Once you arrive to Windows 2008 with Advanced Firewall and you run DCDiag you could end up with "error 0x6ba The RPC server is unavailable." This is the result of the remote DC not allowing RPC connections from the firewall being enabled. To remove this error and allow DCDiag to be run remotely, open up … Continue reading "Windows DCDiag Generating – Error 0x6ba "The RPC server is unavailable.""
In some older documents Microsoft stated that there was no support for upgrades from 32 to 64 bit: http://technet.microsoft.com/en-us/library/cc755153(WS.10).aspx This is no longer the situation and there is support to migrate 32 to 64 bit, the Active Directory Certificate Services Migration Guide covers the steps required: http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspx This process went smooth and the previous tech … Continue reading "Upgrade Certificate Server from 32 to 64 bit"
With the latest o/s release Microsoft modified the default encryption method from RC4 to AES when first attempt to commenicate with a Ticket Granting Ticket Service Request. As long as the client whether it be Windows 7 or Windows 2008, communicates with a Windows 2008 R2 Domain Controller (DC) everything is all good. However if the client … Continue reading "Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000"
After recently bringing up a RODC in my default site, all my 2003 RWDC's in all my sites flipped to a single process which is not a good thing for DC's. I can't be absolutely certain this was the cause but the errors occured on the same day of the RODC promotion. The erorr in … Continue reading "Invalid service type: RpcSs when running DCDIAG"
With the advent of Read Only Domain Controllers (RODC) remote offices no longer have to present a risk for your Active Directory (AD) enterprise secrets. RODC's by default do not cache ANY user or computer passwords. This can present a problem if there is a loss of connectivity between the remote site's RODC and a Read … Continue reading "RODC – Password Replication Policy and Password Cache Management"
If you have multiple domain controllers (dc) within a site and you would like to have one of these dc's refered to more often or only if no other dc is available. Selection of a dc within a site is controlled by both the weight and priority. Weight of a Domain Controller By default all dc's … Continue reading "Changing the Weight and Priority of a Domain Controller Within a Site"
Want to move the time service to the new PDCe? This is something that is required if you have just moved the PDCe to a new Domain Controller. First you need to reset the old PDCe time service, so that it is part of the domain heirarchy (Or you just want to reset a client back … Continue reading "Moving the NTP service to a new PDCe"
Ever have a Branch Office or Site that has clients that doesn't authenticate to the local dc? Adminstrators get confused and start looking at the client to try and figure out what is wrong, when it is most likely and incorrectly configured Sites and Services subnet situation. When a workstation first logs on (Machines log onto … Continue reading "AD Clients Not Authenticating to its Local Site"
I am out in the Microsoft NewsGroups and quite often I see someone having trouble with their Active Directory (AD) domain. The number one issue I see is they will lose a Domain Controller (DC) and just move on without realizing that without letting the rest of the DC’s know that this machine is not … Continue reading "Active Directory Cleanup – The Most Common Question I See"
There are a number of different issues that can create problems with Active Directory: When someone has troubles and unclear as to why I usually suggest the following: Run diagnostics against your Active Directory domain. If you don't have the support tools installed, install them from your server install disk. d:\support\tools\setup.exe Run dcdiag, netdiag and … Continue reading "Troubleshooting Active Directory Issues"