Windows Server – Secure RDP Access with Certificates
KB ID 0000944 Problem This ensures that traffic that is sent over an RDP connection to a server is protected by TLS/SSL Encryption. IT DOES NOT stop clients connecting to an RDP server if they do not have a trusted certificate. If you need that level of security, that should already be done by 802.1x. Solution Create an RDP Certificate Template 1. On the domain CA Launch the Certification Authority Management Console > Certificates...
Cisco – Automatic Re-enrollment Fails to MSCEP/NDES
KB ID 0000970 Problem I’ve covered setting up NDES at length in the past, but what happens when your issued certificates expire? If you are using them for all your VPNs what then? Well thankfully you can get your devices to automatically re-enroll and before they expire, for example to renew the cert at 80% of its lifetime you would use the following; crypto pki trustpoint PNL-TRUSTPOINT enrollment url...
Using “DCPROMO /ADV” to Promote Remote Domain Controllers
KB ID 0000106 Problem For everyone that’s ever sat in a server room/cupboard and had to wait for a server to replicate active directory from a remote site, you will appreciate just how helpful the /ADV switch is when creating a domain controller. What does it do? Well Basically it lets you build a domain controller from a backed up copy of active directory, so after a reboot the new domain controller only has to replicate the...
Adprep /forestprep fails 2003 > 2008 Domain Upgrade
KB ID 0000026 Problem While attempting to upgrage a domain to Windows 2008 (schema version 44) you get an error like this.. [Status/Consequence] Error message: Error(110) while running “”C:WINDOWSsystem32LDIFde.exe” -o Obj ectGuid -d “CN=nTFRSSubscriber-Display,CN=404,CN=DisplaySpecifiers,CN=Configurat ion,DC=DOMAIN,DC=local” -u -f “C:DOCUME~1ADMINI~1LOCALS~1TempTMP9791.tmp” -j...
Windows Server ‘Can’t Delete an OU’
KB ID 0000105 Problem Error “You do not have sufficient privileges to delete {OU Name}, or this object is protected from accidental deletion” Cause In Windows domains you have the option to prevent an OU from accidental deletion so that even a Domain/Enterprise admin cannot delete it. That’s fine until you need to delete one. Solution To delete a protected OU 1. On the the Server (with administrative privileges). 2. Start...
Locate your FSMO Role Servers
KB ID 0000221 Problem You would like to know which servers are holding which roles. To move your FSMO Servers CLICK HERE Solution FSMO Servers There are five FSMO (Flexible Single Master Operations) Roles that need to Exist in a Windows AD Forest. PDC Emulator (One per domain) RID Master (One per domain) Schema Master (One per forest) Domain Naming Master (One per forest) Infrastructure Master (One per domain) But I’ve Googled...
Ldife error: “The server side error is “Schema update is not allowed on this DC”
KB ID 0000258 Problem Seen when running an ldife command like this Error: Add error on line 1: Unwilling To Perform The server side error is “Schema update is not allowed on this DC. Either the registry key is not set or the DC is not the schema FSMO Role Owner.” 0 entries modified successfully. An error has occurred in the program Solution 1. I’m assuming you ARE on the schema master? check 2. Basically your...
Transferring Your FSMO Roles
FSMO Roles KB ID 0000240 Problem Note: This article is still valid, but this procedure can now be done simply with PowerShell. Windows Server – Locating, Transferring, and Seizing FSMO Roles If you are replacing a domain controller, or simply taking one offline for a while, you might want to transfer its FSMO roles to another Domain Controller. There are 5 FSMO roles which are, · Schema master – Forest-wide and one per forest. ·...
Event ID 1988
KB ID 0000261 Problem Event ID 1988 Active Directory Replication encountered the existence of objects in the following partition that have been deleted from the local…. in other domains in the forest are known as “lingering objects”. Domain controllers are bound by “Strict Replication” and there is an item in Active Directory that’s “hanging about” and needs deleting. Solution Option 1...
Windows Server – Disable Password Complexity
KB ID 0000324 Problem If you are unsure what password complexity is click here. Bear in mind that it’s there for valid security reason, the more complex your passwords are, the more secure your network is. However the vast majority of users can even remember where they saved their last Word document, never mind a complex password that changes every 30 days. If your data is not the sort of data that Tom Cruise would abseil down...