Active Directory-related KnowledgeBase articles for March 2012

Below are the Active Directory-related KnowledgeBase articles, released and updated in between March 1 2012 and March 31 2012:


New KnowledgeBase articles

2680976 Troubleshooting Active Directory operations that fail with error – 8204 ERROR_DS_NO_SUCH_OBJECT
As the title suggests, Error 8240 (0x2030) means ERROR_DS_NO_SUCH_OBJECT, which indicates the specific object couldn’t be found in directory. You may encounter this error during replication or when a Domain Controller tries to local global catalogs for its functionalities, such as universal group membership lookup. This error may be due to Lingering Objects, so be sure to read this article.

2675275 A logoff script is removed incorrectly when you use the GMPC to remove a logon script on a Windows Server 2008 R2-based domain controller
When you use the Group Policy Management Console (GPMC) to connect to a Domain Controller that is running Windows Server 2008 R2 to create a Group Policy Object, and then set a logon script and a logoff script, the logoff script is also removed when you remove the logon script. This issue occurs because the Scrptadm.dll (Script Adm Extension) component does not process the logon and logoff scripts separately. A hotfix is available.

2673371 “0xC0000244” Stop error occurs when the Security log reaches its maximum size in Windows Vista or in Windows Server 2008
The expected behavior is that the computer backs up the Security log when the log reaches its maximum size, and the computer does not crash, so a Hotfix is available.

2672601 Terminal Services service crashes when Group Policy settings are refreshed in Windows Server 2008
After Group Policy settings are refreshed, the Terminal Services service restarts to load new Group Policy settings. When the service restarts, the service unloads and then reloads the Winsta.dll module. However, the service does not reload the Winsta.dll module correctly. Therefore, the Terminal Services service crashes when a function in the Winsta.dll module is called.  A hotfix is available.

2682075 Configuring Remote Assistance to work across forests
Remote Assistance is a nice feature for helpdesk personnel, but in a multi-forest environment you might encounter access violation errors. This article describes how to configure group memberships and user rights assignments in this situation.


Updated KnowledgeBase articles

2619082 Active Directory Certificate Services service in Windows Server 2008 R2 cannot handle cross-forest certificate enrollment requests from a Windows Developer Preview-based computer

243330 Well-known security identifiers in Windows operating systems

889250 How to decommission a Windows enterprise certification authority and how to remove all related objects from Windows Server 2003 and from Windows Server 2000

291010 Requirements for Domain Controller Certificates from a Third-Party CA

2688798 How to do performance tuning for NTLM authentication by using the MaxConcurrentApi setting

2653810 Security group filter in Group Policy Preferences does not remove a user from a group in Windows Server 2008 or in Windows Server 2008 R2

2633205 Auto-enrollment process for computer certificates fails on a client computer that is running Windows 7 or Windows Server 2008 R2

922574 The Microsoft Extensible Authentication Protocol-Message Digest 5 (EAP-MD5) implementation is being deprecated from versions of Windows

179442 How to configure a firewall for domains and trusts

leave your comment