July 13th, 2006
Problem
DNS related errors
Solution
Some common issues that you may encounter with Active Directory installation and configuration can cause a partial or complete loss of functionality in Active Directory. These issues may include, but not be limited to:
· Domain Name System (DNS) configuration errors.
· Network configuration problems
Difficulties when you upgrade from Microsoft Windows NT.
You must configure DNS correctly to ensure that Active Directory will function properly.
Daniel’s recommendations
If you are looking to really master Active Directory (or other Networking skills), I strongly recommend that you try Train Signal. I’ve discovered this company a few months ago and I always send people their way because the training is so good. You can see more HERE.
Daniel Petri
Review the following configuration items to ensure that DNS is healthy and that the Active Directory DNS entries will be registered correctly:
· DNS IP configuration
· Active Directory DNS registration
· Dynamic zone updates
· DNS forwarders
· DNS IP Configuration
An Active Directory server that is hosting DNS must have its TCP/IP settings configured properly. TCP/IP on an Active Directory DNS server must be configured to point to itself to allow the server to register with its own DNS server.
To view the current IP configuration
Open a command window and type
ipconfig /all
to display the details. You can modify the DNS configuration by following these steps:
1. Right-click My Network Places, and then click Properties.
2. Right-click Local Area Connection, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced, and then click the DNS tab. Configure the DNS information as follows: Configure the DNS server addresses to point to the DNS server. This should be the computer’s own IP address if it is the first server or if no dedicated DNS server will be configured.
5. If the resolution of unqualified names setting is set to Append these DNS suffixes (in order), the Active Directory DNS domain name should be listed first (at the top of the list).
6. Verify that the DNS Suffix for this connection setting is the same as the Active Directory domain name.
7. Verify that the Register this connection’s addresses in DNS check box is selected.
8. At a command prompt, type
ipconfig /flushdns
to purge the DNS resolver cache, and then type
ipconfig /registerdns
to register the DNS resource records.
9. Start the DNS Management console. There should be a host record (an ‘A’ record in Advanced view) for the computer name. There should also be a Start of Authority (SOA in Advanced view) record pointing to the domain controller (DC) as well as a Name Server record (NS in Advanced view).
Active Directory DNS Registration
The Active Directory DNS records must be registering in DNS. The DNS zone can be either a standard primary or an Active Directory-integrated zone. An Active Directory-integrated zone is different from a standard primary zone in several ways. An Active Directory-integrated zone provides the following benefits:
· The Windows 2000 DNS service stores zone data in Active Directory. This causes DNS replication to create multiple masters, and it allows any DNS server to accept updates for a directory service-integrated zone. Using Active
· Directory integration also reduces the need to maintain a separate DNS zone transfer replication topology.
· Secure dynamic updates are integrated with Windows security. This allows an administrator to precisely control which computers can update which names, and it prevents unauthorized computers from obtaining existing names from DNS.
Use the following steps to ensure that DNS is registering the Active Directory DNS records:
1. Start the DNS Management console.
2. Expand the zone information under the server name.
3. Expand Forward Lookup Zones, right-click the name of the Active Directory domain’s DNS zone, click Properties, and then verify that Allow Dynamic Updates is set to Yes.
4. Four folders with the following names are present when DNS is correctly registering the Active Directory DNS records. These folders are labeled:
_msdcs
_sites
_tcp
_udp
If these folders do not exist, DNS is not registering the Active Directory DNS records. These records are critical to Active Directory functionality and must appear within the DNS zone. You should repair the Active Directory DNS record registration.
To repair the Active Directory DNS record registration
Check for the existence of a Root Zone entry. View the Forward Lookup zones in the DNS Management console.
There should be an entry for the domain. Other zone entries may exist. There should not be a dot (’.') zone. If the dot (’.') zone exists, delete the dot (’.') zone. The dot (’.') zone identifies the DNS server as a root server.
Typically, an Active Directory domain that needs external (Internet) access should not be configured as a root DNS server.
The server probably needs to reregister its IP configuration (by using Ipconfig) after you delete the dot (’.'). The Netlogon service may also need to be restarted.
Manually repopulate the Active Directory DNS entries. You can use the Windows 2000 Netdiag tool to repopulate the Active Directory DNS entries. Netdiag is included with the Windows 2000 Support tools. At a command prompt, type
netdiag /fix
After you run the Netdiag utility, refresh the view in the DNS Management console. The Active Directory DNS records should then be listed.
Note: The server may need to reregister its IP configuration (by using Ipconfig) after you run Netdiag. The Netlogon service may also need to be restarted.
If the Active Directory DNS records do not appear, you may need to manually re-create the DNS zone.
Manually re-create the DNS zone
1. Start the DNS Management console.
2. Right-click the name of the zone, and then click Delete.
3. Click OK to acknowledge any warnings. The Forward Lookup zones no longer list the deleted zone.
4. Right-click Forward Lookup Zones, and then click New Zone.
5. The New Zone Wizard starts. Click Next to continue.
6. Click the appropriate zone type (either Active Directory-integrated or Standard primary, and then click Next.
7. Type the name of the zone exactly as it appears in Network Identification, and then click Next.
8. Click the appropriate zone file, or a new zone file. Click Next, and then click Finish to finish the New Zone Wizard.
9. The newly created zone appears in the DNS Management console.
10. Right-click the newly created zone, click Properties, and then change Allow Dynamic Updates to Yes.
11. At a command prompt, type
net stop netlogon
and then press ENTER. The Netlogon service is stopped.
12. Type
net start netlogon
and then press ENTER. The Netlogon service is restarted.
13. Refresh the view in the DNS Management console. The Active Directory DNS records should be listed under the zone.
If the Active Directory DNS records still do not exist, there may be a disjointed DNS namespace.
Dynamic Zone Updates
Microsoft recommends that the DNS Lookup zone accept dynamic updates. You can configure this by right-clicking the name of the zone, and then clicking Properties. On the General tab, the Allow Updates setting should be set to Yes, or for an Active Directory-integrated zone, either Yes or Only secure updates. If dynamic updates are not allowed, all host registration must be completed manually.
DNS Forwarders
To ensure network functionality outside of the Active Directory domain (such as browser requests for Internet addresses), configure the DNS server to forward DNS requests to the appropriate Internet service provider (ISP) or corporate DNS servers.
See No Forwarding or Root Hints on Windows 2000 DNS server? for troubleshooting tips.
To configure forwarders on the DNS server:
1. Start the DNS Management console.
2. Right-click the name of the server, and then click Properties.
3. Click the Forwarders tab.
4. Click to select the Enable Forwarders check box.
Note: If the Enable Forwarders check box is unavailable, the DNS server is attempting to host a root zone (usually identified by a zone named only with a period, or dot (’.'). You must delete this zone to enable the DNS server to forward DNS requests. In a configuration in which the DNS server does not rely on an ISP DNS server or a corporate DNS server, you can use a root zone entry.
5. Type the appropriate IP addresses for the DNS servers that will accept forwarded requests from this DNS server. The list reads from the top down in order; if there is a preferred DNS server, place it at the top of the list.
6. Click OK to accept the changes.
Upgrade Installation Considerations
Earlier (Legacy) DNS Servers - DNS servers that run Windows NT 4.0 cannot dynamically register the Active Directory DNS records. The best solution in this case is to install DNS on the Active Directory domain controller to ensure that Active Directory DNS records will be registered for the domain.
Disjointed DNS Namespace - You must configure the correct DNS suffix information before you begin a Windows 2000 upgrade installation. You cannot change the server name and DNS domain information after Active Directory is installed.
To configure the DNS suffix information in Windows NT before you upgrade the computer to a Windows 2000-based Active Directory domain controller:
1. Right-click Network Neighborhood, and then click Properties.
2. Click the Protocols tab, click TCP/IP Protocol, and then click Properties.
3. Click the DNS tab.
4. In the Domain box, type the complete Active Directory domain name.
5. Click Apply, and then click OK.
6. Click OK to quit the Network tool.
7. Restart the computer.
To verify the settings, open a command window, and then type ipconfig /all. The Host Name line shows the fully qualified domain name.
If you must change the DNS domain information after you install Active Directory, you must run the Dcpromo utility on the computer to remove it from the domain and make it a stand-alone server.
To determine if a disjointed namespace exists on an existing Windows 2000-based domain controller:
1. Right-click My Computer, and then click Properties.
2. Click the Network Identification tab.
3. Compare the DNS suffix section of the full computer name to that of the domain name listing. The full computer name reads as follows: hostname. dns_suffix. These two entries should contain identical suffix information.
If these two entries do not contain identical suffix information, a disjointed DNS namespace exists. This condition prevents proper registration of any Active Directory DNS records.
Note: The only supported method to recover from a disjointed namespace is to use Dcpromo to remove the computer from the domain and make it a stand-alone server. You can then correct the DNS namespace information and run Dcpromo again to promote the computer back to a domain controller
Posted in Uncategorized, Information Technologies | No Comments »
July 13th, 2006
View products that this article applies to.
|
Article ID
|
:
|
837444
|
|
Last Review
|
:
|
June 24, 2004
|
|
Revision
|
:
|
1.0
|
SYMPTOMS
On a computer that is running Microsoft Exchange Server 2003 and that has more than one logical processor, you may find that Active Directory updates from Exchange 2003 no longer work correctly. The Recipient Update Service does not configure all the Exchange attributes for the user accounts. As a result, these users may not appear in the Global Address List or may not be able to connect to their Exchange mailboxes. Additionally, you may find that event ID 8331 error messages that are similar to the following are repeatedly logged to the application event log:
Type: Error
Source: MSExchangeAL
Category: Address List Synchronization
Event ID: 8331
Description:
The service threw an unexpected exception which was caught at Drive:\Titanium\Dsa\Src\Lra\Abv_dg\Lservagent.cpp(4511)
You may also receive event ID 8331 error messages that contain a description that reports than an unexpected exception occurred in the Active Directory Connector (Adc.exe) and in the Lotus Notes Dirsynch Connector component (Addxa.dll).
When you click Check Name while configuring Exchange e-mail accounts in Microsoft Outlook, you may receive an error message that is similar to the following:
The name could not be resolved. The name could not be matched to a name in the address list.
CAUSE
This problem may occur if an internal class incorrectly processes certain threads that run at the same time.
RESOLUTION
To resolve this problem, obtain the latest service pack for Exchange Server 2003. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
836993 (http://support.microsoft.com/kb/836993/) How to obtain the latest updates and service packs for Exchange Server 2003
WORKAROUND
To work around this problem, restart the appropriate service. For example, if the source of the event ID error message that is logged to the application event log is listed as MSExchangeAL, restart the System Attendant service.
STATUS
This problem was first corrected in Exchange Server 2003 Service Pack 1.
MORE INFORMATION
For additional information about the standard terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 (http://support.microsoft.com/kb/824684/) Description of the standard terminology that is used to describe Microsoft software updates
For additional information about the naming schema for Exchange Server updates, click the following article number to view the article in the Microsoft Knowledge Base:
817903 (http://support.microsoft.com/kb/817903/) New naming schema for Exchange Server software update packages
Posted in Information Technologies, Exchange Server Support | No Comments »
July 13th, 2006
View products that this article applies to.
|
Article ID
|
:
|
816594
|
|
Last Review
|
:
|
March 1, 2004
|
|
Revision
|
:
|
4.0
|
For a Microsoft Windows 2000 version of this article, see 306561 (http://support.microsoft.com/kb/306561/EN-US/).
On This Page
IN THIS TASK
SUMMARY
This step-by-step article describes how to secure communications between a client computer and a server by using Windows Server 2003 Terminal Services.
Windows Server 2003 Terminal Services supports four levels of encryption: Low, Client Compatible, FIPS Compliant, and High. The following list describes what the encryption levels do:
|
•
|
Low: This level encrypts data sent from the client to the server using 56-bit encryption, helps secure the user logon information and data that is sent to the server, but does not encrypt the data that is sent from the server to the client. Microsoft recommends that you use this encryption level in an intranet environment.
|
|
•
|
Client Compatible: This level encrypts data sent between the client and the server at the maximum key strength that the client supports. Use this level when the terminal server runs in an environment that contains mixed or earlier-version clients.
|
|
•
|
FIPS Compliant: This level encrypts and decrypts data sent from a client to the server and from the server to a client with the Federal Information Processing Standard (FIPS) encryption algorithms by using the Microsoft cryptographic modules.
|
|
•
|
High: By default, Windows Server 2003 uses this level of encryption. High encryption encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America. Use this level when the terminal server runs in an environment that contains 128-bit clients only (such as Remote Desktop Connection clients). Clients that do not support this level of encryption cannot connect.
|
To Secure Communications
To modify the encryption setting:
|
1.
|
Click Start, point to Administrative Tools, and then click Terminal Services Configuration.
|
|
2.
|
In the left pane, click Connections, and then double-click the connection whose encryption level you want to change.
|
|
3.
|
Click General.
|
|
4.
|
In the Encryption level box, click the appropriate encryption level, and then click OK.
|
Note The new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately.
REFERENCES
For additional information about Terminal Services in Windows 2003, click the following article number to view the article in the Microsoft Knowledge Base:
814585 (http://support.microsoft.com/kb/814585/EN-US/) HOW TO: Connect Clients to Terminal Services in Windows Server 2003
814593 (http://support.microsoft.com/kb/814593/EN-US/) HOW TO: Deactivate or Reactivate a License Server By Using Terminal Services Licensing
Posted in Information Technologies | No Comments »
July 13th, 2006
Terminal Server’s licensing requirements are different from those of Windows NT Server. Terminal Server Clients require two licenses to connect to a Terminal Server.
The first license is a Windows NT Workstation license. This is necessary because the Terminal Server Client effectively provides a Windows NT Workstation to the client. If the RDP client is run on a computer running Windows NT 4.0 (Server, Workstation, or Terminal Server) client already purchased the license, and it is not necessary to purchase an additional Windows NT Workstation. If the RDP client is run on a Windows NT 3.5x computer, then that client requires a Windows NT Workstation Upgrade license. If the RDP client is run on a Windows 95 or Windows for Workgroups 3.11 computer, then the client requires a Windows NT Workstation full license. These three license types are displayed in Terminal Server License Manager. In the right pane of the display, notice that the first license category of existing Windows NT Workstation licenses is ‘unlimited.’ The Full and Upgrade license types, however, will display how many licenses have been purchased and entered into Terminal Server License Manager.
The second license is a Client Access License for the server. This is the standard server access license measured in License Manager, the same utility that is in Windows NT Server. License Manager does not distinguish between RDP client access and other types of server access (for example, it does not distinguish between a normal shared file and printer resource access). Per Server and Per Seat modes are identical to those of Windows NT Server 4.0.
Terminal Server License Manager reports but does not enforce licensing. Enforcement comes from the License Manager in Windows NT. If an RDP client is denied access to the server when it tries to make a connection, increasing the license count in Terminal Server License Manager will not resolve the problem. Client Access Licenses must be added to License Manager.
If License Manager denies an RDP client access, the event will be recorded as event 201 in the Event Log. The event message will show that a license was not available for SYSTEM to access the TermService.
If Client Access Licenses are available in License Manager, and Terminal Server License Manager runs out of needed licenses, a temporary license will be granted. In this case, a fourth and fifth category of license can appear in Terminal Server License Manager: Temporary Windows NT Workstation Full license, or Temporary Windows NT Workstation Upgrade license. These licenses are good for 60 days. The RDP client making use of a temporary license will continue to do so for the full 60 days even if new licenses are added. After 60 days, the client’s temporary license will expire, and the client will get a new license (either a temporary license if no normal licenses are available, or one of the new licenses that have been added).
NOTE: Logging on at the Terminal Server console uses one Client Access License, but this is not reflected in the license count in License Manager. In the event that only one Client Access License is available, RDP clients (at the console or elsewhere) will not be able to connect even though the License Manager in-use license count is zero.
If no Client Access Licenses are available, not even the administrator can connect through the RDP client. This is different from normal licensing behavior because administrators can always log on at the console or connect to the server remotely even if no licenses are available. Administrators must log on at the Terminal Server console, or access the server by means other than the RDP client, if the Terminal Server runs out of licenses.
When an RDP client is denied access, the client will receive the generic message, ‘Terminal Server has ended the connection.’
License information is recorded on the Terminal Server, Windows NT, and Windows 95 computers under:
HKEY_LOCAL_MACHINE\Software\Microsoft\MSLicensing
Licenses are stored on the Terminal Server in the %systemroot%\system32\lserver directory in the hydra.mdb file. Computers running Windows for Workgroups 3.11 store licensing information in the *.bin files in the Regdata directory under System. The typical path is C:\Windows\System\Regdata.
Terminal Server License Manager creates seven temporary files in the System32 directory. The temporary files are called JET1.TMP through JET7.TMP. These files are used to temporarily store newly created licenses.
When an RDP client connects to a Terminal Server and requests a license, the initial license is generated and cached in the appropriate JETx.TMP file. The license is sent to the client, and the client stores the license (in the registry or in the mstsc.ini file as mentioned). Licenses are tied to the client computer, so some computer-specific information is added to the license, during the license request or when the license is presented to the client (the details on this process are sketchy. Please comment this article if you have further information). The license is presented to the Terminal Server as part of logon, written to the license database, and removed from the JETx.TMP file.
It is possible to have more than seven JETx.TMP files. If the server is powered off without using the shutdown routine or if the server is shut down inside an RDP client session, the JETx.TMP files are not cleaned up. Shutting the server down through an RDP client session is generally not an issue, since services are written to handle power outages by committing cached data very quickly. Administrators should be aware, however, that the normal shutdown procedures are not followed. If you shut down the server at the console, all services are stopped before the server shuts down. The server shuts down immediately, without stopping services correctly if the shutdown is performed through a client session. Because services are not notified, the JETx.TMP files will already exist when the server is restarted. The Terminal Server License Manager service will create seven new JETx.TMP files.
If JETx.TMP files numbered 1-7 exist, the server will create new files numbered 8-14. If you deleted files 1-7 (which could be done since they would not be open) and shutdown the system through the RDP client again, the new files created at startup would again be numbered 1-7. So, the highest numbered files are not necessarily the files that are in use
If left over JETx.TMP files are an issue, simply delete JET*.TMP files. Only the closed, unused files will be deleted. You cannot delete open files, or delete files in use.
Posted in Remote Access | No Comments »
July 13th, 2006
|
Purpose & Scope
|
|
What is SUS
|
|
| |
|
Procedure
|
Microsoft SUS is a free patch management tool provided by Microsoft to help network administrators deploy security patches more easily. In simple terms, Microsoft SUS is a version of Windows Update that you can run on your network.
Today corporations have to frequently check the Windows Update site or the Microsoft Security Web site for patches. Then they have to manually download patches that have been made available since they last visited the site, test the patches, and then distribute the patches manually or by using their traditional software-distribution tools.
Instead of each workstation having to connect to the Internet to update Windows, each workstation connects to the Microsoft SUS Server instead and updates from there. Microsoft SUS Server alone requires access to the public Internet as it connects to Windows Update.
Software Update Services solves these problems by providing dynamic notification of critical updates to Windows computers as well as automatic distribution of those updates to your corporate Windows desktops and servers. For Software Update Services to function, only one corporate intranet computer requires access to the public Internet.
By connecting to Windows Update, Microsoft SUS Server provides notification of critical updates as well as performing automatic distribution of those updates to your workstations and servers. Microsoft SUS server gives the administrator control over updates: The administrator can test and approve updates from the public Windows Update site before deployment on the corporate intranet. Deployment takes place on a schedule created by the administrator.
Software Update Services leverages the successful Windows Automatic Updates service first available in Windows XP, and allows information technology professionals to configure a server that contains content from the live Windows Update site in their own Windows-based intranets to service corporate servers and clients.
Software Update Services
The server features include:
· Built-in security. The administrative pages are restricted to local administrators on the computer that hosts the updates. The synchronization validates the digital certificates on any downloads to the update server. If the certificates are not from Microsoft, the packages are deleted.
· Selective content approval. Updates synchronized to your server running Software Update Services are not made automatically available to the computers that have been configured to get updates from that server. The administrator approves the updates before they are made available for download. This allows the administrator to test the packages being deploying them.
· Content synchronization. The server is synchronized with the public Windows Update service either manually or automatically. The administrator can set a schedule or have the synchronization component of the server do it automatically at preset times. Alternatively, the administrator can use the Synchronize Now button to manually synchronize.
· Server-to-server synchronization. Because you may need multiple servers running Microsoft SUS inside your corporation in order to bring the updates closer to your desktops and servers for downloading, Microsoft SUS will allow you to point to another server running Microsoft SUS instead of Windows Update, allowing these critical software updates to be distributed around your enterprise.
· Update package hosting flexibility. Administrators have the flexibility of downloading the actual updates to their intranet, or pointing computers to a worldwide network of download servers maintained by Microsoft. Downloading updates might appeal to an administrator with a network closed to the Internet. Large networks spread over geographically disparate sites might find it more beneficial to use the Microsoft maintained download servers. These are the actual Windows Update download servers. In a scenario like this, an administrator would download and test updates at a central site, then point computers requiring updates to one of the Windows Update download servers. Microsoft maintains a worldwide network of these type servers.
· Multi-language support. Although the Software Update Services administrative interface is available only in English or Japanese, the server supports the publishing of updates to multiple operating-system language versions. Administrators can configure the list of languages for which they want updates downloaded.
· Remote administration via HTTP or HTTPS. The administrative interface is Web-based and therefore allows for remote (internal) administration using Internet Explorer 5.5 or higher.
· Update status logging. You can specify the address of a Web server where the Automatic Updates client should send statistics about updates that have been downloaded, and whether the updates have been installed. These statistics are sent using the HTTP protocol and appear in the log file of the Web server.
Download Software Update Services Server 1.0 with Service Pack 1 HERE (33mb)
Microsoft SUS Server limitations
Though very good as what it does, Microsoft’s patch management tool does have a few limitations:
· It does not push out service packs; you need a separate solution for that.
· It only handles patches at operating system level (including Internet Explorer and IIS), but not application patches such as Microsoft Office, Microsoft Exchange Server, Microsoft SQL Server, etc.
· It requires Windows 2000 and up, so it cannot patch Windows NT 4 systems.
· It cannot deploy custom patches for third party software.
· It does not allow you to scan your network for missing patches, so you cannot check if everything has been installed correctly. There is no easy reporting system for this.
This means that you still require a patch management solution to perform the above tasks. Microsoft does not plan to add the above features, since it promotes Microsoft SMS server as a tool for that. So, Microsoft SUS server is ideal for operating system patches if used in conjunction with a patch management tool.
Read more on how to overcome SUS’s limitations by using a 3rd party tool called GFI LANguard Network Security Scanner.
Windows Automatic Update Client
To use SUS on your network you will need to use the Windows Automatic Update Client.
The client is based on the Windows Automatic Updates technology that was significantly updated for Windows XP. Automatic Updates is a proactive pull service that enables users with administrative privileges to automatically download and install Windows updates such as critical operating-system fixes and Windows security patches. The features include:
- Built-in security: Only users with local administrative privileges can interact with Automatic Updates. This prevents unauthorized users from tampering with the installation of critical updates. Before installing a downloaded update, Automatic Updates verifies that Microsoft has digitally signed the files.
- Just-in-time validation: Automatic Updates uses the Windows Update service technologies to scan the system and determine which updates are applicable to a particular computer.
- Background downloads: Automatic Updates uses the Background Intelligent Transfer Service (BITS), an innovative bandwidth-throttling technology built into Windows XP and newer operating systems, to download updates to the computer. This bandwidth-throttling technology uses only idle bandwidth so that downloads do not interfere with or slow down other network activity, such as Internet browsing.
- Chained installation: Automatic Updates uses the Windows Update technologies to install downloaded updates. If multiple updates are being installed and one of them requires a restart, Automatic Updates installs them all together and then requests a single restart.
- Multi-user awareness: Automatic Updates is multi-user aware, which means that it displays different UI depending on which administrative user is logged on.
- Manageability: In an Active Directory environment, an administrator can configure the behavior of Automatic Updates using Group Policy. Otherwise, an administrator can remotely configure Automatic Updates using registry keys through the use of a logon script or similar mechanism.
- Multi-language support: The client is supported on localized versions of Windows.
This update applies to the following operating systems:
- Windows 2000 Professional with Service Pack 2
- Windows 2000 Server with Service Pack 2
- Windows 2000 Advanced Server with Service Pack 2
- Windows XP Professional
- Windows XP Home Edition
Note: Windows 2000 Service Pack 3 (SP3) and Windows XP Service Pack 1 (SP1) include the Automatic Updates component, eliminating the need to download the client component separately.
Download Windows automatic updating (SUS Client) HERE (1mb)
Administrator Control via Policies
The Automatic Updates behavior can be driven by configuring Group Policy settings in an Active Directory environment.
Administrators can use Group Policy in an Active Directory environment or can configure registry keys to specify a server running Software Update Services. Computers running Automatic Updates then use this specified server to get updates.
The Software Update Services installation package includes a policy template file, WUAU.ADM, which contains the Group Policy settings described earlier in this paper. These settings can be loaded into Group Policy Editor for deployment. These policies are also included in the System.adm file in Windows 2000 Service Pack 3, and will be included in the Windows Server 2003 family, and in Windows XP Service Pack 1.
Download Software Update Services 1.0 ADM File for Service Pack 1 HERE (25kb)
Loading of the WUAU.ADM template in GPO
Image of the WUAU.ADM template in place
Images of the GPO setting options for Windows Automatic Updates.
After you have configured the Microsoft SUS client, patches are deployed automatically. The user is notified through a message in the task bar (see image).
System Requirements and supported clients
System Requirements:
· Supported Operating Systems: Windows 2000, Windows Server 2003
SUS Server 1.0 with SP1 has the following minimum hardware requirements:
· Pentium III 700 MHz or higher processor
· 512 megabytes (MB) of RAM
· 6 gigabytes (GB) of available hard disk space
Your client computers must be running Windows 2000 Professional with Service Pack 2 (SP2) or later, Windows XP Professional, or Windows 2000 Server with SP2 or later in order to run Automatic Updates. Note: Windows NT 4.0 is not supported.
SUS supports updates for Windows 2000 Professional with Service Pack 2, Windows 2000 Server, and Windows XP Professional. It does not include provisions for updates to any other Microsoft products such as Microsoft Office, SQL Server, or Exchange Server.
SUS with SP1 can now be used to deploy Service Packs - SP1 for XP and SP4 for W2K.
SUS Server 1.0 with SP1 automatically installs under the Web site that is currently running. It will not interfere with this or any other Web sites. If no other Web site is currently running, SUS Server 1.0 with SP1 will create a new Web site.
Read more about SUS management on the GFI LANguard Network Security Scanner page.
Here are a few screenshots of SUS and it’s main screens:
SUS Welcome screen
SUS Synchronize Now and Schedule buttons
The Synchronization settings window
The Synchronization process and detail window
The Synchronization Log
Microsoft Software Update Services (SUS)
Download Software Update Services Server 1.0 with Service Pack 1 HERE (33mb)
Download Windows automatic updating (SUS Client) HERE (1mb)
Download Software Update Services 1.0 ADM File for Service Pack 1 HERE (25kb)
Software Update Services Deployment White Paper (Doc, 2.51mb)
|
|
Posted in Information Technologies | No Comments »
July 13th, 2006
|
Question
|
|
Instructions:State the question.
|
|
| |
|
Answer
|
SBS 2000 is an easy installation. The installation phase can be divided into 2 distinctive sections: The simple-good-old Windows 2000 setup process, and the SBS Back-office components installation phase.
Installing the W2K phase is just like installing W2K. However, after running that part there are a few things you should be aware of BEFORE you begin the second phase.
Make sure to get hold of and install SBS Service Pack 1. That is basically Windows 2000 SP3, Exchange 2000 SP3 and ISA SP1. There are other parts to the actual Service Pack but if you cannot get it on time, the regular Service Packs will be fine. Read this for more: Small Business Server 2000 Patches.
Make sure to use the wizards! When setting up users, you will use a wizard. These are very good, but you must use them so you do not get into issues with security. Specifically, the wizard creates a client setup disk for use on each PC. During the installation (on the client) the setup disk sets up the local user rights etc.
Set up all users with Power User rights (done using the wizard). This will allow them to add software etc. However, you do not need to do this. Just a suggestion.
Unlike the previous versions of SBS, you can set the IP addressing as you wish without issue.
During the installation, make sure to set the Company Shared Folder and Users Shared Folder onto a drive with enough storage space for the future. These folders are automatically referenced on each users desktop after installation, so SBS wants the users to use them.
SBS will automatically set the users personal folder to map to the ‘Z’ drive. No need for you do do manually. However, if you do not want passwords to expire, you will need to make this change using AD Users and Groups.
Also, SBS 2000 does not by default set-up profile paths if you want to use them you’ll have to do it manually.
If you have more than one network card make sure to disable the one that will NOT be used for the internal network. SBS hates that. If you are going to set-up a broadband or router on the other network card, only enable it after the installation of the main system.
After the initial installation, you will be presented with a ‘To do’ list. It is VITAL that you set the ‘Configure Internet Information Services’. If you do not do this, everything fails after a while.
Make sure to use the ‘Internet Connection Wizard’ under the ‘to do’ list to configure your internet settings. This will set-up IIS, ISA, Exchange and Internet settings for you. It is very good, but you can make your own changes the good old manual way after. Remember, if you make your own changes, they would be reset by the wizard if you ran it again.
Oh, one last thing…. You HAVE to use NTFS format.
|
|
Posted in Information Technologies | No Comments »
July 13th, 2006
|
Question
|
|
Instructions:State the question.
|
|
| |
|
Answer
|
Windows Server 2003 Terminal Services supports four levels of encryption: Low, Client Compatible, FIPS Compliant, and High.
The following list describes what the encryption levels do: • Low: This level encrypts data sent from the client to the server using 56-bit encryption, helps secure the user logon information and data that is sent to the server, but does not encrypt the data that is sent from the server to the client. Microsoft recommends that you use this encryption level in an intranet environment.
• Client Compatible: This level encrypts data sent between the client and the server at the maximum key strength that the client supports. Use this level when the terminal server runs in an environment that contains mixed or earlier-version clients.
• FIPS Compliant: This level encrypts and decrypts data sent from a client to the server and from the server to a client with the Federal Information Processing Standard (FIPS) encryption algorithms by using the Microsoft cryptographic modules.
• High: By default, Windows Server 2003 uses this level of encryption. High encryption encrypts the data transmission in both directions by using a 128-bit key. Microsoft recommends that you use this encryption level if the network is not secure and is located in North America. Use this level when the terminal server runs in an environment that contains 128-bit clients only (such as Remote Desktop Connection clients). Clients that do not support this level of encryption cannot connect.
To Secure Communications:
To modify the encryption setting:
1. Click Start, point to Administrative Tools, and then click Terminal Services Configuration.
2. In the left pane, click Connections, and then double-click the connection whose encryption level you want to change.
3. Click General.
4. In the Encryption level box, click the appropriate encryption level, and then click OK.
Note The new encryption level takes effect the next time a user logs on. If you require multiple levels of encryption on one server, install multiple network adapters and configure each adapter separately.
|
|
Posted in Information Technologies | No Comments »
July 13th, 2006
Question
Instructions:State the question.
Answer
1. the appropriate permissions to allow the users and the computers to read and run the files, and then copy the I386 folder from the Windows XP Professional CD-ROM to this folder.
2. You can create a GPO for a domain, an organizational unit, or a site. It is recommended that you assign a GPO to an organizational unit that contains the users whose workstations you want to upgrade.
3. In that GPO, click to expand User Configuration, and then click to expand Software Settings.
4. Right-click Software installation, point to New, and then click Package.
5. In the Look in box, browse to the share where the I386 folder is located.
6. Make sure that the path that you enter is an accessible Universal Naming Convention (UNC) path and not a file system path.
7. Open the share that contains the Windows Installer package, click Winnt32.msi, and then click Open.
8. Click Publish, and then click OK.
Note: When you make changes to the GPO, these changes are not applied immediately to the target computers. Instead, they are applied according to the currently valid Group Policy refresh interval. In this scenario, when the program has been published to the users, it is available the next time the affected users log on.
Posted in Uncategorized | No Comments »
July 13th, 2006
|
Question
|
|
Instructions:State the question.
|
|
| |
|
Answer
|
First make sure you read and understand Active Directory Installation Requirements. If you don’t comply with all the requirements of that article you will not be able to set up your AD (for example: you don’t have a NIC or you’re using a computer that’s not connected to a LAN).
Note: This article is only good for understanding how to install the FIRST DC in a NEW AD Domain, in a NEW TREE, in a NEW FOREST. Meaning - don’t do it for any other scenario, such as a new replica DC in an existing domain. In order to install a Windows Server 2003 DC in an EXISTING Windows 2000 Domain follow the Windows 2003 ADPrep tip.
|
Daniel’s recommendations
|
|
If you are looking to really master Active Directory (or other Networking skills), I strongly recommend that you try Train Signal. I’ve discovered this company a few months ago and I always send people their way because the training is so good. You can see more HERE.
Daniel Petri
|
Windows 2000 Note: If you plan to install a new Windows 2000 DC please read How to Install Active Directory on Windows 2000.
Windows Server 2003 Note: If you plan to install a new Windows Server 2003 DC in an existing AD forest please read the page BEFORE you go on, otherwise you’ll end up with the following error:
Here is a quick list of what you must have:
· An NTFS partition with enough free space
· An Administrator’s username and password
· The correct operating system version
· A NIC
· Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway)
· A network connection (to a hub or to another computer via a crossover cable)
· An operational DNS server (which can be installed on the DC itself)
· A Domain name that you want to use
· The Windows Server 2003 CD media (or at least the i386 folder)
· Brains (recommended, not required…)
This article assumes that all of the above requirements are fulfilled.
Step 1: Configure the computer’s suffix
(Not mandatory, can be done via the Dcpromo process).
1. Right click My Computer and choose Properties.
2. Click the Computer Name tab, then Change.
3. Set the computer’s NetBIOS name. In Windows Server 2003, this CAN be changed after the computer has been promoted to Domain Controller.
4. Click More.
5. In the Primary DNS suffix of this computer box enter the would-be domain name. Make sure you got it right. No spelling mistakes, no ‘oh, I though I did it right…’. Although the domain name CAN be changed after the computer has been promoted to Domain Controller, this is not a procedure that one should consider lightly, especially because on the possible consequences. Read more about it on my Windows 2003 Domain Rename Tool page.
6. Click Ok.
7. You’ll get a warning window.
8. Click Ok.
9. Check your settings. See if they’re correct.
10. Click Ok.
11. You’ll get a warning window.
12. Click Ok to restart.
Step 2: Configuring the computer’s TCP/IP settings
You must configure the would-be Domain Controller to use it’s own IP address as the address of the DNS server, so it will point to itself when registering SRV records and when querying the DNS database.
Configure TCP/IP
1. Click Start, point to Settings and then click Control Panel.
2. Double-click Network and Dial-up Connections.
3. Right-click Local Area Connection, and then click Properties.
4. Click Internet Protocol (TCP/IP), and then click Properties.
5. Assign this server a static IP address, subnet mask, and gateway address. Enter the server’s IP address in the Preferred DNS server box.
Note: This is true if the server itself will also be it’s own DNS server.
If you have another operational Windows 2000/2003 server that is properly configured as your DNS server (read my Create a New DNS Server for AD page) - enter that server’s IP address instead:
6. Click Advanced.
7. Click the DNS Tab.
8. Select ‘Append primary and connection specific DNS suffixes’
9. Check ‘Append parent suffixes of the primary DNS suffix’
10. Check ‘Register this connection’s addresses in DNS’. If this Windows 2000/2003-based DNS server is on an intranet, it should only point to its own IP address for DNS; do not enter IP addresses for other DNS servers here. If this server needs to resolve names on the Internet, it should have a forwarder configured.
11. Click OK to close the Advanced TCP/IP Settings properties.
12. Click OK to accept the changes to your TCP/IP configuration.
13. Click OK to close the Local Area Connections properties.
Step 3: Configure the DNS Zone
(Not mandatory, can be done via the Dcpromo process).
This article assumes that you already have the DNS service installed. If this is not the case, please read Create a New DNS Server for AD.
Furthermore, it is assumed that the DC will also be it’s own DNS server. If that is not the case, you MUST configure another Windows 2000/2003 server as the DNS server, and if you try to run DCPROMO without doing so, you’ll end up with errors and the process will fail.
Creating a Standard Primary Forward Lookup Zone
1. Click Start, point to All Programs, point to Administrative Tools, and then click DNS Manager. You see two zones under your computer name: Forward Lookup Zone and Reverse Lookup Zone.
2. Right click Forward Lookup Zones and choose to add a new zone.
3. Click Next. The new forward lookup zone must be a primary zone so that it can accept dynamic updates. Click Primary, and then click Next.
4. The name of the zone must be the same as the name of the Active Directory domain, or be a logical DNS container for that name. For example, if the Active Directory domain is named ‘lab.dpetri.net’, legal zone names are ‘lab.dpetri.net’, ‘dpetri.net’, or ‘net’.
Type the name of the zone, and then click Next.
Accept the default name for the new zone file. Click Next.
6. To be able to accept dynamic updates to this new zone, click ‘Allow both nonsecure and secure dynamic updates’. Click Next.
7. Click Finish.
You should now make sure your computer can register itself in the new zone. Go to the Command Prompt (CMD) and run ‘ipconfig /registerdns‘ (no quotes, duh…). Go back to the DNS console, open the new zone and refresh it (F5). Notice that the computer should by now be listed as an A Record in the right pane.
If it’s not there try to reboot (although if it’s not there a reboot won’t do much good). Check the spelling on your zone and compare it to the suffix you created in step 1. Check your IP settings.
Enable DNS Forwarding for Internet connections (Not mandatory)
1. Start the DNS Management Console.
2. Right click the DNS Server object for your server in the left pane of the console, and click Properties.
3. Click the Forwarders tab.
4. In the IP address box enter the IP address of the DNS servers you want to forward queries to - typically the DNS server of your ISP. You can also move them up or down. The one that is highest in the list gets the first try, and if it does not respond within a given time limit - the query will be forwarded to the next server in the list.
5. Click OK.
Creating a Standard Primary Reverse Lookup Zone
You can (but you don’t have to) also create a reverse lookup zone on your DNS server. The zone’s name will be the same as your TCP/IP Network ID. For example, if your IP address is 192.168.0.200, then the zone’s name will be 192.168.0 (DNS will append a long name to it, don’t worry about it). You should also configure the new zone to accept dynamic updates. I guess you can do it on your own by now, can’t you?
Step 4: Running DCPROMO
After completing all the previous steps (remember you didn’t have to do them) and after double checking your requirements you should now run Dcpromo.exe from the Run command.
1. Click Start, point to Run and type ‘dcpromo’.
2. The wizard windows will appear. Click Next.
3. In the Operating System Compatibility windows read the requirements for the domain’s clients and if you like what you see - press Next.
4. Choose Domain Controller for a new domain and click Next.
5. Choose Create a new Domain in a new forest and click Next.
6. Enter the full DNS name of the new domain, for example - kuku.co.il - this must be the same as the DNS zone you’ve created in step 3, and the same as the computer name suffix you’ve created in step 1. Click Next.
This step might take some time because the computer is searching for the DNS server and checking to see if any naming conflicts exist.
7. Accept the the down-level NetBIOS domain name, in this case it’s KUKU. Click Next
8. Accept the Database and Log file location dialog box (unless you want to change them of course). The location of the files is by default %systemroot%\NTDS, and you should not change it unless you have performance issues in mind. Click Next.
9. Accept the Sysvol folder location dialog box (unless you want to change it of course). The location of the files is by default %systemroot%\SYSVOL, and you should not change it unless you have performance issues in mind. This folder must be on an NTFS v5.0 partition. This folder will hold all the GPO and scripts you’ll create, and will be replicated to all other Domain Controllers. Click Next.
10. If your DNS server, zone and/or computer name suffix were not configured correctly you will get the following warning:
This means the Dcpromo wizard could not contact the DNS server, or it did contact it but could not find a zone with the name of the future domain. You should check your settings. Go back to steps 1, 2 and 3. Click Ok.
You have an option to let Dcpromo do the configuration for you. If you want, Dcpromo can install the DNS service, create the appropriate zone, configure it to accept dynamic updates, and configure the TCP/IP settings for the DNS server IP address.
To let Dcpromo do the work for you, select ‘Install and configure the DNS server…’.
Click Next.
Otherwise, you can accept the default choice and then quit Dcpromo and check steps 1-3.
11. If your DNS settings were right, you’ll get a confirmation window.
Just click Next.
12. Accept the Permissions compatible only with Windows 2000 or Windows Server 2003 settings, unless you have legacy apps running on Pre-W2K servers.
13. Enter the Restore Mode administrator’s password. In Windows Server 2003 this password can be later changed via NTDSUTIL. Click Next.
14. Review your settings and if you like what you see - Click Next.
15. See the wizard going through the various stages of installing AD. Whatever you do - NEVER click Cancel!!! You’ll wreck your computer if you do. If you see you made a mistake and want to undo it, you’d better let the wizard finish and then run it again to undo the AD.
16. If all went well you’ll see the final confirmation window. Click Finish.
17. You must reboot in order for the AD to function properly.
18. Click Restart now.
Step 5: Checking the AD installation
You should now check to see if the AD installation went well.
1. First, see that the Administrative Tools folder has all the AD management tools installed.
2. Run Active Directory Users and Computers (or type ‘dsa.msc’ from the Run command). See that all OUs and Containers are there.
3. Run Active Directory Sites and Services. See that you have a site named Default-First-Site-Name, and that in it your server is listed.
4. Open the DNS console. See that you have a zone with the same name as your AD domain (the one you’ve just created, remember? Duh…). See that within it you have the 4 SRV record folders. They must exist.
= Good
If they don’t (like in the following screenshot), your AD functions will be broken (a good sign of that is the long time it took you to log on. The ‘Preparing Network Connections’ windows will sit on the screen for many moments, and even when you do log on many AD operations will give you errors when trying to perform them).
= Bad
This might happen if you did not manually configure your DNS server and let the DCPROMO process do it for you.
Another reason for the lack of SRV records (and of all other records for that matter) is the fact that you DID configure the DNS server manually, but you made a mistake, either with the computer suffix name or with the IP address of the DNS server (see steps 1 through 3).
To try and fix the problems first see if the zone is configured to accept dynamic updates.
1. Right-click the zone you created, and then click Properties.
2. On the General tab, under Dynamic Update, click to select ‘Nonsecure and secure’ from the drop-down list, and then click OK to accept the change.
You should now restart the NETLOGON service to force the SRV registration.
You can do it from the Services console in Administrative tools:
Or from the command prompt type ‘net stop netlogon‘, and after it finishes, type ‘net start netlogon‘.
Let it finish, go back to the DNS console, click your zone and refresh it (F5). If all is ok you’ll now see the 4 SRV record folders.
If the 4 SRV records are still not present double check the spelling of the zone in the DNS server. It should be exactly the same as the AD Domain name. Also check the computer’s suffix (see step 1). You won’t be able to change the computer’s suffix after the AD is installed, but if you have a spelling mistake you’d be better off by removing the AD now, before you have any users, groups and other objects in place, and then after repairing the mistake - re-running DCPROMO.
5. Check the NTDS folder for the presence of the required files.
6. Check the SYSVOL folder for the presence of the required subfolders.
7. Check to see if you have the SYSVOL and NETLOGON shares, and their location.
If all of the above is ok, I think it’s safe to say that your AD is properly installed.
|
|
Posted in Information Technologies | No Comments »
July 13th, 2006
Question
Instructions:State the question.
Answer
First make sure you read and understand Active Directory Installation Requirements. If you don’t comply with all the requirements of that article you will not be able to set up your AD (for example: you don’t have a NIC or you’re using a computer that’s not connected to a LAN).
Note: This article is only good for understanding how to install the SECOND DC in an EXISTING DOMAIN in and EXISTING AD FOREST.
Daniel’s recommendations
If you are looking to really master Active Directory (or other Networking skills), I strongly recommend that you try Train Signal. I’ve discovered this company a few months ago and I always send people their way because the training is so good. You can see more HERE.
Daniel Petri
Note: For the installation of the FIRST DC in the AD Domain read How to Install Active Directory on Windows 2003.
Here is a quick list of what you must have:
· An NTFS partition with enough free space
· The Domain Admin’s username and password
· The correct operating system version
· A NIC
· Properly configured TCP/IP (IP address, subnet mask and - optional - default gateway)
· A network connection (to a hub or to another computer via a crossover cable)
· A persistent and un-interrupted connection with the domain’s existing DC
· An operational DNS server which holds the relevant SRV Record information for the AD domain and forest
· The Domain name for the domain that you want to join
· The Windows 2003 CD media (or at least the i386 folder)
· Brains (recommended, not required…)
This article assumes that all of the above requirements are fulfilled.
For a Windows 2000 version of this article please read How to Install a Replica DC in an Existing AD Domain on Windows 2000.
Step 1: Configuring the computer’s TCP/IP settings
You must configure the would-be Domain Controller to use the IP address of the DNS server, so it will point to it when registering SRV records and when querying the DNS database.
Configure TCP/IP
1. Click Start, point to Settings and then click Control Panel.
2. Double-click Network and Dial-up Connections.
3. Right-click Local Area Connection, and then click Properties.
4. Click Internet Protocol (TCP/IP), and then click Properties.
5. Assign this server a static IP address, subnet mask, and gateway address (optional). Enter the DNS server’s IP address in the Preferred DNS server box.
Note: You MUST have an operational DNS server that already serves as the DNS server of the domain/forest.
6. Click Advanced.
7. Click the DNS Tab.
8. Select ‘Append primary and connection specific DNS suffixes’
9. Check ‘Append parent suffixes of the primary DNS suffix’
10. Check ‘Register this connection’s addresses in DNS’. If this Windows 2000-based DNS server is on an intranet, it should only point to its own IP address for DNS; do not enter IP addresses for other DNS servers here. If this server needs to resolve names on the Internet, it should have a forwarder configured.
11. Click OK to close the Advanced TCP/IP Settings properties.
12. Click OK to accept the changes to your TCP/IP configuration.
13. Click OK to close the Local Area Connections properties.
Step 2: Running DCPROMO
After completing all the previous steps and after double checking your requirements you should now run Dcpromo.exe from the Run command.
Note: In Windows Server 2003, unlike Windows 2000, you can choose to install the Replica DC from a backed-up media thus saving considerable amounts of time and bandwidth. Read Install DC from Media in Windows Server 2003 for more info.
1. Click Start, point to Run and type ‘dcpromo’.
2. The wizard windows will appear. Click Next.
3. In the Operating System Compatibility window click Next.
4. Choose Additional Domain Controller for an existing domain and click Next.
4. In the Network Credentials window enter the username and password for a Domain Admin in the domain you’re trying to join. also enter the full DNS domain name. Click Next.
This step might take some time because the computer is searching for the DNS server.
Note: Although the wizard will let you get to the last window and begin to attempt to join the domain, if you enter the wrong username or password, because of the wrong credentials you’ll get an error message:
If you enter the domain name in a wrong way you’ll get this error message:
The wizard will not be able to continue past the domain name window.
If you have wrong DNS settings, i.e. the computer ‘thinks’ that it should be ‘talking’ to one DNS server, while in fact it should be using another DNS server, you’ll get an error message like this one:
5. In the Additional Domain Controller window type or browse to select the domain to which you want to add the replica DC.
6. Accept the Database and Log file location dialog box (unless you want to change them of course). The location of the files is by default %systemroot%\NTDS, and you should not change it unless you have performance issues in mind. Click Next.
7. Accept the Sysvol folder location dialog box (unless you want to change it of course). The location of the files is by default %systemroot%\SYSVOL, and you should not change it unless you have performance issues in mind. This folder must be on an NTFS v5.0 partition. This folder will hold all the GPO and scripts you’ll create, and will be replicated to all other Domain Controllers. Click Next.
8. Enter the Restore Mode administrator’s password. Whatever you do - remember it! Without it you’ll have a hard time restoring the AD if you ever need to do so. Click Next.
9. Review your settings and if you like what you see - Click Next.
10. See the wizard going through the various stages of installing AD. Whatever you do - NEVER click Cancel!!! You’ll wreck your computer if you do. If you see you made a mistake and want to undo it, you’d better let the wizard finish and then run it again to undo the AD.
11. If all went well you’ll see the final confirmation window. Click Finish.
12. You must reboot in order for the AD to function properly. Click Restart now.
Step 3: Checking the AD installation
You should now check to see if the AD installation went well.
1. First, see that the Administrative Tools folder has all the AD management tools installed.
2. Run Active Directory Users and Computers (or type ‘dsa.msc’ from the Run command). See that all OUs and Containers are there. See that your DC is listed in the Domain Controllers Container.
3. Run Active Directory Sites and Services. See that you have a site named Default-First-Site-Name, and that in it your server is listed along with the other DC in the domain/forest.
4. Open the DNS console. See that your new DC has registered itself in the 4 SRV Record folders.
One reason for the lack of registration of SRV records is the fact the net NETLOGON service has somehow failed to register the SRV Records in the DNS zone.
You should try to restart the NETLOGON service to force the SRV registration.
From the command prompt type ‘net stop netlogon’, and after it finishes, type ‘net start netlogon’.
Let it finish, go back to the DNS console, click your zone and refresh it (F5). If all is ok you’ll now see the 4 SRV record folders.
5. Check the NTDS folder for the presence of the required files.
6. Check the SYSVOL folder for the presence of the required subfolders.
7. Check to see if you have the SYSVOL and NETLOGON shares, and their location.
If all of the above is ok, I think it’s safe to say that your AD is properly installed.
Posted in Information Technologies | No Comments »
July 13th, 2006
|
Question
|
|
Instructions:State the question.
|
|
| |
|
Answer
|
You can automatically run DCPROMO during an unattended installation. Enter the command
|
|
Posted in Information Technologies | No Comments »
July 13th, 2006
|
Question
|
|
Instructions:State the question.
|
|
| |
|
Answer
|
You can automatically run DCPROMO during an unattended installation. Enter the command
You’ll see a dialog box that says DCPROMO is running in unattended mode. Then, the machine will reboot.
You can also add DCPROMO to the unattended file that’s used to install your server.
|
Daniel’s recommendations
|
|
If you are looking to really master Active Directory (or other Networking skills), I strongly recommend that you try Train Signal. I’ve discovered this company a few months ago and I always send people their way because the training is so good. You can see more HERE.
Daniel Petri
|
The Microsoft Windows 2000 Resource Kit details the DCInstall section’s parameters in the file Unattend.doc:
|
Value
|
Explanation
|
|
AdministratorPassword
|
The new password for the domain Administrator account
|
|
AutoConfigDNS
|
Specifies whether the wizard should configure DNS
|
|
ChildName
|
Name of the child part of the domain
|
|
CreateOrJoin
|
Specifies whether the domain will join an existing forest or create a new one
|
|
DatabasePath
|
Location for the Active Directory database
|
|
DNSOnNetwork
|
Used when a new forest of domains is installed and no DNS client is configured on the computer
|
|
DomainNetBiosName
|
NetBIOS name for the domain
|
|
IsLastDCInDomain
|
Only valid when demoting an existing domain controller to a member server
|
|
LogPath
|
Path for the Directory Service (DS) logs
|
|
NewDomainDNSName
|
Name of the new tree or when a new forest is created
|
|
ParentDomainDNSName
|
Specifies the name of the parent domain
|
|
Password
|
Password for the username used to promote the server
|
|
RebootOnSuccess
|
Specifies whether an automatic reboot should be performed
|
|
ReplicaDomainDNSName
|
Name of the domain to be replicated from
|
|
ReplicaOrMember
|
Specifies whether a Windows NT 4.0 or 3.51 BDC being upgraded should become a replica domain controller or be demoted to a regular member server
|
|
ReplicaOrNewDomain
|
Specifies whether the machine is a new domain controller in a new domain or a replica of an existing domain
|
|
SiteName
|
Name of the site (Default-First-Site by default)
|
|
SysVolPath
|
Path of SYSVOL
|
|
TreeOrChild
|
Specifies whether entry is a new tree or child of existing domain
|
|
UserDomain
|
Domain for the user being used in promotion
|
|
UserName
|
Name of the user performing the upgrade
|
Because the DCPROMO process occurs after setup, the created answer file must be called $winnt$.inf and copied to the \system32 folder. You need to add the following text to the GUIRunOnce section of the unattended Setup answer file:
After the DCPROMO process completes, DCPROMO removes password information from the $winnt$.inf file. To make this process easier because the RunOnce command doesn’t execute until someone logs on to the computer, you can add the following text to the unattended answer file.
[GUIUnattended]
Autologon = yes ; automatically logs on the administrator account
AutoLogoncount = n ; number of times to perform auto-admin logon
Don’t use items such as %systemroot% or %windir%, because the unattended installation process doesn’t understand them.
You can just create a DCInstall section directly in your unattend.txt file to avoid having multiple unattended setup files. Enter text such as the following:
My example script would create a new forest with the domain dpetri.net at the top and the new domain controller in the site Lab. The SYSVOL, logs, and Active Directory (AD) files would be in the default locations. The new domain Administrator account password would be password.
|
|
Posted in Uncategorized | No Comments »
July 13th, 2006
Question
Instructions:State the question.
Answer
When you try to remove a domain controller from your Active Directory domain by using Dcpromo.exe and fail, or when you began to promote a member server to be a Domain Controller and failed (the reasons for your failure are not important for the scope of this article), you will be left with remains of the DCs object in the Active Directory. As part of a successful demotion process, the Dcpromo wizard removes the configuration data for the domain controller from Active Directory, but as noted above, a failed Dcpromo attempt might leave these objects in place.
Daniel’s recommendations
If you are looking to really master Active Directory (or other Networking skills), I strongly recommend that you try Train Signal. I’ve discovered this company a few months ago and I always send people their way because the training is so good. You can see more HERE.
Daniel Petri
The effects of leaving such remains inside the Active Directory may vary, but one thing is sure: Whenever you’ll try to re-install the server with the same computername and try to promote it to become a Domain Controller, you will fail because the Dcpromo process will still find the old object and therefore will refuse to re-create the objects for the new-old server.
In the event that the NTDS Settings object is not removed correctly you can use the Ntdsutil.exe utility to manually remove the NTDS Settings object.
If you give the new domain controller the same name as the failed computer, then you need perform only the first procedure to clean up metadata, which removes the NTDS Settings object of the failed domain controller. If you
will give the new domain controller a different name, then you need to perform all three procedures: clean up metadata, remove the failed server object from the site, and remove the computer object from the domain controllers container.
You will need the following tool: Ntdsutil.exe, Active Directory Sites and Services, Active Directory Users and Computers.
Also, make sure that you use an account that is a member of the Enterprise Admins universal group.
Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.
To clean up metadata
1. At the command line, type Ntdsutil and press ENTER.
C:\WINDOWS>ntdsutil
ntdsutil:
2. At the Ntdsutil: prompt, type metadata cleanup and press Enter.
ntdsutil: metadata cleanup
metadata cleanup:
3. At the metadata cleanup: prompt, type connections and press Enter.
metadata cleanup: connections
server connections:
4. At the server connections: prompt, type connect to server , where is the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter.
server connections: connect to server server100
Binding to server100 …
Connected to server100 using credentials of locally logged on user.
server connections:
5. Type quit and press Enter to return you to the metadata cleanup: prompt.
server connections: q
metadata cleanup:
6. Type select operation target and press Enter.
metadata cleanup: Select operation target
select operation target:
7. Type list domains and press Enter. This lists all domains in the forest with a number associated with each.
select operation target: list domains
Found 1 domain(s)
0 - DC=dpetri,DC=net
select operation target:
8. Type select domain , where is the number corresponding to the domain in which the failed server was located. Press Enter.
select operation target: Select domain 0
No current site
Domain - DC=dpetri,DC=net
No current server
No current Naming Context
select operation target:
9. Type list sites and press Enter.
select operation target: List sites
Found 1 site(s)
0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
select operation target:
10. Type select site , where refers to the number of the site in which the domain controller was a member. Press Enter.
select operation target: Select site 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Domain - DC=dpetri,DC=net
No current server
No current Naming Context
select operation target:
Type list servers in site and press Enter. This will list all servers in that site
select operation target: List servers in site
Found 2 server(s)
0 - CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
1 - CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
select operation target:
12. Type select server and press Enter, where refers to the domain controller to be removed.
select operation target: Select server 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Domain - DC=dpetri,DC=net
Server - CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
DSA object - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
DNS host name - server200.dpetri.net
Computer object - CN=SERVER200,OU=Domain Controllers,DC=dpetri,DC=net
No current Naming Context
select operation target:
13. Type quit and press Enter. The Metadata cleanup menu is displayed.
select operation target: q
metadata cleanup:
14. Type remove selected server and press Enter.
1. In Active Directory Users and Computers, expand the domain controllers container.
2. Delete the computer object associated with the failed domain controller.
3. Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation (which, of course, you cannot perform, otherwise you wouldn’t be reading this article, would you…) Select ‘This DC is permanently offline…’ and click on the Delete button.
4. AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes.
To remove the failed server object from DNS
1. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
2. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
3. If you have reverse lookup zones, also remove the server from these zones.
Other considerations
Also, consider the following:
· If the removed domain controller was a global catalog server, evaluate whether application servers that pointed to the offline global catalog server must be pointed to a live global catalog server.
· If the removed DC was a global catalog server, evaluate whether an additional global catalog must be promoted to the address site, the domain, or the forest global catalog load.
· If the removed DC was a Flexible Single Master Operation (FSMO) role holder, relocate those roles to a live DC.
· If the removed DC was a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.
· If the removed DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.
Posted in Uncategorized | No Comments »
July 13th, 2006
View products that this article applies to.
|
Article ID
|
:
|
824684
|
|
Last Review
|
:
|
August 3, 2005
|
|
Revision
|
:
|
8.1
|
SUMMARY
This article describes the standard terminology that Microsoft is adopting to describe software updates. This terminology is also included in the Microsoft Security and Privacy Glossary. To view the Microsoft Security and Privacy Glossary, visit the following Microsoft Web site:
MORE INFORMATION
Microsoft is adopting the following standard terminology to describe software updates:
|
•
|
ConnectorDefinition: A connector is a software component that is designed to support connections between software.
|
|
•
|
Critical UpdateDefinition: A critical update is a broadly released fix for a specific problem that addresses a critical, non-security-related bug.
Additional Information: Critical updates are available for customers to download and are accompanied by a Microsoft Knowledge Base article.
|
|
•
|
Development KitDefinition: A development kit is software that is designed to help developers to write new programs. Development kits typically include a visual builder, an editor, and a compiler.
|
|
•
|
DriverDefinition: A driver is a software component that is designed to support new hardware.
|
|
•
|
Feature PackDefinition: A feature pack is new product functionality that is first distributed outside the context of a product release and that is typically included in the next full product release.
|
|
•
|
GuidanceDefinition: Guidance includes scripts, sample code, and technical documentation that is designed to help deploy and use a product or a technology.
|
|
•
|
HotfixDefinition: A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a product. Hotfixes address a specific customer situation and may not be distributed outside the customer organization.
Installing a .NET Framework hotfix will uninstall previous related .NET Framework hotfixes. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
) You install a software update for the .NET Framework that uninstalls previously installed software updates for the .NET Framework
Additional Information: Hotfixes are distributed by Microsoft Product Support Services. Customers may not redistribute hotfixes without written, legal consent from Microsoft.
|
|
•
|
Security UpdateDefinition: A security update is a broadly released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated based on their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low.
Additional Information: Microsoft security updates are available for customers to download and are accompanied by two documents: a security bulletin and a Microsoft Knowledge Base article. For more information about the format of Microsoft Knowledge Base articles for Microsoft security updates, click the following article number to view the article in the Microsoft Knowledge Base:
Description of the format of Microsoft Knowledge Base articles for Microsoft security updates
|
|
•
|
Service PackDefinition: A service pack is a tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Service packs may also contain additional fixes for problems that are found internally since the release of the product and a limited number of customer-requested design changes or features.
Additional Information: Microsoft service packs are available for download and are accompanied by Microsoft Knowledge Base articles.
|
|
•
|
Software UpdateDefinition: A software update is any update, update rollup, service pack, feature pack, critical update, security update, or hotfix that is used to improve or to fix a software product that is released by Microsoft Corporation.
Additional Information: A Microsoft software update is accompanied by a Microsoft Knowledge Base article.
|
|
•
|
ToolDefinition: A tool is a utility or a feature that helps to complete a task or a set of tasks.
|
|
•
|
UpdateDefinition: An update is a broadly released fix for a specific problem. An update addresses a non-critical, non-security-related bug.
Additional Information: Microsoft updates are available for customers to download and are accompanied by a Microsoft Knowledge Base article.
|
|
•
|
Update RollupDefinition: An update rollup is a tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS).
Additional Information: Microsoft update rollups are available for customers to download and are accompanied by a Microsoft Knowledge Base article.
|
|
•
|
UpgradeDefinition: An upgrade is a software package that replaces an installed version of a product with a newer version of the same product. The upgrade process typically leaves existing customer data and preferences intact while replacing the existing software with the newer version.
|
|
|
| |
|
Additional Comments
|
|
Instructions:
|
|
|
|
|
|
|
|
| No Article Comment records are available in this view. |
|
|
| 0 of 0 selected. |
|
|
|
|
Status: Unapproved
Posted in Uncategorized | No Comments »
July 13th, 2006
Question
Can I rename my Windows 2003 Domain? Can I move Child Domains between different trees in Active Directory?
Answer
Yes you can, by using the Windows Server 2003 Active Directory Domain Rename Tools.
The Windows Server 2003 Active Directory Domain Rename Tools provide a secure and supported methodology to rename one or more domains (as well as application directory partitions) in a deployed Active Directory forest. The DNS name and/or the NetBIOS name of a domain can be changed using the domain rename procedure.
This functionality is not available in Microsoft Windows 2000 Server family.
Note: Windows Server 2000 AD Domains CAN be renamed if they are still in Mixed mode (see Windows 2000 Domain Rename page for more info).
Daniel’s recommendations
If you are looking to really master Active Directory (or other Networking skills), I strongly recommend that you try Train Signal. I’ve discovered this company a few months ago and I always send people their way because the training is so good. You can see more HERE.
Daniel Petri
Microsoft Windows Server 2003 family provides the capability to rename domains in an Active Directory forest after the forest structure is in place. The structure of an Active Directory forest is the result of the order in which you create domains and the hierarchical names of those domains. Beginning with the forest root domain, all child domains derive their distinguished names and default DNS names from the forest root domain name. The same is true of every additional tree in the forest. The way to change the hierarchical structure of an existing domain tree is to rename the domains. For example, you can rename a child domain to have a different parent, or rename a child domain to be a new tree-root domain. In each case, you reposition an existing domain to create a different domain-tree structure. Alternatively, you can rename domains without affecting the structure. For example, if you rename a root domain, the names of all child domains below it are also changed, but you have not created a different domain-tree structure.
In Windows Server 2003, the goal of the domain rename functionality is to ensure a supported method to rename domains when necessary; it is not intended to make domain rename a routine operation. Thus, although renaming domains is possible in Windows Server 2003, the process is complex and should not be undertaken lightly.
Constraints to Restructuring Domains in a Windows 2000 Forest
The restructuring capabilities in a Windows Server 2003 forest provide solutions to problems that are not addressed in Windows 2000 Server family. In a Windows 2000 forest, renaming domains is essentially not possible after the forest structure is in place without moving domain contents or recreating them. The constraints associated with making domain name changes or domain-tree restructuring in Windows 2000 Active Directory are prohibitive.
In a Windows 2000 forest, you cannot:
· Change the DNS name or the NetBIOS name of a domain. Although you cannot rename a domain, you can achieve the same results by moving its contents into a new domain that has the name you want the existing domain to have. (Active Directory Object Manager (MoveTree) in the Windows 2000 Server family Support Tools can be used to move directory objects between domains.)
· Move a domain within a forest in a single operation. As above, you can clone items in and move items from a domain, but you cannot move the entire domain itself within a forest.
· Split a domain into two domains in a single operation. To split a domain, you must create a new domain and then move appropriate users and resources from the existing domain into the new domain.
· Merge two domains into a single domain in a single operation. To merge domains, you must move all the contents from one of the domains into the other and then demote all domain controllers in the empty domain and decommission it.
Thus, in a Windows 2000 forest, significant administrative overhead is associated with performing such manual move operations to achieve the domain-tree restructuring or renaming one or more domains.
Constraints to Restructuring Domains in a Windows Server 2003 Forest:
Windows Server 2003 family provides tools with which you can safely rename domains to restructure a Windows 2003 forest. When making a decision about whether to restructure an existing Windows Server 2003 forest, be sure to consider what you cannot do with forest restructuring. Although a Windows 2003 forest has forest restructuring capability, certain types of structural changes are not supported.
In a Windows Server 2003 forest, you cannot:
· Change which domain is the forest root domain. Changing the DNS or the NetBIOS name of the forest root domain, or both, is supported.
· Drop domains from the forest or add domains to the forest. The number of domains in the forest before and after the rename/restructure operation must remain the same.
· Rename a domain with the same name that another domain gave up in a single forest restructure operation.
Posted in Uncategorized | 1 Comment »
July 13th, 2006
|
Purpose & Scope
|
Details:
To install the Mac OS X Agent, the following needs to be configured properly before installing the actual Backup Exec ™ Macintosh Agent :
Note: The Mac OS X Agent is designed for Mac systems 10.1 or later versions.
http://seer.support.veritas.com/docs/271591.htm
|
|
| |
|
Procedure
|
Section 1: To install the Mac OS X - based Backup Exec Macintosh Agent using a naming service:
1. At the Mac OS X workstation, start NetInfo Manager.
Using the finder, click Applications and then Utilities.
2. Log on using an administrative account as shown in Figure 1 below.
Click Domain | Security | Authenticate.
Figure 1
3. Enable the root account as shown in Figure 2 below.
Click Domain | Security | Enable Root User.
Figure 2
4. Log on again if necessary using the same administrative account.
Click Domain | Security | Authenticate.
5. Set the root password (if necessary).
Click Domain | Security | Change Root Password.
6. Exit NetInfo Manager
Section 2: Installing the Backup Exec Macintosh Agent
1. Using Finder, select Applications | Utilities | Terminal
2. In the Terminal window, change to the root user by typing su at the command prompt and then pressing
3. Because the Macintosh Agent must communicate with the Backup Exec media server, you must either specify the IP address, use a naming service, or enter the media server’s IP address in the NetInfo database in order for communications to occur.
- To use a naming service (DNS, NIS, LDAP, etc.), you must configure the Macintosh to use this feature. For more information, see your Macintosh OS X documentation.
- To use the media server’s IP address, specify it in place of the media server name
- To use NetInfo, perform the steps listed in Modifying the NetInfo Database section 3 and then continue with step 4 in this section.
4. Copy the be_agnt.tar file, which contains the Macintosh OS X Agent, to a temporary directory on the workstation to be protected. The be_agnt.tar file is located on the Backup Exec ™ installation CD and in the Agents subdirectory of the Backup Exec media server’s Programs directory.
You can copy the file to the workstation via the network using FTP, a Macintosh share on the media server, or any other method you prefer. Or you can insert the Backup Exec installation CD in the workstation to be protected and copy the file from the CD.
Note: If you are pushing the Macintosh OS X Agent from the media server to the workstation using FTP, ensure that you use the binary transfer mode, not the ASCII mode. Prior to starting the file transfer, type binary at the command prompt on the media server, and then press .
5. At the workstation, from the temporary directory you want to use, type
tar -xvf be_agnt.tar
6. Press
7. Then, run the installation script by typing:
./INSTALL
8. Press
The installation begins by reporting the Macintosh platform to which the agent is being installed. You are prompted for information to complete the installation and configuration of the Backup Exec Macintosh Agent.
9. If prompted, select a language by typing the number that corresponds to the language you want to use, then press
10. Enter the full directory path where you want the Backup Exec Macintosh Agent to be installed
By default, the agent is installed in /etc/bkupexec. You can specify another directory. If the full directory path that you specify does not exist, you are prompted to have it created.
11. Enter the name for this workstation.
By default, the network node name is used. If you want to use a different name, make sure it is a unique name not used by other Backup Exec Macintosh agents.
12. You can choose to require a password for this workstation. If you do, you are prompted to enter a password.
For Backup Exec 9.x and later, to access the workstation, you must create a Backup Exec logon account that uses the same password as the one entered here. The logon account user name is ignored. Add this logon account as the resource credential for the workstation.
13. You are asked about the number of network interfaces in your workstation. If you have more than one network interface, you are asked if you want to specify which network interface to use.
If you answer yes, then you must specify an IP address of a local network interface for the agent to use. Should you have more than one network interface and choose not to specify which one to use, the agent will use an appropriate interface to communicate with a media server.
14. Enter the directory path that you want backed up
If you want to back up the Macintosh workstation’s entire hard disk, simply define a directory path as ‘/’. This allows the network administrator to select the entire disk for backup. You can create and publish upto eight unique directory paths.
Note: If your computer has more than one file storage volume on the same physical hard disk, or has more than one hard disk, then specifying the root directory (/) for backup will not protect all of the volumes. To back up the desired additional volumes, they must be specified individually. For example, to back up a disk called Videos, you must also specify /Volumes/Videos as one of the directories to be backed up.
15. Enter a unique resource name for each published path
The resource name is used by the media server to identify the contents of each published path.
If you chose a directory path of ‘/’, by default the resource name is [root]. For any other path, the default name is the path name.
16. To allow files to be restored to a published path, type ‘Y’ when prompted. If you do not want to allow the Backup Exec application to restore files, type N.
17. You can choose to require a password for each published path.
If you choose to password-protect the path, the password is required before Backup Exec can perform operations on this path.
18. You can continue to publish directory paths for backup and restore operations by repeating these steps.
19. When you have finished creating published paths, you are prompted to enter the names of the media servers that will back up your workstation. A maximum of twenty media servers is allowed.
After entering a media server name, the server is located and added to the list of valid media servers.
20. You are prompted to enter the frequency (in seconds) that you want the Backup Exec Macintosh Agent to send advertisement messages to the media servers so that the servers are aware that the workstation is accessible.
Note: It is recommended that you use the default frequency of 30 seconds.
21. You are prompted to choose a method to back up symbolic links. Choose one of the following methods:
- Method 1: The symbolically linked directory is handled as a special file and only the information required to create the symbolic link is backed up.
- Method 2: The symbolically linked directory is backed up as a normal directory. All files and subdirectories within the symbolically linked directory are also backed up.
22. After choosing a backup method for symbolic links, your Backup Exec Macintosh Agent configuration is complete. You can edit the agent.cfg file to change your agent configuration at any time. Changes to the configuration file take effect after the Macintosh workstation is rebooted.
23. Start the Mac OS X Agent by moving to the folder where the Backup Exec Macintosh Agent is installed by running the following command:
At the command prompt, type: ./agent.be &
The agent starts and runs in the background. The data on the Macintosh is now available for backup.
Section 3: Modifying the NetInfo Database
If a media server or other host is not reachable using a naming service, add it to the local NetInfo database.
To modify the NetInfo Database:
1. Using Finder, select Applications | Utilities | Terminal. In the Terminal window, change to the root user by typing su at the command prompt and then pressing .
2. Run the following commands in the Terminal window, replacing the myhost name and IP address with the name and IP address of your Backup Exec media server:
niutil -create . /machines/myhost
niutil -createprop . /machines/myhost name myhost
niutil -createprop . /machines/myhost ip_address 10.88.100.201
niutil -createprop . /machines/myhost serves ./local
ping -c 3 myhost
3. When finished, type exit to close the Terminal window
Products Applied:
Backup Exec for Windows Servers 10.0, 10.0 5484, 9.1, 9.1 4691, 9.1 4691 SP1
Subjects:
|
|
Posted in Information Technologies | No Comments »
July 13th, 2006
|
Purpose & Scope
|
How To add an Email signiture when writing an Email from CR
|
Procedure
|
Any time you are writhing an email from CRM you should add you’re personal signature.Before you start the email you should click on the button ‘Insert template’ then you should pick you’re name from the list then click on the “personal signature (for all)”The signature will know how you are and your job title and will insert the information automatically in to the subject and body of the message.
Now you can write you’re email.
|
M
|
|
| |
|
|
Read the rest of this entry »
Posted in Microsoft CRM | No Comments »
July 13th, 2006
| |
|
Problem
|
In Backup Exec there is an error related to accessing the Shadow Components. This will cause the backups to fail on the system and service states.
In Event Viewer you will see:
Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. Please check to see that the Event Service and Volume Shadow Copy Service are operating properly.
|
|
| |
|
Solution
|
Open a command prompt and type vssadmin List Writers. If no writers are listed then follow these steps:
Run regsvr32 ole32.dll and then restart the server.
|
|
| |
|
Additional Comments
|
When the server has been rebooted type vssadmin List Writers again. This should show a list of writers.
|
|
Posted in Information Technologies | No Comments »
July 13th, 2006
Network Infrastructure Technologies, Inc. is dedicated to providing a superior Customer Support experience. Our Case Processes enable us to deliver an unforgettable service experience to all of our customers though a systematic approach to handling cases. We leverage the case priority combined with our internal service level agreements and escalation process to ensure effective problem resolution. The components of the Network Infrastructure Technologies, Inc. Case Processes, described below, establish a means for the Customer Support Team to meet and exceed customer expectations.
Case Priority Level Definitions
Network Infrastructure Technologies, Inc. case priority level definitions are used to assist in the prioritization of handling Customer Support cases. We leverage the priority level set on cases submitted via the Network Infrastructure Technologies, Inc. Support Portal. Please use the guide below to assist in selecting the appropriate priority level. Please note that Network Infrastructure Technologies, Inc. reserves the right to modify the priority levels below and upgrade or downgrade the priority level of a Customer Support case at any time.
|
Priority Level
|
Application / Appliance Status
|
Impact on Business Operations
|
Issue Description
|
|
Priority 1: Critical
|
Down
|
Severe
|
Operation Stopped
|
|
Priority 2: High
|
Up
|
Significant
|
Operation Restricted
|
|
Priority 3: Medium
|
Up
|
Minor
|
Workaround Available
|
|
Priority 4: Low
|
Up
|
Little / No
|
Feature, information, documentation, & how-to requests
|
Service Level Agreements (SLAs)
Network Infrastructure Technologies, Inc. Customer Support Team follows internal service level agreements according to the priority level of the Customer Support case. Our SLAs provide a basis for timely responses. Please note that our SLAs apply only during the Customer Support office hours.
|
Priority Level
|
Acknowledgement†
|
Response‡
|
Contact
|
|
Priority 1: Critical
|
< 1 Hour
|
< 1 Hour
|
Support Manager
|
|
Priority 2: High
|
< 1 Hour
|
4 Hours
|
Support Engineer
|
|
Priority 3: Medium
|
< 1 Hour
|
1 Day
|
Support Engineer
|
|
Priority 4: Low
|
< 1 Hour
|
1 Day
|
Support Engineer
|
† Customer is contacted by e-mail, web, or phone to confirm the receipt of a case.
‡Customer is contacted by e-mail, web, or phone to gather additional information about the case and determine the necessary steps to reproduce the issue.
Escalation Process
Network Infrastructure Technologies, Inc. technically skilled Customer Support Team has a structured escalation process which ensures that the appropriate engineers are assigned to respond to cases efficiently and effectively. We use our escalation process as a guide to responding to cases and treat each case uniquely to ensure that we best address the issues at hand.
Priority 1: Critical
- The case is assigned a Customer Support Engineer who is identified to the customer.
- The assigned Customer Support Engineer is responsible for providing progress reports and the delivery of a response.
- The customer contact who opened the case is designated as the primary contact unless otherwise requested by the customer.
- A Support Manager is notified by the Customer Support Engineer after the case is verified as Priority 1.
- Status on the case is reviewed by the Support Management Team daily until a response is delivered.
Priority 2: High
- The case is assigned a Customer Support Engineer who is identified to the customer.
- The assigned Customer Support Engineer is responsible for providing progress reports and the delivery of a response.
Priority 3: Medium
- The case is addressed by the Customer Support Team who is responsible for delivering a response.
Priority 4: Low
- The case is addressed by the Customer Support Team who is responsible for delivering a response
|
|
| |
|
Additional Comments
|
|
Instructions:Provide any additional information that will help readers to complete this procedure.
|
|
|
|
|
|
|
|
| No Article Comment records are available in this view. |
|
|
| 0 of 0 selected. |
|
|
| Status: Unapproved |
Posted in Uncategorized | No Comments »
|
| | | |
Home
New Article Comment
Subscribe to this document
