RE: [ActiveDir] 2003/SP1 TS Licensing Server registry key confusion
On our 2003/SP1 licensing DC, we've got: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core] The "LicensingCore" key does not exist. Cheers, Randy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thommes, Michael M. Sent: Monday, May 01, 2006 3:34 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003/SP1 TS Licensing Server registry key confusion Hi, In trying to determine why my TS Licensing Server (located on a W2K3/SP1 DC) is only handing out temporary licenses, although we have successfully entered the license data, I find the registry key for the type of license is spelled differently (an extra space) than what I find in KB834651. Ours: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Licensing Core] KB834651: [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\LicensingCore] Our registry key was generated automatically; we did not enter it. Can anyone tell me what they have in their registry on their TS Licensing Server for this key? Thanks! Mike Thommes List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -- Confidentiality Note: This message is intended for use only by the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and destroy the material in its entirety, whether electronic or hard copy. Thank you. Visit us online at our award-winning http://www.clevelandclinic.org for a complete listing of Cleveland Clinic services, staff and locations from one of the country's leading hospitals. == List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1
Just to be accurate... During a DEFAULT fresh W2K3SP1 install "Post Setup Security Updates" protects the server by enabling WIndows Firewall until the first admin logon and the admin clicks the FINISH button. After that the WIndows Firewall will be DISABLED. Also remember there are several exceptions to take into account See below. The info can be found in "Changes to Functionality in Microsoft Windows Server 2003 Service Pack 1" Cheers, Jorge Post-Setup Security Updates Detailed description If Windows Server 2003 with Service Pack 1 or later is installed as a new installation and Windows Firewall is not explicitly enabled or disabled using an unattended-setup script during the installation or by application of Group Policy, Windows Firewall will be enabled by default on first startup and logon in order to allow the administrator to securely download and install updates from Windows Update, and the Windows Server Post-Setup Security Updates screen will be shown. The Post-Setup Security Updates screen informs you that all inbound connections other than those specifically opened during setup or by policy settings, were blocked. On-by-default for new installations of Windows Server 2003 that include a service pack Detailed description Windows Firewall is on by default only during new installations of Windows Server 2003 that include a service pack (also known as a slipstream release). Windows Firewall provides network protection while users update their system with the latest patches using the new Post-Setup Security Updates feature. As soon as the updates are finished the firewall is turned off unless it was explicitly enabled. From: [EMAIL PROTECTED] on behalf of Brian Desmond Sent: Mon 9/26/2005 10:15 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 I think Windows Firewall is on by default on new 2003 SP1 installations. Check the properties of the NIC and see if it is. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B. Sent: Monday, September 26, 2005 3:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 On this same subject, is there anything in Service Pack (2003) that presents client systems from not being able to ping or join a domain? I have installed a new domain with 3 clients. Setting up DNS/WINS, etc. The Clients can ping each other, the router and switch, but not the new AD server. Server can ping everyone else. It just can't be pinged, or even recognized by anyone else. Ron Pennell IDA [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, September 26, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 Sorry for the delay in responding but the issues I keep hearing about center around the fact that the SCManager ACL has been locked down. So anything you have monitoring service states, etc may be impacted if they run as non-admins or don't directly ask for the service by name. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: Tuesday, September 06, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 Good morning folks, I am entertaining the idea of applying SP1 to our 2003 domain controllers. I figured I would start with http://support.microsoft.com/kb/889101 but if you have any 1st hand knowledge of any issues, please let me know. For that matter, if you have a good link about applying 2003 SP1 to "member servers" please send it to me. I will probably assist with this task also. Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. <>
RE: [ActiveDir] 2003 SP1
1. Is the name being resolved? 2. If so is the server actively refusing the connections or is it not responding at all. You need a network trace for this one, look for returned packets with RST in them. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B. Sent: Monday, September 26, 2005 3:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 On this same subject, is there anything in Service Pack (2003) that presents client systems from not being able to ping or join a domain? I have installed a new domain with 3 clients. Setting up DNS/WINS, etc. The Clients can ping each other, the router and switch, but not the new AD server. Server can ping everyone else. It just can't be pinged, or even recognized by anyone else. Ron Pennell IDA [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, September 26, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 Sorry for the delay in responding but the issues I keep hearing about center around the fact that the SCManager ACL has been locked down. So anything you have monitoring service states, etc may be impacted if they run as non-admins or don't directly ask for the service by name. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: Tuesday, September 06, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 Good morning folks, I am entertaining the idea of applying SP1 to our 2003 domain controllers. I figured I would start with http://support.microsoft.com/kb/889101 but if you have any 1st hand knowledge of any issues, please let me know. For that matter, if you have a good link about applying 2003 SP1 to "member servers" please send it to me. I will probably assist with this task also. Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1
I think Windows Firewall is on by default on new 2003 SP1 installations. Check the properties of the NIC and see if it is. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pennell, Ronald B. Sent: Monday, September 26, 2005 3:54 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 On this same subject, is there anything in Service Pack (2003) that presents client systems from not being able to ping or join a domain? I have installed a new domain with 3 clients. Setting up DNS/WINS, etc. The Clients can ping each other, the router and switch, but not the new AD server. Server can ping everyone else. It just can't be pinged, or even recognized by anyone else. Ron Pennell IDA [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, September 26, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 Sorry for the delay in responding but the issues I keep hearing about center around the fact that the SCManager ACL has been locked down. So anything you have monitoring service states, etc may be impacted if they run as non-admins or don't directly ask for the service by name. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: Tuesday, September 06, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 Good morning folks, I am entertaining the idea of applying SP1 to our 2003 domain controllers. I figured I would start with http://support.microsoft.com/kb/889101 but if you have any 1st hand knowledge of any issues, please let me know. For that matter, if you have a good link about applying 2003 SP1 to "member servers" please send it to me. I will probably assist with this task also. Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1
On this same subject, is there anything in Service Pack (2003) that presents client systems from not being able to ping or join a domain? I have installed a new domain with 3 clients. Setting up DNS/WINS, etc. The Clients can ping each other, the router and switch, but not the new AD server. Server can ping everyone else. It just can't be pinged, or even recognized by anyone else. Ron Pennell IDA [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Monday, September 26, 2005 3:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 Sorry for the delay in responding but the issues I keep hearing about center around the fact that the SCManager ACL has been locked down. So anything you have monitoring service states, etc may be impacted if they run as non-admins or don't directly ask for the service by name. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: Tuesday, September 06, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 Good morning folks, I am entertaining the idea of applying SP1 to our 2003 domain controllers. I figured I would start with http://support.microsoft.com/kb/889101 but if you have any 1st hand knowledge of any issues, please let me know. For that matter, if you have a good link about applying 2003 SP1 to "member servers" please send it to me. I will probably assist with this task also. Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1
Sorry for the delay in responding but the issues I keep hearing about center around the fact that the SCManager ACL has been locked down. So anything you have monitoring service states, etc may be impacted if they run as non-admins or don't directly ask for the service by name. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: Tuesday, September 06, 2005 2:15 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 Good morning folks, I am entertaining the idea of applying SP1 to our 2003 domain controllers. I figured I would start with http://support.microsoft.com/kb/889101 but if you have any 1st hand knowledge of any issues, please let me know. For that matter, if you have a good link about applying 2003 SP1 to "member servers" please send it to me. I will probably assist with this task also. Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1
I haven't done it on DC's yet (since I no longer run any...) but with regards to member servers I'm finding it rock solid. For a higher traffic DC or member server, I'd expect you'll see a relatively large decrease in CPU utilization for network related things. Roger Seielstad E-mail Geek -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: Tuesday, September 06, 2005 11:15 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 Good morning folks, I am entertaining the idea of applying SP1 to our 2003 domain controllers. I figured I would start with http://support.microsoft.com/kb/889101 but if you have any 1st hand knowledge of any issues, please let me know. For that matter, if you have a good link about applying 2003 SP1 to "member servers" please send it to me. I will probably assist with this task also. Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1
Hi Johnny, The only major issue I've run into was around http://support.microsoft.com/?id=892501 HTH, Katherine -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Figueroa, Johnny Sent: 07 September 2005 02:15 To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 Good morning folks, I am entertaining the idea of applying SP1 to our 2003 domain controllers. I figured I would start with http://support.microsoft.com/kb/889101 but if you have any 1st hand knowledge of any issues, please let me know. For that matter, if you have a good link about applying 2003 SP1 to "member servers" please send it to me. I will probably assist with this task also. Thanks Johnny Figueroa Enterprise Network Consultant/Integrator Network Services Banner Health Voice (602) 495-4195 Fax (602) 495-4406 WARNING: This message, and any attachments, are intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or employee/agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you receive this communication in error, please notify us immediately List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 sp1 security agent
No there's a mechanism to remote deploy the policies from sec wizard. I never used it, though. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, July 27, 2005 11:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 sp1 security agent Security Config Agent Not sure on that. Do you mean the Security Config Wizard? If so - nope - none at all. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Wednesday, July 27, 2005 10:42 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 sp1 security agent Anybody used the security config agent and had any issues with it on Domain Controllers... Or any recommendations? Thanks, -- Matt Brown [EMAIL PROTECTED] Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 sp1 security agent
The one recommendation to make is that for DCs it's ok to use SCW to disable extra services you may not use on these machines (e.g. Error Reporting Service, Application Experience Lookup Service etc. ), however, you should not enable the Windows FW on DCs. If you do need to protect access to your DCs from other clients, a better recommendation is to use IPsec. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Schaefer Sent: Donnerstag, 28. Juli 2005 03:49 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 sp1 security agent SCW does more than just configure the Windows firewall. It can change service startup settings, configure registry keys around what auth types are used, configure your local security policy settings (SMB signing, auditing etc), and do an IIS lockdown. And it supports roll-back, so it's worth checking out. Also supports: a) analysis mode (compare server's actual configuration -vs- a proposed configuration) b) remote application mode (so you can apply polices to remote servers) c) command line support (so you can do this all via batch files) d) centralised storage of your policy files, so you can just update a single location with new XML files that all your SCWs should use. Cheers Ken : -Original Message- : From: [EMAIL PROTECTED] [mailto:ActiveDir- : [EMAIL PROTECTED] On Behalf Of Matt Brown : Sent: Thursday, 28 July 2005 7:56 AM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] 2003 sp1 security agent : : Ya, I mean the security config wizard. I've normally never had any : firewall : stuff on my domain controllers... But was thinking it might be possible : with : 2003 SP1. : : Anybody have any recommendations? : : : Thanks, : -- : Matt Brown [EMAIL PROTECTED] : Consultant for Student Technology Fee : website: http://techfee.ewu.edu/ : +--+ : | 509.359.6972 ph. - 509.359.7087 fx : | 307 MONROE HALL | Cheney, WA 99004 : +--+ : : : -Original Message- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan : Sent: Wednesday, July 27, 2005 9:26 AM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] 2003 sp1 security agent : : Security Config Agent Not sure on that. Do you mean the Security : Config Wizard? If so - nope - none at all. : : Rick : : -Original Message- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown : Sent: Wednesday, July 27, 2005 10:42 AM : To: ActiveDir@mail.activedir.org : Subject: [ActiveDir] 2003 sp1 security agent : : Anybody used the security config agent and had any issues with it on : Domain : Controllers... Or any recommendations? : : Thanks, List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 sp1 security agent
SCW does more than just configure the Windows firewall. It can change service startup settings, configure registry keys around what auth types are used, configure your local security policy settings (SMB signing, auditing etc), and do an IIS lockdown. And it supports roll-back, so it's worth checking out. Also supports: a) analysis mode (compare server's actual configuration -vs- a proposed configuration) b) remote application mode (so you can apply polices to remote servers) c) command line support (so you can do this all via batch files) d) centralised storage of your policy files, so you can just update a single location with new XML files that all your SCWs should use. Cheers Ken : -Original Message- : From: [EMAIL PROTECTED] [mailto:ActiveDir- : [EMAIL PROTECTED] On Behalf Of Matt Brown : Sent: Thursday, 28 July 2005 7:56 AM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] 2003 sp1 security agent : : Ya, I mean the security config wizard. I've normally never had any : firewall : stuff on my domain controllers... But was thinking it might be possible : with : 2003 SP1. : : Anybody have any recommendations? : : : Thanks, : -- : Matt Brown [EMAIL PROTECTED] : Consultant for Student Technology Fee : website: http://techfee.ewu.edu/ : +--+ : | 509.359.6972 ph. - 509.359.7087 fx : | 307 MONROE HALL | Cheney, WA 99004 : +--+ : : : -Original Message- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan : Sent: Wednesday, July 27, 2005 9:26 AM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] 2003 sp1 security agent : : Security Config Agent Not sure on that. Do you mean the Security : Config Wizard? If so - nope - none at all. : : Rick : : -Original Message- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown : Sent: Wednesday, July 27, 2005 10:42 AM : To: ActiveDir@mail.activedir.org : Subject: [ActiveDir] 2003 sp1 security agent : : Anybody used the security config agent and had any issues with it on : Domain : Controllers... Or any recommendations? : : Thanks, List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 sp1 security agent
Ya, I mean the security config wizard. I've normally never had any firewall stuff on my domain controllers... But was thinking it might be possible with 2003 SP1. Anybody have any recommendations? Thanks, -- Matt Brown [EMAIL PROTECTED] Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kingslan Sent: Wednesday, July 27, 2005 9:26 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 sp1 security agent Security Config Agent Not sure on that. Do you mean the Security Config Wizard? If so - nope - none at all. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Wednesday, July 27, 2005 10:42 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 sp1 security agent Anybody used the security config agent and had any issues with it on Domain Controllers... Or any recommendations? Thanks, -- Matt Brown [EMAIL PROTECTED] Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 sp1 security agent
Security Config Agent Not sure on that. Do you mean the Security Config Wizard? If so - nope - none at all. Rick -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Brown Sent: Wednesday, July 27, 2005 10:42 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 sp1 security agent Anybody used the security config agent and had any issues with it on Domain Controllers... Or any recommendations? Thanks, -- Matt Brown [EMAIL PROTECTED] Consultant for Student Technology Fee website: http://techfee.ewu.edu/ +--+ | 509.359.6972 ph. - 509.359.7087 fx | 307 MONROE HALL | Cheney, WA 99004 +--+ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 on VMware ESX - reboot issue
Ah well luckily it's just my test DC :) There's another person in this list though, who just emailed me having the same problem with ESX, since I'm not on VMWare team (sadly) I just have to live with 2.1 temporarily... Yeah could be a selling point for VPC against VMWare...but even VPC is having problem (ha! No surprise there).. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Sunday, April 17, 2005 9:58 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 on VMware ESX - reboot issue I can't speak to your error on ESX (I would guess the answer is get a newer version) but Virtual Server certainly isn't the solution at the moment. Running SP1 on a guest in VS can result in extremely slow perf. Aric had mentioned it here previously and I wasn't seeing it on my machines until I installed SP1 on my Virtual Exchange Server and bam, I saw the perf issue in spades. I have since heard that if you install the VS SP1 Beta 1 guest bits or the VPC SP1 guest bits onto the guest the issues will clear up though you can well understand that isn't supported by MS. As a general statement though, this kind of thing makes you want to smack MS. It is just like the issue with coming out with XP but no admin pack for XP to admin AD only this one is far worse. Say a company has collapsed their physicals and use VS. MS puts out an SP and it is pretty critical for you to install but as soon as you do, your perf dies across the board. I can see there being issues between say VMWARE and MS in this regards, but it shouldn't be occurring amongst MS products like that. How many people have to hold off upgrading their Servers to SP1 because they are running them on VS and can't afford the perf hit? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, April 07, 2005 7:23 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 on VMware ESX - reboot issue Heya all! Been having this annoying problem since the start of SP1 RC, basically when I reboot the vmware guest domain controller (SP1) it goes to reboot properly, then while starting up win2003 - it shutsdown instead. Host is ESX Server 2.1.0 build 7728 (yeah its rather old) VM events: Vmware ESX Server internal monitor error - Not implemented at 2182 (7728) I have 5 of my guest test DC and so far I can confirm all are having this problem. Anyone else has anything like this happening? Before SP1 all goes well.. Perhaps this should be a selling point of Virtual Server? :-) Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 on VMware ESX - reboot issue
I can't speak to your error on ESX (I would guess the answer is get a newer version) but Virtual Server certainly isn't the solution at the moment. Running SP1 on a guest in VS can result in extremely slow perf. Aric had mentioned it here previously and I wasn't seeing it on my machines until I installed SP1 on my Virtual Exchange Server and bam, I saw the perf issue in spades. I have since heard that if you install the VS SP1 Beta 1 guest bits or the VPC SP1 guest bits onto the guest the issues will clear up though you can well understand that isn't supported by MS. As a general statement though, this kind of thing makes you want to smack MS. It is just like the issue with coming out with XP but no admin pack for XP to admin AD only this one is far worse. Say a company has collapsed their physicals and use VS. MS puts out an SP and it is pretty critical for you to install but as soon as you do, your perf dies across the board. I can see there being issues between say VMWARE and MS in this regards, but it shouldn't be occurring amongst MS products like that. How many people have to hold off upgrading their Servers to SP1 because they are running them on VS and can't afford the perf hit? joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, April 07, 2005 7:23 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 on VMware ESX - reboot issue Heya all! Been having this annoying problem since the start of SP1 RC, basically when I reboot the vmware guest domain controller (SP1) it goes to reboot properly, then while starting up win2003 - it shutsdown instead. Host is ESX Server 2.1.0 build 7728 (yeah its rather old) VM events: Vmware ESX Server internal monitor error - Not implemented at 2182 (7728) I have 5 of my guest test DC and so far I can confirm all are having this problem. Anyone else has anything like this happening? Before SP1 all goes well.. Perhaps this should be a selling point of Virtual Server? :-) Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Sorry for comming this late to the party but I saw this post today that might shed some light on SP1 w/ VS. http://blogs.technet.com/megand/archive/2005/04/04/403308.aspx Francis From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: 31 mars 2005 16:47To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM Install SP1 on the Host as well. See if the guests start crawling after that. Deji -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken CornetetSent: Thursday, March 31, 2005 1:06 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM I have Virtual Server running on w2k3 enterprise. I have installed SP1 on 4 of the virtual machines (which are domain controllers for a test forest). The virtual machines are using very little CPU (as shown by the VS status web page). The host is not using anywhere near 100% of it's CPU either. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, March 31, 2005 3:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM BTW, just to note to Aric's issues on Virtual Server 2005 (which I'm also interested to hear if others have the same issue): I don't have these issues on VMware - SP1 runs just fine on my VMs (for quite a while now). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Donnerstag, 31. März 2005 21:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.or
Re: [ActiveDir] 2003 SP1 RTM
On Mar 31, 2005 6:08 PM, Grillenmeier, Guido <[EMAIL PROTECTED]> wrote: > 17) ability to configure visibility of foreign Universal Group memberships in > ADUC That is awesome! I am so glad that this was added as something you can configure instead of needing to hack around if you wanted to change the default behaviour. Phil List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
With respect, shouldn't we expect to see detailed docs released at the same time as the SP? This SP is far more than a bunch of fixes and will require extensive testing by various groups before being deployed. This process can be helped greatly by good, descriptive documentation. AD is viewed as more critical to an enterprise as each year passes and so any change to its infrastructure must be tested and given due diligence before authorised for deployment. Personally, I'd rather wait another week or 2 so docs can be incorporated into the SP release. Thanks, neil -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nathan Muggli Sent: 31 March 2005 20:38 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM We'll be releasing documentation soon. For now, here's a quick list of new features (note this is a not a comprehensive list for AD). 1) Support for DCs in Virtual Servers. Replication is halted and the system stops advertising if an improper restoration has occurred (USN rollback). 2) Replication resolves additional forms of DNS names in order to be more robust and work sooner after install. Also improved event log text when there is a failure. 3) Improve group membership consistency on authoritative restore 4) Report if a directory partition has not been backed up recently 5) Report if a FSMO role holder is set incorrectly or is not responding 6) DNS diagnostic test for dcdiag.exe 7) Authentication diagnostic test for dcdiag.exe 8) Improved event log text with common repair steps included. There are existing w2k3 messages that are updated, and there are entirely new messages. 9) Improved metadata cleanup for FRS objects 10) Retain application partitions on IFM 11) New default tombstone lifetime for new forests created using sp1 12) Faster FSMO validation when FSMO holder has partners in other sites 13) During forced removal, warn administrator if important roles will be orphaned 14) Ability of Dirsync api to return "partial tombstones" in order to allow directory synchronizing applications to learn of object deletions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Thursday, March 31, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Hi Eric, Sorry David for hijacking your thread :) Other than the tombstone life on clean installs of AD on SP1 what are the major impacts of SP1 on an AD deployment? Is the a public document that outlines the changes? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Eric Fleischman Sent: 31 mars 2005 13:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List ar
RE: [ActiveDir] 2003 SP1 RTM
> if for some reason it ever gets turned on mysteriously as some times happens in AD. Huh? Should be no mysteries. Something/one did it, the question is is the environment locked down to the point that you can track down who did it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:07 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Also the Network Access Quarantine Control components are new.. Sounds like a mess if for some reason it ever gets turned on mysteriously as some times happens in AD. I am of the opinion to wait it out a bit and see how the fall out goes on Win SP1 Also I think the firewall that is included is the bane to all corporate admins as it is a headache to use in this inviroment. I can explain further if anyone is interested... David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, March 31, 2005 4:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I'd add these as important ones to the list: 15) ability to set cetain attributes to be "confidential" - i.e. they can't be read with normal "Read" permissions on an object 16) ability to configure Drag & Drop in ADUC 17) ability to configure visibility of foreign Universal Group memberships in ADUC /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Muggli Sent: Donnerstag, 31. März 2005 21:38 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM We'll be releasing documentation soon. For now, here's a quick list of new features (note this is a not a comprehensive list for AD). 1) Support for DCs in Virtual Servers. Replication is halted and the system stops advertising if an improper restoration has occurred (USN rollback). 2) Replication resolves additional forms of DNS names in order to be more robust and work sooner after install. Also improved event log text when there is a failure. 3) Improve group membership consistency on authoritative restore 4) Report if a directory partition has not been backed up recently 5) Report if a FSMO role holder is set incorrectly or is not responding 6) DNS diagnostic test for dcdiag.exe 7) Authentication diagnostic test for dcdiag.exe 8) Improved event log text with common repair steps included. There are existing w2k3 messages that are updated, and there are entirely new messages. 9) Improved metadata cleanup for FRS objects 10) Retain application partitions on IFM 11) New default tombstone lifetime for new forests created using sp1 12) Faster FSMO validation when FSMO holder has partners in other sites 13) During forced removal, warn administrator if important roles will be orphaned 14) Ability of Dirsync api to return "partial tombstones" in order to allow directory synchronizing applications to learn of object deletions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Thursday, March 31, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Hi Eric, Sorry David for hijacking your thread :) Other than the tombstone life on clean installs of AD on SP1 what are the major impacts of SP1 on an AD deployment? Is the a public document that outlines the changes? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Eric Fleischman Sent: 31 mars 2005 13:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.micr
RE: [ActiveDir] 2003 SP1 RTM
FYI, anyone can contact [EMAIL PROTECTED] and get a fairly quick response. I have met several of the people who handle that alias and they are all very good very bright people and are very responsive. You don't need to go through someone like[1] Russ to get info into MS about security issues. If you contact secure and don't get some form of response in short order (a day or two), email me and I will throw it at the MS/MVP Security list as a lot of the folks involved with [EMAIL PROTECTED] are on that list and we are supposed to relate any issues we hear about there. I am a Security MVP as well as a Directory Services MVP and want to make sure the right info is going out and security is being handled properly. joe [1] I *may* mean especially. I killed NTBUGTRAQ as a DL I watched a long time ago. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou VegaSent: Thursday, March 31, 2005 6:45 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM I was only able to get Microsoft’s attention last year because I had originally contacted Russ Cooper and of course he has good contacts with the security team there. I’ll have to dig through my mail archive to find out who it was that took the case from the security team. Deji, if you want I will provide you details off-list so you can know exactly what I’m talking about. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, March 31, 2005 2:42 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM OK, this is news – to me. Do you want it chased, or are you in a position to get a direct MS opinion on it yourself? Since ~Eric has chimed in, I think we should hand it off to him J Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou VegaSent: Thursday, March 31, 2005 10:29 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM All in all, not an earth shattering bug, but still something that in my opinion really needs to be fixed. Since I told Microsoft Security I wouldn’t release details on this bug until they had a chance to fix it, I won’t go into the details here. However, since it has been since May 2004 and they apparently have not addressed it in the current SP, I’ll say this….Basically it was a bug where you could effectively disable the Restricted Groups feature of Group Policy allowing anyone to remain in the group even if it was listed as Restricted. As an added bonus, the OS doesn’t even generate any event log entries…all Security Policy refreshes are listed with no problems in the event log. It’s not remotely exploitable or anything like that; just something that I really felt should be addressed. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, March 31, 2005 12:59 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM Lou, what security fix are you asking about? I am in Security, and I’ve been doing SP1 for a while now, so I may be able to respond in less that 11 words ;) Or, I may be able to chase it up for you. Deji -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou VegaSent: Thursday, March 31, 2005 9:40 AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM FWIW - I just installed it on a test server (domain controller for a "play network") and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Not sure why you would, R2 is all add ons. You can load R2 but unless you add some of its functions to a machine it is simply an SP1 machine. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]Sent: Thursday, March 31, 2005 4:06 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM I have the same issue, but I have always blamed it on R2. Deji -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, GuidoSent: Thursday, March 31, 2005 12:09 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] 2003 SP1 RTM BTW, just to note to Aric's issues on Virtual Server 2005 (which I'm also interested to hear if others have the same issue): I don't have these issues on VMware - SP1 runs just fine on my VMs (for quite a while now). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Donnerstag, 31. März 2005 21:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I saw something similar to this with SP1 RC2 but not with the RTM version so far. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 2:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
To clarify what Steve said, on #15, it is the 7th bit when indexed at 0. So value 128 is the value of choice. 64, while interesting, is ADAM only. :) There was a doc on this somewhere once before.in the beta timeframeup on MS.com. I can't find it now, but I'll poke around again in a few. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Patrick Sent: Saturday, April 02, 2005 9:08 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2003 SP1 RTM #16 Looks like this has been around since early 2004 ( i dont have a non SP1 2003 DC to test on right now) Basically you set the first bit on the flags attribute of the Display Specifiers object - cn=Display Specifiers,cn=Configuration etc... and then it will disable drag and drop. #15 - You can mark an attribute to require more than just read access to it. You set the SearchFlags 7th bit on the desired attribute in the schema. Once this is done, anyone who wishes to view this attribute will also require CONTROL_ACCESS. steve - Original Message - From: "Tomasz Onyszko" <[EMAIL PROTECTED]> To: Sent: Friday, April 01, 2005 12:31 AM Subject: Re: [ActiveDir] 2003 SP1 RTM > Grillenmeier, Guido wrote: >> I'd add these as important ones to the list: >> >> 15) ability to set cetain attributes to be "confidential" - i.e. they >> can't be read with normal "Read" permissions on an object >> >> 16) ability to configure Drag & Drop in ADUC >> >> 17) ability to configure visibility of foreign Universal Group >> memberships in ADUC > > Guido, can You point me to some description of 15 and 16? > > -- > Tomasz Onyszko [MVP] > [EMAIL PROTECTED] > http://www.w2k.pl > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
Re: [ActiveDir] 2003 SP1 RTM
#16 Looks like this has been around since early 2004 ( i dont have a non SP1 2003 DC to test on right now) Basically you set the first bit on the flags attribute of the Display Specifiers object - cn=Display Specifiers,cn=Configuration etc... and then it will disable drag and drop. #15 - You can mark an attribute to require more than just read access to it. You set the SearchFlags 7th bit on the desired attribute in the schema. Once this is done, anyone who wishes to view this attribute will also require CONTROL_ACCESS. steve - Original Message - From: "Tomasz Onyszko" <[EMAIL PROTECTED]> To: Sent: Friday, April 01, 2005 12:31 AM Subject: Re: [ActiveDir] 2003 SP1 RTM Grillenmeier, Guido wrote: I'd add these as important ones to the list: 15) ability to set cetain attributes to be "confidential" - i.e. they can't be read with normal "Read" permissions on an object 16) ability to configure Drag & Drop in ADUC 17) ability to configure visibility of foreign Universal Group memberships in ADUC Guido, can You point me to some description of 15 and 16? -- Tomasz Onyszko [MVP] [EMAIL PROTECTED] http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ Outlook Express.lnk Description: Binary data
RE: [ActiveDir] 2003 SP1 RTM
I haven't gone through all of this thread, but I think this type of thing perfectly illustrates some folks "concern" over just throwing it out there. The concern being, what all IS in there? Of course there is just the simple, "I want to hear what issues others hit with it before I throw it out there...". Of course if everyone did this, it would never get installed. If I were still running a production environment. My general policy would be to run the release at home on some test machines for at least a week or two (I would have already been running the beta (and RCs) and am right now as well as R2 but that is pretty much SP1) and when I was fairly comfortable with no real obvious weird things I would throw into an official work lab and probably on a couple of production less than critical servers and started some basic acceptance type tests. Based on that and what I wanted in the SP I would push the certification process handled by another group to get done faster or just let them take their time. The certification process is an official set of test matrixes for the OS and apps that has to be properly completed for every update and they have a team of people running through the matrices for various configs. Again, depending on how bad I needed something in the pack and how slow the certification process was going (say it got hung up on CAD type machines and I am not running CAD), I would or wouldn't wait for the final certification to push the SP. As a general rule, I wouldn't push an SP until it fully went through certification which could be months after RTM. QFEs on the other hand for specific things I have been known to have fully deployed worldwide before the integration team has looked at the package wrap I built on the fly to make the "official" wrapped package to test for the company. I apologize if I missed the gist of what is being discussed here. I am still spending all day (12+ hours) at that one other widget factory I mentioned previously and when I got home last night, I set up my MCE system to start recording TV instead of doing email. :) Got to cruise, I am hoping one 18 hour day will push us through our final blocks and I can be done and get back to my regular work life again of nice relaxing fun work. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger Seielstad Sent: Thursday, March 31, 2005 10:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM What I find interesting is some of the things that I know are in SP1 that *aren't* listed on that page. Specifically a huge performance improvement in the TCP stack for servers with more than a few thousand concurrent connections. Roger Seielstad E-mail Geek > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. > Marquis > Sent: Thursday, March 31, 2005 11:23 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Hello Eric, > > I went to the M$ Windows 2003 server page and found this Doc that lays > out all of the changes: > http://www.microsoft.com/technet/prodtechnol/windowsserver2003 > /servicepa > ck/overview.mspx > > > You referred to SP1 having "too many changes." How did you make this > determination? > > I just read the above doc and it seems that this is more of a complete > overhaul of the OS vs. some fixes rolled up like Win XP SP1. Also, > just my opinion here, but I am in the healthcare field and everything > is mission critical as far as the directory is concerned. I personally > will let other make the jump and find all the pitfalls as MS isn't > always as forth coming in issues and fixes for those issues. > > > What is the threshold where we cross in to too many? > > When you are altering the core OS ad the way it works vs. a security > fix. > > >2) What steps will you be going through between now and when you do > >install it? > > I will cruise the newsgroups to read other accounts as the KB site > often has confusing documentation on resolving issues. I find it is > better to find the direction one needs to go by other experiences. > > >What will you do between now and deployment to give you the > confidence > >level you need to fire it up on a box and see how it goes? > > I will just give it a go as soon as it seems safe in a couple of > months. > > It is just like SP2 for win xp. If you install it, the sp2 will break > the ability to view other people's sessions on their systems. This was > a show stopper for me until I spent about a month searching for a > little know regedit that needs to be made on the users system to > restore this functionality. > > Just my 2 cents. If y
Re: [ActiveDir] 2003 SP1 RTM
Grillenmeier, Guido wrote: I'd add these as important ones to the list: 15) ability to set cetain attributes to be "confidential" - i.e. they can't be read with normal "Read" permissions on an object 16) ability to configure Drag & Drop in ADUC 17) ability to configure visibility of foreign Universal Group memberships in ADUC Guido, can You point me to some description of 15 and 16? -- Tomasz Onyszko [MVP] [EMAIL PROTECTED] http://www.w2k.pl List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I'd rephrase Eric's question slightly differently - what will *you* do over the next few months to get comfortable with it in your environment. That's really the only question that needs to be answered prior to deployment into your environment. Roger Roger Seielstad E-mail Geek > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > A. Marquis > Sent: Thursday, March 31, 2005 11:23 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Hello Eric, > > I went to the M$ Windows 2003 server page and found this Doc > that lays out all of the changes: > http://www.microsoft.com/technet/prodtechnol/windowsserver2003 > /servicepa > ck/overview.mspx > > > You referred to SP1 having "too many changes." How did you make this > determination? > > I just read the above doc and it seems that this is more of a > complete overhaul of the OS vs. some fixes rolled up like Win > XP SP1. Also, just my opinion here, but I am in the > healthcare field and everything is mission critical as far as > the directory is concerned. I personally will let other make > the jump and find all the pitfalls as MS isn't always as > forth coming in issues and fixes for those issues. > > > What is the threshold where we cross in to too many? > > When you are altering the core OS ad the way it works vs. a > security fix. > > >2) What steps will you be going through between now and when you do > >install it? > > I will cruise the newsgroups to read other accounts as the KB > site often has confusing documentation on resolving issues. I > find it is better to find the direction one needs to go by > other experiences. > > >What will you do between now and deployment to give you the > confidence > >level you need to fire it up on a box and see how it goes? > > I will just give it a go as soon as it seems safe in a couple > of months. > > It is just like SP2 for win xp. If you install it, the sp2 > will break the ability to view other people's sessions on > their systems. This was a show stopper for me until I spent > about a month searching for a little know regedit that needs > to be made on the users system to restore this functionality. > > Just my 2 cents. If you have a good firewall and anti-virus > protection, things can slide for a little while as others > test it out first. > > David A. Marquis > Computer Systems Administrator > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric > Fleischman > Sent: Thursday, March 31, 2005 12:27 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Dave can you quantify this statement please? I ask out of > curiosity, not disagreement. > > Specifically: > 1) You referred to SP1 having "too many changes." How did you > make this determination? What is the threshold where we cross > in to too many? > 2) What steps will you be going through between now and when > you do install it? What will you do between now and > deployment to give you the confidence level you need to fire > it up on a box and see how it goes? > > Interested, so we can perhaps think through ways to make that > less painful going forward. > ~Eric > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > A. Marquis > Sent: Thursday, March 31, 2005 8:37 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I am certainly going to be waiting to install this one for a > while to many changes to jump right into it. > > David A. Marquis > Computer Systems Administrator > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Thursday, March 31, 2005 6:48 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] 2003 SP1 RTM > > FYI. Windows Server 2003 SP1 went RTM yesterday > > http://www.microsoft.com/downloads/details.aspx?familyid=22CFC > 239-337C-4 > D81- > 8354-72593B1C1F43&displaylang=en > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail message, including all attachments, is for the > sole use of the intended recipients(s) and may contain > confidential and privileged information. You may NOT use, > disclose, copy, or disseminate this information. If you are > not the intended recipient, p
RE: [ActiveDir] 2003 SP1 RTM
What I find interesting is some of the things that I know are in SP1 that *aren't* listed on that page. Specifically a huge performance improvement in the TCP stack for servers with more than a few thousand concurrent connections. Roger Seielstad E-mail Geek > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > A. Marquis > Sent: Thursday, March 31, 2005 11:23 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Hello Eric, > > I went to the M$ Windows 2003 server page and found this Doc > that lays out all of the changes: > http://www.microsoft.com/technet/prodtechnol/windowsserver2003 > /servicepa > ck/overview.mspx > > > You referred to SP1 having "too many changes." How did you make this > determination? > > I just read the above doc and it seems that this is more of a > complete overhaul of the OS vs. some fixes rolled up like Win > XP SP1. Also, just my opinion here, but I am in the > healthcare field and everything is mission critical as far as > the directory is concerned. I personally will let other make > the jump and find all the pitfalls as MS isn't always as > forth coming in issues and fixes for those issues. > > > What is the threshold where we cross in to too many? > > When you are altering the core OS ad the way it works vs. a > security fix. > > >2) What steps will you be going through between now and when you do > >install it? > > I will cruise the newsgroups to read other accounts as the KB > site often has confusing documentation on resolving issues. I > find it is better to find the direction one needs to go by > other experiences. > > >What will you do between now and deployment to give you the > confidence > >level you need to fire it up on a box and see how it goes? > > I will just give it a go as soon as it seems safe in a couple > of months. > > It is just like SP2 for win xp. If you install it, the sp2 > will break the ability to view other people's sessions on > their systems. This was a show stopper for me until I spent > about a month searching for a little know regedit that needs > to be made on the users system to restore this functionality. > > Just my 2 cents. If you have a good firewall and anti-virus > protection, things can slide for a little while as others > test it out first. > > David A. Marquis > Computer Systems Administrator > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric > Fleischman > Sent: Thursday, March 31, 2005 12:27 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Dave can you quantify this statement please? I ask out of > curiosity, not disagreement. > > Specifically: > 1) You referred to SP1 having "too many changes." How did you > make this determination? What is the threshold where we cross > in to too many? > 2) What steps will you be going through between now and when > you do install it? What will you do between now and > deployment to give you the confidence level you need to fire > it up on a box and see how it goes? > > Interested, so we can perhaps think through ways to make that > less painful going forward. > ~Eric > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > A. Marquis > Sent: Thursday, March 31, 2005 8:37 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I am certainly going to be waiting to install this one for a > while to many changes to jump right into it. > > David A. Marquis > Computer Systems Administrator > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Thursday, March 31, 2005 6:48 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] 2003 SP1 RTM > > FYI. Windows Server 2003 SP1 went RTM yesterday > > http://www.microsoft.com/downloads/details.aspx?familyid=22CFC > 239-337C-4 > D81- > 8354-72593B1C1F43&displaylang=en > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail message, including all attachments, is for the > sole use of the intended recipients(s) and may contain > confidential and privileged information. You may NOT use, > disclose, copy, or disseminate this information. If you are > not the intended recipient, please contact the sender by
RE: [ActiveDir] 2003 SP1 RTM
What process, specifically, is running at 100% CPU? Roger Seielstad E-mail Geek > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric > Sent: Thursday, March 31, 2005 11:03 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I have a specific problem related in some way to SP1. > > I have several test environments. In each I use Virtual Server 2005. > Each environment is 100% Windows Server 2003. After > upgrading any of the VMs with SP1, the upgraded VM runs at > nearly 100% CPU consistently. > > Removing and reinstalling the VM Additions has no affect. > > Removing SP1 also removes the visible problem. > > You might understand that I have an apprehension towards > installing SP1 in production, especially on those systems > running as VMs. > > Any ideas? > > Regards, > > Aric Bernard > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric > Fleischman > Sent: Thursday, March 31, 2005 10:27 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Dave can you quantify this statement please? I ask out of > curiosity, not disagreement. > > Specifically: > 1) You referred to SP1 having "too many changes." How did you > make this determination? What is the threshold where we cross > in to too many? > 2) What steps will you be going through between now and when > you do install it? What will you do between now and > deployment to give you the confidence level you need to fire > it up on a box and see how it goes? > > Interested, so we can perhaps think through ways to make that > less painful going forward. > ~Eric > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > A. Marquis > Sent: Thursday, March 31, 2005 8:37 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I am certainly going to be waiting to install this one for a > while to many changes to jump right into it. > > David A. Marquis > Computer Systems Administrator > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Thursday, March 31, 2005 6:48 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] 2003 SP1 RTM > > FYI. Windows Server 2003 SP1 went RTM yesterday > > http://www.microsoft.com/downloads/details.aspx?familyid=22CFC > 239-337C-4 > D81- > 8354-72593B1C1F43&displaylang=en > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail message, including all attachments, is for the > sole use of the intended recipients(s) and may contain > confidential and privileged information. You may NOT use, > disclose, copy, or disseminate this information. If you are > not the intended recipient, please contact the sender by > reply e-mail immediately. Please destroy all copies of the > original message and all attachments. > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
~~ : From: [EMAIL PROTECTED] [mailto:ActiveDir- : [EMAIL PROTECTED] On Behalf Of Dave A. Marquis : Subject: RE: [ActiveDir] 2003 SP1 RTM : : Also the Network Access Quarantine Control components : are new... Sounds like a mess if for some reason it : ever gets turned on mysteriously as some times happens in : AD... ~~ They are not "new" per se. They were included in the Windows 2003 Resource Kit Tools IIRC. I'm not entirely sure how they would just "turn on" mysteriously either. Computers aren't governed by "black magic" you know. :-) Things happen for a reason. Whether that reason is fathomable by a particular user or administrator is another question. But that just reflects most of life - there are lots of things (most of nature comes to mind) that are not explainable (beyond the very rudimentary) by a layman (as compared to an expert in the field). ~~ : I am of the opinion to wait it out a bit and see how the fall : out goes on Win SP1... ~~ Sure - waiting to see others experience is always a way of getting additional information on a product. But I think you really should be reading the documentation (and testing the product) as well. ~~ : Also I think the firewall that is included is the bane : to all corporate admins as it is a headache to use in : this inviroment. I can explain further if anyone is interested... ~~ The firewall is not "on" by default - you will need to explicitly enable it. Hopefully that addresses some of your concerns in that area. Cheers Ken : David A. Marquis : Computer Systems Administrator : : : -Original Message- : From: [EMAIL PROTECTED] [mailto:ActiveDir- : [EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido : Sent: Thursday, March 31, 2005 4:08 PM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] 2003 SP1 RTM : : I'd add these as important ones to the list: : : 15) ability to set cetain attributes to be "confidential" - i.e. they : can't be read with normal "Read" permissions on an object : : 16) ability to configure Drag & Drop in ADUC : : 17) ability to configure visibility of foreign Universal Group memberships : in ADUC : : /Guido : : -Original Message- : From: [EMAIL PROTECTED] [mailto:ActiveDir- : [EMAIL PROTECTED] On Behalf Of Nathan Muggli : Sent: Donnerstag, 31. März 2005 21:38 : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] 2003 SP1 RTM : : We'll be releasing documentation soon. : : For now, here's a quick list of new features (note this is a not a : comprehensive list for AD). : : 1) Support for DCs in Virtual Servers. Replication is halted and the : system stops advertising if an improper restoration has occurred (USN : rollback). : : 2) Replication resolves additional forms of DNS names in order to be more : robust and work sooner after install. Also improved event log text when : there is a failure. : : 3) Improve group membership consistency on authoritative restore : : 4) Report if a directory partition has not been backed up recently : : 5) Report if a FSMO role holder is set incorrectly or is not responding : : 6) DNS diagnostic test for dcdiag.exe : : 7) Authentication diagnostic test for dcdiag.exe : : 8) Improved event log text with common repair steps included. There are : existing w2k3 messages that are updated, and there are entirely new : messages. : : 9) Improved metadata cleanup for FRS objects : : 10) Retain application partitions on IFM : : 11) New default tombstone lifetime for new forests created using sp1 : : 12) Faster FSMO validation when FSMO holder has partners in other sites : : 13) During forced removal, warn administrator if important roles will be : orphaned : : 14) Ability of Dirsync api to return "partial tombstones" in order to : allow directory synchronizing applications to learn of object deletions : : -Original Message- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet : Sent: Thursday, March 31, 2005 10:50 AM : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] 2003 SP1 RTM : : Hi Eric, : : Sorry David for hijacking your thread :) : : Other than the tombstone life on clean installs of AD on SP1 what are the : major impacts of SP1 on an AD deployment? Is the a public document that : outlines the changes? : : Thanks, : Francis : : -Original Message- : From: [EMAIL PROTECTED] : [mailto:[EMAIL PROTECTED] .org] On Behalf Of Eric Fleischman : Sent: 31 mars 2005 13:27 : To: ActiveDir@mail.activedir.org : Subject: RE: [ActiveDir] 2003 SP1 RTM : : Dave can you quantify this statement please? I ask out of c
RE: [ActiveDir] 2003 SP1 RTM
Also the Network Access Quarantine Control components are new.. Sounds like a mess if for some reason it ever gets turned on mysteriously as some times happens in AD. I am of the opinion to wait it out a bit and see how the fall out goes on Win SP1 Also I think the firewall that is included is the bane to all corporate admins as it is a headache to use in this inviroment. I can explain further if anyone is interested... David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, March 31, 2005 4:08 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I'd add these as important ones to the list: 15) ability to set cetain attributes to be "confidential" - i.e. they can't be read with normal "Read" permissions on an object 16) ability to configure Drag & Drop in ADUC 17) ability to configure visibility of foreign Universal Group memberships in ADUC /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Muggli Sent: Donnerstag, 31. März 2005 21:38 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM We'll be releasing documentation soon. For now, here's a quick list of new features (note this is a not a comprehensive list for AD). 1) Support for DCs in Virtual Servers. Replication is halted and the system stops advertising if an improper restoration has occurred (USN rollback). 2) Replication resolves additional forms of DNS names in order to be more robust and work sooner after install. Also improved event log text when there is a failure. 3) Improve group membership consistency on authoritative restore 4) Report if a directory partition has not been backed up recently 5) Report if a FSMO role holder is set incorrectly or is not responding 6) DNS diagnostic test for dcdiag.exe 7) Authentication diagnostic test for dcdiag.exe 8) Improved event log text with common repair steps included. There are existing w2k3 messages that are updated, and there are entirely new messages. 9) Improved metadata cleanup for FRS objects 10) Retain application partitions on IFM 11) New default tombstone lifetime for new forests created using sp1 12) Faster FSMO validation when FSMO holder has partners in other sites 13) During forced removal, warn administrator if important roles will be orphaned 14) Ability of Dirsync api to return "partial tombstones" in order to allow directory synchronizing applications to learn of object deletions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Thursday, March 31, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Hi Eric, Sorry David for hijacking your thread :) Other than the tombstone life on clean installs of AD on SP1 what are the major impacts of SP1 on an AD deployment? Is the a public document that outlines the changes? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Eric Fleischman Sent: 31 mars 2005 13:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT u
RE: [ActiveDir] 2003 SP1 RTM
I was only able to get Microsoft’s attention last year because I had originally contacted Russ Cooper and of course he has good contacts with the security team there. I’ll have to dig through my mail archive to find out who it was that took the case from the security team. Deji, if you want I will provide you details off-list so you can know exactly what I’m talking about. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 31, 2005 2:42 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM OK, this is news – to me. Do you want it chased, or are you in a position to get a direct MS opinion on it yourself? Since ~Eric has chimed in, I think we should hand it off to him J Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 10:29 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM All in all, not an earth shattering bug, but still something that in my opinion really needs to be fixed. Since I told Microsoft Security I wouldn’t release details on this bug until they had a chance to fix it, I won’t go into the details here. However, since it has been since May 2004 and they apparently have not addressed it in the current SP, I’ll say this….Basically it was a bug where you could effectively disable the Restricted Groups feature of Group Policy allowing anyone to remain in the group even if it was listed as Restricted. As an added bonus, the OS doesn’t even generate any event log entries…all Security Policy refreshes are listed with no problems in the event log. It’s not remotely exploitable or anything like that; just something that I really felt should be addressed. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Lou, what security fix are you asking about? I am in Security, and I’ve been doing SP1 for a while now, so I may be able to respond in less that 11 words ;) Or, I may be able to chase it up for you. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM FWIW - I just installed it on a test server (domain controller for a "play network") and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I'd add these as important ones to the list: 15) ability to set cetain attributes to be "confidential" - i.e. they can't be read with normal "Read" permissions on an object 16) ability to configure Drag & Drop in ADUC 17) ability to configure visibility of foreign Universal Group memberships in ADUC /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nathan Muggli Sent: Donnerstag, 31. März 2005 21:38 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM We'll be releasing documentation soon. For now, here's a quick list of new features (note this is a not a comprehensive list for AD). 1) Support for DCs in Virtual Servers. Replication is halted and the system stops advertising if an improper restoration has occurred (USN rollback). 2) Replication resolves additional forms of DNS names in order to be more robust and work sooner after install. Also improved event log text when there is a failure. 3) Improve group membership consistency on authoritative restore 4) Report if a directory partition has not been backed up recently 5) Report if a FSMO role holder is set incorrectly or is not responding 6) DNS diagnostic test for dcdiag.exe 7) Authentication diagnostic test for dcdiag.exe 8) Improved event log text with common repair steps included. There are existing w2k3 messages that are updated, and there are entirely new messages. 9) Improved metadata cleanup for FRS objects 10) Retain application partitions on IFM 11) New default tombstone lifetime for new forests created using sp1 12) Faster FSMO validation when FSMO holder has partners in other sites 13) During forced removal, warn administrator if important roles will be orphaned 14) Ability of Dirsync api to return "partial tombstones" in order to allow directory synchronizing applications to learn of object deletions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Thursday, March 31, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Hi Eric, Sorry David for hijacking your thread :) Other than the tombstone life on clean installs of AD on SP1 what are the major impacts of SP1 on an AD deployment? Is the a public document that outlines the changes? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Eric Fleischman Sent: 31 mars 2005 13:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.acti
RE: [ActiveDir] 2003 SP1 RTM
I believe that the Host will tell you when your VM addition is out of date. I don’t know where it pulls the info from, but I’ve had to update several guests a couple of times. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Carlos Magalhaes Sent: Thursday, March 31, 2005 1:17 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM What do you mean the latest VM additions? Interesting how do you check the current VMA and where do you get the new VMA? Thanks for reminding me.. Carlos -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: 31 March 2005 10:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM And I presume you updated the VM with the latest VM additions, right? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 11:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Install SP1 on the Host as well. See if the guests start crawling after that. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Thursday, March 31, 2005 1:06 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have Virtual Server running on w2k3 enterprise. I have installed SP1 on 4 of the virtual machines (which are domain controllers for a test forest). The virtual machines are using very little CPU (as shown by the VS status web page). The host is not using anywhere near 100% of it's CPU either. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, March 31, 2005 3:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM BTW, just to note to Aric's issues on Virtual Server 2005 (which I'm also interested to hear if others have the same issue): I don't have these issues on VMware - SP1 runs just fine on my VMs (for quite a while now). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Donnerstag, 31. März 2005 21:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Debug build? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 1:41 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Nothing in particular - every process usage appears to be exacerbated: Without SP1:taskmgr.exe uses 1-5% With SP1: taskmgr.exe uses 10-35% -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Thursday, March 31, 2005 11:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM What is using the CPU cycles? ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric > Sent: Thursday, March 31, 2005 11:03 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I have a specific problem related in some way to SP1. > > I have several test environments. In each I use Virtual Server 2005. > Each environment is 100% Windows Server 2003. After upgrading any of > the VMs with SP1, the upgraded VM runs at nearly 100% CPU > consistently. > > Removing and reinstalling the VM Additions has no affect. > > Removing SP1 also removes the visible problem. > > You might understand that I have an apprehension towards > installing SP1 > in production, especially on those systems running as VMs. > > Any ideas? > > Regards, > > Aric Bernard > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric > Fleischman > Sent: Thursday, March 31, 2005 10:27 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Dave can you quantify this statement please? I ask out of > curiosity, not > disagreement. > > Specifically: > 1) You referred to SP1 having "too many changes." How did you > make this > determination? What is the threshold where we cross in to too many? > 2) What steps will you be going through between now and when you do > install it? What will you do between now and deployment to > give you the > confidence level you need to fire it up on a box and see how it goes? > > Interested, so we can perhaps think through ways to make that less > painful going forward. > ~Eric > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > A. Marquis > Sent: Thursday, March 31, 2005 8:37 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I am certainly going to be waiting to install this one for a > while to many changes to jump right into it. > > David A. Marquis > Computer Systems Administrator > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Thursday, March 31, 2005 6:48 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] 2003 SP1 RTM > > FYI. Windows Server 2003 SP1 went RTM yesterday > > http://www.microsoft.com/downloads/details.aspx?familyid=22CFC > 239-337C-4 > D81- > 8354-72593B1C1F43&displaylang=en > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail message, including all attachments, is for the sole use of > the intended recipients(s) and may contain confidential and privileged > information. You may NOT use, disclose, copy, or disseminate this > information. If you are not the intended recipient, please contact the > sender by reply e-mail immediately. Please destroy all copies of the > original message and all attachments. > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
The ones that you install by selecting "Install or Update the Virtual Machine Additions" from VS2005. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 1:01 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM The latest being what exactly? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Thursday, March 31, 2005 12:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM And I presume you updated the VM with the latest VM additions, right? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 11:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
To clarify, mine is not really a “CPU issue”. The host responds fine, but the guests are slower than snails. Screen re-draw feels like an exercise in lobotomy. I remember that it took more than 4 hours to complete a Notes installation on one of the guests, and Notes have been mostly unusable since then because of the painful response. Again, I’ve always blamed it on R2 because prior to SP1->R2 install, the guests were all happy. Yes, VM additions are always applied. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, March 31, 2005 12:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM BTW, just to note to Aric's issues on Virtual Server 2005 (which I'm also interested to hear if others have the same issue): I don't have these issues on VMware - SP1 runs just fine on my VMs (for quite a while now). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Donnerstag, 31. März 2005 21:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
What do you mean the latest VM additions? Interesting how do you check the current VMA and where do you get the new VMA? Thanks for reminding me.. Carlos -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: 31 March 2005 10:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM And I presume you updated the VM with the latest VM additions, right? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 11:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I'm going to take this thread offline with Aric for investigation. We'll report back with findings as appropriate. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe Sent: Thursday, March 31, 2005 12:39 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Hm...I installed the production SP1 on a test VM earlier today and have not seen the CPU issue yet. Then again, this guest O/S isn't really doing anything at the moment either! It is a DC attached only to the internal network, and there are two other guest O/S's running right now (one is another Win2003 DC with no SP, and one is a 2003 server (not DC) with no SP). If there's any way I can help you reproduce, let me know! -DaveC Reuters CIO Infrastructure -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 2:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ - Visit our Internet site at http://www.reuters.com To find out more about Reuters Products and Services visit http://www.reuters.com/productinfo Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I have the same issue, but I have always blamed it on R2. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, March 31, 2005 12:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM BTW, just to note to Aric's issues on Virtual Server 2005 (which I'm also interested to hear if others have the same issue): I don't have these issues on VMware - SP1 runs just fine on my VMs (for quite a while now). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Donnerstag, 31. März 2005 21:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I have Virtual Server running on w2k3 enterprise. I have installed SP1 on 4 of the virtual machines (which are domain controllers for a test forest). The virtual machines are using very little CPU (as shown by the VS status web page). The host is not using anywhere near 100% of it's CPU either. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido Sent: Thursday, March 31, 2005 3:09 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM BTW, just to note to Aric's issues on Virtual Server 2005 (which I'm also interested to hear if others have the same issue): I don't have these issues on VMware - SP1 runs just fine on my VMs (for quite a while now). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Donnerstag, 31. März 2005 21:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
The latest being what exactly? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alain Lissoir Sent: Thursday, March 31, 2005 12:13 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM And I presume you updated the VM with the latest VM additions, right? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 11:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Nothing in particular - every process usage appears to be exacerbated: Without SP1:taskmgr.exe uses 1-5% With SP1: taskmgr.exe uses 10-35% -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Thursday, March 31, 2005 11:48 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM What is using the CPU cycles? ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric > Sent: Thursday, March 31, 2005 11:03 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I have a specific problem related in some way to SP1. > > I have several test environments. In each I use Virtual Server 2005. > Each environment is 100% Windows Server 2003. After upgrading any of > the VMs with SP1, the upgraded VM runs at nearly 100% CPU > consistently. > > Removing and reinstalling the VM Additions has no affect. > > Removing SP1 also removes the visible problem. > > You might understand that I have an apprehension towards > installing SP1 > in production, especially on those systems running as VMs. > > Any ideas? > > Regards, > > Aric Bernard > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric > Fleischman > Sent: Thursday, March 31, 2005 10:27 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Dave can you quantify this statement please? I ask out of > curiosity, not > disagreement. > > Specifically: > 1) You referred to SP1 having "too many changes." How did you > make this > determination? What is the threshold where we cross in to too many? > 2) What steps will you be going through between now and when you do > install it? What will you do between now and deployment to > give you the > confidence level you need to fire it up on a box and see how it goes? > > Interested, so we can perhaps think through ways to make that less > painful going forward. > ~Eric > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > A. Marquis > Sent: Thursday, March 31, 2005 8:37 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I am certainly going to be waiting to install this one for a > while to many changes to jump right into it. > > David A. Marquis > Computer Systems Administrator > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Thursday, March 31, 2005 6:48 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] 2003 SP1 RTM > > FYI. Windows Server 2003 SP1 went RTM yesterday > > http://www.microsoft.com/downloads/details.aspx?familyid=22CFC > 239-337C-4 > D81- > 8354-72593B1C1F43&displaylang=en > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail message, including all attachments, is for the sole use of > the intended recipients(s) and may contain confidential and privileged > information. You may NOT use, disclose, copy, or disseminate this > information. If you are not the intended recipient, please contact the > sender by reply e-mail immediately. Please destroy all copies of the > original message and all attachments. > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Hm...I installed the production SP1 on a test VM earlier today and have not seen the CPU issue yet. Then again, this guest O/S isn't really doing anything at the moment either! It is a DC attached only to the internal network, and there are two other guest O/S's running right now (one is another Win2003 DC with no SP, and one is a 2003 server (not DC) with no SP). If there's any way I can help you reproduce, let me know! -DaveC Reuters CIO Infrastructure -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 2:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ - Visit our Internet site at http://www.reuters.com To find out more about Reuters Products and Services visit http://www.reuters.com/productinfo Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
And I presume you updated the VM with the latest VM additions, right? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 11:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
BTW, just to note to Aric's issues on Virtual Server 2005 (which I'm also interested to hear if others have the same issue): I don't have these issues on VMware - SP1 runs just fine on my VMs (for quite a while now). /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Donnerstag, 31. März 2005 21:03 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Hmm, I think the list owners would be upset with me if I used this thread to start fielding every SP1 question people might have. :) If it is AD related, I'd suggest starting a thread for em here. If it is not activedir topic worthy, the newsgroups are a good place as well. Rather, I was asking about how that evaluation was done to get to the conclusion that Dave came to, so I could understand how his organization works in that way. If you look in the VM what process is taking up the CPU? Can you take a dump of the VM in this state? We can see what it is chewing on with a dump in hand ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric Sent: Thursday, March 31, 2005 11:03 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
> Is the a public document that outlines the changes? General sp1 info: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepa ck/default.mspx That's the only link I know of on MSCOM at this point. Not to say there aren't more, I just don't know of em if so. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Thursday, March 31, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Hi Eric, Sorry David for hijacking your thread :) Other than the tombstone life on clean installs of AD on SP1 what are the major impacts of SP1 on an AD deployment? Is the a public document that outlines the changes? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Eric Fleischman Sent: 31 mars 2005 13:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
What is using the CPU cycles? ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric > Sent: Thursday, March 31, 2005 11:03 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I have a specific problem related in some way to SP1. > > I have several test environments. In each I use Virtual Server 2005. > Each environment is 100% Windows Server 2003. After upgrading any of > the VMs with SP1, the upgraded VM runs at nearly 100% CPU > consistently. > > Removing and reinstalling the VM Additions has no affect. > > Removing SP1 also removes the visible problem. > > You might understand that I have an apprehension towards > installing SP1 > in production, especially on those systems running as VMs. > > Any ideas? > > Regards, > > Aric Bernard > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Eric > Fleischman > Sent: Thursday, March 31, 2005 10:27 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > Dave can you quantify this statement please? I ask out of > curiosity, not > disagreement. > > Specifically: > 1) You referred to SP1 having "too many changes." How did you > make this > determination? What is the threshold where we cross in to too many? > 2) What steps will you be going through between now and when you do > install it? What will you do between now and deployment to > give you the > confidence level you need to fire it up on a box and see how it goes? > > Interested, so we can perhaps think through ways to make that less > painful going forward. > ~Eric > > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dave > A. Marquis > Sent: Thursday, March 31, 2005 8:37 AM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] 2003 SP1 RTM > > I am certainly going to be waiting to install this one for a > while to many changes to jump right into it. > > David A. Marquis > Computer Systems Administrator > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Thursday, March 31, 2005 6:48 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] 2003 SP1 RTM > > FYI. Windows Server 2003 SP1 went RTM yesterday > > http://www.microsoft.com/downloads/details.aspx?familyid=22CFC > 239-337C-4 > D81- > 8354-72593B1C1F43&displaylang=en > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > This e-mail message, including all attachments, is for the sole use of > the intended recipients(s) and may contain confidential and privileged > information. You may NOT use, disclose, copy, or disseminate this > information. If you are not the intended recipient, please contact the > sender by reply e-mail immediately. Please destroy all copies of the > original message and all attachments. > > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx > List FAQ: http://www.activedir.org/ListFAQ.aspx > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
OK, this is news – to me. Do you want it chased, or are you in a position to get a direct MS opinion on it yourself? Since ~Eric has chimed in, I think we should hand it off to him J Deji From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 10:29 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM All in all, not an earth shattering bug, but still something that in my opinion really needs to be fixed. Since I told Microsoft Security I wouldn’t release details on this bug until they had a chance to fix it, I won’t go into the details here. However, since it has been since May 2004 and they apparently have not addressed it in the current SP, I’ll say this….Basically it was a bug where you could effectively disable the Restricted Groups feature of Group Policy allowing anyone to remain in the group even if it was listed as Restricted. As an added bonus, the OS doesn’t even generate any event log entries…all Security Policy refreshes are listed with no problems in the event log. It’s not remotely exploitable or anything like that; just something that I really felt should be addressed. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Lou, what security fix are you asking about? I am in Security, and I’ve been doing SP1 for a while now, so I may be able to respond in less that 11 words ;) Or, I may be able to chase it up for you. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM FWIW - I just installed it on a test server (domain controller for a "play network") and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
We'll be releasing documentation soon. For now, here's a quick list of new features (note this is a not a comprehensive list for AD). 1) Support for DCs in Virtual Servers. Replication is halted and the system stops advertising if an improper restoration has occurred (USN rollback). 2) Replication resolves additional forms of DNS names in order to be more robust and work sooner after install. Also improved event log text when there is a failure. 3) Improve group membership consistency on authoritative restore 4) Report if a directory partition has not been backed up recently 5) Report if a FSMO role holder is set incorrectly or is not responding 6) DNS diagnostic test for dcdiag.exe 7) Authentication diagnostic test for dcdiag.exe 8) Improved event log text with common repair steps included. There are existing w2k3 messages that are updated, and there are entirely new messages. 9) Improved metadata cleanup for FRS objects 10) Retain application partitions on IFM 11) New default tombstone lifetime for new forests created using sp1 12) Faster FSMO validation when FSMO holder has partners in other sites 13) During forced removal, warn administrator if important roles will be orphaned 14) Ability of Dirsync api to return "partial tombstones" in order to allow directory synchronizing applications to learn of object deletions -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Francis Ouellet Sent: Thursday, March 31, 2005 10:50 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Hi Eric, Sorry David for hijacking your thread :) Other than the tombstone life on clean installs of AD on SP1 what are the major impacts of SP1 on an AD deployment? Is the a public document that outlines the changes? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Eric Fleischman Sent: 31 mars 2005 13:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Hello Eric, I went to the M$ Windows 2003 server page and found this Doc that lays out all of the changes: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepa ck/overview.mspx > You referred to SP1 having "too many changes." How did you make this determination? I just read the above doc and it seems that this is more of a complete overhaul of the OS vs. some fixes rolled up like Win XP SP1. Also, just my opinion here, but I am in the healthcare field and everything is mission critical as far as the directory is concerned. I personally will let other make the jump and find all the pitfalls as MS isn't always as forth coming in issues and fixes for those issues. > What is the threshold where we cross in to too many? When you are altering the core OS ad the way it works vs. a security fix. >2) What steps will you be going through between now and when you do >install it? I will cruise the newsgroups to read other accounts as the KB site often has confusing documentation on resolving issues. I find it is better to find the direction one needs to go by other experiences. >What will you do between now and deployment to give you the >confidence level you need to fire it up on a box and see how it goes? I will just give it a go as soon as it seems safe in a couple of months. It is just like SP2 for win xp. If you install it, the sp2 will break the ability to view other people's sessions on their systems. This was a show stopper for me until I spent about a month searching for a little know regedit that needs to be made on the users system to restore this functionality. Just my 2 cents. If you have a good firewall and anti-virus protection, things can slide for a little while as others test it out first. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 12:27 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I have a specific problem related in some way to SP1. I have several test environments. In each I use Virtual Server 2005. Each environment is 100% Windows Server 2003. After upgrading any of the VMs with SP1, the upgraded VM runs at nearly 100% CPU consistently. Removing and reinstalling the VM Additions has no affect. Removing SP1 also removes the visible problem. You might understand that I have an apprehension towards installing SP1 in production, especially on those systems running as VMs. Any ideas? Regards, Aric Bernard -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Fleischman Sent: Thursday, March 31, 2005 10:27 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Hi Eric, Sorry David for hijacking your thread :) Other than the tombstone life on clean installs of AD on SP1 what are the major impacts of SP1 on an AD deployment? Is the a public document that outlines the changes? Thanks, Francis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Eric Fleischman Sent: 31 mars 2005 13:27 To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
All in all, not an earth shattering bug, but still something that in my opinion really needs to be fixed. Since I told Microsoft Security I wouldn’t release details on this bug until they had a chance to fix it, I won’t go into the details here. However, since it has been since May 2004 and they apparently have not addressed it in the current SP, I’ll say this….Basically it was a bug where you could effectively disable the Restricted Groups feature of Group Policy allowing anyone to remain in the group even if it was listed as Restricted. As an added bonus, the OS doesn’t even generate any event log entries…all Security Policy refreshes are listed with no problems in the event log. It’s not remotely exploitable or anything like that; just something that I really felt should be addressed. Regards, Lou From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, March 31, 2005 12:59 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM Lou, what security fix are you asking about? I am in Security, and I’ve been doing SP1 for a while now, so I may be able to respond in less that 11 words ;) Or, I may be able to chase it up for you. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM FWIW - I just installed it on a test server (domain controller for a "play network") and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Dave can you quantify this statement please? I ask out of curiosity, not disagreement. Specifically: 1) You referred to SP1 having "too many changes." How did you make this determination? What is the threshold where we cross in to too many? 2) What steps will you be going through between now and when you do install it? What will you do between now and deployment to give you the confidence level you need to fire it up on a box and see how it goes? Interested, so we can perhaps think through ways to make that less painful going forward. ~Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 8:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
Lou, what security fix are you asking about? I am in Security, and I’ve been doing SP1 for a while now, so I may be able to respond in less that 11 words ;) Or, I may be able to chase it up for you. Deji -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM FWIW - I just installed it on a test server (domain controller for a "play network") and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
What is the particular fix? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lou Vega Sent: Thursday, March 31, 2005 12:40 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM FWIW - I just installed it on a test server (domain controller for a "play network") and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
FWIW - I just installed it on a test server (domain controller for a "play network") and it appears fine at the moment. If there are any Microsoft Security Team folks on board listening, I'm personally curious to see if a particular fix has been added to this SP since I was told it would be when I reported a problem last May. Upon the initial install of the SP, it would appear as if it were not fixed. r/ Lou -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave A. Marquis Sent: Thursday, March 31, 2005 11:37 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2003 SP1 RTM I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2003 SP1 RTM
I am certainly going to be waiting to install this one for a while to many changes to jump right into it. David A. Marquis Computer Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Thursday, March 31, 2005 6:48 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] 2003 SP1 RTM FYI. Windows Server 2003 SP1 went RTM yesterday http://www.microsoft.com/downloads/details.aspx?familyid=22CFC239-337C-4 D81- 8354-72593B1C1F43&displaylang=en List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ This e-mail message, including all attachments, is for the sole use of the intended recipients(s) and may contain confidential and privileged information. You may NOT use, disclose, copy, or disseminate this information. If you are not the intended recipient, please contact the sender by reply e-mail immediately. Please destroy all copies of the original message and all attachments. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
