Hi RaviHow r u manso u doing night shift nowadays...?Howz Avneet in helpdesk na...right?
To avoid this type of probelm again in future...some guidelines are given below...may be helpful to you..
Once the account lockout occurs, there are several tasks that should be completed to
I've implemented 3rd party certs on DCs for precisely this
reason (LDAP over SSL). The process was a little convoluted but it works
:)
I don't follow the chaining issue - the DC merely needs to
trust the PKI infra which issued the cert.
neil
From: [EMAIL PROTECTED]
[mailto:[EMAIL
Hi Ravi,
If u remember we used to face this problem quite frequently while we were having operations in TS.( Almost once in 2 Months ) but touch wood this problem automatically got resolved when we demoted the ADC of TS.
Also u can always login with ( P--) ID to DC as it can never get
I would add on there take the time to
watch the following webcasts..
Best Practices for Public Key
Infrastructure: Steps to build an offline root certification authority (part 1
of 2): Wednesday, April 20, 2005
http://support.microsoft.com/default.aspx?kbid=896733
Best practices
Anotherbig benefit to using an Enterprise CA is that you can use
existing Certificate Templatesand auto-enroll all your Domain Controllers
via Group Policy.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]Sent: Thursday, July 06, 2006 4:06
AMTo:
Im definitely not wanting to do this
but a vendor was saying to do it to allow one of their services to run as Local
System and be able to interact with another machine.
I am very skeptical, and not allowing it.
Thanks,
James
From:
[EMAIL PROTECTED] [mailto:[EMAIL
Yes, it does. Tell your vendor to fix their POS application.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, July 06, 2006 10:09 AM
To:
www.threatcode.com
Which vendor?
(please don't tell me a crappy accounting app?)
And there's typically ways around this to hack up the registry. We have
to say no to these vendors especially with Vista's UAC right around the
corner.
[EMAIL PROTECTED] wrote:
I’m definitely not wanting to
I see...
If the service runs as LocalSystem, then it already has the highest privilege possible on that system. In this case, the vendor (or the vendor's support rep) may be asking for this simply for the "interact" portion of your statement. Without knowing what the app does, it's hard to
Will do thank you very much for all of
your responses.
-James
From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]om
Sent: Thursday, July 06, 2006
12:40 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Computer Account in Local
I am working to perform a domain upgrade from 2000 to 2003
R2 and I am running into problems right from the start when attempting an
ADPREP /FORESTPREP. The domain also has Exchange 2003 running as
well. Also, we have never extended the schema with Services for Unix 2.0
which I know can
A service running on ServerAas localsystem or
networkservice will touch remote machines including ServerB with the security
context of DOMAIN\ServerA, not networkservice.
A service running on ServerA in localservice should touch
remote machinesas anonymous.
At no point will configuring
Hello BEN,
are you in Windows 2000 native mode ? the forest too ? exchange native mode ?
Do you have SMS ? it extends the schema as well.
Cheers,
Mathieu CHATEAU
Thursday, July 6, 2006, 7:43:21 PM, you wrote:
I am working to perform a domain upgrade from 2000 to 2003 R2 and I am
Hi Nitin / Jolly,
I have reviewed event logs then and there when problem arised. I found
very vital information and problem was resolved before i left for the
day this morning.
Nice to hear from both of you. This is a precious mail for me now.
Jolly, You are always very helpful and this time
But it was a GP misfiring.
Isnt it?
Regards,
Jaspreet Singh Jolly
On 7/7/06, Ravi Dogra [EMAIL PROTECTED] wrote:
Hi Nitin / Jolly,I have reviewed event logs then and there when problem arised. I foundvery vital information and problem was resolved before i left for the
day this morning.Nice to
Hello Mathieu,
Yes, we run a fairly simple domain setup.
Single domain, single forest.
We are running in Windows 2000 native mode
for domain and forest. Exchange 2003 is also in native mode.
And nice catch on SMS, I deployed it
myself and shouldve remembered to mention that. We do have
Ben,
Are you sure SFU has not been installed? Do you run Schema Admins Empty?
Mark
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of WATSON, BEN
Sent: 06 July 2006 21:13
To: Mathieu CHATEAU
Cc: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir]
Forestprep
Hello BEN,
since you only did one DR, does it mean that the same coputer is both DC and Exchange ?
I now limitations when Exchange is on a DC.
Since you can restore again, can you shoot of exchange before ?
Thursday, July 6, 2006, 10:12:58 PM, you wrote:
Hello Mathieu,
Yes, we
Hello BEN,
Just for info, i already had some trouble after doing a P2V of one DC.
When i tried to install Exchange on it, domainprep was freezing, trying to contact the other DC which i didn't P2V's.
Zeising the role was enough, i needed to remove it from AD.
cheers,
Mathieu CHATEAU
To try and answer everyones
question all at once
At this point, we dont have
Exchange running in our test environment, we do have copies of the servers
there, but have not re-added them to the domain to bring them up. I dont
think that having the actual Exchange servers online should
Brian Puhl's Weblog : AD and DC Builds, tweaks, configurations... The
Registry:
http://blogs.technet.com/bpuhl/archive/2006/07/06/440495.aspx
Brian Puhl's Weblog : AD and DC Builds, tweaks, configurations... (1):
http://blogs.technet.com/bpuhl/archive/2006/07/06/440493.aspx
DCOM Ports, NTFRS ports, Nagios port, some of the other ones on his
list. I'd have to look at the build scripts to remember.
Thanks,
Brian Desmond
[EMAIL PROTECTED]
c - 312.731.3132
-Original Message-
From: [EMAIL PROTECTED] [mailto:ActiveDir-
[EMAIL PROTECTED] On Behalf Of Susan
Ben,
These errors generally occur when a third party application has extended
the schema and it conflicts with the base schema we are trying to put in
place. There were many conflicts found during the initial upgrades to
Windows Server 2003 which is why additional information was put into
Ben,
The reason for the schema admins empty was in case as part of an install an
application just extended the schema - you run the group empty that cannot be
done.
I think Steve has your solution here.
Mark
-Original Message-
From: Steve Linehan [EMAIL PROTECTED]
Date: Thu, 6 Jul
Title: Re: [ActiveDir] Forestprep Failure
Outstanding response
Steve! That was far more than I could have ever expected. I "almost"
wish I had not taken a vacation day tomorrow just to see if your instructions
will work! I'll certainly work on this Monday morning and let you know if
I
25 matches
Mail list logo
