If you open the DNS Management console on a server running an older OS than 2008 R2, then attempt to connect to a 2008 R2DNS Server you will see this error.
You will also see this error on a 2012 Server, whilst attempting to add another DNS Server
Error: Dnsmgmt
Cannot Contact the DNS Server
The specified DNS server cannot be contacted. Some possible reasons include; the DNS server may not be running, there may be network problems, or the computer associated with the specified name or IP address could not be found.
To retry connection, either press F5. or on the Action menu, click refresh.
For more information about troubleshooting a DNS server, see help.
Why this happens
This is normal, 2008 R2 introduced a more secure DNS Management authentication system to prevent “Man in the middle DNS attacks” that had been exploited in earlier versions of Windows.
Solution
The correct way to approach this problem is to accept it, your 2008 R2 Servers are more secure, if you need to manage them do so from the DNS management console on the 2008 R2 server itself. Or install the RSAT tools on a client machine.
You can also change the way it works so you can see and manage it from an older version of Windows. (Note: Be advised Microsoft recommend you do not do this, they turned this on for a reason).
1. Launch a command window (Right click and select run as administrator, or select the cmd icon and press CTRL+SHIFT+ENTER).
2. Execute the following four commands.
[box]dnscmd.exe /Config /RpcProtocol 7
dnscmd.exe /Config /RpcAuthLevel 0
net stop “DNS Server”
net start “DNS Server”[/box]
Note: If you see an Access Denied error, you are probably NOT running the command window as an administrator.
3. You should now be able to connect to and manage the 2008 R2 DNS Server from an older Windows OSDNS Management console.
This is seen on Windows 7 Clients, when logged onto a domain, after unlocking the machine. If you inspect the Event Log you will see Event ID 1015
“A critical system process, C:Windowssystem32lsass.exe, failed with status code 255. The machine must now be restarted.”
Solution
I put up with this for a while, and did a lot of Internet searching, some people suggested power settings and a host of other stuff, nothing worked, The final solution was found on “Technet”, it involves changing the authentication method to the domain, and needs a registry change.
1. Start > In the Start Search box type type regedit > {enter}
2. Navigate to HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsaKerberosParameters
3. Create a New DWORD entry called DefaultEncryptionType
4. Set its value to (decimal) 23 or (Hexadecimal) 0x17
5. Reboot the machine.
Or If you are feeling lazy just download this, extract and run it, then click “Yes” to add it to the registry, and reboot.
Related Articles, References, Credits, or External Links
Whenever I build a new machine, one of the first things I do, is open Regedit > Go to HKEY_CLASSES_ROOT > lnkfile and remove the “IsShortcut” Value, and voila! the annoying shortcut arrows are gone.
DONT DO THAT!
If you do, you will notice that you can no longer add shortcuts to the “Windows Explorer Favorites” (well you can but you can’t see them), also it disables (Grays Out) the Expand option for Favorites. It took me ages to find out that my registry hacking had caused the problem. so I put the registry key back again (restore it with this).
I even tried to use FxVisor to remove the shortcut arrows, and that didn’t work either.
3. Navigate to C:Icons and run the RemoveArrow.reg file.
4. Accept the Warning.
5. Click OK.
6. Reboot – Arrows are gone.
Update 08/03/12 (Received Email form Steve Stroud)
Hi Pete,
Tried your method to remove the Shortcut Arrow from the desktop icons in Windows 8, using RemoveArrow.reg but how have a blank white document image on top of each icon, which look worse an the arrow! How do I change them Back. Looking forward to your reply. Regards Steve.
– Well I dont’t want to be the guy who breaks stuff! So I tested the procedure again an a fresh Windows 8 Box.
And it still worked fine, (that’s not helping Steve though), so to revert back simply run the following command (thats one line if it wraps), and reboot;
This morning my boss asked me “Why every time I open Internet Explorer does it ask me this?”
To which I replied, “I use Chrome so I don’t know, But I’ll find out.”
Solution
A brief internet search returned, just set the “Ask me later to a nice long time”. But that’s still not disabling it. If truth be known its a good thing, i.e. is trying to be helpful and improve your browsing experience. But if you want to kill it all together heres how.
On a single machine
1. When you installed/Updated to IE9 it added some new policy templates, the one controlling IE9 is called inetres.admx
2. That means we can control what IE9 does with a policy, Click Start and in the search/run box type gpedit.msc {enter}. The group Policy Management Window will appear.
3. Navigate to:
[box] Computer Configuration > Administrative Templates > Windows Components > Internet Explorer [/box]
Locate “Disable add-on performance notifications” and open it.
4. Enable the policy > Apply > OK > Exit the Policy Editor.
In a Windows Domain Environment
Note: On older domains (Server 2003 for example) you will need to download and import the administrative templates to manage these settings via group policy, you can download the template from Microsoft.
1. On your domain controller , Start > Administrative Tools > Group Policy Management Console > Either create a new policy and link it to your targeted COMPUTERS or edit an existing one, then navigate to:
[box] Computer Configuration > Policies > Administrative Templates > Windows Components > Internet Explorer [/box]
Locate the setting “Disable add-on performance notifications” and open it.
2. Enable the policy > Apply > OK > Exit the Policy Editor.
3. Then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.
Remove “Speed up browsing by disabling add-ons” via Registry
I got an mailed a question this weekend;
I too want to get rid of the IE9 – Stop “Speed up browsing by disabling add-ons” dialog but only having Vista Home Premium, your solution (using gpedit.msc) is not available. Also, I cannot add a Local Users and Groups snap-in to the Microsoft management Console.
How can I get rid of this bloody annoying feature in IE9?
Kind regards
Brian
Answer
1. No Problem, essentially the group policy editor is just changing registry entries anyway, on your machine Start > In the Search/Run box type > Regedit {enter}
2. Navigate to;
[box] HKEY_LOCAL_MACHINE>SOFTWARE > Microsoft > Windows > CurrentVersion > Policies [/box]
3. Create a NEW KEY called Ext > Within that key create a new DWORD (32 bit) value called DisableAddonLoadTimePerformanceNotifications and set its value to 1.
4. If your machine is 32 bit then you have finished.