Mark Empson's Blogalot

ADPREP Challenges

2009-06-11T14:07:00Z

I had an interesting challenge last month and figured that this is a great one for my blog. Being based in England, I had never come across this issue before so it was very interesting. I arrived on a customer site to help perform a Windows Server 2008 schema update and make sure that all was well and fix any challenges, should they arise. We started by following Microsoft best practice to update the schema and when we started to run ADPREP /Forestprep, we found the following error in the event log:...(read more)

Registry.pol fun

2009-06-11T12:04:00Z

Hi all, This month, I ran into an interesting challenge to do with group policies. Specifically, I was trying to figure out why a client was not getting a specific setting. While it is was the Group Policy Object (GPO) and it the version of the GPT.ini in SYSVOL was in sync, the client was still not getting the setting. One of my collegues suggested that I use this tool: http://www.gpoguy.com/FreeTools/FreeToolsLibrary/tabid/67/agentType/View/PropertyID/87/Default.aspx Which enabled me to see inside...(read more)

GPMC Error

2009-05-28T15:57:00Z

Hi All, I have been working on some servers recently with my good friend Mohnish and we came across an interesting error with the Group Policy Management Console (GPMC) Service Pack 1 (specifically). It seems that every time the administrator tries to click on the settings tab of ANY Group Policy Object (GPO), we see the following error: The error “An error occurred while generating report: Error text not available. Error code = 8013150a” does not seem to be referenced anywhere on the internet which...(read more)

Playing with NAP

2009-04-06T11:07:33Z

Hi all, I have been playing with Network Access Protection (NAP) recently and have a few pointers that may help you all out :) Event ID 204 on the NAP server is raised when clients do not meet policy requirements Event ID 201 on NAP server is raised when clients do not meet the requirements of CAP To see if nap is enabled on the client: Netsh nap client show stat To see if nap is enabled via GPO on the client: Netsh nap client show grouppolicy I know it...(read more)

Advanced Group Policy Management V3

2009-04-03T12:08:00Z

I was looking into AGPM v3 recently and thought that it would be good to put a reference to it on my Blog. The challenging thing is, this is a great tool but you have to know about it first to then realise it!. If you like Group Policies, then you will love this tool. In brief, this will enable you to take group policy management out of Active Directory and into a separate database that you can strictly control. This gives you the ability to have change control, historical version control, group...(read more)

Fine Grain Password Policies (FGPP)

2008-07-30T22:38:00Z

Hi, Having played with FGPP's recently at Teched, I figured that it would be good to publish the attributes that are required to create one and their value types. The attributes required for creating a fine grain password policy. msDS-PasswordSettingsPrecendence This is just a number you can make up (make sure you leave some space in the numbering for future use) msDS-PasswordReversibleEncryptionEnabled This attribute is boolean and defines if you want to store the passwords of the accounts (to whom...(read more)

Installing WSUS nightmares!

2008-07-30T22:25:00Z

Hi, I was installing WSUS v3.1.6001.65 and the installation kept failing just as it was copying files, the error I was getting was quite a strange one in the installation logs: An exception occurred during the Install phase. System.FormatException: Input string was not in a correct format. at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberFormatInfo info, Boolean parseDecimal) After many hours of research it turned out to be an issue with the performance...(read more)

RDP Ports

2008-07-19T16:59:01Z

Hi all, I know this is an old tip but I needed it last week and figured that I should keep it on my blog. I was trying to change the default port of my terminal services so that I could make it a little harder for my users if they try and bypass my web site. To change the default RDP port number: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Terminal Server\WinStations\RDP-Tcp set the value to the HEX of whatever port you want, for example: 10cc is port 4300 I hope you will find it useful...(read more)

Sponsor Jane Lewis

2008-07-10T18:53:00Z

Hi all, My good friend and colleague Jane is off to Madagascar for a charity cycle ride, please support here by clicking on the following link: https://secure.justgiving.com/rss/GetFundraisingBadge.asp?eventgivinggroupid=1336885&from=UKSponsorExit Thanks :)...(read more)

2008 interesting links

2008-07-02T16:22:00Z

If you are feeling a little limited in information about Windows 2008, check out the following featured components: · AD DS: Restartable Active Directory Domain Services Windows 2008 introduced new capabilities to start or stop directory services running on a domain controller without having to shut it down, allowing administrators to perform maintenance (offline defragmentation, security updates ,etc..) or recovery on the AD database without having to reboot into Directory Services Restore Mode...(read more)

Virtualising servers

2008-07-02T16:20:00Z

Hi All, I have started collecting a list of whitepapers based upon virtualisation of domain controllers and services, I just figured that you may find these of use! KB897615 Support policy for Microsoft software running in non-Microsoft hardware virtualization software http://support.microsoft.com/default.aspx?scid=kb;EN-US;897615 KB: 897613 Microsoft Virtual Server support policy http://www.support.microsoft.com/kb/897613 KB: 897614 Windows Server System software not supported within a Microsoft...(read more)

Exchange 2007 IS failure Oddity

2008-07-02T16:09:00Z

Hi all, I manage a local schools infrastructure in my spare time and they had this strange little issue: After a power outage, the information store on my Exchange 07 SP1 server (running Windows 2008) would not start. All other services were running ok and running the following command: SC Query MSExchangeIS I could see the following: State : 0 Stopped Win32_Exit_Code : 1066 (0x42a) Service_Exit_Code : 0 (0x0) Checkpoint : (0x0) Wait_Hint : (0x0) I did some research and it appeared that it may have...(read more)

Manual Connection objects in Active Directory

2008-04-02T18:40:00Z

Hi All, I had a question today that I wanted to get to the bottom of, it is an old question but as I obviously forgot the answer in detail, I had to find it. :) The queston was "How can I tell if a connection object is manual or not?" The first obvious place to look is the name, if it is called <automatically Generated> then it is KCC generated and therefor automatic. If it is manual, then it should be easy to tell because most sane people would call them something else. If not, then how can...(read more)

RDP to Windows 2008

2008-03-22T00:05:00Z

Hi all, I have installed a Windows 2008 server into my Windows 2003 domain, I then enabled RDP on my Windows 2008 server verified that I could connect from my Vista client on the network. While working from home, I quickly found out that I could not RDP onto my Windows 2008 server from my 2003/XP clients. Very annoying. The reason for this is that when I enabled RDP on the 2008 servers, I selected "Allow connections only from computers running Remote Desktop with Network Level Authentication (more...(read more)

Windows Server 2008 Core Quick Reference

2008-03-19T03:38:00Z

This month I have been setting up my first Windows 2008 core server to go into a production environment. It has been a very interesting experience as I was expecting a straight forward process but ran into a few challenges. What with some vendor specific hardware and a bizarre WSUS issue, I have certainly had some fun. Therefore I thought that I would share with you my cheat sheet that has a few basic commands that got me through this build and some commands seemed to be harder to find than expected....(read more)