Symantec v6.5 Install Issue
All- I'm trying to install Symanted Mail Security for Exchange product on my E2K10 server. The issue I'm having is at the section where it's prompting you for service account information. It's asking for you to provide the domain\username and password. I provide this information and it tells me that this account doesn't have a mailbox (which it does) or the username needs to be changed. I've tried several accounts.. and I get the same issue for each one. Any suggestions? Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Win2K3 DC in Active Directory Recovery Mode
All- I have a W2K3 DC that is currently sitting in AD recovery mode. I want to demote this DC and get rid of this toaster, I'm gonna go out on a limb and say I can't run DCPROMO on the box and remove it. How would I get a server like that removed from DS? Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Win2K3 DC in Active Directory Recovery Mode
But don't I have to get it out of Restore Mode first before I can attempt to run DCPROMO? I've seen the metadata cleanup article which has come in handy a few times :) From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Tuesday, March 23, 2010 10:44 AM To: NT System Admin Issues Subject: Re: Win2K3 DC in Active Directory Recovery Mode you can run the process for removing a 'phantom' failed DC ... here's a pretty good link to describe the process : http://www.petri.co.il/delete_failed_dcs_from_ad.htm On Tue, Mar 23, 2010 at 10:36 AM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I have a W2K3 DC that is currently sitting in AD recovery mode. I want to demote this DC and get rid of this toaster, I'm gonna go out on a limb and say I can't run DCPROMO on the box and remove it. How would I get a server like that removed from DS? Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Installing Win2K8 Server as DC Issue
I keep getting an error that pop up that says: One or more logs in the query have errors Directory Service Access Denied This just keeps popping up out of nowhere. From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, March 18, 2010 8:10 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue What are the startup dependencies? What about the account it runs under? From: John Bowles To: NT System Admin Issues Sent: Thu Mar 18 19:30:19 2010 Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that’s exactly the issue I’m having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who’s firewall service won’t start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall is conservative. In my experience, if it’s turned off, no traffic is allowed inbound. So, you can’t RDP into because your firewall won’t start up to allow traffic in. Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 1:29 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Outside of enabling RDP on the DC, what can be preventing me from RDP’ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won’t start How are you determining this? This is determined by the service on the server set to automatic but doesn’t show’s not started What does the eventlog say? Etc and so on. Event log is throwing MS DTC errors saying service cannot start. The Windows Firewall is a pain in the arse if you ask me. Because? Because it’s always been a pain in the arss. ☺ -ASB: http://XeeSM.com/AndrewBaker On Thu, Mar 18, 2010 at 2:29 PM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I’m trying to join a w2k8 r2 server to a windows 2003 domain. I’ve ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won’t start. Just wondering what I did wrong here? The Windows Firewall is a pain in the arse if you ask me. Any help would be appreciated. Thank you, John Bowles CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent of the sender are prohibited. This information may be protected by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and other Federal and Florida laws. Improper or unauthorized use or disclosure of this information could result in civil and/or criminal penalties. Consider the environment. Please don't print this e-mail unless you really need to. This email and any attached files are confidential and intended solely for the intended recipient(s). If you are not the named recipient you should not read, distribute, copy or alter this email. Any views or opinions expressed in this email are those of the author and do not represent those of the company. Warning: Although precautions have been taken to make sure no viruses are present in this email, the company cannot accept
RE: Installing Win2K8 Server as DC Issue
Just another update. When I bring the server online and it’s sitting there in a workgroup everything works fine. When I join it to the domain is when I start experiencing these issues. So it sounds to me it’s a Group Policy issue, but where in GPO would it turn Windows Firewall off and prevent it from working properly. Symptoms: -Windows Firewall not working, nor will allow me to start it. -Click on Windows Firewall in Server Manager and it gives me error (Windows Firewall w/Advanced Security failed to load. Restart Windows Firewall on computer “Error code: 0X6D9”) -Cannot RDP to server -No ports open to Server Thank you John B. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 10:21 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue I keep getting an error that pop up that says: One or more logs in the query have errors Directory Service Access Denied This just keeps popping up out of nowhere. From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, March 18, 2010 8:10 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue What are the startup dependencies? What about the account it runs under? From: John Bowles To: NT System Admin Issues Sent: Thu Mar 18 19:30:19 2010 Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that’s exactly the issue I’m having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who’s firewall service won’t start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall is conservative. In my experience, if it’s turned off, no traffic is allowed inbound. So, you can’t RDP into because your firewall won’t start up to allow traffic in. Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 1:29 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Outside of enabling RDP on the DC, what can be preventing me from RDP’ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won’t start How are you determining this? This is determined by the service on the server set to automatic but doesn’t show’s not started What does the eventlog say? Etc and so on. Event log is throwing MS DTC errors saying service cannot start. The Windows Firewall is a pain in the arse if you ask me. Because? Because it’s always been a pain in the arss. ☺ -ASB: http://XeeSM.com/AndrewBaker On Thu, Mar 18, 2010 at 2:29 PM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I’m trying to join a w2k8 r2 server to a windows 2003 domain. I’ve ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won’t start. Just wondering what I did wrong here? The Windows Firewall is a pain in the arse if you ask me. Any help would be appreciated. Thank you, John Bowles CONFIDENTIALITY STATEMENT: The information transmitted, or contained or attached to or with this Notice is intended only for the person or entity to which it is addressed and may contain Protected Health Information (PHI), confidential and/or privileged material. Any review, transmission, dissemination, or other use of, and taking any action in reliance upon this information by persons or entities other than the intended recipient without the express written consent
RE: Installing Win2K8 Server as DC Issue
I tried running that, but as I was going through the policies to see what’s been applied to the server, it fails and the program exits. Very strange behavior indeed. From: Joe Tinney [mailto:jtin...@lastar.com] Sent: Friday, March 19, 2010 10:40 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue I’d try running RSoP against the machine while it is joined to the domain and review the policies/settings that are being applied to it. Best of luck, Joe From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 10:36 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Just another update. When I bring the server online and it’s sitting there in a workgroup everything works fine. When I join it to the domain is when I start experiencing these issues. So it sounds to me it’s a Group Policy issue, but where in GPO would it turn Windows Firewall off and prevent it from working properly. Symptoms: -Windows Firewall not working, nor will allow me to start it. -Click on Windows Firewall in Server Manager and it gives me error (Windows Firewall w/Advanced Security failed to load. Restart Windows Firewall on computer “Error code: 0X6D9”) -Cannot RDP to server -No ports open to Server Thank you John B. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 10:21 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue I keep getting an error that pop up that says: One or more logs in the query have errors Directory Service Access Denied This just keeps popping up out of nowhere. From: John Cook [mailto:john.c...@pfsf.org] Sent: Thursday, March 18, 2010 8:10 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue What are the startup dependencies? What about the account it runs under? From: John Bowles To: NT System Admin Issues Sent: Thu Mar 18 19:30:19 2010 Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that’s exactly the issue I’m having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who’s firewall service won’t start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall is conservative. In my experience, if it’s turned off, no traffic is allowed inbound. So, you can’t RDP into because your firewall won’t start up to allow traffic in. Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 1:29 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Outside of enabling RDP on the DC, what can be preventing me from RDP’ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won’t start How are you determining this? This is determined by the service on the server set to automatic but doesn’t show’s not started What does the eventlog say? Etc and so on. Event log is throwing MS DTC errors saying service cannot start. The Windows Firewall is a pain in the arse if you ask me. Because? Because it’s always been a pain in the arss. ☺ -ASB: http://XeeSM.com/AndrewBaker On Thu, Mar 18, 2010 at 2:29 PM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I’m trying to join a w2k8 r2 server to a windows 2003 domain. I’ve ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won’t start. Just wondering what I did wrong here? The Windows
RE: Installing Win2K8 Server as DC Issue
Jeff- Just an FYI, I'm going to give it to 2pm EST and If I can't figure it out then I'm going to open a call up with PSS. If that happens I'll share with everyone what the issue was. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating a dead horse and shouldn't... But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that's my experience... Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I'm currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y'all need to realize that y'all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should've been called Server 2010. It's way different. It's not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping the Windows Firewall service in Server 2008 R2 is not supported and will cause indeterminate behavior. If you want to not use the firewall, you need to open the Windows Firewall application and disable the appropriate profile. This is a change in behavior between 2008 and 2008 R2. Now, in 2008 R2, if the Windows Firewall won't start, then it WILL generate an error in one event log or another. You need to track that down and fix it! :-P Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 7:30 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that's exactly the issue I'm having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who's firewall service won't start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall is conservative. In my experience, if it's turned off, no traffic is allowed inbound. So, you can't RDP into because your firewall won't start up to allow traffic in. Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 1:29 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Outside of enabling RDP on the DC, what can be preventing me from RDP'ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won't start How are you determining this? This is determined by the service on the server set to automatic but doesn't show's not started What does the eventlog say? Etc and so on. Event log is throwing MS DTC errors saying service cannot start. The Windows Firewall is a pain in the arse if you ask me. Because? Because it's always been a pain in the arss. :) -ASB: http://XeeSM.com/AndrewBaker On Thu, Mar 18, 2010 at 2:29 PM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I'm trying to join a w2k8 r2 server to a windows 2003 domain. I've ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won't start. Just wondering what I did wrong here
RE: Installing Win2K8 Server as DC Issue
Just to throw this out there.. The client's domain functional level shouldn't have a bearing on this type of behavior correct? The forest level is Windows 2000 and the domain is Windows 2003. Thank you. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating a dead horse and shouldn't... But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that's my experience... Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I'm currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y'all need to realize that y'all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should've been called Server 2010. It's way different. It's not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping the Windows Firewall service in Server 2008 R2 is not supported and will cause indeterminate behavior. If you want to not use the firewall, you need to open the Windows Firewall application and disable the appropriate profile. This is a change in behavior between 2008 and 2008 R2. Now, in 2008 R2, if the Windows Firewall won't start, then it WILL generate an error in one event log or another. You need to track that down and fix it! :-P Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 7:30 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that's exactly the issue I'm having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who's firewall service won't start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall is conservative. In my experience, if it's turned off, no traffic is allowed inbound. So, you can't RDP into because your firewall won't start up to allow traffic in. Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 1:29 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Outside of enabling RDP on the DC, what can be preventing me from RDP'ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won't start How are you determining this? This is determined by the service on the server set to automatic but doesn't show's not started What does the eventlog say? Etc and so on. Event log is throwing MS DTC errors saying service cannot start. The Windows Firewall is a pain in the arse if you ask me. Because? Because it's always been a pain in the arss. :) -ASB: http://XeeSM.com/AndrewBaker On Thu, Mar 18, 2010 at 2:29 PM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I'm trying to join a w2k8 r2 server to a windows 2003 domain. I've ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won't start. Just wondering
RE: Installing Win2K8 Server as DC Issue
Here are some of the Event Log errors i'm receiving. As you can see I'm not getting a whole lot of anything in the Event Viewer..just access denied. Log Name: Application Source:VSS Date: 3/18/2010 1:23:47 PM Event ID: 8193 Task Category: None Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Log Name: Application Source:Microsoft-Windows-MSDTC Date: 3/18/2010 1:25:48 PM Event ID: 4112 Task Category: SVC Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Could not start the MS DTC Transaction Manager. Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from exchsrv01.teambi.com\mail.evolvent.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). John Bowles | 301.473.2260 From: Michael B. Smith [mich...@smithcons.com] Sent: Friday, March 19, 2010 11:03 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue No, shouldn’t be a consideration. Have you verified your event log is clean? I truly expect you should be getting information about a service startup failure. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 10:58 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Just to throw this out there.. The client’s domain functional level shouldn’t have a bearing on this type of behavior correct? The forest level is Windows 2000 and the domain is Windows 2003. Thank you. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I’m probably beating a dead horse and shouldn’t… But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that’s my experience… Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I’m currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y’all need to realize that y’all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should’ve been called Server 2010. It’s way different. It’s not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping the Windows Firewall service in Server 2008 R2 is not supported and will cause indeterminate behavior. If you want to not use the firewall, you need to open the Windows Firewall application and disable the appropriate profile. This is a change in behavior between 2008 and 2008 R2. Now, in 2008 R2, if the Windows Firewall won’t start, then it WILL generate an error in one event log or another. You need to track that down and fix it! :-P Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 7:30 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that’s exactly the issue I’m having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who’s firewall service won’t start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall
RE: Installing Win2K8 Server as DC Issue
That is something that is in the process of being purchased. I'm assuming you're wanting to import a cert to all Windows 2008 DC's correct? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, March 19, 2010 11:24 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Do you have a CA on the same side of the firewall as this new DC? I think I'd demote this server, remove it from the domain, re-add it, and then repromote. Assuming you do have an available CA. Otherwise - you are going to need access to a CA! Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 11:13 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Here are some of the Event Log errors i'm receiving. As you can see I'm not getting a whole lot of anything in the Event Viewer..just access denied. Log Name: Application Source:VSS Date: 3/18/2010 1:23:47 PM Event ID: 8193 Task Category: None Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Log Name: Application Source:Microsoft-Windows-MSDTC Date: 3/18/2010 1:25:48 PM Event ID: 4112 Task Category: SVC Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Could not start the MS DTC Transaction Manager. Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from exchsrv01.teambi.com\mail.evolvent.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). John Bowles | 301.473.2260 From: Michael B. Smith [mich...@smithcons.com] Sent: Friday, March 19, 2010 11:03 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue No, shouldn't be a consideration. Have you verified your event log is clean? I truly expect you should be getting information about a service startup failure. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 10:58 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Just to throw this out there.. The client's domain functional level shouldn't have a bearing on this type of behavior correct? The forest level is Windows 2000 and the domain is Windows 2003. Thank you. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating a dead horse and shouldn't... But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that's my experience... Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I'm currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y'all need to realize that y'all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should've been called Server 2010. It's way different. It's not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping the Windows Firewall service in Server 2008 R2 is not supported and will cause indeterminate behavior. If you want to not use the firewall, you need to open the Windows Firewall application and disable the appropriate profile. This is a change in behavior between 2008 and 2008 R2. Now, in 2008 R2, if the Windows Firewall won't start, then it WILL generate an error in one event log or another. You need to track that down and fix it! :-P Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 7:30 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that's exactly the issue I'm having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com
RE: Installing Win2K8 Server as DC Issue
Jeff- the local and network service wasn't in the list. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 11:36 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue John, On your Default Domain Controllers Policy, can you take a look at Computer Configuration - Policies - Windows Settings - Local Policies - User Rights Assignments and take a look at the two keys I mentioned before: Adjust Memory quotas for a process and Replace a process Level token. Since you said you were at 2000 on the forest level, I'm really thinking LOCAL SERVICE isn't in the list for at least one of those two policies... Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 8:28 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue That is something that is in the process of being purchased. I'm assuming you're wanting to import a cert to all Windows 2008 DC's correct? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, March 19, 2010 11:24 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Do you have a CA on the same side of the firewall as this new DC? I think I'd demote this server, remove it from the domain, re-add it, and then repromote. Assuming you do have an available CA. Otherwise - you are going to need access to a CA! Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 11:13 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Here are some of the Event Log errors i'm receiving. As you can see I'm not getting a whole lot of anything in the Event Viewer..just access denied. Log Name: Application Source:VSS Date: 3/18/2010 1:23:47 PM Event ID: 8193 Task Category: None Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Log Name: Application Source:Microsoft-Windows-MSDTC Date: 3/18/2010 1:25:48 PM Event ID: 4112 Task Category: SVC Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Could not start the MS DTC Transaction Manager. Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from exchsrv01.teambi.com\mail.evolvent.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). John Bowles | 301.473.2260 From: Michael B. Smith [mich...@smithcons.com] Sent: Friday, March 19, 2010 11:03 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue No, shouldn't be a consideration. Have you verified your event log is clean? I truly expect you should be getting information about a service startup failure. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 10:58 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Just to throw this out there.. The client's domain functional level shouldn't have a bearing on this type of behavior correct? The forest level is Windows 2000 and the domain is Windows 2003. Thank you. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating a dead horse and shouldn't... But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that's my experience... Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I'm currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y'all need to realize that y'all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should've been called Server 2010. It's way different. It's not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping the Windows Firewall service in Server 2008 R2
RE: Installing Win2K8 Server as DC Issue
Oh I'm sorry Michael, I'm assuming it cannot get out because RPC is blocked incoming/outgoing on the server. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, March 19, 2010 11:31 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue NoThis error Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from exchsrv01.teambi.com\mail.evolvent.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)) means that you have a policy requiring the DC to get a certificate and it couldn't access the CA when it tried to get it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 11:28 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue That is something that is in the process of being purchased. I'm assuming you're wanting to import a cert to all Windows 2008 DC's correct? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, March 19, 2010 11:24 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Do you have a CA on the same side of the firewall as this new DC? I think I'd demote this server, remove it from the domain, re-add it, and then repromote. Assuming you do have an available CA. Otherwise - you are going to need access to a CA! Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 11:13 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Here are some of the Event Log errors i'm receiving. As you can see I'm not getting a whole lot of anything in the Event Viewer..just access denied. Log Name: Application Source:VSS Date: 3/18/2010 1:23:47 PM Event ID: 8193 Task Category: None Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Log Name: Application Source:Microsoft-Windows-MSDTC Date: 3/18/2010 1:25:48 PM Event ID: 4112 Task Category: SVC Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Could not start the MS DTC Transaction Manager. Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from exchsrv01.teambi.com\mail.evolvent.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). John Bowles | 301.473.2260 From: Michael B. Smith [mich...@smithcons.com] Sent: Friday, March 19, 2010 11:03 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue No, shouldn't be a consideration. Have you verified your event log is clean? I truly expect you should be getting information about a service startup failure. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 10:58 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Just to throw this out there.. The client's domain functional level shouldn't have a bearing on this type of behavior correct? The forest level is Windows 2000 and the domain is Windows 2003. Thank you. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating a dead horse and shouldn't... But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that's my experience... Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I'm currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y'all need to realize that y'all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should've been called Server 2010. It's way different. It's not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping
RE: Installing Win2K8 Server as DC Issue
LOL that thought has crossed my mind several times. But the box was operating just fine before we joined it to the domain.. and all this behavior started taking place. As soon as it came off a reboot from joining the domain, the Windows Firewall stopped, couldn't ping the server etc. This client also installed a Windows 2K8 standalone server with E2K7 ready to deploy and they were running across the same issues. Cannot RDP, can't ping, etc. I'm not sold it's a build issue just yet. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, March 19, 2010 11:44 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue I think you should rebuild this box. IMHO. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 11:42 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Oh I'm sorry Michael, I'm assuming it cannot get out because RPC is blocked incoming/outgoing on the server. From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, March 19, 2010 11:31 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue NoThis error Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from exchsrv01.teambi.com\mail.evolvent.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)) means that you have a policy requiring the DC to get a certificate and it couldn't access the CA when it tried to get it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 11:28 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue That is something that is in the process of being purchased. I'm assuming you're wanting to import a cert to all Windows 2008 DC's correct? From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Friday, March 19, 2010 11:24 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Do you have a CA on the same side of the firewall as this new DC? I think I'd demote this server, remove it from the domain, re-add it, and then repromote. Assuming you do have an available CA. Otherwise - you are going to need access to a CA! Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 11:13 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Here are some of the Event Log errors i'm receiving. As you can see I'm not getting a whole lot of anything in the Event Viewer..just access denied. Log Name: Application Source:VSS Date: 3/18/2010 1:23:47 PM Event ID: 8193 Task Category: None Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Log Name: Application Source:Microsoft-Windows-MSDTC Date: 3/18/2010 1:25:48 PM Event ID: 4112 Task Category: SVC Level: Error Keywords: Classic User: N/A Computer: computer.domain.com Description: Could not start the MS DTC Transaction Manager. Volume Shadow Copy Service error: Unexpected error calling routine RegOpenKeyExW(-2147483646,SYSTEM\CurrentControlSet\Services\VSS\Diag,...). hr = 0x80070005, Access is denied. . Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from exchsrv01.teambi.com\mail.evolvent.com (The RPC server is unavailable. 0x800706ba (WIN32: 1722)). John Bowles | 301.473.2260 From: Michael B. Smith [mich...@smithcons.com] Sent: Friday, March 19, 2010 11:03 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue No, shouldn't be a consideration. Have you verified your event log is clean? I truly expect you should be getting information about a service startup failure. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 10:58 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Just to throw this out there.. The client's domain functional level shouldn't have a bearing on this type of behavior correct? The forest level is Windows 2000 and the domain is Windows 2003. Thank you. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 10:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating
RE: Installing Win2K8 Server as DC Issue
I've added network service and local service to everywhere specified.. rebooting now From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 12:10 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue That's good to know, thanks! Jeff From: David Lum [mailto:david@nwea.org] Sent: Friday, March 19, 2010 8:51 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue With Win2K8/Win7 in addition to disabling the firewall you must also set the firewall service to DISABLED (manual might also work), otherwise Windows disables the NIC. If it sees firewall as AUTO but the firewall is off (even if you turn it off via GUI) it assumes malware has disabled the firewall so it nukes the NIC connection altogether. Setting the service to DISABLED and THEN turning off the firewall will allow the NIC to remain active. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 7:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating a dead horse and shouldn't... But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that's my experience... Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I'm currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y'all need to realize that y'all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should've been called Server 2010. It's way different. It's not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping the Windows Firewall service in Server 2008 R2 is not supported and will cause indeterminate behavior. If you want to not use the firewall, you need to open the Windows Firewall application and disable the appropriate profile. This is a change in behavior between 2008 and 2008 R2. Now, in 2008 R2, if the Windows Firewall won't start, then it WILL generate an error in one event log or another. You need to track that down and fix it! :-P Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 7:30 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that's exactly the issue I'm having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who's firewall service won't start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall is conservative. In my experience, if it's turned off, no traffic is allowed inbound. So, you can't RDP into because your firewall won't start up to allow traffic in. Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 1:29 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Outside of enabling RDP on the DC, what can be preventing me from RDP'ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won't start
RE: Installing Win2K8 Server as DC Issue
Still no joy! Won't start! From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 12:23 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue I've added network service and local service to everywhere specified.. rebooting now From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 12:10 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue That's good to know, thanks! Jeff From: David Lum [mailto:david@nwea.org] Sent: Friday, March 19, 2010 8:51 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue With Win2K8/Win7 in addition to disabling the firewall you must also set the firewall service to DISABLED (manual might also work), otherwise Windows disables the NIC. If it sees firewall as AUTO but the firewall is off (even if you turn it off via GUI) it assumes malware has disabled the firewall so it nukes the NIC connection altogether. Setting the service to DISABLED and THEN turning off the firewall will allow the NIC to remain active. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 7:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating a dead horse and shouldn't... But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that's my experience... Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I'm currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y'all need to realize that y'all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should've been called Server 2010. It's way different. It's not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping the Windows Firewall service in Server 2008 R2 is not supported and will cause indeterminate behavior. If you want to not use the firewall, you need to open the Windows Firewall application and disable the appropriate profile. This is a change in behavior between 2008 and 2008 R2. Now, in 2008 R2, if the Windows Firewall won't start, then it WILL generate an error in one event log or another. You need to track that down and fix it! :-P Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 7:30 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that's exactly the issue I'm having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who's firewall service won't start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall is conservative. In my experience, if it's turned off, no traffic is allowed inbound. So, you can't RDP into because your firewall won't start up to allow traffic in. Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 1:29 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Outside of enabling RDP on the DC, what can be preventing me from RDP'ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server
RE: Installing Win2K8 Server as DC Issue
Not yet, have a PSS call in right now. This behavior happened before it became a DC. It happened when the server was added to the domain. As soon as I get the fix I will update this thread. Thanks. From: Jay Dale [mailto:jay.d...@3-gig.com] Sent: Friday, March 19, 2010 3:55 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Have you tried demoting it and attempting RDP? Jay Dale I.T. Manager, 3GiG Mobile: 713.299.2541 Email: jay.d...@3-gig.commailto:kandy.luk...@3-gig.com Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. From: HELP_PC [mailto:g...@enter.it] Sent: Friday, March 19, 2010 12:19 PM To: NT System Admin Issues Subject: R: Installing Win2K8 Server as DC Issue It is a so weird issue ! I remember ,some years ago , I started to have similar issues building an SBS2k3box. (Permission issues when starting creating the domain) Found the RAID card driver was old and the sysvol couldn't be created properly GuidoElia HELPPC Da: John Bowles [mailto:john.bow...@wlkmmas.org] Inviato: venerdì 19 marzo 2010 17.29 A: NT System Admin Issues Oggetto: RE: Installing Win2K8 Server as DC Issue Still no joy! Won't start! From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Friday, March 19, 2010 12:23 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue I've added network service and local service to everywhere specified.. rebooting now From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 12:10 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue That's good to know, thanks! Jeff From: David Lum [mailto:david@nwea.org] Sent: Friday, March 19, 2010 8:51 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue With Win2K8/Win7 in addition to disabling the firewall you must also set the firewall service to DISABLED (manual might also work), otherwise Windows disables the NIC. If it sees firewall as AUTO but the firewall is off (even if you turn it off via GUI) it assumes malware has disabled the firewall so it nukes the NIC connection altogether. Setting the service to DISABLED and THEN turning off the firewall will allow the NIC to remain active. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Friday, March 19, 2010 7:54 AM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Hi Michael, I'm probably beating a dead horse and shouldn't... But, on both my 2008 and 2008 R2 servers, if I stop the windows firewall service, I can no longer connect to them via RDP, or access file shares, or even ping them for that matter. I agree, 2008 and 2008 R2 are very different beasts, but they do seem to have that behavior in common. At least that's my experience... Of course, the important thing is why is this happening to John and how might he resolve it, and on that, I'm currently stumped. Jeff From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Thursday, March 18, 2010 4:59 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Guys, y'all need to realize that y'all are comparing apples and oranges. Server 2008 is NOT the same as Server 2008 R2. Server 2008 R2 should've been called Server 2010. It's way different. It's not like 2003 R2 which was just a bunch of additional optional functionality. Disabling or stopping the Windows Firewall service in Server 2008 R2 is not supported and will cause indeterminate behavior. If you want to not use the firewall, you need to open the Windows Firewall application and disable the appropriate profile. This is a change in behavior between 2008 and 2008 R2. Now, in 2008 R2, if the Windows Firewall won't start, then it WILL generate an error in one event log or another. You need to track that down and fix it! :-P Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 7:30 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue +1 Jeff, that's exactly the issue I'm having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35
Installing Win2K8 Server as DC Issue
All- I'm trying to join a w2k8 r2 server to a windows 2003 domain. I've ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won't start. Just wondering what I did wrong here? The Windows Firewall is a pain in the arse if you ask me. Any help would be appreciated. Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Installing Win2K8 Server as DC Issue
From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won't start How are you determining this? This is determined by the service on the server set to automatic but doesn't show's not started What does the eventlog say? Etc and so on. Event log is throwing MS DTC errors saying service cannot start. The Windows Firewall is a pain in the arse if you ask me. Because? Because it's always been a pain in the arss. :) -ASB: http://XeeSM.com/AndrewBaker On Thu, Mar 18, 2010 at 2:29 PM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I'm trying to join a w2k8 r2 server to a windows 2003 domain. I've ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won't start. Just wondering what I did wrong here? The Windows Firewall is a pain in the arse if you ask me. Any help would be appreciated. Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Installing Win2K8 Server as DC Issue
Outside of enabling RDP on the DC, what can be preventing me from RDP'ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won't start How are you determining this? This is determined by the service on the server set to automatic but doesn't show's not started What does the eventlog say? Etc and so on. Event log is throwing MS DTC errors saying service cannot start. The Windows Firewall is a pain in the arse if you ask me. Because? Because it's always been a pain in the arss. :) -ASB: http://XeeSM.com/AndrewBaker On Thu, Mar 18, 2010 at 2:29 PM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I'm trying to join a w2k8 r2 server to a windows 2003 domain. I've ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won't start. Just wondering what I did wrong here? The Windows Firewall is a pain in the arse if you ask me. Any help would be appreciated. Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Installing Win2K8 Server as DC Issue
+1 Jeff, that's exactly the issue I'm having. The Windows Firewall will not even start up or allow me to start it up to allow traffic to the DC. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 5:35 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue If I stop the Windows Firewall service on my 2008 servers, I can no longer RDP to it. So, what I meant by off is, the service is stopped, which is the case for John, who's firewall service won't start at all. From: N Parr [mailto:npar...@mortonind.com] Sent: Thursday, March 18, 2010 2:22 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue What? Firewall Off = Traffic Allowed I have the firewall's off on my 2008 server and RDP to them just fine. From: Jackson, Jeff [mailto:jeff.jack...@rbza.com] Sent: Thursday, March 18, 2010 4:17 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue The 2008 firewall is conservative. In my experience, if it's turned off, no traffic is allowed inbound. So, you can't RDP into because your firewall won't start up to allow traffic in. Jeff From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 1:29 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue Outside of enabling RDP on the DC, what can be preventing me from RDP'ing into the server? I have this issue with my Exchange 2K7 server as well as DC. I keep getting access is denied when trying to turn on Windows Firewall on the DC. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, March 18, 2010 2:46 PM To: NT System Admin Issues Subject: RE: Installing Win2K8 Server as DC Issue From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Thursday, March 18, 2010 2:43 PM To: NT System Admin Issues Subject: Re: Installing Win2K8 Server as DC Issue I cannot access the server remotely Error message? No error message, after running DS role I am no longer able to connect to server via RDP the windows firewall service won't start How are you determining this? This is determined by the service on the server set to automatic but doesn't show's not started What does the eventlog say? Etc and so on. Event log is throwing MS DTC errors saying service cannot start. The Windows Firewall is a pain in the arse if you ask me. Because? Because it's always been a pain in the arss. :) -ASB: http://XeeSM.com/AndrewBaker On Thu, Mar 18, 2010 at 2:29 PM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: All- I'm trying to join a w2k8 r2 server to a windows 2003 domain. I've ran adprep /forestprep Adprep /domain prep Installed domain services under roles.. rebooted Now when the server came up I cannot access the server remotely and the windows firewall service won't start. Just wondering what I did wrong here? The Windows Firewall is a pain in the arse if you ask me. Any help would be appreciated. Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Migrating Netware Logon Scripts to Windows
Has anyone had any experience migrating login scripts from Netware to Windows? I have a customer that is asking for assistance in migrating the scripts.. Since I'm not familiar with Netware, apparently they have scripts at the container level, profile level and some at a group level. So any one user can have multiple scripts running. From what I was told, if the G drive was mapped with one script it would get overwritten everytime a script is ran depending on where that user resides in Directory Services. So as you can see, it's a pretty complicated setup.. and they are trying to find a way that is seamless to the user so they won't notice a thing. I'm sure this isn't the only customer that has faced this issue, so I'm hoping someone might have some insight on how to attack this issue. Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
IBM T61 Thinkpad
I have an IBM T61 Thinkpad and every time I turn it on it sounds like the hard drive or the motherboard is beeping and the bootup time is really slow. Any ideas? I can't find anything on the internet regarding this issue. Thank you. John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: IBM T61 Thinkpad
It's a constant beep intermittent every 2-3 seconds until computer boots up to Windows 7 login. From: Carol Fee [mailto:c...@massbar.org] Sent: Tuesday, March 02, 2010 2:10 PM To: NT System Admin Issues Subject: RE: IBM T61 Thinkpad Probably Bios error beep code. What is the pattern ? CFee From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Tuesday, March 02, 2010 2:08 PM To: NT System Admin Issues Subject: IBM T61 Thinkpad I have an IBM T61 Thinkpad and every time I turn it on it sounds like the hard drive or the motherboard is beeping and the bootup time is really slow. Any ideas? I can't find anything on the internet regarding this issue. Thank you. John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: IBM T61 Thinkpad
That might help, I'll have to restart my laptop to listen to the exact tones. Thanks for the help! I'll be in touch to let everyone know the results. -Original Message- From: Roger Wright [mailto:rhw...@gmail.com] Sent: Tuesday, March 02, 2010 2:23 PM To: NT System Admin Issues Subject: Re: IBM T61 Thinkpad Does this help narrow it down? http://www-307.ibm.com/pc/support/site.wss/MIGR-46018.html Die dulci fruere! Roger Wright ___ On Tue, Mar 2, 2010 at 2:08 PM, John Bowles john.bow...@wlkmmas.org wrote: I have an IBM T61 Thinkpad and every time I turn it on it sounds like the hard drive or the motherboard is beeping and the bootup time is really slow. Any ideas? I can't find anything on the internet regarding this issue. Thank you. John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OT-Personal PC Assessment Tools
All- I do a lot of work on personal computers/laptops. I'm looking to see what types of tools you guys/gals use to cleanup computers and to increase performance on them? So far I'm using Spybot, AV client, Ad-Aware. Any other tools that experts suggest? Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
ODD W2K3 DC DCPROMO Issue
All- I have a customer who has 2 W2K3 DC's (DC01, DC02) running in their environment. They want to add a new DC and retire one of the previous DC's mentioned. Well, when I run DCPROMO on DC03 it throws me an error message saying I need to run ADprep because the forest is not prepped. Then it proceeds to tell me to run Forestprep and Domain Prep. Has anyone ran into this issue before where there are already 1 or more W2K3 DC's and when you add another it's saying the forest isn't prepped for a W2K3 DC? TIA, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: ODD W2K3 DC DCPROMO Issue
That was absolutely it. Thanks guys for the reminder.. Sometimes when you're in the weeds you tend to overlook common issues. Thanks again! -Original Message- From: Michael B. Smith [mailto:mich...@smithcons.com] Sent: Monday, February 08, 2010 10:31 AM To: NT System Admin Issues Subject: RE: ODD W2K3 DC DCPROMO Issue Yes. If you are using 2003 R2 media on a 2003 no-R2 domain. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Monday, February 08, 2010 10:12 AM To: NT System Admin Issues Subject: ODD W2K3 DC DCPROMO Issue All- I have a customer who has 2 W2K3 DC's (DC01, DC02) running in their environment. They want to add a new DC and retire one of the previous DC's mentioned. Well, when I run DCPROMO on DC03 it throws me an error message saying I need to run ADprep because the forest is not prepped. Then it proceeds to tell me to run Forestprep and Domain Prep. Has anyone ran into this issue before where there are already 1 or more W2K3 DC's and when you add another it's saying the forest isn't prepped for a W2K3 DC? TIA, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO Best Practices
I'm looking for a best practices kind of thing here... When admins want to force other groups or accounts to workstations outside of domain admins, and not allowing the local admin to modify the list.. Do they create a seperate GPO for this function? Or do they modify the default GPO for this task? I know it's not best practices to modify the default, but I think having a seperate GPO for every little issue or fix would be cumbersome as well.. Thoughts? John Bowles From: Kurt Buff [kurt.b...@gmail.com] Sent: Wednesday, January 20, 2010 4:09 PM To: NT System Admin Issues Subject: Re: GPO Best Practices NP On Wed, Jan 20, 2010 at 12:27, Jon Harris jk.har...@gmail.com wrote: My bad you are correct I forgot to say that was true and this is how it is done. Sorry. Jon On Wed, Jan 20, 2010 at 1:45 PM, Kurt Buff kurt.b...@gmail.com wrote: I think you're kinda saying the same thing I am. DAs are added to any non-DC's local Administrators group when added to the domain, unless things have changed since Win2k3 R2 SP2+ and XP SP3+. They are, by default, admins on any machine joined to the domain, though the local Administrator can kick them out. Of course, if you're worried about someone with a Nordahl bootdisk or something similar, that's a second or third reason to enforce it by GPO, I suppose, along with a standard account being in either the Administrator or Power Users group, or someone knowing the local Administrator password. Kurt On Wed, Jan 20, 2010 at 10:26, Jon Harris jk.har...@gmail.com wrote: I believe DA's are added to the Administrators group but are not local Administrators. From my experience local administrators can trump DA's and where possible it is best to remove local administrators from the Administrators group to prevent this. The other tactic to take would be to disable the local administrator account. That is what I strive for but it is not always possible. Jon On Wed, Jan 20, 2010 at 1:15 PM, Kurt Buff kurt.b...@gmail.com wrote: To my certain knowledge, yes. This leads me to wonder why this is an issue. I can only think of one reason: Non-DAs are also admins or power users, and they want to ensure that the non-DAs can't kick the DAs off the workstations. Kurt On Wed, Jan 20, 2010 at 07:40, Carol Fee c...@massbar.org wrote: Aren’t the Domain Admins automatically added to the local Administrators when the computer is joined to the domain ? CFee ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
GPO Best Practices
I have a customer who is looking to implement a GPO to add Domain Admins to all the workstations and servers. I was looking into using Restricted Groups to tackle this task, but it seems if you use Restricted Groups you will lose anything outside of the groups you have listed in the restricted groups, that reside in local admin group of workstations or servers. My question is, if I recall a finely tuned AD the concept was to have your workstations and servers in seperate OU's right? This way you can have seperate sets of GPO's for each class, either workstations or servers? Or, is there just a flat out easier way to push certain accounts to the servers and workstations? Thanks, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO Best Practices
GPP? John Bowles From: Stephen Wimberly [swimbe...@gmail.com] Sent: Wednesday, January 20, 2010 10:14 AM To: NT System Admin Issues Subject: Re: GPO Best Practices Servers and workstations should be in different OU's for a variety of reasons, GPO is one of the best reasons. We used to use restrictive groups for the local Administrators group, but yes this does delete all contents and replace with the contents of the GPO. If you have Server 2003 Domain controllers running at the 2003 functional level you should be able to use GPP rather than GPO. This will allow you to fine tune the local groups on the workstations and servers as you would like without destroying your existing contents. It can do the same thing in the end result, but the thought of emptying before replacing bothered me. ;) 2010/1/20 John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org I have a customer who is looking to implement a GPO to add Domain Admins to all the workstations and servers. I was looking into using Restricted Groups to tackle this task, but it seems if you use Restricted Groups you will lose anything outside of the groups you have listed in the restricted groups, that reside in local admin group of workstations or servers. My question is, if I recall a finely tuned AD the concept was to have your workstations and servers in seperate OU's right? This way you can have seperate sets of GPO's for each class, either workstations or servers? Or, is there just a flat out easier way to push certain accounts to the servers and workstations? Thanks, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: GPO Best Practices
Thanks to everyone for their ideas. This was very helpful! John Bowles From: Andy Ognenoff [andyognen...@gmail.com] Sent: Wednesday, January 20, 2010 10:30 AM To: NT System Admin Issues Subject: RE: GPO Best Practices OU structure aside (separating them is good practice for all of the reasons stated) - your first thought to use Restricted Groups was definitely a way to accomplish the task - that's exactly what we do here. Just use the This group is a member of: box with Administrators added to it and leave the Members of this group: box empty. This makes your AD security group become a part of the Local Administrators group on whatever machines the GPO is applied to - adding to it, rather than replacing it. - Andy O. From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Wednesday, January 20, 2010 9:00 AM To: NT System Admin Issues Subject: GPO Best Practices I have a customer who is looking to implement a GPO to add Domain Admins to all the workstations and servers. I was looking into using Restricted Groups to tackle this task, but it seems if you use Restricted Groups you will lose anything outside of the groups you have listed in the restricted groups, that reside in local admin group of workstations or servers. My question is, if I recall a finely tuned AD the concept was to have your workstations and servers in seperate OU's right? This way you can have seperate sets of GPO's for each class, either workstations or servers? Or, is there just a flat out easier way to push certain accounts to the servers and workstations? Thanks, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Windows 2008 R2 Spec Sheet
All- Is there a best practices sheet out there that gives you details about how to best setup and config your W2K8R2 DC's? Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Netbackup Question
All- Can anyone tell me what's the different between the Netbackup Exchange Extensions and the Netbackup Exchange Agent? Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OCS Training
Has anybody had training on this product? And if so, was it beneficial to you? Do you recommend a certain training facility over another? Thank you, John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Mail server software
Anyone in their right mind would host any business centric email on a platform outside of Exchange, Lotus or Sendmail is just asking for trouble. Now, If I'm running a shop and my Engineer comes to me with jimbob's Mail Platform.. I'm going to ask for him to please get out of my office, and never return to my department ever again. And while you're at it, please go run into a brick wall. Good talk, glad we had it. _ John Bowles From: Kurt Buff [kurt.b...@gmail.com] Sent: Monday, August 17, 2009 4:03 PM To: NT System Admin Issues Subject: Re: Mail server software Sorry - meant to say they are the usual Open Source suspects. On Mon, Aug 17, 2009 at 12:59, Kurt Buffkurt.b...@gmail.com wrote: Zimbra, OSER and Scalix are the usual suspects. On Mon, Aug 17, 2009 at 08:53, John Aldrichjaldr...@blueridgecarpet.com wrote: If you don’t want to pay the cost of Exchange, what software would you get that has pretty much the same functionality as Exchange, including the following: 1) Active Directory integration 2) Shared calendars 3) Reserved meeting rooms (i.e. send a meeting invite to the room email address and reserve it.) 4) Outlook connectivity (most of the ones I’ve looked at have some sort of “plugin” to allow Outlook to connect to them and act like Exchange.) 5) Fully functional webmail – we want to have the “look and feel” of Outlook on the web. The two I’m leaning towards right now are Icewarp and Kerio. I’ve installed Kerio and it’s got pretty much the features I want, but I’ve gotten a recommendation from one of our ISP vendors that we look at Icewarp as well. Just thought I’d throw this out to see what else I should be looking at. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: unhold
Thompson Twins.. Awesome 80's! _ John Bowles From: Bob Fronk [...@btrfronk.com] Sent: Wednesday, August 12, 2009 1:04 PM To: NT System Admin Issues Subject: RE: unhold Ah… 1984. -- Bob From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Wednesday, August 12, 2009 12:54 PM To: NT System Admin Issues Subject: Re: unhold (Oh oh) Hold me now (Whoa) Warm my heart Stay with me Let loving start Let loving start -- ME2 On Wed, Aug 12, 2009 at 6:47 AM, Marlin L. Borsick borsi...@coastalan.netmailto:borsi...@coastalan.net wrote: unhold ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
OT: AD/Exchange Assessments
All- I'm curious since I'm going to start doing active directory and Exchange assessments for our customers. What tools do you guys like, prefer etc when you have to go into a client site and do an assessment of their environment? Thanks, _ John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: AD/Exchange Assessments
I understand what you're saying when it comes to thinking about the goals of the engagement. What we mostly get is customers wanting us to give them a health check on their AD/Exchange systems. I should of worded it differently in my original post. So I was wondering what utilities, apps etc that everyone uses or prefer's when running health checks? Thanks again! _ John Bowles From: Brian Desmond [br...@briandesmond.com] Sent: Wednesday, August 05, 2009 10:44 AM To: NT System Admin Issues Subject: RE: AD/Exchange Assessments I have a custom tool with hundreds of rules for AD for things I check/evaluate based on best practices and also things I see at customers. It’s a list I’ve been adding to for years. I’ve also got a pretty good list of business/semi-technical questions to ask that make a lot of difference in the outcome of the report. Microsoft has tools for both products that likewise check hundreds and hundreds of things. Not an answer to your question directly, but, perhaps an idea on scope of this. I’d suggest rather than thinking tools you think first about scope and goals of the engagement. Thanks, Brian Desmond br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Wednesday, August 05, 2009 9:14 AM To: NT System Admin Issues Subject: OT: AD/Exchange Assessments All- I'm curious since I'm going to start doing active directory and Exchange assessments for our customers. What tools do you guys like, prefer etc when you have to go into a client site and do an assessment of their environment? Thanks, _ John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
WOW64
How in the world do I enable WOW64 on a WIndows 2008 SP2 server? Thanks, _ John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WOW64
And to expand on the topic. Can WOW64 only be ran on Windows 2008R2? Thank you, __ John Bowles On Jul 30, 2009, at 11:02 AM, John Bowles john.bow...@wlkmmas.orgmailto:john.bow...@wlkmmas.org wrote: How in the world do I enable WOW64 on a WIndows 2008 SP2 server? Thanks, _ John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: WOW64
Anyway I can check if it's enabled? __ John Bowles 301.473.2260 On Jul 30, 2009, at 11:15 AM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: It���s enabled out of the box��� Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, July 30, 2009 9:59 AM To: NT System Admin Issues Subject: WOW64 How in the world do I enable WOW64 on a WIndows 2008 SP2 server? Thanks, _ John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: WOW64
I'm not having any issues per say.. Just wondering if it's enabled. Installing an application that requires that to be enabled. _ John Bowles From: Troy Meyer [tme...@uoregon.edu] Sent: Thursday, July 30, 2009 11:25 AM To: NT System Admin Issues Subject: RE: WOW64 John, What is failing? Why do you think it t working? I bet you have a c:\program files (x86) folder I bet you have a c:\windows\syswow64 folder Both are culprits of WOW64 -tm From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, July 30, 2009 8:20 AM To: NT System Admin Issues Subject: Re: WOW64 Anyway I can check if it's enabled? __ John Bowles 301.473.2260 On Jul 30, 2009, at 11:15 AM, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com wrote: Is enabled out of the bo Thanks, Brian Desmond br...@briandesmond.commailto:br...@briandesmond.com c - 312.731.3132 Active Directory, 4th Ed - http://www.briandesmond.com/ad4/ Microsoft MVP - https://mvp.support.microsoft.com/profile/Brian From: John Bowles [mailto:john.bow...@wlkmmas.org] Sent: Thursday, July 30, 2009 9:59 AM To: NT System Admin Issues Subject: WOW64 How in the world do I enable WOW64 on a WIndows 2008 SP2 server? Thanks, _ John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
KB949516/Enterprise Vault 8
All- I'm trying to install the hotfix KB949516 which is a pre-req for installing Enterprise Vault 8. But everytime I run the hotfix it tells me that The update doesn't apply to your system. Has anyone every run across this before? _ John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: KB949516/Enterprise Vault 8
Answered my own question. KB949516 is already inside SP2 for Windows 2008. _ John Bowles From: John Bowles [john.bow...@wlkmmas.org] Sent: Thursday, July 30, 2009 11:49 AM To: NT System Admin Issues Subject: KB949516/Enterprise Vault 8 All- I'm trying to install the hotfix KB949516 which is a pre-req for installing Enterprise Vault 8. But everytime I run the hotfix it tells me that The update doesn't apply to your system. Has anyone every run across this before? _ John Bowles ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
