Netmon’s view of Kerberos communication, when accessing resources across domains in the same forest.

  Domain setup:       Both Child1 and Child2 are in the same forest with the same parent domain R2dom.local.   Administrator of the Child domain (CHILD1) login to a member server (CH1-Mem) in CHILD1 domain. After login in the user tries to access \\r2dom-ch2-Mem1 . R2dom-ch2-Mem1 is a member server in Child2 domain. –>…

2

Should IIS be installed on Domain Controller

  I have come across various scanarios where System Administrators have installed IIS on Domain Controllers. They do it to efffectively utilize that server hardware, to cut down cost by preventing a need for another server for IIS, some application that needs to be installed on the DC requires IIS etc.   Microsoft does NOT recommend IIS…

1

Error: "The parameter is incorrect" when connecting to a server using WMI.

  You test WMI connectivity remotely using WBEMTEST > Error: “The parameter is incorrect”   Analysis: Network trace during the issue shows that communication is happening with TCP Port 135 but after that secondary connection other DCOM/WMI interface not happening on other DYNAMIC RPC ports (above 1024).All ports between the client and the target server…

4

Troubleshooting the error "Not enough storage is available to complete this operation"

  I have come across a few issues where I have seen the above error. Below are two scenarios of the issue and the symptoms that I’ve noticed during that time.   ·         Domain Workstations going into a state where they are unable to access resources over the network. ·         Member Servers unable to access network resources…

12

Troubleshooting “RPC server is unavailable” error, reported in failing AD replication scenario.

  In this scenario when are troubleshooting AD replication between 2 DCs separated by a firewall.       In order to ensure that the important well-known ports required in a domain environment are open on the firewall between these DCs, use the PortqryUI tool.   PortqryUI http://www.microsoft.com/downloads/details.aspx?FamilyID=8355e537-1ea6-4569-aabb-f248f4bd91d0&displaylang=en   Run this tool on both these DCs…

7

Windows 7 – Applocker

Windows AppLocker is a new feature in Windows 7 and Windows Server 2008 R2 is an alternative to the Software Restriction Policies feature.   New with AppLocker ==================   ·         Define rules based on file attributes derived from the digital signature, including the publisher, product name, file name, and file version. For example, you can create rules…

0

Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory

Preventing Unwanted/Accidental deletions   Windows 2003   Use Delegation to restrict the deletion activity, to only selected Admins. ·         Create group which contains users, who you want should NOT have the delete permission of set of objects in AD. ·         Deny those group permission to Delete and Delete Subtree permissions on specific organizational units (OUs)…

2