Can somebody clarify if memory dumps produced by WER are the same as those produced by procdump.exe? Can two these tools conflict when used simultaneously? What would be the right approach if my goal is to troubleshoot "service terminated unexpectedly" type of event for a service (on a Server 2012 R2 platform)?
Official MSFT documentation does not answer this question directly so I decided to ask it here. Will VM migration from Windows 10 x64 (latest build/Anniversary update) to Server 2016 be possible? I don't speak about live migration (which is not supported by client Hyper-V) but wondering about some more convenient way of move all my VMs besides Import/Export function which will work assuming I have 2 host machines running side by side on the same network and can provide them with shared storage.
I'm wondering how frequently DC locator checks availability of domain controller it is connected to. I assume it picks domain controller upon startup, but I'm not sure about the following:
- How often it checks if selected DC is still up and running/available
- What type of checks are being used
- What triggers switching to another DC for specific domain
- Are there major changes in DC locator behavior between different Windows Server versions or domain/forest functional levels?
- Are there scenarios when DC locator fails to recognize that its currently selected DC is failed and DC locator clings for the failed domain for prolonged period of time?
The latest point is of especial interest for me.
If I run get-service it may return different statuses (0-4/Running, Stopped, Stopping, Running). Can I somehow expand a list of possible values for status by issuing PowerShell commandlet?
I tried to do this by using something like | select $.status -Expand property, but was not able to get this information.
I want to know how to do it that way (I know that I can find list of possible values in the documentation). I need to use these values in conditions in subsequent steps of my script, and I want to be sure that I covered all possible values returned.
Can somebody clarify to me what are the best practices when it comes to configuring logging and monitoring for Windows Server 2012 NLB. I believe there are 2 types of logging from management service and network driver. One of them (not sure which) can be enabled in NLB Manager. I'm interested to know what is tried or recommended logging configuration here.
As it quite often happens my interest triggered by case when one of the nodes physically went down (some underlying hyper visor failure) and there were no network connectivity to this node (no pings) and according to unconfirmed statements NLB continued to try to serve clients from failed node. I want to investigate/verify this from NLB POV why it not handled node failure properly. Though my current understanding is that NLB logging is disabled by default and there is not much I can gather from other logs.
How can I investigate such case?
can somebody point out to the symbols which is better not to use when naming AD DS groups? I want to have some explanations/links to documentation on why those should not be used. For example Windows Server 2012 allows you to use "/" in group name but I believe it may cause issues in certain scenarios as this symbol has a special meaning in LDAP filter specification for example... So certain symbols allowed but may cause interoperability issue I presume. Will appreciate list of symbols to avoid with explanation why/prospective troubles you may run into using them
I am using Windows 8.1 Pro x64 with all updates installed. My machine is Lenovo W540 laptop and I have connection to iSCSI target (using gigabit wired Ethernet). iSCSI target is Synology NAS (DS415+). Quite frequently I'm getting BSODs and system takes dump and reboot. Error message is the following:
PAGE_FAULT_IN_NONPAGED_AREA (msiscsi.sys)
Screenshot: 
I store VMware VMs on iSCSI disk and most often error occurs when I am taking snapshot or shutting down VM running from this disk, but I also noticed that sometimes error happens even when I am not running any of VMs stored on iSCSI disk, but again doing something with VMs stored on locally attached internal SSD.
My understanding is that to troubleshoot it properly I had to analyze dumps but I'm not sure how to do it or whether I will be able to get meaningful information out of those. Also maybe somebody already know what else can be done about this issue?
If we look at the client side of Workplace Join process it says that we should log on with Microsoft account, but I've never seen it mentioned that Microsoft account is a requirement for Workplace Join. Recently I performed server side setup for Workplace Join on my test server using the following steps:
"Why Windows Server 2012 R2: Step-by-Step Workplace Join, Bringing Peace of Mind for BYOD"
Unfortunately I was not able to perform Windows 8.1 VM join following those steps:
Walkthrough: Workplace Join with a Windows Device
Could it be because of using local instead of Microsoft account? Am I missing something else here? Network connectivity between VMs is checked.
Recently I saw an application failing to do certain check/manipulation with built-in groups/local policies on localized version of Windows Server 2012 R2 (French, German). In localized versions of Windows group names and policy names are translated into localization language. This lead me to a question: what options Microsoft provides to manipulate/address those objects without relying on localized names? Obviously there is some way of doing this otherwise there should be numerous problems with localized versions.
Can somebody tell me what's available for addressing these groups irrespective of localized name? (RID? some API functions?)
Looking at particular issue I saw with localized versions of Windows it seems that there could be some issues with languages which are using letters with diacritical symbols.
I have a question about LSA SID cache on a domain member server. Recently I run into the issue when some users after their name was changed in AD has difficulties accessing application I support, and they also have old user name shown on SharePoint sites.
After some googling/research I found following Microsoft KB 946358 and I turned out to be the cause.
This article is a bit laconic and just telling that
The cache entries do time out, however chances are that recurring queries by applications keep the existing cache entry alive for the maximum lifetime of the cache entry
and suggests to switch off this cache on a member server by setting LsaLookupCacheMaxSize registry key to 0 which disables LSA local cache.
This is slightly strange option as it may have performance impact and doesn't looks as a real solution. Googling using LsaLookupCacheMaxSize as a keyword that many people run into this issue but I didn't find any final explanation on how to address this properly.
So I do confirm that disabling LSA local cache helps - but it's not an option for real world production environments, also server restart will clear this cache - not very good solution also to reboot your app server each time user has been renamed. Thanks to this blog post I found viable workaround but still interested to address this properly.
As I saw this issue with the application in live environment only, whereas the same app in the test environment doesn't have such issue (renamed user works, old entry doesn't stuck in cache) whereas both of this environments belong to the same domain, and the same users were used for tests. This is well in line with MS KB wording that some app activity may cause holding the record in the cache forever, but what next? Only more questions...
How I can reproduce this?
LsaLookupCacheExpireTime has default value of 7 days, so even not very active app will touch it over this period an it should not cause such issue, right? I mean after app queries it member server should not increase the TTL of cache entry for 7 days again, right? Otherwise every record will be in the cache forever... And then again what prevents member domain server to go occasionally to DC and if record mismatch is found scavenge wrong record in cache?
Looking at the time of the posts about similar problems (there are no recent posts/questions about it) it could be that it was addressed by some MS patch, or in newer Windows Server versions (in my case I saw this issue on Windows Server 2008 SP1 Standard, test environment has 2008 SP1 Enterprise).
I have an idea that I can use Procmon to monitor LSA cache path and identify what app touched cache entry too often, but it's unclear what my next step could be as I don't understand exactly what conditions are required to keep this record in cache forever... Blindly decreasing this activity/changing app settings seems to be not very good solution too....
In short I want to be able reproduce this, i.e. understand what conditions cause obsolete cache entry for renamed user "stuck" in local cache. I will appreciate if somebody can shed some light here.
Probably this is simplistic question but it seems that off the top of my head I have no idea how to do this. How can I get number of groups in my domain? In all domains within the forest? What is the easiest way to do it? I understand that that writing some script is an option but just checking if there is easier way to do this without reinventing the wheel...
I'm looking for a way to set security layer setting in Windows Server 2008 R2 RDS via PowerShell (other ways to do in programmatically will do also but PowerShell is preferable). Via GUI it can be set through RDP-Tcp properties on General tab (SSL, Negotiata, RDS Security layers are available options), any advice on hot to change this via PowerShell?
Server Manager in Windows Server 2008 R2 occasionally displays the warning: Console cannot refresh until computer is restarted, and in this state you cannot use Server Manager for adding or removing roles/features.
It is clear that this is related with roles/updates install processes which need a reboot for completion (e.g. to replace file in use or something similar). How can I determine the cause of this status more precisely?
Sometimes, in multi-user (or should I say multi-admin) environments, you don't know which changes were made by your colleagues and it is always better to know why you are going to reboot your server.
After reading about DNSSEC realization in Windows Server 2008 R2 it seems to me that it adds extra complexity without being fully secure anyway (I do understand that more security is always means more complexity in most of the cases).
1st DNS client is not aware about DNSSEC and ask the same server which resolved the record to check validity of this record and do it only in case of NRPT table presence (you need to configure this additionally - no table no check; and this is still the case in WS 2012/Win 8). Apart from looking somehow clumsy architecture-wise, the thing is that client doesn't have any options to validate DNS server (to be 100% secure in this respect you need IPSec deployed in Windows network which adds even more complexity).
So taking all this into account does deploying DNSSEC worthwhile in real world? Does it really improves security or just adds unnecessary complexity?
Does anybody really use this technology in enterprise Windows networks?
I'm wondering how Windows Server 2008 generates known license server lists (where it's stored and when/how updated) for RDS, and as RD Session Host Configuration Console doesn't allow multiple select when adding license server I'm also looking for a way to specify license servers via script (PS is preferable).
I guess this list is stored in Registry and I can read values and use them in my script to specify license servers but I guess there could be better options for this.
Can somebody explain what does "no access" open mode mean in Open Files node of Shared Folders MMC snap-in in Windows Server 2008 R2? Title of column "Open Mode" and value "no access" looking a bit controversial...
I have a number of servers to which I need to grant administrative access to 1 particular user, i.e. add him to local admins. I guess it can be scripted with PowerShell or somehow else.. Can somebody advice me how to do it?
As I understand there are 2 methods to upgrade AD to a newer version (let's say from 2003/2008 to 2008R2): either by adding new DCs/performing in-place upgrade of existing DCs and migration to the new forest/domain with ADMT. Latest option guarantees that your schema will be clean and you starting afresh, but it is more difficult & potentailly disruptive for environment.
My question is how can I test (apart from standatd DCDIAG) or what should I check to be sure that in place upgrade w/o domain/forest migration is OK for me & that I won't bring any problems/issues from legacy environment in upgraded one? Something that can justify AD upgrade through migration to new domain/forest apart from need consolidate names & teorethical concerns about legacy AD schema?
Can somebody advice me on WQL query to select all users from specified AD groups? I tried to do this through query builder but without success. I'm going to use these selecter user to further select those of them who don't have some particular software installed. Any advice on this would be helpful.
Is it possible to define AD DS domain/forest functional levels from domain joined workstation? Preferably through CLI/PS and if possible w/o Domain Admin rights... How I can accomplish it?