Server 2012 – ‘The Active Directory Services Installation Wizard is relocated in Server Manager’

KB ID 0000714 

Problem

I’ve already written about promoting or adding a Windows Server 2012 Domain Controller;

Add a Server 2012 Domain Controller to a 2008 Domain

But if you attempt to run ‘dcpromo’ from command line, you will see this error, and a link to a Technet article. (Perhaps a clickable link to a picture showing where dcpromo now lives would be better!)

Solution

Note: I’m assuming you have already added the Active Directory Domain Services Role? If not do that first.

1. From Server Manager (ServerManager.exe) > AD DS > There should be a warning triangle at the top of the window > Select it > ‘Promote this server to a domain controller’

Related Articles, References, Credits, or External Links

NA

Server 2012 – Windows Update Error ‘8024402C’

KB ID 0000715 

Problem

I saw this on a freshly built Server 2012 (Datacenter) server this morning.

Solution

First discount the obvious, make sure this server has internet access and is not going out via a proxy server, (unless you have configured the proxy properly for Windows Updates).

In my case the fix was simple, I’m assuming that because it was a new server, it was waiting on a reboot to do something with the Windows Update Service. I say this because after I rebooted it. (Press Windows Key+I).

The server was more than happy to start pulling down updates.

Related Articles, References, Credits, or External Links

NA

Windows Server – Where Has Disk Management Gone?

KB ID 0000724 

Problem

Much as I like Server 2012, I’m stuck in my ways when it comes to admin tasks, when I want to do some disk management, I right click computer and select manage, and disk management is never far away. Until now where it’s nowhere to be seen.

Solution

Option 1 (The Tech Ninja Way)

Press Windows Key+R and Run diskmgmt.msc

Option 2 (The Lazy GUI Way)

Open the advanced context menu (Windows Key+X), select Disk Management.

Option 3 (The ‘I’m only including this to stop the pedants sending it in’ way)

Press Windows Key+Q > In the search section type ‘disk manage’ > Select Settings > Select and format disk partitions.

Update 06/12/12

Email from Nick Keyzer

You can also move your mouse cursor to the bottom left corner of your screen. This will trigger the ‘start’ menu icon. Simply Right-Click the bottom left corner for additional management menus including ‘Disk Management’.

Related Articles, References, Credits, or External Links

NA

Window Server – Configuring NIC Teaming

KB ID 0000786 

Problem

One great new feature of Server is bult in network ‘Teaming’. To do this normally takes some third party software, either form the server vendor (HP Teaming) or from the NIC manufacturer.

It utilises a new Windows feature called LBFO, this lets you both aggregate links, and have links available in the event of failover.

Note: NIC Teaming only supports up to 32 network cards.

Solution

1. Launch Server manager > All Servers > Select the server you ant to create a team on > Right Click > Configure NIC Teaming.

2. Select the NICs you want to add to the team > Right Click > Add to New Team.

3. Give the Team a name > OK.

Note: By default ‘Switch independent’ will be selected, this is probably what you want (see below) > OK.

Windows Server 2012 NIC Teaming Modes

Static Teaming: Requires configuration on the switch, which must be configured for IEEE 803.3ad (draft v1).

Switch Independent: Generally requires no switch configuration and can be connected to multiple switches.

LACP: Requires configuration on the switch, which must be configured for IEEE 802.1ax, and support LACP. Note: On a Cisco Catalyst this would be a port-channel, on an HP Networking switch this would be called an LACP trunk.

4. Now if you look under ‘Network Connections’ you will see a new one with the name you created.

5. Configure this new Teamed NIC, and simply treat it as a single network card.

Configure Teaming via PowerShell

To do the same as we did above use the following command;

[box]

New-NetLbfoTeam -Name TEAM -TeamMembers NIC1,NIC2,NIC3,NIC4 -TeamingMode SwitchIndependent

[/box]

Related Articles, References, Credits, or External Links

NA

Windows – Remote Desktop Error ‘An authentication error has occurred. The Local Security Authority cannot be contacted’

KB ID 0000826

Problem

Update May 2018: This is Following ArticleIs Probably What You Are Looking For;

Windows RDP: ‘An authentication error has occurred’

 

 

I saw this while attempting to create a remote desktop connection to a Windows 2012 Server. (Though connecting to Windows 8 will be the same).

I’d only just set this server up, and knew I’d enabled RDP, and I was attempting to connect as the domain administrator, so at first I was a little perplexed.

Solution

If you have direct/local access to the machine you are trying to connect to.

1. Press Windows Key+R > In the run box type sysdm.cpl {enter} > Remote.

2. Remove the tick from “Allow connections only form computers running Remote Desktop with Network Level Authentication (recommended)”.

3. Try again.

If you do not have direct/local access to the machine you are trying to connect to.

1. On YOUR Machine > Windows Key+R > type regedit {Enter} > File > Connect Network Registry > Type in the details for the machine you are trying to connect to > OK.

2. Navigate to;

[box]
{remote-machine-name} > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp[/box]

Locate the UserAuthentication value and change it to 1 (one) > OK > Exit the registry editor.

3. Try again.

Disable RDP Network Level Authentication via Group Policy

If the destination server is in a remote data centre or remote location, and you cannot access the System Properties, you can turn this option off with group policy, and wait a couple of hours.

1. On a DC > Start > Group Policy Management > Either create a new group policy object and link it to the OU containing the problem machine, or edit and existing one. (Here on my test network I’m going to edit the default domain policy – WARNING this will disable this feature on all machines in a production environment!

2. Navigate to;

[box]Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security[/box]

3. Locate the ‘Require user authentication for remote connections by using Network Level Authentication’ policy.

4. Set the policy to Disabled > Apply > OK > Close the Group Policy Management Editor.

5. How long before the Group Policy will affect the target machine? Group policies are processed when a machine starts up, after this they are processed again, (only if they have changed), the time period varies (so all clients do not update at the same time). The interval is 90 minutes, with a random offset off 30 minutes. So the maximum time it can possibly take is 2 hours (120 minutes). Note: this is the default setting, it can be manually changed up to (45 Days) 64,800 minutes, (though why would you do such a thing?)

Windows – Forcing Domain Group Policy

Related Articles, References, Credits, or External Links

NA

Windows Server 2012 – Install and Configure an FTP Server

KB ID 0000847

Problem

FTP might be an ages old solution for moving files around, but a lot of people swear by it. With Windows Server it’s still supported, even if it is hidden as a ‘role service’.

Solution

Create a Security Group For Domain FTP Access

Note: For a Standalone/Workgroup server see below for setting up users and groups.

1. Launch Server Manager > Tools > Active Directory Administrative Center.

2. New > Group.

3. Give the group a sensible name.

4. Here I’m going to create a user to test with, in production you would just use the domain users who you want to give access to.

5. I will simply create a user called ‘ftpuser’.

6. Add the domain user(s) to your new security group.

7. Create a folder that will be the ‘root’ of your FTP site.

8. Grant your security group rights to this folder (Note: By default they will only get Read rights, you will need to add ‘Write’ if you want your users to be able to ‘put’ files).

Create a Security Group For Workgroup / Standalone FTP Access

1. From Server Manager > Tools >Computer Management.

2. System Tools > Local Users and Groups > Groups.

3. Give the group a sensible name.

4. I’m going to create a test user called ftpuser, this is done in Local users and groups > Users.

5. Place the user(s) you want to grant access to, into your local security group.

6. Crete a folder that will be the ‘root’ of your FTP site and open its properties.

7. On the security Tab > Advanced > Grant your security group rights to this folder (Note: By default they will only get Read rights, you will need to add ‘Write’ if you want your users to be able to ‘put’ files).

Windows Server 2012 Install FTP

1. From Server Manager > Tools > Add Roles and Features.

2. Next.

3. Next

4. Next

5. Select Web Server (IIS) > Select Add (when prompted) > Next.

6. Next

7. Next

8. Locate and Select FTP Server AND FTP Extensibility > Next.

9. Install

10. Close.

11. Reboot the server. This is because some of the firewall settings have a habit of not enabling until the server has restarted, this does not happen all the time, so you may be lucky and not need to reboot. But I’m a firm believer in ‘If something can go wrong, it will go wrong’.

Windows Server 2012 Configure FTP

1. Windows Key > Internet Information Services (IIS) Manager.

3. Expand the servername > Right click ‘Sites’ > Add FTP Site.

4. Give the site a name > Browse to the folder you are going to use as the FTP ‘root’ folder > Next.

5. Select No SSL (I’m not going to secure the site with web certificates) > Next.

6. Authentication = Basic > Allow Access to = Selected roles or user groups > Permissions = Select read and write as appropriate > Finish.

7. Windows Key+R > firewall.cpl > Allow an app or feature through Windows Firewall.

8. Ensure FTP Server is allowed for the ‘profile’ that your network card has been allocated.

9. Advanced Settings.

10. Incoming Rules.

11. There should be three FTP Settings, by default they should be enabled (for FTP Port 21, Passive Ports, and Secure FTP / TCP 990).

Windows 2012 FTP Server – Testing Access

1. You can test the firewall is open by opening a telnet session to the server on port 21;

[box]

telnet {ip address or name of server} 21

[/box]

2. This is what you should see (or in some cases a blinking cursor, if you are going through a firewall or device that suppresses response headers).

3. Or you can use a web browser and navigate to ftp://{ip address or name of the FTP server}.

4. Or from command line you can use the direct ftp command like so;

[box]
ftp {ip address or name of server}[/box]

Windows 2012 FTP Server – Testing External Access

To access the server externally (from the internet), requires your remote users to know either the public IP address or the public name of the server. In addition FTP (TCP Port 21) needs to be open to that IP address. This can be done by giving the server its own public IP address, or by Port Forwarding FTP from your public IP address to the private IP address of the FTP server. How that is done will differ depending on your firewall or router.

Note: If you have a Cisco Firewall, I’ll put the links you require on the bottom of the page.

1. Here I’m on an external machine, and I’m using FileZilla (a free FTP client) to connect to my FTP server.

2. Just to test I’ll drag a file to the FTP server, to make sure I can write/put files.

3. Here is the file uploaded.

4. Back on the server, in the ‘root’ folder you can see the file successfully uploaded.

 

Related Articles, References, Credits, or External Links

Cisco Firewall (ASA/PIX) – Granting Access to an FTP Server

Cisco PIX / ASA Port Forwarding

Add a Static (One to One) NAT Translation to a Cisco ASA 5500 Firewall

Server 2012 – Install Role or Feature Fails with Error 0x800f082f

KB ID 0000873 

Problem

Seen here on Windows server 2012, but can also happen on Windows 8. When attempting to add a server role, or feature. The process may fail and produce the above error.

Note: Here I’m attempting to add .Net 3.5, but it can happen for any role, role service, or feature.

The request to add or remove features on the specified server failed.
Installation
of one or more roles, role services, or features failed. Error: 0x800f082f

Solution

Although it looks pretty serious, this happens because the machine either needs to reboot to finish applying updates, or finish an earlier role, role service, or feature installation. Reboot the machine and try again.

Related Articles, References, Credits, or External Links

NA

Unable to Contact, Connect to, or Manage, a DNS Server from DNS Management Console

KB ID 0000559 

Problem

If you open the DNS Management console on a server running an older OS than 2008 R2, then attempt to connect to a 2008 R2 DNS Server you will see this error.

You will also see this error on a 2012 Server, whilst attempting to add another DNS Server

Error:
Dnsmgmt
Cannot Contact the DNS Server

The specified DNS server cannot be contacted. Some possible reasons include; the DNS server may not be running, there may be network problems, or the computer associated with the specified name or IP address could not be found.

To retry connection, either press F5. or on the Action menu, click refresh.

For more information about troubleshooting a DNS server, see help.

Why this happens

This is normal, 2008 R2 introduced a more secure DNS Management authentication system to prevent “Man in the middle DNS attacks” that had been exploited in earlier versions of Windows.

Solution

The correct way to approach this problem is to accept it, your 2008 R2 Servers are more secure, if you need to manage them do so from the DNS management console on the 2008 R2 server itself. Or install the RSAT tools on a client machine.

You can also change the way it works so you can see and manage it from an older version of Windows. (Note: Be advised Microsoft recommend you do not do this, they turned this on for a reason).

1. Launch a command window (Right click and select run as administrator, or select the cmd icon and press CTRL+SHIFT+ENTER).

2. Execute the following four commands.

[box]dnscmd.exe /Config /RpcProtocol 7

dnscmd.exe /Config /RpcAuthLevel 0

net stop “DNS Server”

net start “DNS Server”[/box]

Note: If you see an Access Denied error, you are probably NOT running the command window as an administrator.

3. You should now be able to connect to and manage the 2008 R2 DNS Server from an older Windows OS DNS Management console.

To Do the same by Directly Editing the Registry

Run the following .reg file

[box]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesDNSParameters]
“RpcAuthLevel”=dword:00000000

“RpcProtocol”=dword:00000007[/box]

Related Articles, References, Credits, or External Links

Thanks to Noel Reynolds for his patience, and for putting up with my terrible typing 🙂

Original Article Written 20/01/12

WDS Deploying Windows Part 1: Install and Configure WDS

KB ID 0000735 

Problem

You want to deploy the Windows 8 Client Operating System, to a number of clients using WDS. In this part we will configure the WDS Server, then we will move onto taking an image of your reference Windows 8 machine. Finally we will cover taking that image, and deploying it out to many target systems.

Solution

Add the WDS Role

1. From Server Manager (ServerManager.exe) > Local Server.

2. Manage > Add Roles and Features.

3. Next.

4. Next.

5. Next.

6. Select ‘Windows Deployment services’ > Next > It will ask to install some other features let it do so.

7. Next.

8. Next.

9. Accept the default (both roles) > Next.

10. Install.

Configure the WDS Server

11. From the Start menu > Launch the Windows Deployment Services management console.

12. Expand servers > Right click the server name > Configure Server.

13. Read the prerequisites > Next.

14. Next.

15. Select the location where you want to store your images and keep the WDS files.

16. Note: In this case it’s warning me NOT to use the C: drive, as this is just a test server I will accept the warning and leave it as it is. In production environments make sure you are using a different drive/volume.

17. This particular server IS a DHCP server, but we will address the DHCP requirements when we are finished > Next.

18. I’m going to choose ‘Respond to all (known and unknown)’ > Next.

19. WDS should configure and the service SHOULD start.

20. Here we can see the service has not started (the server will have a small stop symbol on it).

21. So I need to manually start the service.

Adding Image Groups and Images

22. Firstly I’m going to create an group that will hold all my Windows 8 Client machine images. Right click Install Images > Add Image Group.

23. Give it a name > OK.

Adding a boot image (To send an image to a remote machine)

24. Now I need to add a boot image, so I can boot my remote clients from the WDS server and use this image to load WindowsPE on them, so they can be imaged. Right click Boot Images > Add Boot Image.

25. You can use either a Windows 8 DVD or a Windows Server 2012 DVD, you will need to navigate to the sources directory, and locate Boot.wim > Open.

26. Next.

27. Rename the image ‘Install an Image’ > Enter a description > Next.

28. Next.

29. The Image will be imported.

30. Finish.

Adding a Capture Image (To take an image from a remote machine)

31. Right click the image we have just added > Create Capture Image.

32. Call this one ‘Capture an Image’ > Give it a description > Save the image (with a .wim extension). Note: It does not matter where you save the image, but I would suggest somewhere in the ‘Remote Install’ folder > Next.

33. The image will be created.

34. Finish

35. Now even through we have created the capture image, we still need to import it. Right click > Add Boot Image.

36. Select the capture image you created earlier > Next.

37. Make sure it’s called ‘Capture and Image’ > Next.

38. Next.

39. Now the capture image will be imported into WDS.

40. Finish.

Configure DHCP with WDS Options

41. Launch the DHCP management console.

42. Open the active scope > IPv4 > Server Options > Configure Options.

43. Tick Option 66 > Set its value to the IP address of the WDS server > Apply > OK.

44. Tick Option 67 > Set its value to;

[box] bootx64wdsnbp.com [/box]

Apply OK

45. Now you are ready to capture an image of your reference Windows 8 machine.

 

Related Articles, References, Credits, or External Links

2012 – WDS Deploying Windows 8 Part 2: Prepare Windows 8, and Capture to WDS

WDS 2003 Deploying Windows XP

WDS 2008 R2 Deploying Windows 7

Using Windows Deployment Services with Symantec Ghost

 

How Do I Shut Down Windows 8?

KB ID 0000588

Problem

Like Windows 7, Windows 8 is more than happy to gracefully shutdown if you press the power button on your PC/Laptop/Tablet. But now you don’t have a “Start Button” where’s the option to turn it off?

You might find it simpler just to Create a Shutdown shortcut on the Start Menu.

Solution

How to Shut Down Windows 8

1. Press Windows Key+I > Power > Shut down.

How to Shut Down Windows 8 (By Launching charms Bar)

1. To launch the “Metro Start Screen” you need to press the Windows key (or press CTRL+Esc), then locate the “Charms Bar” Button and hover over it. (Or Press Windows Key+C).

2. Select Settings.

3. Select Power > Shut down.

How to Shut Down Server 2012

1. Press Windows Key+I > Power > Shut down.

How to Shut Down Server 2012 (via the Charms Bar)

1. To launch the “Metro Start Screen” you need to press the Windows key (or press CTRL+Esc), then locate the “Charms Bar” Button and hover over it. (Or Press Windows Key+C).

2. Select Settings.

3. Select Power > Shut down.

4. Like its predecessor (Server 2008 R2) Windows Server 2012 wants to log a reason why it’s being shut down, enter the reason and select continue.

 

Related Articles, References, Credits, or External Links

Windows 8 Metro Shortcuts

Windows 8 – Add Shutdown to the Start/Metro Menu