Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
AD and Domain-related issues and troubleshooting methods for Active Directory.
Enforce Smartcard on Access Check in Windows 2008 R2
A feature request I’ve seen customers frequently make is the ability to secure resources based...
Author: Ingolfur Arnar Stangeland Date: 01/15/2010
Windows 2020?
It's hard to believe we've had 10 years of Windows....however, with the Internet/IT year being 3...
Author: Ingolfur Arnar Stangeland Date: 12/30/2009
Optimizing DFS Referrals: SiteCostedReferrals and PreferLogonDC
In a multi-site infrastructure you would under most circumstances want to make sure that the client...
Author: Ingolfur Arnar Stangeland Date: 12/21/2009
The story of the Mysteriously Malfunctioning Mail Router (AKA EDNS and Exchange Escapedes)
A small anecdote to illustrate how external changes outside of the control of the local...
Author: Ingolfur Arnar Stangeland Date: 12/11/2009
Fun with LDIFDE and MS09-056
The LDIFDE export tool that has shipped with all flavors of Windows since Windows 2000 is one of the...
Author: Ingolfur Arnar Stangeland Date: 12/08/2009
Troubleshooting autoenrollment
From my colleague Maria in the Domains team – a collection of useful bits for troubleshooting...
Author: Ingolfur Arnar Stangeland Date: 12/07/2009
Troubleshooting AD with Network Monitoring tools
In general, if you have an AD-related issue the following logs are useful: Event logs from the...
Author: Ingolfur Arnar Stangeland Date: 11/30/2009
Changes in default encryption type for Kerberos pre-authentication on Vista and Windows 7 clients cause security audit events 675 and 680 on Windows Server 2003 DC's
I had a case recently with the following case description: We‘re auditing AD security events...
Author: Ingolfur Arnar Stangeland Date: 10/12/2009
The case of the mysterious account lockout coming from Exchange
I worked the following case recently:We have a single user that keeps getting his account locked out...
Author: Ingolfur Arnar Stangeland Date: 09/08/2009
Why living in the future is bad when you're a CA server (aka the story of 0x800b0101 CERT_E_EXPIRED)
I worked on the following case recently: We can't seem to enroll for certificates from our Windows...
Author: Ingolfur Arnar Stangeland Date: 09/02/2009
Troubleshooting account lockout the PSS way
I‘ve been thinking for some time about pulling together the typical approaches we use when...
Author: Ingolfur Arnar Stangeland Date: 09/01/2009
Using Ultrasound for troubleshooting FRS
The Ultrasound tool is excellent for monitoring your FRS servers, it is however rarely something...
Author: Ingolfur Arnar Stangeland Date: 08/17/2009
Problems with introducing a new Windows Server 2008 DC into a Windows 2003 forest
The following case came in recently: I’ve added a new W2k8 DC to our domain, it seemed to replicate...
Author: Ingolfur Arnar Stangeland Date: 07/30/2009
EFS and Windows 2008 file servers
An interesting EFS case cropped up the other day, the problem description was this: We have just...
Author: Ingolfur Arnar Stangeland Date: 07/16/2009
How to make things better by making them worse
Does that sound right? Of course it doesn't...but in some cases that's just what troubleshooting is...
Author: Ingolfur Arnar Stangeland Date: 07/15/2009
What happens in a Journal Wrap?
FRS is a multi-master replication system that takes care of replicating the contents of Sysvol...
Author: Ingolfur Arnar Stangeland Date: 07/14/2009
What are Userenv 1030 and 1058 events?
These are very generic client events and are logged whenever the system fails to apply Group Policy...
Author: Ingolfur Arnar Stangeland Date: 07/13/2009
Trusts and isolated names and logon performance
While bouncing around ideas with colleagues more intelligent than me I was reminded of a case I had...
Author: Ingolfur Arnar Stangeland Date: 07/07/2009
RODC’s and Port Exhaustion
The problem of port exhaustion usually doesn’t affect DC’s to the same extent as it affects clients...
Author: Ingolfur Arnar Stangeland Date: 07/06/2009
Caveats for using RemoteApp and Roaming Profiles
A colleague had the following case the other week: We seem to be randomly losing settings like...
Author: Ingolfur Arnar Stangeland Date: 06/29/2009
New features in Windows 7
My 3 favorites:- Virtual Windows XP AKA 'XP Mode' (not all SKU's) This is basically a small Virtual...
Author: Ingolfur Arnar Stangeland Date: 06/23/2009
The golden rules of user resource management
If you make unlimited storage space available to users, your users will use unlimited storage...
Author: Ingolfur Arnar Stangeland Date: 06/22/2009
New AD features in Windows Server 2008 R2
My three favorites are:Cross-forest certificate autoenrollmentMakes it possible to share a CA server...
Author: Ingolfur Arnar Stangeland Date: 06/05/2009
NDES and certificate renewal with a Windows Server 2003 Back-end CA
With Windows Server 2003 MSCEP, you can enable your network devices to enroll for certificates....
Author: Ingolfur Arnar Stangeland Date: 06/04/2009
Installing DPM Agent on target server fails:
When the DPM agent is installed on a machine that is to be protected by DPM, the admin doing the...
Author: Ingolfur Arnar Stangeland Date: 06/02/2009
Considerations for implementing Credential Roaming
Credential Roaming is the replacement or alternative to using Roaming Profiles (or RUP - Roaming...
Author: Ingolfur Arnar Stangeland Date: 05/26/2009
Government issued ID cards and smartcard logons
I was recently involved in a support case concerning implementing government-issued ID cards...
Author: Ingolfur Arnar Stangeland Date: 04/24/2009
Troubleshooting RODC's: Troubleshooting RODC location in the DMZ
Consider the following scenario: A NAP solution with a remediation zone (aka noncompliant network)...
Author: Ingolfur Arnar Stangeland Date: 03/24/2009
CLM error: the directory property cannot be found in the cache
screenshot clmerror.jpg
Author: Ingolfur Arnar Stangeland Date: 03/10/2009
Troubleshooting CLM: The directory property cannot be found in the cache
After installing CLM 2007 in your domain, you may see the following error within the CLM enrollment...
Author: Ingolfur Arnar Stangeland Date: 03/09/2009
How to install CLM 2007 on Windows Server 2008
- Get the updated CLM installation files (See issue 5 in KB946797)- The specific CLM FP1 build...
Author: Ingolfur Arnar Stangeland Date: 03/04/2009
QFE vs GDR/LDR hotfixes
I sometimes get the following question from customers: I’ve located KB ABC which is an exact...
Author: Ingolfur Arnar Stangeland Date: 03/04/2009
GDR vs QFE/LDR
The QFE/GDR process QFEGDR.jpg
Author: Ingolfur Arnar Stangeland Date: 03/04/2009
Why should I restore System State rather than troubleshoot?
Some thoughts concerning why the quickest way to troubleshoot AD can be to simply restore the last...
Author: Ingolfur Arnar Stangeland Date: 02/25/2009
Using a custom template for Subordinate CA's
Problem: You have an Enterprise Root CA installed and want your SubCA to have a lifetime of 10 years...
Author: Ingolfur Arnar Stangeland Date: 01/14/2009
Converting AD attributes using FILETIME to a meaningful value
If you've ever looked at the raw attributes of an Active Directory object, you've no doubt noticed...
Author: Ingolfur Arnar Stangeland Date: 01/14/2009
The Windows Filtering Platform has blocked a bind to a local port
You may notice event 5159 being logged on your Windows 2008 Server(s) indicating a connection has...
Author: Ingolfur Arnar Stangeland Date: 01/08/2009
Schannel 36872 or Schannel 36870 on a Domain Controller
This event (and its cousin Schannel 36870) can indicate that there is a problem with the server...
Author: Ingolfur Arnar Stangeland Date: 01/05/2009
Configuring a Windows Server 2008 front-end web enrollment server for delegation
After you install the web enrollment pages on an external IIS7 web server, 2 additional steps are...
Author: Ingolfur Arnar Stangeland Date: 12/09/2008
Requiring Smart Cards for logon - what happens when CRL publication fails
Let's say your organization wants to make smartcards mandatory for all users as part of a security...
Author: Ingolfur Arnar Stangeland Date: 12/08/2008
Dude, where's my Forest Root?
Let's look at a hypothetical worst-case scenario:ü Your AD infrastructure contains one root...
Author: Ingolfur Arnar Stangeland Date: 11/07/2008
Windows
Windows Logo logo_windows.gif
Author: Ingolfur Arnar Stangeland Date: 10/21/2008
Time travel and factors that increase client startup or login time
This entry is written concerning the following issue; How applications and services can add to the...
Author: Ingolfur Arnar Stangeland Date: 10/21/2008
What happens when a group is deleted
A Critsit from a large enterprise customer came in the other day, problem description was as...
Author: Ingolfur Arnar Stangeland Date: 09/29/2008
Netlogon 5719 and the Disappearing Domain [Controller]
Netlogon is a client and a server component; when it logs 5719 it is acting as a client and trying...
Author: Ingolfur Arnar Stangeland Date: 09/18/2008
What is logged to the Userenv.log file?
Winlogon is the main component that logs data to the Userenv.log file (through userenv.dll).If...
Author: Ingolfur Arnar Stangeland Date: 09/17/2008
Troubleshooting RODC's: Troubleshooting domain joins against RODC's
So, the first question…do you need to deploy the RODC compatibility pack on your XP/2003...
Author: Ingolfur Arnar Stangeland Date: 08/13/2008
Naming schemes to avoid in AD
At some point, you'll find yourself in the situation where you need to decide on a naming scheme for...
Author: Ingolfur Arnar Stangeland Date: 07/03/2008
Troubleshooting AD Replication
Replication is another common AD trobleshooting scenario. AD replication issues usually turn out to...
Author: Ingolfur Arnar Stangeland Date: 05/05/2008
OS Security settings that affect CLM
This is a collection of non-CLM specific permissions and user rights which affect the operation of...
Author: Ingolfur Arnar Stangeland Date: 04/22/2008