Active Directory-related KnowledgeBase articles for February 2012

Reading Time: 3 minutes

knowledgebaseLast month, the Active Directory Documentation Team really made an effort to bring together a library of troubleshooting-oriented KnowledgeBase articles. This month, this work is continued with two more updated guidance-oriented KnowledgeBase articles to troubleshoot Active Directory issues. Also this month, a few new Active Directory-related KnowledgeBase articles were published with hotfixes for issues in Active Directory Domain Services and Active Directory Certificate Services.

Here’s the overview:

New Guidance-oriented KnowledgeBase articles

2671810 Troubleshoot Directory Services issues in Windows 7 and in Windows Server 2008 R2
This KnowledgeBase article introduces the Directory Services troubleshooter in the Microsoft Fix IT Center Pro portal. This is a valuable resource to troubleshoot common Active Directory problems.


New Hotfixes

2655960 DNS server stops responding to DNS queries from client computers in in Windows Server 2003, in Windows Server 2008 or in Windows Server 2008 R2
The DNS Server service on a DNS server that is running Windows Server 2003, Windows Server 2008 or Windows Server 2008 R2 intermittently does not respond to DNS queries from client computers. When this issue occurs, the DNS server stops responding. This issue occurs because the DNS Server service enters an infinite loop when the DNS Server service generates a DNS response. The infinite loop occurs if the DNS Server service encounters an offset that points to the previous location that the DNS Server service was checking. A hotfix is available.

2632816 A Windows Server 2008 R2-based or Windows Server 2008-based DHCP server cannot lease IP addresses if the server cannot reach any RWDCs in an Active Directory domain environment
In an environment with both RoDCs and RWDCs, a Windows Server 2008 R2-based or Windows Server 2008-based authorized DHCP Server may stop handing out IP addresses when the network connections are broken between the DHCP server and all RWDCs. A hotfix is available.

2633200 NDES does not submit certificate requests after the enterprise CA is restarted in Windows Server 2008 R2
On a Windows Server 2008 R2-based domain-joined enterprise Certificate Authority (CA) with the Network Device Enrollment Service (NDES) an issue occurs after a restart, because the port that the CertRequest interface uses is changed. Therefore, the NDES role service cannot connect to the enterprise CA. A symptom is a SCEP request fails, and network devices cannot enroll or renew certificates. A hotfix is available.

2633205 Auto-enrollment process for computer certificates fails on a client computer that is running Windows 7 or Windows Server 2008 R2
Because of an error in Cryptography Next Generation (CNG), v3 certificates from a Windows Server 2008 R2-based Certificate Authority in a Windows Server 2008 R2-based Active Directory, that require CNG, fail when you enable the Force strong key protection for user keys stored on the computer policy for a Group Policy Object (GPO). A hotfix is available.

2659158 You cannot log on to a domain that uses a disjoint namespace in Windows 7 SP1 or in Windows Server 2008 R2 SP1
In an environment with a disjoint namespace in a domain and a primary Domain Name System (DNS) suffix with the disjoint namespace, the netdom join command errors, when you try to connect a computer that is running Windows 7 Service Pack 1 (SP1) or Windows Server 2008 R2 SP1 to the domain. You cannot use your domain account to log on to the domain, because the attribute of the dnsHostName value is not set correctly during the client deployment in the disjoint namespace environment. A hotfix is available.


Updated Guidance-oriented KnowledgeBase articles

Troubleshooting DNS Event ID 4013: The DNS server was unable to load AD integrated DNS zones

Troubleshooting Active Directory operations that fail with error 8452: "The naming context is in the process of being removed or is not replicated from the specified server."


Updated KnowledgeBase articles

Deploying the 1st Windows Server 2008 R2 DC in an existing forest may temporarily halt AD replication to strict mode destination DCs for up to 12 hours

You cannot install Active Directory on an iSCSI boot computer that is running Windows Server 2008 R2

"error -1101" when you use the Ntdsutil.exe utility to check an AD DS database's integrity in Windows Server 2008 R2 or in Windows Server 2008

Item-level targeting object picker dialog box shows only the domain in which the Gpmc.msc is started in Windows Server 2008 R2, in Windows 7, in Windows Vista or in Windows Server 2008

You are prompted for credentials when you access a resource in a Windows Server 2008 SP2-based or Windows Server 2008 R2 SP1-based domain if you use a smart card

Updates to Restricted Groups ("Member of") behavior of user-defined local groups

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.