Windows DCDiag Generating – Error 0x6ba "The RPC server is unavailable."

Once you arrive to Windows 2008 with Advanced Firewall and you run DCDiag you could end up with "error 0x6ba The RPC server is unavailable."  This is the result of the remote DC not allowing RPC connections from the firewall being enabled. To remove this error and allow DCDiag to be run remotely, open up … Continue reading "Windows DCDiag Generating – Error 0x6ba "The RPC server is unavailable.""

Upgrade Certificate Server from 32 to 64 bit

In some older documents Microsoft stated that there was no support for upgrades from 32 to 64 bit: http://technet.microsoft.com/en-us/library/cc755153(WS.10).aspx This is no longer the situation and there is support to migrate 32 to 64 bit, the Active Directory Certificate Services Migration Guide covers the steps required: http://technet.microsoft.com/en-us/library/ee126170(WS.10).aspx This process went smooth and the previous tech … Continue reading "Upgrade Certificate Server from 32 to 64 bit"

Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000

With the latest o/s release Microsoft modified the default encryption method from RC4 to AES when first attempt to commenicate with a Ticket Granting Ticket Service Request.  As long as the client whether it be Windows 7 or Windows 2008, communicates with a Windows 2008 R2 Domain Controller (DC) everything is all good.  However if the client … Continue reading "Windows 7/2008 Kerberos Default Encryption and Windows 2003/2000"

RODC – Password Replication Policy and Password Cache Management

With the advent of Read Only Domain Controllers (RODC) remote offices no longer have to present a risk for your Active Directory (AD) enterprise secrets.  RODC's by default do not cache ANY user or computer passwords.  This can present a problem if there is a loss of connectivity between the remote site's RODC and a Read … Continue reading "RODC – Password Replication Policy and Password Cache Management"

Changing the Weight and Priority of a Domain Controller Within a Site

If you have multiple domain controllers (dc) within a site and you would like to have one of these dc's refered to more often or only if no other dc is available.  Selection of a dc within a site is controlled by both the weight and priority. Weight of a Domain Controller By default all dc's … Continue reading "Changing the Weight and Priority of a Domain Controller Within a Site"

AD Clients Not Authenticating to its Local Site

Ever have a Branch Office or Site that has clients that doesn't authenticate to the local dc?  Adminstrators get confused and start looking at the client to try and figure out what is wrong, when it is most likely and incorrectly configured Sites and Services subnet situation.  When a workstation first logs on (Machines log onto … Continue reading "AD Clients Not Authenticating to its Local Site"

Active Directory Cleanup – The Most Common Question I See

I am out in the Microsoft NewsGroups and quite often I see someone having trouble with their Active Directory (AD) domain.  The number one issue I see is they will lose a Domain Controller (DC) and just move on without realizing that without letting the rest of the DC’s know that this machine is not … Continue reading "Active Directory Cleanup – The Most Common Question I See"

Troubleshooting Active Directory Issues

There are a number of different issues that can create problems with Active Directory: When someone has troubles and unclear as to why I usually suggest the following: Run diagnostics against your Active Directory domain. If you don't have the support tools installed, install them from your server install disk. d:\support\tools\setup.exe Run dcdiag, netdiag and … Continue reading "Troubleshooting Active Directory Issues"