user165568's questions

None of the L2TP/IPsec implementations I have (seem to) have any configuration possible for key exchange. My routers allow encryption and hash selection for raw IpSec. The version of Windows I use allows encryption and hash selection at the 'firewall'. But in all cases where algorithm selection is possible, it seems to have no effect on the native L2TP/IPsec client.

Is that just an accident of history, or does L2TP/IPsec imply a standard selection of hash and encryption algorithms for key exchange?

There are several well known methods of downloading certificate lists from Microsoft, including certutil -generateSSTfromWU c:\my_cert\

Doing that (or just downloading authrootstl.cab) gives me a collection of more than 400 root certificates.

Now, I know that none of my connected servers have that many certificates loaded: and I just looked at a Win10 workstation and it has ~90 trusted root certificates and around 70 third-party root certificates.

Why is it so? How many trusted root certificates does Windows start with, and why is there this much larger list?

I've got a Windows desktop workstation that sometimes refuses Remote Desktop Connection. (The client reports that it's not enabled or not turned on.)

Most of the debugging suggestions for RDC and RDP are of very little value: I don't have authentication failure reported, folder sharing works correctly at all times, I can RDC all the other workstations and servers on site at the time the connection fails, the situation comes good next time I check, and there isn't anyone on site at the time the connection fails

One thing I have thought of is that Windows workstation only allows one connected RDC. If for some reason it is failing to drop a connection, it won't be able to permit another remote desktop connection. But that's only a theory: maybe one of the routers is refusing "just this connection" for some unknown reason (there is no other firewall in the route, just the default at the client and server workstations).

What logging can I do at the remote workstation? I don't particularly want to leave WireShark running for 12 hours on the chance of catching something odd, and I wouldn't know what to look for if trawling through 12 hours of network capture for missing transactions ... So I'm hoping to start with something I can enable at the target workstation that will log RDP connections, or, even better, RDC failures. Even absence of RDC failures when expected would be an indication of an odd path failure.

I'm getting rogue DHCP traffic leaking in from my ISP, through my router, and my Windows DHCP server is shutting down.

What does MS Widows DHCP server 'Rogue Detection' detect?

At least so far, none of my clients have taken a WAN IP address from the ISP.

I've never had this problem with other ISPs, using the same routing equipment.

As well as doing vast network captures over several days to try and find the problem, I'd like to know if there is anything specific I should be looking for: not just DHCP traffic, but specifically, DHCP traffic that triggers "Rogue Detection" for Windows DHCP server.

I've got a WSUS 2.0 server that is just spinning with two types of errors/warnings:

Unable insert update c660e123-bd67-4245-bf82-1459f5e7caeb/110 ... 
...Syntax error converting datetime from character string.

and

Unable insert update c3a2af20-d3c1-4621-a09a-7c83700a6fd1/110 ...
...Some update revisions referred to in XML do not exist in the database 

The SoftwareDistribution log is filling up with errors like this and rolling over. It takes 8 minutes to fill the log and start over (the log is set to the default size, 20KB), which is enough time to do the list and start over 2 or 3 times. It looks like the task spins on the assumption that there is a precedence error.

SQL Server is blocking one core of the dual-core server, and I have to disable the WSUS tasks to ensure that the server remains responsive.

So, any idea how to fix this behaviour?

Possible Duplicate:
What Win-2003 security policy expired all passwords, and how did it do it?

Most of our user passwords were reset at 4:30pm local time over the weekend (non working day). Not the administrator account, but it did include some security enabled user groups that aren't actually login accounts.

It's possible that this was a virus or a break-in, but I'm thinking more likely it was an unknown act of stupidity and ignorance.

What kind of policy or security setting would cause the passwords to all expire at the same time? The accounts that are login accounts are all set to never expire.

I am asking for SPECIFIC information about Group Policy or Active Directory Account Settings. If you do not think this was caused by Group Policy or AD Accont Settings, please say so. All of the Accounts that reset were in one OU.

Clarification/Correction: The passwords were not changed, they were only expired. (This has the effect that offsite users could not connect, but when users arrived on-site, they were able to connect using the expired password).

Further information: event log shows SceCli event 1704 at the critical moment: "Security policy in the Group policy objects has been applied successfully."

I'm painfully going through the group policy settings now. Specific suggestions would be welcome. I do not know how a Group policy could be applied without me knowing. Specific explanations would be welcome.

moved to new question: https://serverfault.com/questions/473320/what-win-2003-security-policy-expired-all-passwords-and-how-did-it-do-it

PS: There is a comment here: let me know and I'll re-open this one. – voretaq7♦ yesterday

But no contact information.

PSS: There is a comment here: If this question and the other are identical please edit the other one as needed to incorporate all relevant information and delete this one. >But I started a new question because there are comments here telling me I should start a new question, because the new question is not identical. If you don't agree with them, tell us why they are wrong. I'm in the middle of a war about when new questions should be started???

One Outlook user claims to have not seen one mail message. It is not in any of his mail folders, not in the deleted folder, not in the list of recoverable deleted items (items held by exchange after deletion).

It is really not in his mailbox. Checked on OWA, (and on another workstation using Outlook 2003 with a different login).

Exchange message tracking tells me that the message was delivered to his mailbox.

His mailbox is not full or even very large, he deletes his completed mail.

It was delivered yesterday, well within the Exchange recovery interval, and there are older items in his recoverable email list.

There aren't any relevent rules shown, (looking through Outlook Web Access).

Outlook 2007, Exchange 2003 SP2 (6.5.7638)

What can you do in Outlook 2007 that has the effect of removing a message from your mailbox, without leaving it in the recoverable deleted items? Where has it gone?

I'm getting differences like this:

    a.txt
        Betty Davis
        Cathy Edwards
    b.txt
        Betty Davis
        Cathy Edwards

There are only two lines listed in the diff (which doesn't make sense). No CR/LF/Newline funnies. The difference just moves down if I delete lines. Same problem on Win7 and Win2K. The difference seems to go away if I remove all empty lines from the files. The empty lines are correctly terminiated too. Using /C /W (ignore case, ignore whitespace)

Has anyone seen this before? What am I doing wrong? How can I fix it?

There are real diffs in the file -missing, extra, or re-spelled names- but the files are byte-for-byte identical at the listed diff.