Pisicoada

vineri, 8 ianuarie 2016

Seizing FSMO Roles

In case of disaster or DC failure how can I transfer (seize) FSMO Roles from one DC to another?

The five FSMO roles are:

Schema master – Forest-wide and one per forest.

Domain naming master – Forest-wide and one per forest.

RID master – Domain-specific and one for each domain.

PDC – PDC Emulator is domain-specific and one for each domain.

Infrastructure master – Domain-specific and one for each domain.

If a DC become unreliable, try to get it back online and transfer the FSMO roles to a reliable DC. If is not possible seize FSMO role if original holder is not connected to network. After seize a FSMO role never connect original server to network.

What will happen if you do not preform seize in time? Well…depends:

FSMO Role: Schema Master – you will not be able to extend schema. Usually in short term nobody will notice a missing of Schema Master.

FSMO Role: Domain Naming – if you do not need to add or remove a DC, you will not miss this role

FSMO Role: RID – is possible to have on existing DC enough unused RIDs to last sometime, unless you are create many objects in AD (users, computers)

FSMO Role: PDC Emulator – you will miss this role very soon. There will be no time synchronization in the domain, you will have problem to change or troubleshoot group policies and password changes.

FSMO Role: Infrastructure – if you have multiple domains group membership may be incomplete.

Moving roles using Ntdsutil:

(using Ntdsutil utility incorrectly can damage your AD)

1. On any domain controller, run command prompt as admin and start Ntdsutil

2. Type: roles and press ENTER

3. Type connections, and press ENTER

4. Type connect to server <servername>, where <servername> is the name of domain controller you want to use, and press ENTER

5. Type q and press ENTER

6. Type seize <role>, where <role> is the role you want to seize. For example seize PDC

Options for roles are:

- Seize domain naming master (if you are using windows server 208 and 2012 use seize naming master otherwise you will get an error message)

- Seize infrastructure master

- Seize PDC

- Seize RID master

- Seize Schema master

During seizure of the relative ID (RID) operations master role, the current role holder attempts to synchronize with its replication partners. If it cannot establish a connection with a replication partner during the seizure operation, it displays a warning and asks for confirmation that you want the seizure of the role to proceed. Click Yes to proceed.

joi, 7 ianuarie 2016

Winter

miercuri, 20 mai 2015

System Center Configuration Manager 2012 R2 SP1 install problem

When i try to install SP1 for System Center Configuration Manager 2012 R2 i get the error : "The network path was not found."
To solve this error enable and start the Remote Registry service.

luni, 24 martie 2014

Microsoft System Center DPM 2012 R2 - Exchange 2013 Backup Error

We recently upgraded our Exchange to 2013. The DPM agent installed perfectly on the Exchange server, but the backups on the DPM server running Windows Server 2012 reported constant failures.
The backup fail, with this error :

Type: Consistency check
Status: Failed
Description: Data consistency verification check failed for LOGS of Exchange Mailbox Database Mailbox Database 11111 on Mail.domain.local. (ID 30146 Details: Unknown error (0xc0000135) (0xC0000135))

The fix is to install Visual C++ Redistributable for Visual Studio 2012 Update 4 x64 from here:
http://www.microsoft.com/en-us/download/details.aspx?id=30679

vineri, 21 martie 2014

Exchange 2013 SP1 anti-malware updates not working

On a fresh install of Exchange 2013 SP1 anti-malware updates are not working. In event viewer we get following error:

Log Name: Application

Source: Microsoft-Filtering-FIPFS

Date: 3/21/2014 9:16:06 PM

Event ID: 6027

Task Category: None

Level: Error

Keywords:

User: NETWORK SERVICE

Computer: Mail.domain.local

Description:

MS Filtering Engine Update process was unsuccessful in contacting the Primary Update Path. Update Path: http://forefrontdl.microsoft.com/server/scanengineupdate

Event Xml:

<Channel>Application</Channel>

<Computer>Mail.domeniu.local</Computer>

</System>

<Data Name="UpdatePath">http://forefrontdl.microsoft.com/server/scanengineupdate</Data>

</EventData>

</Event>

I have checked also on a similar test environment and I get same error.

Solution to solve this issue is to give to "Network Service" account to have full control, or at least "write" access on \Program Files\Microsoft\Exchange Server\V15\FIP-FS\Data\Engines\amd64\Microsoft\bin .

After this change updates are working properly.

vineri, 6 decembrie 2013

Hyper-V cannot connect to the specified Replica server

Today on a Hyper-V server when I tried to enable replication for a virtual machine and I get following error:

"Hyper-V cannot connect to the specified Replica server 'xxxxxx'. Error: A connection with the server could not be established (0x00002EFD). Verify that the specified server is enabled as a Replica server, allows inbound connection on port '80', and supports the same authentication scheme."

All settings on Hyper-V server are in place and this settings are working perfectly on other identical servers.

So....what cause the problem?...well... the problem was caused by global proxy server defined on configuration. I have deleted the global proxy configuration using "netsh winhttp reset proxy" and problem was fixed.

marți, 26 noiembrie 2013

System Center Virtual Machine Manager - User Role Permissions

In System Center Virtual Machine Manager when create a User Role there is a propriety in permission settings called “Local Administrator” and description is 'Grants local administrator rights on virtual machines.

This description is a little ambiguous and my first thought was that option will add user to Local Administrator Account Group on guest machine. But…. This is not true.
This option "Local Administrator" allow self-service user to change the password for Administrator account on deployment from template. If this option is not enabled self-service user cannot change password for administrator account on deployment from template.