -r ((objectclass=user)(proxyaddresses=SMTP*)) -l cn,mail,physicalDeliveryOfficeName - C:\WINDOWS\system32csvde -s 12.34.56.78 -f D:\IMG\IUCNEmail\Exchange\CSVDE\csvde1.csv -r ((objectclass=user)(proxyaddresses=SMTP*)) -l displayname,mail,physicalDeliveryOfficeName -o DN (The -o to omit the DN output appears not to work) Dan Hinckleyt: (41 22) 999 0183 Information Management Groupf: (41 22) 999 0010 IUCN, The World Conservation Union e: [EMAIL PROTECTED] 1196 Gland, Switzerland w: http://iucn.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Accented characters in a CSVDE output
it's not a CSVDE *problem* - it is the *solution* to keep the data transferrable via CSVDE... You'll find the same issue when trying to export address-fields which include carriage returns. you should be able to export the data in a readable format via normal LDAP queries e.g. via DSQUERY or Joe's ADFIND /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan HINCKLEY Sent: Wednesday, July 28, 2004 4:12 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Accented characters in a CSVDE output When using CSVDE to output a .csv file, any 'sn' and 'givenname' entries with an accented character are displayed in the CSV file as something like this: X'41c3af737361746f75' when opened in Excel. Is this an Excel or CSVDE problem? Anyone tell me how to display such names properly? When I go into AD and remove the accented character the sn or givenname displays correctly. Maybe there is a better tool than CSVDE? Here are a couple of examples of the CSVDE command: C:\WINDOWS\system32csvde -s 12.34.56.78 -f D:\IMG\IUCNEmail\Exchange\CSVDE\csvde1.csv -r ((objectclass=user)(proxyaddresses=SMTP*)) -l cn,mail,physicalDeliveryOfficeName - C:\WINDOWS\system32csvde -s 12.34.56.78 -f D:\IMG\IUCNEmail\Exchange\CSVDE\csvde1.csv -r ((objectclass=user)(proxyaddresses=SMTP*)) -l displayname,mail,physicalDeliveryOfficeName -o DN (The -o to omit the DN output appears not to work) Dan Hinckleyt: (41 22) 999 0183 Information Management Groupf: (41 22) 999 0010 IUCN, The World Conservation Union e: [EMAIL PROTECTED] 1196 Gland, Switzerland w: http://iucn.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Accented characters in a CSVDE output
Yes, but not for any of the objects noted under ES2003 which is what we're running, on a W2003 server. At 16:18 7/28/2004, you wrote: Is the character on this list? http://support.microsoft.com/?kbid=841091 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan HINCKLEY Sent: Wednesday, July 28, 2004 10:12 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Accented characters in a CSVDE output When using CSVDE to output a .csv file, any 'sn' and 'givenname' entries with an accented character are displayed in the CSV file as something like this: X'41c3af737361746f75' when opened in Excel. Is this an Excel or CSVDE problem? Anyone tell me how to display such names properly? When I go into AD and remove the accented character the sn or givenname displays correctly. Maybe there is a better tool than CSVDE? Here are a couple of examples of the CSVDE command: C:\WINDOWS\system32csvde -s 12.34.56.78 -f D:\IMG\IUCNEmail\Exchange\CSVDE\csvde1.csv -r ((objectclass=user)(proxyaddresses=SMTP*)) -l cn,mail,physicalDeliveryOfficeName - C:\WINDOWS\system32csvde -s 12.34.56.78 -f D:\IMG\IUCNEmail\Exchange\CSVDE\csvde1.csv -r ((objectclass=user)(proxyaddresses=SMTP*)) -l displayname,mail,physicalDeliveryOfficeName -o DN (The -o to omit the DN output appears not to work) Dan Hinckleyt: (41 22) 999 0183 Information Management Groupf: (41 22) 999 0010 IUCN, The World Conservation Union e: [EMAIL PROTECTED] 1196 Gland, Switzerland w: http://iucn.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT)
Title: ADC and Exchange 2003 with 5.5 (Maybe OT) We run multiple exchange 5.5 sites all with separate NT4 domains. As our site (and domain) was the first to complete the AD 2003 migration (all of us will be separate domains under an empty root), we are now ready to upgrade to Exchange 2003. I have created the connector Agreement (in the test lab) for my site and domain, but the Global address list for mailboxes on the new server (mixed mode in my local 5.5 site) doesn't show the addresses in the other sites. It looks like I need to create a CA that includes the other 5.5 sites. I am not sure if this is correct, and if it is, what is best practice? Do I create one CA and include all of the other sites, or do I make a CA for each site (20+). What effect will this have on the other sites when they are ready to migrate. Should I configure the other CA's to create disabled accounts, or create contact. I have searched through quite a bit of information but was not able to get clear answers. Any help would be greatly appreciated. Thanks -Ted-
RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT)
Title: Message You need to create a CA for each site and you can create them in your domain if the other domains haven't upgraded to a W2K or W2K3 domain yet. You should have it create disabled accounts and then when they or you are ready to migrate, you can run ADMT to migrate the users over to W2K/3 and then run adclean to merge the mailboxes with the AD objects. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Strand, TedSent: Wednesday, July 28, 2004 1:47 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) We run multiple exchange 5.5 sites all with separate NT4 domains. As our site (and domain) was the first to complete the AD 2003 migration (all of us will be separate domains under an empty root), we are now ready to upgrade to Exchange 2003. I have created the connector Agreement (in the test lab) for my site and domain, but the Global address list for mailboxes on the new server (mixed mode in my local 5.5 site) doesn't show the addresses in the other sites. It looks like I need to create a CA that includes the other 5.5 sites. I am not sure if this is correct, and if it is, what is best practice? Do I create one CA and include all of the other sites, or do I make a CA for each site (20+). What effect will this have on the other sites when they are ready to migrate. Should I configure the other CA's to create disabled accounts, or create contact. I have searched through quite a bit of information but was not able to get clear answers. Any help would be greatly appreciated. Thanks -Ted-
RE: [ActiveDir] OT: NAS and WSS
Does this help? http://download.microsoft.com/download/a/f/a/afa939d4-6ec4-482d-9fc6-4e5b91c5 43b2/Exch_StorWSS3.doc How about this? http://www.microsoft.com/windowsserversystem/wss2003/productinformation/prodg uide/default.mspx Does it help to remind you that WSS is a special (OK, stripped down) Windows Server 2003 version and any Win2K3-compliant AV will work adequately on WSS as well, without any acrobatic jujitsu? Does it help to state that, for good or bad, people do Cluster Exchange? And that one of the biggest gripes about Exchange Clustering is the fact that most small-time shops could not affod the high cost of the SAN infrastructure hitherto required to join the Clusting Club? And that WSS with Feature Pack specifically addresses this issue and made the playing field more level? WSS may have solved this, but it's something to check Does it help to state that you are so right? :) Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Mulnick, Al Sent: Wed 7/28/2004 6:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: NAS and WSS I have to say that Dennis makes some very good points. One that wasn't made as the concept of anti-virus. This has been a sticking point for many of the NAS devices for years. I haven't heard how WSS gets past that, but in the end, it seems cheaper and more reliable for adding a few devices, to just use the full-blown OS so I can add anti-virus applications. WSS says it has support for this, but how is that support implemented. Some past solutions were so stripped down or mutated OS's that you had to deploy extra Windows Servers for the Anti-virus. Exchange on a NAS? Why? What would be the point? Would it be because you only have 30 users anyway? If you want to scale it, as Dennis mentions, Disk is critical. Anything over 150 users and I personally would consider the effort not worth the result. Besides, the Exchange team was forced into that solution. Not sure I'd like to be the customer that proves to upper management that it wasn't a sound technical decision, but rather a business decision only. Personally, I have yet to see the value of a NAS device in many organizations. It's supposed to be cheap space for those low performance applications such as file and print. I can solve that so much more easily, cheaply, and more completely without NAS. If you need to provision TB of data that is relatively static and doesn't have reliability concerns, NAS is a cheaper way to provision it vs. SAN but compared to straight OS, it's often cheaper and easier to use the straight OS out of the box since you'll inevitably want some auditing solution (sarbox?) that NAS is going to have more issues with. WSS may have solved this, but it's something to check. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Tuesday, July 27, 2004 3:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: NAS and WSS I haven't used WSS, but I have used its predesessor which ran on Windows 2000 embedded. From an Active Directory perspective, it looks like any other member server. I would hope with WSS they would make a change so the OS looks like it is a WSS server. The NIC bottle neck would depend on how much data you are trying to push and what type of network you have. I have the benefit of GigE for all my server. This has not been an issue. The number of users per device would depend on how much each user is using this machine. In the SATA vs. SCSI, most of the data on the NAS is probably static with a small percentage of the data actually being changed regularly. In this senario I like the SATA drives much better than SCSI. While the SCSI provides better performance, when dealing with user data, I usually want quantity not quality. I would never place an Exchange database on NAS. I think I would quit first! This might be OK for a smaller shop. Exchange is very disk intensive. You need to think about the performance hit of placing your Exchange data on a NAS device. Also most corruption in the Exchange databases occurs because of problems writing to the disk. Do you want to add network traffic as another area to check? My personnal preference is to avoid the Windows based NAS devices. (or any NAS device for that matter) We have about 4500 employees and I try to keep the OS landscape as simple as possible. There will be peculiarities with the WSS devices. If you plan on installing several of these deivices, then it may be worth it. If you only plan to install 1 or 2, I would stay with Windows 2003. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Noah Eiger Sent: Tuesday, July 27, 2004 2:44 PM To:
RE: [ActiveDir] OT: NAS and WSS
I don't understand your comment about Exchange clustering requiring a SAN. All Exchange clustering requires is a shared disk. This can be a direct attached SCSI drives that are shared between the two machine. Several companies make these devices. I don't think WSS made the playing field more level for small companies at all. NetApp has been claiming a NAS solution that works with Exchange since Exchange 2000. However, Microsoft would not support it until Exchange 2003. By this time they were talking about WSS and a Microsoft solution to run Exchange on a Microsoft version of NAS. I would still not run Exchange on NAS. It is still very new and with few proven installations. I would prefer to continue to use direct attached drives (even w/ a cluster) and wait to see what the fall out brings. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 2:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: NAS and WSS Does this help? http://download.microsoft.com/download/a/f/a/afa939d4-6ec4-482d-9fc6-4e5b91c5 43b2/Exch_StorWSS3.doc How about this? http://www.microsoft.com/windowsserversystem/wss2003/productinformation/prodg uide/default.mspx Does it help to remind you that WSS is a special (OK, stripped down) Windows Server 2003 version and any Win2K3-compliant AV will work adequately on WSS as well, without any acrobatic jujitsu? Does it help to state that, for good or bad, people do Cluster Exchange? And that one of the biggest gripes about Exchange Clustering is the fact that most small-time shops could not affod the high cost of the SAN infrastructure hitherto required to join the Clusting Club? And that WSS with Feature Pack specifically addresses this issue and made the playing field more level? WSS may have solved this, but it's something to check Does it help to state that you are so right? :) Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Mulnick, Al Sent: Wed 7/28/2004 6:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: NAS and WSS I have to say that Dennis makes some very good points. One that wasn't made as the concept of anti-virus. This has been a sticking point for many of the NAS devices for years. I haven't heard how WSS gets past that, but in the end, it seems cheaper and more reliable for adding a few devices, to just use the full-blown OS so I can add anti-virus applications. WSS says it has support for this, but how is that support implemented. Some past solutions were so stripped down or mutated OS's that you had to deploy extra Windows Servers for the Anti-virus. Exchange on a NAS? Why? What would be the point? Would it be because you only have 30 users anyway? If you want to scale it, as Dennis mentions, Disk is critical. Anything over 150 users and I personally would consider the effort not worth the result. Besides, the Exchange team was forced into that solution. Not sure I'd like to be the customer that proves to upper management that it wasn't a sound technical decision, but rather a business decision only. Personally, I have yet to see the value of a NAS device in many organizations. It's supposed to be cheap space for those low performance applications such as file and print. I can solve that so much more easily, cheaply, and more completely without NAS. If you need to provision TB of data that is relatively static and doesn't have reliability concerns, NAS is a cheaper way to provision it vs. SAN but compared to straight OS, it's often cheaper and easier to use the straight OS out of the box since you'll inevitably want some auditing solution (sarbox?) that NAS is going to have more issues with. WSS may have solved this, but it's something to check. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Tuesday, July 27, 2004 3:20 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: NAS and WSS I haven't used WSS, but I have used its predesessor which ran on Windows 2000 embedded. From an Active Directory perspective, it looks like any other member server. I would hope with WSS they would make a change so the OS looks like it is a WSS server. The NIC bottle neck would depend on how much data you are trying to push and what type of network you have. I have the benefit of GigE for all my server. This has not been an issue. The number of users per device would depend on how much each user is using this machine. In the SATA vs. SCSI, most of the data on the NAS is probably static with a small percentage of the data actually being changed regularly. In this senario I like the SATA drives much better than SCSI. While the SCSI
[ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT)
Return Receipt Your [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) document : was Ryan McDonald/bankersbank received by: at: 07/28/2004 03:24:52 PM List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Group Policy and Event ID: 1054
Heres my problem. We have computers in the lab that are working just fine in all ways including applying the correct Group Policy. Then all of a sudden, out of no where, a random number of computers begin to give me the message below. And nothing seems to get it back. Not even removing it from the domain and then re-adding it back in. The only thing that seems to work is redeploying the original image and reconfiguring. What is going on here? And more importantly, how do I make it stop!?!? Group Policy Infrastructure Failed 7/21/2004 10:58:01 AM Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Which reveals the following: Date: 7/21/2004 Source: Useenv Time: 10:58:01 AM Category: None Type: Error Event ID: 1054 User: NT AUTHORITY\SYSTEM Computer: ROSEN-LAB2-13 Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.). Group Policy processing aborted. :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) Brenda L. Wilkins Microcomputer Specialist - Mac/PC Academic Computing East Stroudsburg University [EMAIL PROTECTED] (570) 422-3662 Lord, please help me to be the person my dog thinks I am.
RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT)
Title: Message We are going through the same thing now (very similar infrastructure) and Karen is correct. To confirm, MS even suggested that it is a best practice to create one CA for each site. Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. From: Dryden, Karen [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 1:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) You need to create a CA for each site and you can create them in your domain if the other domains haven't upgraded to a W2K or W2K3 domain yet. You should have it create disabled accounts and then when they or you are ready to migrate, you can run ADMT to migrate the users over to W2K/3 and then run adclean to merge the mailboxes with the AD objects. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Strand, Ted Sent: Wednesday, July 28, 2004 1:47 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) We run multiple exchange 5.5 sites all with separate NT4 domains. As our site (and domain) was the first to complete the AD 2003 migration (all of us will be separate domains under an empty root), we are now ready to upgrade to Exchange 2003. I have created the connector Agreement (in the test lab) for my site and domain, but the Global address list for mailboxes on the new server (mixed mode in my local 5.5 site) doesn't show the addresses in the other sites. It looks like I need to create a CA that includes the other 5.5 sites. I am not sure if this is correct, and if it is, what is best practice? Do I create one CA and include all of the other sites, or do I make a CA for each site (20+). What effect will this have on the other sites when they are ready to migrate. Should I configure the other CA's to create disabled accounts, or create contact. I have searched through quite a bit of information but was not able to get clear answers. Any help would be greatly appreciated. Thanks -Ted-
RE: [ActiveDir] OT: NAS and WSS
I'd have to mostly agree with Dennis again (must be my day to agree with Dennis). NetAPP has been claiming that but you had to look at the supported configuration: it must be on the Windows cluster HCL to be a valid configuration. That meant that the NetApp had to be fiber connected vs. IP connected in 2000. That makes it a SAN configuration :) Deji, I don't think that NAS levels the playing field for Exchange users from a cost entry point. A cluster configuration on the cluster HCL is one that almost always comes from the vendor in a pre-stated configuration - i.e. a cluster in a box. As for storage, http://www1.us.dell.com/content/products/compare.aspx/sanet?c=uscs=04l=en; s=bsd is about 8k more than a NAS storage device, but you'll notice it's aimed at those needing about half the storage capacity. It is not positioned for HA cluster solutions. In fact, you won't find any iSCSI solutions positioned at iSCSI on the Dell website (at least I couldn't; you may have better luck). http://www1.us.dell.com/content/topics/global.aspx/solutions/en/clustering_h a?c=uscs=555l=ens=biz~tab=4 The clustering HCL is very specific about what you can use. It's also intended to be in that exact configuration of parts and not mixed and matched components of multiple cluster hcl qualified parts if you ever want to be in a supported mode. Since I only looked at Dell, it's fair to read Microsoft's own take on the cluster and iSCSI information http://support.microsoft.com/default.aspx?scid=kb;en-us;839686 Looks like the same story that they had with NetApp earlier except that they will support it for non-clustered servers (heck, they may even recommend it). In short, no it doesn't help :) But thanks. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Wednesday, July 28, 2004 3:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: NAS and WSS I don't understand your comment about Exchange clustering requiring a SAN. All Exchange clustering requires is a shared disk. This can be a direct attached SCSI drives that are shared between the two machine. Several companies make these devices. I don't think WSS made the playing field more level for small companies at all. NetApp has been claiming a NAS solution that works with Exchange since Exchange 2000. However, Microsoft would not support it until Exchange 2003. By this time they were talking about WSS and a Microsoft solution to run Exchange on a Microsoft version of NAS. I would still not run Exchange on NAS. It is still very new and with few proven installations. I would prefer to continue to use direct attached drives (even w/ a cluster) and wait to see what the fall out brings. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 2:36 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: NAS and WSS Does this help? http://download.microsoft.com/download/a/f/a/afa939d4-6ec4-482d-9fc6-4e5b91c 5 43b2/Exch_StorWSS3.doc How about this? http://www.microsoft.com/windowsserversystem/wss2003/productinformation/prod g uide/default.mspx Does it help to remind you that WSS is a special (OK, stripped down) Windows Server 2003 version and any Win2K3-compliant AV will work adequately on WSS as well, without any acrobatic jujitsu? Does it help to state that, for good or bad, people do Cluster Exchange? And that one of the biggest gripes about Exchange Clustering is the fact that most small-time shops could not affod the high cost of the SAN infrastructure hitherto required to join the Clusting Club? And that WSS with Feature Pack specifically addresses this issue and made the playing field more level? WSS may have solved this, but it's something to check Does it help to state that you are so right? :) Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Mulnick, Al Sent: Wed 7/28/2004 6:18 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: NAS and WSS I have to say that Dennis makes some very good points. One that wasn't made as the concept of anti-virus. This has been a sticking point for many of the NAS devices for years. I haven't heard how WSS gets past that, but in the end, it seems cheaper and more reliable for adding a few devices, to just use the full-blown OS so I can add anti-virus applications. WSS says it has support for this, but how is that support implemented. Some past solutions were so stripped down or mutated OS's that you had to deploy extra Windows Servers for the Anti-virus. Exchange on a NAS? Why? What would be the point? Would it be because you only have 30 users anyway? If you want to scale it, as Dennis mentions, Disk is
RE: [ActiveDir] Group Policy and Event ID: 1054
One thing I just learned, actually, many hours later, a system that got the below error message, will later just start to work, even without a reboot! Also, when I said that if I reimage and reconfigure it starts to work. Well, that is true, but it may also stop working later again. Im so confused. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Wilkins Sent: Wednesday, July 28, 2004 3:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Group Policy and Event ID: 1054 Heres my problem. We have computers in the lab that are working just fine in all ways including applying the correct Group Policy. Then all of a sudden, out of no where, a random number of computers begin to give me the message below. And nothing seems to get it back. Not even removing it from the domain and then re-adding it back in. The only thing that seems to work is redeploying the original image and reconfiguring. What is going on here? And more importantly, how do I make it stop!?!? Group Policy Infrastructure Failed 7/21/2004 10:58:01 AM Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Which reveals the following: Date: 7/21/2004 Source: Useenv Time: 10:58:01 AM Category: None Type: Error Event ID: 1054 User: NT AUTHORITY\SYSTEM Computer: ROSEN-LAB2-13 Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.). Group Policy processing aborted. :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) Brenda L. Wilkins Microcomputer Specialist - Mac/PC Academic Computing East Stroudsburg University [EMAIL PROTECTED] (570) 422-3662 Lord, please help me to be the person my dog thinks I am.
RE: [ActiveDir] Group Policy and Event ID: 1054
So nothing changed? :) Have you checked your Active Directory? Specifically name resolution? How'd it turn out? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda WilkinsSent: Wednesday, July 28, 2004 3:42 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Group Policy and Event ID: 1054 Here's my problem. We have computers in the lab that are working just fine in all ways including applying the correct Group Policy. Then all of a sudden, out of no where, a random number of computers begin to give me the message below. And nothing seems to get it back. Not even removing it from the domain and then re-adding it back in. The only thing that seems to work is redeploying the original image and reconfiguring. What is going on here? And more importantly, how do I make it stop!?!? Group Policy Infrastructure Failed 7/21/2004 10:58:01 AM Group Policy Infrastructure failed due to the error listed below.The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Which reveals the following: Date: 7/21/2004 Source: Useenv Time: 10:58:01 AM Category: None Type: Error Event ID: 1054 User: NT AUTHORITY\SYSTEM Computer: ROSEN-LAB2-13 Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.). Group Policy processing aborted. :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) Brenda L. Wilkins Microcomputer Specialist - Mac/PC Academic Computing East Stroudsburg University [EMAIL PROTECTED] (570) 422-3662 Lord, please help me to be the person my dog thinks I am.
RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT)
Title: Message Thank you both for the information. I guess the follow up question I would have is that if I create a disabled account in my domain (sub domain under an empty root) for the other sites, what will happen when they migrate their NT 4 account to their own Active directory domain. Will it cause a problem because I will have a disabled account in my name with the same email address? Thanks -Ted- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pelle, JoeSent: Wednesday, July 28, 2004 3:51 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) We are going through the same thing now (very similar infrastructure) and Karen is correct. To confirm, MS even suggested that it is a best practice to create one CA for each site. Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. From: Dryden, Karen [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 1:55 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) You need to create a CA for each site and you can create them in your domain if the other domains haven't upgraded to a W2K or W2K3 domain yet. You should have it create disabled accounts and then when they or you are ready to migrate, you can run ADMT to migrate the users over to W2K/3 and then run adclean to merge the mailboxes with the AD objects. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Strand, TedSent: Wednesday, July 28, 2004 1:47 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) We run multiple exchange 5.5 sites all with separate NT4 domains. As our site (and domain) was the first to complete the AD 2003 migration (all of us will be separate domains under an empty root), we are now ready to upgrade to Exchange 2003. I have created the connector Agreement (in the test lab) for my site and domain, but the Global address list for mailboxes on the new server (mixed mode in my local 5.5 site) doesn't show the addresses in the other sites. It looks like I need to create a CA that includes the other 5.5 sites. I am not sure if this is correct, and if it is, what is best practice? Do I create one CA and include all of the other sites, or do I make a CA for each site (20+). What effect will this have on the other sites when they are ready to migrate. Should I configure the other CA's to create disabled accounts, or create contact. I have searched through quite a bit of information but was not able to get clear answers. Any help would be greatly appreciated. Thanks -Ted-
RE: [ActiveDir] Group Policy and Event ID: 1054
Right. Couple of tips that may be of interest :) http://www.jsiinc.com/SUBK/tip5400/rh5417.htm From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda WilkinsSent: Wednesday, July 28, 2004 4:08 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Group Policy and Event ID: 1054 One thing I just learned, actually, many hours later, a system that got the below error message, will later just start to work, even without a reboot! Also, when I said that if I reimage and reconfigure it starts to work. Well, that is true, but it may also stop working later again. I'm so confused. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda WilkinsSent: Wednesday, July 28, 2004 3:42 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Group Policy and Event ID: 1054 Here's my problem. We have computers in the lab that are working just fine in all ways including applying the correct Group Policy. Then all of a sudden, out of no where, a random number of computers begin to give me the message below. And nothing seems to get it back. Not even removing it from the domain and then re-adding it back in. The only thing that seems to work is redeploying the original image and reconfiguring. What is going on here? And more importantly, how do I make it stop!?!? Group Policy Infrastructure Failed 7/21/2004 10:58:01 AM Group Policy Infrastructure failed due to the error listed below.The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Which reveals the following: Date: 7/21/2004 Source: Useenv Time: 10:58:01 AM Category: None Type: Error Event ID: 1054 User: NT AUTHORITY\SYSTEM Computer: ROSEN-LAB2-13 Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.). Group Policy processing aborted. :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) Brenda L. Wilkins Microcomputer Specialist - Mac/PC Academic Computing East Stroudsburg University [EMAIL PROTECTED] (570) 422-3662 Lord, please help me to be the person my dog thinks I am.
RE: [ActiveDir] Group Policy and Event ID: 1054
Does this machine have a gigabit card in it??? http://www.kbalertz.com/Feedback_326152.aspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al Sent: Wednesday, July 28, 2004 4:07 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Group Policy and Event ID: 1054 So nothing changed? :) Have you checked your Active Directory? Specifically name resolution? How'd it turn out? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda Wilkins Sent: Wednesday, July 28, 2004 3:42 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Group Policy and Event ID: 1054 Here's my problem. We have computers in the lab that are working just fine in all ways including applying the correct Group Policy. Then all of a sudden, out of no where, a random number of computers begin to give me the message below. And nothing seems to get it back. Not even removing it from the domain and then re-adding it back in. The only thing that seems to work is redeploying the original image and reconfiguring. What is going on here? And more importantly, how do I make it stop!?!? Group Policy Infrastructure Failed 7/21/2004 10:58:01 AM Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Which reveals the following: Date: 7/21/2004 Source: Useenv Time: 10:58:01 AM Category: None Type: Error Event ID: 1054 User: NT AUTHORITY\SYSTEM Computer: ROSEN-LAB2-13 Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.). Group Policy processing aborted. :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) Brenda L. Wilkins Microcomputer Specialist - Mac/PC Academic Computing East Stroudsburg University [EMAIL PROTECTED] (570) 422-3662 Lord, please help me to be the person my dog thinks I am.
RE: [ActiveDir] Group Policy and Event ID: 1054
Brenda- Make sure your DCs are properly registering their SRV records. For GPOs, you're specifically looking for an ldap locator record like this: _ldap._tcp.mysite._sites.dc._msdcs.mycompany.com AlsomakesureyourclientshavethecorrectDNSreferences--i.e.theyareconsistentandpointingtoreliable,correctlypopulatedDNSservers. Also,doyouhaveICMPeitherdisabledorrestrictedonyournetwork?ThatwillcauseproblemswithGPOprocessing, Darren From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda WilkinsSent: Wednesday, July 28, 2004 1:08 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] Group Policy and Event ID: 1054 One thing I just learned, actually, many hours later, a system that got the below error message, will later just start to work, even without a reboot! Also, when I said that if I reimage and reconfigure it starts to work. Well, that is true, but it may also stop working later again. Im so confused. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brenda WilkinsSent: Wednesday, July 28, 2004 3:42 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Group Policy and Event ID: 1054 Heres my problem. We have computers in the lab that are working just fine in all ways including applying the correct Group Policy. Then all of a sudden, out of no where, a random number of computers begin to give me the message below. And nothing seems to get it back. Not even removing it from the domain and then re-adding it back in. The only thing that seems to work is redeploying the original image and reconfiguring. What is going on here? And more importantly, how do I make it stop!?!? Group Policy Infrastructure Failed 7/21/2004 10:58:01 AM Group Policy Infrastructure failed due to the error listed below.The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Group Policy Infrastructure failed due to the error listed below. The specified domain either does not exist or could not be contacted. Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available. Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 7/21/2004 10:58:01 AM and 7/21/2004 10:58:01 AM. Which reveals the following: Date: 7/21/2004 Source: Useenv Time: 10:58:01 AM Category: None Type: Error Event ID: 1054 User: NT AUTHORITY\SYSTEM Computer: ROSEN-LAB2-13 Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted.). Group Policy processing aborted. :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) :-) Brenda L. Wilkins Microcomputer Specialist - Mac/PC Academic Computing East Stroudsburg University [EMAIL PROTECTED] (570) 422-3662 Lord, please help me to be the person my dog thinks I am.
RE: [ActiveDir] OT: NAS and WSS
Al, admit it, you didn't read the white paper I referenced :) If not for the fact that you are my friend, I would be revoking your Dining Services MVP status right now :-P Ok, Ok, I know that the White Paper is a long one. Fair enough. I also suspect that you have not played with WSS (with Feature Pack) on something like a Dell PV775N. Fair enough. but, the arguments you've made are some of the reasons for the invention of WSS FP1. At the risk of being flippant, let me say, those arguments are somewhat old school · High-availability Exchange deployments: For maximum availability, Exchange architects usually deploy Exchange on Windows® clusters, backed with SANs. This combination provides good availability, but the SAN purchase and maintenance cost puts it out of reach for many smaller businesses. The feature pack enables Exchange cluster deployment without the expense of a SAN; two cluster nodes can share the Windows Storage Server 2003 device to provide reliable shared storage for the cluster nodes, a benefit that up until now was only available using traditional Fibre Channel-based SANs. There is more. I remember reading NetApp's argument against WSS when MS came up with it. It was more of a bash than an argument. I also remember reading MS' response to the bashing. They were both interesting reads. I just wish I can find the reference material now, but I can't. Again, my argument is that, with the removal of the old Windows cluster HCL and Fibre dependencies for Exchange Clustering, the field is much more level for indigent companies looking to play in the realm of High-Availability. Do you agree with ME now? Please say you do :) Sincerely, Dèjì Akómöláfé, MCSE MCSA MCP+I Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: [EMAIL PROTECTED] on behalf of Mulnick, Al Sent: Wed 7/28/2004 12:55 PM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] OT: NAS and WSS I'd have to mostly agree with Dennis again (must be my day to agree with Dennis). NetAPP has been claiming that but you had to look at the supported configuration: it must be on the Windows cluster HCL to be a valid configuration. That meant that the NetApp had to be fiber connected vs. IP connected in 2000. That makes it a SAN configuration :) Deji, I don't think that NAS levels the playing field for Exchange users from a cost entry point. A cluster configuration on the cluster HCL is one that almost always comes from the vendor in a pre-stated configuration - i.e. a cluster in a box. As for storage, http://www1.us.dell.com/content/products/compare.aspx/sanet?c=uscs=04l=en; s=bsd is about 8k more than a NAS storage device, but you'll notice it's aimed at those needing about half the storage capacity. It is not positioned for HA cluster solutions. In fact, you won't find any iSCSI solutions positioned at iSCSI on the Dell website (at least I couldn't; you may have better luck). http://www1.us.dell.com/content/topics/global.aspx/solutions/en/clustering_h a?c=uscs=555l=ens=biz~tab=4 The clustering HCL is very specific about what you can use. It's also intended to be in that exact configuration of parts and not mixed and matched components of multiple cluster hcl qualified parts if you ever want to be in a supported mode. Since I only looked at Dell, it's fair to read Microsoft's own take on the cluster and iSCSI information http://support.microsoft.com/default.aspx?scid=kb;en-us;839686 Looks like the same story that they had with NetApp earlier except that they will support it for non-clustered servers (heck, they may even recommend it). In short, no it doesn't help :) But thanks. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Depp, Dennis M. Sent: Wednesday, July 28, 2004 3:00 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] OT: NAS and WSS I don't understand your comment about Exchange clustering requiring a SAN. All Exchange clustering requires is a shared disk. This can be a direct attached SCSI drives that are shared between the two machine. Several companies make these devices. I don't think WSS made the playing field more level for small companies at all. NetApp has been claiming a NAS solution that works with Exchange since Exchange 2000. However, Microsoft would not support it until Exchange 2003. By this time they were talking about WSS and a Microsoft solution to run Exchange on a Microsoft version of NAS. I would still not run Exchange on NAS. It is still very new and with few proven installations. I would prefer to continue to use direct attached drives (even w/ a cluster) and wait to see what the fall out brings. Dennis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 2:36 PM To: [EMAIL
RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT)
Ted, Cant help you there, Im just not sure. If youre native AD and Exchange you might be able to move users between domains. Otherwise youd have to migrate those accounts between domains. We use Quests Fastlane Migrator to go between NT and 2003 domains It looks like you could go between 2003 domains as well with that tool. Im not familiar with ADMTs functionality. Good luck to you! Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. From: Strand, Ted [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 4:23 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) Sorry, I meant DOMAIN, not NAME in the last line. -Ted- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Strand, Ted Sent: Wednesday, July 28, 2004 4:12 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) Thank you both for the information. I guess the follow up question I would have is that if I create a disabled account in my domain (sub domain under an empty root) for the other sites, what will happen when they migrate their NT 4 account to their own Active directory domain. Will it cause a problem because I will have a disabled account in my name with the same email address? Thanks -Ted- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pelle, Joe Sent: Wednesday, July 28, 2004 3:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) We are going through the same thing now (very similar infrastructure) and Karen is correct. To confirm, MS even suggested that it is a best practice to create one CA for each site. Joe Pelle Infrastructure Architect Information Technology Valassis / IT 19975 Victor Parkway Livonia, MI 48152 Tel 734.591.7324 Fax 734.632.6151 [EMAIL PROTECTED] http://www.valassis.com/ This message may have included proprietary or protected information. This message and the information contained herein are not to be further communicated without my express written consent. From: Dryden, Karen [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 1:55 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) You need to create a CA for each site and you can create them in your domain if the other domains haven't upgraded to a W2K or W2K3 domain yet. You should have it create disabled accounts and then when they or you are ready to migrate, you can run ADMT to migrate the users over to W2K/3 and then run adclean to merge the mailboxes with the AD objects. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Strand, Ted Sent: Wednesday, July 28, 2004 1:47 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] ADC and Exchange 2003 with 5.5 (Maybe OT) We run multiple exchange 5.5 sites all with separate NT4 domains. As our site (and domain) was the first to complete the AD 2003 migration (all of us will be separate domains under an empty root), we are now ready to upgrade to Exchange 2003. I have created the connector Agreement (in the test lab) for my site and domain, but the Global address list for mailboxes on the new server (mixed mode in my local 5.5 site) doesn't show the addresses in the other sites. It looks like I need to create a CA that includes the other 5.5 sites. I am not sure if this is correct, and if it is, what is best practice? Do I create one CA and include all of the other sites, or do I make a CA for each site (20+). What effect will this have on the other sites when they are ready to migrate. Should I configure the other CA's to create disabled accounts, or create contact. I have searched through quite a bit of information but was not able to get clear answers. Any help would be greatly appreciated. Thanks -Ted-
[ActiveDir] SpyWare
Title: Message Good morning everyone!!! We have a couple of terminal servers running Windows 2000 SP4 within a Citrix Metaframe XP FR3 enviro. over the past few days and number of spyware pop-ups have been appearing within users sessions. Does anyone know of any good spyware software that would be safe to install on a server? I've download SpyBot and XoftSpy 3.44 but I wanted to check to see if anyone knows of anything else or if it's "safe" to install this programs. Thanks for your help, Andrew
RE: [ActiveDir] SpyWare
Andrew- I'd do a full Adaware and Spybot run during your maintenance period with everybody logged off, the server booted in safe mode, etc. Yank user rights to install ActiveXs as a start too. The new Trend (not sure if its RTM or very close) has spyware/malware detct clean capabilities. That would probably be better suited for a server enviornment. --Brian -Original Message- From: Caple, Andrew [mailto:[EMAIL PROTECTED] Sent: Wed 7/28/2004 7:20 PM To: [EMAIL PROTECTED] Cc: Subject: [ActiveDir] SpyWare Good morning everyone!!! We have a couple of terminal servers running Windows 2000 SP4 within a Citrix Metaframe XP FR3 enviro. over the past few days and number of spyware pop-ups have been appearing within users sessions. Does anyone know of any good spyware software that would be safe to install on a server? I've download SpyBot and XoftSpy 3.44 but I wanted to check to see if anyone knows of anything else or if it's safe to install this programs. Thanks for your help, Andrew winmail.dat
RE: [ActiveDir] SpyWare
Title: Message In addition to setting up Spybot to run nightly, I recommend installing Spywareblaster (freeware): http://www.javacoolsoftware.com/spywareblaster.html It's not a scanner, it's more of a vaccine tool. It will help to harden IE against spyware exploits, but like everything else it's not 100% effective. In addition to that I also prevent users from installing any software at all. I used to have a loose policy on that, but after installations of AIM, Webshots and WeatherBug (all programs that do "drive-by" installs of spyware) locking the systems down like that was the only way to be sure. And if you haven't upgraded to version 1.3 of Spybot, then do so right away. You'll be able to download the latest spyware definitions and you have the ability to run spybot in resident mode. In addition to that they included TeaTimer in the install, which notifies you of programs trying to change information in the registry. -Chris From: Caple, Andrew [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 28, 2004 5:21 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] SpyWare Good morning everyone!!! We have a couple of terminal servers running Windows 2000 SP4 within a Citrix Metaframe XP FR3 enviro. over the past few days and number of spyware pop-ups have been appearing within users sessions. Does anyone know of any good spyware software that would be safe to install on a server? I've download SpyBot and XoftSpy 3.44 but I wanted to check to see if anyone knows of anything else or if it's "safe" to install this programs. Thanks for your help, Andrew
RE: [ActiveDir] OT: NAS and WSS
You guys are too funny. If the choice were between Leno and reading some of the posts on this list, I think I would take this list. Come to think of it, if the choice were between getting bamboo shoved under my nails and watching Leno, I might just choose the former. Well, needless to say, I got lots of laughs out of this thread. But basically, I regret a bit including the bit about Exchange. Though the discussion led me to wonder, would you put the database on the NAS or the logs? Or both? Is it the disk subsystem on a NAS that causes the concern or the connectivity? I suppose finally, after dealing with all the foo, does NAS really lower your true cost per gigabyte? Oh, just so I don't lose site of the original question, you all seem to be in consensus that if budget allows go DAS and go SCSI. NAS is ok for file sharing, particularly with directories that are infrequently accessed or just read from. (I may be summarizing some Google findings here as well). Do I have that basically right? nme List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/