|
Bishyaler posted:I thought I might ask you guys this to get pointed in the right direction: I'm taking over work for a small business (17 users) because the last guy disappeared/quit. From what I've gathered he's migrated them from Windows 2k3 to 2008 to 2012 over the course of one year. At some point the last guy migrated everyone's email to Office365. There is one physical server running Server 2012, and two shutdown Hyper-V VMs running Server 2008 named "Email" and "Server2008". I get called because trust relationship issues are randomly popping up all over the network. I've read about this issue before but I've never experienced it. Can anyone share their experience or recommend some things I should check, besides the clock/NTP on the DC? It sounds like a more complicated problem than this, but there is a little-known hotfix for Win7 clients, adressing a specific AD trust bug. http://support.microsoft.com/en-us/kb/2914474/en-us
|
#
?
Mar 30, 2015 03:35
|
|
|
|
| # ? Jun 8, 2024 08:23 |
|
|
Trust issues can happen if there is a firewall between the DC and client. In such a small environment this is not probably the case though. Have you tried unbinding and re-binding the problematic workstations? When you unbind, does the object still exist in ADUC?
|
|
#
?
Mar 30, 2015 04:25
|
|
|
What kind of VPN do I need so that remote workstations (7 and 8.1) can connect before user login, so that 1) credentials can be verified by DC and 2) network drives can be mapped. It can be balls slow for all I care, I just need a drive mapped.
|
|
#
?
Mar 30, 2015 07:43
|
|
|
Windows' VPN can be logged in to at the login screen and will process login scripts when you do, but the option to do so doesn't show up until a VPN connection exists AND is flagged as available to all users. Uses PPTP, SSTP, or IPsec. DirectAccess also does this and can work off of the above along with SSL VPN, though you probably want the DA server to handle VPN for DA enabled clients.
|
|
#
?
Mar 30, 2015 11:17
|
|
|
Roger that. DA was my first choice here but we're not running enterprise.
|
|
#
?
Mar 30, 2015 12:48
|
|
|
mayodreams posted:Trust issues can happen if there is a firewall between the DC and client. In such a small environment this is not probably the case though. Have you tried unbinding and re-binding the problematic workstations? When you unbind, does the object still exist in ADUC? No firewalls in place. I have been disjoining the most problematic device from the domain, deleting the computer object, then rejoining (under the same and different names). I got clued in to this powershell command which I have not had a chance to test yet: Test-ComputerSecureChannel –Server *dc name* -Repair -Verbose. I'd also like to try the hotfix Demie suggested.
|
|
#
?
Mar 30, 2015 19:01
|
|
|
Has anyone here worked with System Center 2012 R2 Data Protection Manager? I'm about to start a new job and the manager wants me to take on the task of fixing their old System Center guy's "sloppy" implementation. Are there any good resources out there for learning it? I've already downloaded the evaluation version to add to my lab at home. And before anyone asks, yes I did tell him beforehand that I've never worked with DPM.
|
|
#
?
Mar 30, 2015 19:14
|
|
|
Bishyaler posted:No firewalls in place. I have been disjoining the most problematic device from the domain, deleting the computer object, then rejoining (under the same and different names). I got clued in to this powershell command which I have not had a chance to test yet: Test-ComputerSecureChannel –Server *dc name* -Repair -Verbose. I'd also like to try the hotfix Demie suggested. Also check your DNS on both the domain controllers and workstations. Have you tried dcdiag yet? code:
|
|
#
?
Mar 30, 2015 19:17
|
|
|
Sacred Cow posted:Has anyone here worked with System Center 2012 R2 Data Protection Manager? I'm about to start a new job and the manager wants me to take on the task of fixing their old System Center guy's "sloppy" implementation. Are there any good resources out there for learning it? I've already downloaded the evaluation version to add to my lab at home. It's actually a pretty simple program to use, at least I found it so. Generally googling what you want to do will work, it's quite intuitive.
|
|
#
?
Mar 31, 2015 00:00
|
|
|
Sacred Cow posted:Has anyone here worked with System Center 2012 R2 Data Protection Manager? I'm about to start a new job and the manager wants me to take on the task of fixing their old System Center guy's "sloppy" implementation. Are there any good resources out there for learning it? I've already downloaded the evaluation version to add to my lab at home. I've used it all the way back to 2006 as orange sky says it's very strait forward. If you've never used the product and don't like/want to fiddle with anything to try it out. Steve Buchanan's 2012 SP1 book is a good generalist overview of the product, there aren't a ton of UI changes in R2 just some stuff under the hood. http://www.amazon.com/Microsoft-System-Center-Protection-Manager/dp/1849686300
|
|
#
?
Mar 31, 2015 00:13
|
|
|
What's a good sharepoint migration tool that costs under $500? I want it to move files into to libraries.
|
|
#
?
Mar 31, 2015 03:36
|
|
|
NevergirlsOFFICIAL posted:What's a good sharepoint migration tool that costs under $500? I want it to move files into to libraries. What are you trying to migrate? You might not even need a tool just some fancy scripts.
|
|
#
?
Mar 31, 2015 03:40
|
|
|
Tab8715 posted:What are you trying to migrate? You might not even need a tool just some fancy scripts. fancy scripts is fine. I have a few folders that need to be moved into a library and a few other folders that need to be moved into another library. from vanilla ntfs share, to sharepoint online. I was going to use robocopy and then redo the permissions by hand.
|
|
#
?
Mar 31, 2015 03:51
|
|
|
mayodreams posted:Also check your DNS on both the domain controllers and workstations. Have you tried dcdiag yet? I think I found the start of the problem after reviewing the output of dcdiag. The 2008 DC had the DNS server role removed. What the hell was he doing? What else is broken? Sometimes I wish burning it to the ground and starting over was a realistic option. Bishyaler fucked around with this message at 05:52 on Mar 31, 2015 |
|
#
?
Mar 31, 2015 05:34
|
|
|
orange sky posted:It's actually a pretty simple program to use, at least I found it so. Generally googling what you want to do will work, it's quite intuitive. Nebulis01 posted:I've used it all the way back to 2006 as orange sky says it's very strait forward. If you've never used the product and don't like/want to fiddle with anything to try it out. Steve Buchanan's 2012 SP1 book is a good generalist overview of the product, there aren't a ton of UI changes in R2 just some stuff under the hood. Thanks  As long as this thing has some good logs to poke around at I'm sure I'll be able to Google my way through their issues.
|
|
#
?
Mar 31, 2015 14:35
|
|
|
NevergirlsOFFICIAL posted:fancy scripts is fine. I have a few folders that need to be moved into a library and a few other folders that need to be moved into another library. from vanilla ntfs share, to sharepoint online. I was going to use robocopy and then redo the permissions by hand. also what can I do to speed up robocopy to sharepoint online? I'm mapping a drive then doing robocopy. It's hella dragging.
|
|
#
?
Mar 31, 2015 15:44
|
|
|
Bishyaler posted:I think I found the start of the problem after reviewing the output of dcdiag. The 2008 DC had the DNS server role removed. What the hell was he doing? What else is broken? Sometimes I wish burning it to the ground and starting over was a realistic option. Jesus. Do you have any other DNS servers? Temp fix, update your DHCP to the new servers, turn on DNS again and give it a day or two to propagate.
|
|
#
?
Mar 31, 2015 15:44
|
|
|
Does anyone have a recommendation for an office scanner that will cause me the least amount of trouble? I would like one that can scan multiple pages and send it through email as a .pdf attachment. If it can also fax that would be nice. It's a small office so it won't be used too often.
|
|
#
?
Mar 31, 2015 18:50
|
|
|
I spent four hours today trying to get PHP 5.6.0 running on IIS 8 / Win2012r2. I'm sitting here troubleshooting FastCGI, different .NET frameworks, etc. Total exercise in frustration -- though I did learn quite a few some nuances on the side. I finally come across a guy who points out PHP on Windows is still 32 bit. OOooooooooh. Five minutes after installing a .NET x86 stack, everything is working. Grrrrrr. Web Platform Installer couldn't install the necessary 32bit .NET stack itself?
|
|
#
?
Mar 31, 2015 19:21
|
|
|
THF13 posted:Does anyone have a recommendation for an office scanner that will cause me the least amount of trouble? I would like one that can scan multiple pages and send it through email as a .pdf attachment. If it can also fax that would be nice. this one is ok http://www.fujitsu.com/us/products/computing/peripheral/scanners/scansnap/ix500/index.html
|
|
#
?
Mar 31, 2015 19:41
|
|
|
NevergirlsOFFICIAL posted:this one is ok http://www.fujitsu.com/us/products/computing/peripheral/scanners/scansnap/ix500/index.html agreed with that. I have some of the higher end scanners from fujitsu, they are pretty solid.
|
|
#
?
Mar 31, 2015 19:49
|
|
|
NevergirlsOFFICIAL posted:this one is ok http://www.fujitsu.com/us/products/computing/peripheral/scanners/scansnap/ix500/index.html
|
|
#
?
Mar 31, 2015 20:22
|
|
|
nexxai posted:Seconding this. ScanSnaps are the end-all-be-all of desktop scanners. They're super fast, include full versions of Adobe Acrobat, and are insanely simple to use. Load your documents, press button, done. They don't fax, but gently caress fax. Heh. My company sells ScanSnaps but usually only $250k worth a time. Fujitsu knows what they're doing when it comes to these little things even the software side of things.
|
|
#
?
Mar 31, 2015 20:32
|
|
|
Having worked with multiple scanners and MFPs the Fujitsus are the only ones still trucking under their high workload. So long as regular maintenance is followed they never have an issue. I'm sure their price makes for a vexed financial department though.
|
|
#
?
Mar 31, 2015 21:16
|
|
|
Thanks, the fujitsu looks great.
|
|
#
?
Mar 31, 2015 22:09
|
|
|
So our Group Policy Objects no longer save changes, like the permissions are all fine and there are no errors you just change something and it just reverts back it's crazy. I can even make new ones just fine just never change the old ones Google has been low on anything seems like a rare situation.
|
|
#
?
Apr 1, 2015 01:45
|
|
|
Permissions on sysvol screwed up? Compare the security rights on an old GPO and a new GPO and see if something got removed. And do a dcdiag, replication might be screwed up too.
|
|
#
?
Apr 1, 2015 02:43
|
|
|
socialsecurity posted:So our Group Policy Objects no longer save changes, like the permissions are all fine and there are no errors you just change something and it just reverts back it's crazy. I can even make new ones just fine just never change the old ones Google has been low on anything seems like a rare situation. I know nothing but is there some bad replication going on?
|
|
#
?
Apr 1, 2015 02:44
|
|
|
hihifellow posted:Permissions on sysvol screwed up? Compare the security rights on an old GPO and a new GPO and see if something got removed. DCdiag says replications fine and the security is identical for every single user on everything in sysvol it is maddening.
|
|
#
?
Apr 1, 2015 03:39
|
|
|
m.hache posted:Jesus. Do you have any other DNS servers? Got them operational again. Thanks for all the help guys.
|
|
#
?
Apr 1, 2015 15:20
|
|
|
I want to set up a 2012R2 DC for a new location, however I'm waiting for the networking to be finished. If I set up this DC at my current location temporarily, is it going to be an absolute nightmare to relocate it later? I'll need to re-IP it obviously, and I'll need to drag things around in AD Sites and Services I'm sure, but are there any caveats I need to know about?
|
|
#
?
Apr 1, 2015 18:51
|
|
|
Martytoof posted:I want to set up a 2012R2 DC for a new location, however I'm waiting for the networking to be finished. Is there any reason why you need to set it up ahead of time? I would recommend getting the machine operational but don't promote it until it's in place. The actual promotion of the system takes a few minutes.
|
|
#
?
Apr 1, 2015 18:54
|
|
|
Definitely do that. Get the system running, patched, hardened, etc, but leave the dcpromo part until last minute.
|
|
#
?
Apr 1, 2015 19:01
|
|
|
Martytoof posted:I want to set up a 2012R2 DC for a new location, however I'm waiting for the networking to be finished. It's fine to set it up and then move it. I guess you'd want to do that if you're replicating a lot of stuff or you have little bandwidth in the remote office.
|
|
#
?
Apr 1, 2015 19:02
|
|
|
You can re-ip a DC just fine, I did it last night to swap a 2003dc for a newer one so I wouldn't have to update static DNS entries on other servers. Just make sure you ipconfig /registerdns and dcdiag /fix.
|
|
#
?
Apr 1, 2015 19:04
|
|
|
NevergirlsOFFICIAL posted:It's fine to set it up and then move it. I guess you'd want to do that if you're replicating a lot of stuff or you have little bandwidth in the remote office. When we deploy remote DC's with limited bandwidth we configure the server ahead of time with an IFM file for the initial dcpromo that way it only has to sync the deltas. We have some locations with very limited bandwidth, and our AD is fairly large.
|
|
#
?
Apr 1, 2015 19:17
|
|
|
devmd01 posted:You can re-ip a DC just fine, I did it last night to swap a 2003dc for a newer one so I wouldn't have to update static DNS entries on other servers. Just make sure you ipconfig /registerdns and dcdiag /fix. There can definitely be issues re-IPing an existing DC, just to make things smoother and easier I would recommend re-IPing before he/she runs dcpromo, or demote to change then re-promote.
|
|
#
?
Apr 1, 2015 19:21
|
|
|
For the experienced Windows Admins how'd did you guys learn it all?
|
|
#
?
Apr 1, 2015 19:21
|
|
|
Yeah to be honest I don't NEED to do it now, I'd just rather do it because I've got a huge case of "I'm bored and I have nothing to do". At the same time I don't really want to do it twice so if I can re-IP the DC later then it's a win/win. But yeah actually it does just take a dozen minutes to dcpromo it so I'm not even sure why I'm complaining. I'll just prep the machine and promo it later. Thanks for the advice either way guys. some kinda jackal fucked around with this message at 19:34 on Apr 1, 2015 |
|
#
?
Apr 1, 2015 19:32
|
|
|
|
| # ? Jun 8, 2024 08:23 |
|
|
Tab8715 posted:For the experienced Windows Admins how'd did you guys learn it all? Real life applications (seeing environments and how they're set up and not set up well) Labs, trial & error in those labs, books, whitepapers, labs, a few conferences, certifications. In that order.
|
|
#
?
Apr 1, 2015 19:35
|
|
