|
FWIW, the hardlink setup is working great for us at [govt. entity] using SCCM.
|
# ¿ Feb 11, 2011 04:55 |
|
|
# ¿ Mar 28, 2024 10:17 |
|
zapateria posted:I don't know if this is the right thread, but I'll try: http://www.eventlogblog.com/blog/2008/04/event-log-message-files-the-de.html has a good explanation of where the Eventing infrastructure gets those event descriptions. The system that is receiving the events is missing registry settings that point to the dll or exe that holds the event definition. You should be able to export some registry, import it into the forwarded system, and copy the dlls or exes that you need.
|
# ¿ Mar 1, 2013 20:05 |
|
AreWeDrunkYet posted:Is there a way to rename DHCP reservations without using the GUI? I see netsh commands to change the name or description on a scope, but there's nothing about individual reservations other than showing, adding, and deleting that I have been able to pull up. code:
|
# ¿ Jul 3, 2013 15:56 |
|
AreWeDrunkYet posted:Yup, usually do exactly that to add reservations - I was just hoping there was a way to specifically modify those fields to avoid any disruption if something goes wrong. I guess this is just a rare case of something that can be done from the GUI, but not command line.
|
# ¿ Jul 3, 2013 23:55 |
|
Erwin posted:When I clone there are two issues. One is that VMware gives each VM a new MAC address, so each VM thinks it has a new NIC. Simple enough, I just give the DC the same IP it had before and everything else gets DHCP addresses. The bigger issue is trust relationship errors at random. I assume this is due to the time lag between snapshotting production and powering up the clones? Does anyone do what I'm trying to do? Do you just rejoin each machine no matter what so everything is happy? If you're having difficulty with random errors in AD, first thing is to make sure that everyone is on the same time reference. All the DCs pull their time from the PDC Emulator which will be (by default) the first DC brought up in a domain. It really doesn't matter if the time is right or not, just that everyone is within 5 minutes +- of that PDC Emulator. If you're in a multi-domain forest, each PDC Emulator will get its time from the one above, and they get it from the root DC from the first domain created in the tree. Also, VMware can overwrite the time on the VMs with it's own idea of what the time is. That can screw up your relationships and replication.
|
# ¿ Aug 27, 2013 19:18 |
|
Nukelear v.2 posted:Does anyone have any endpoint management/protection software that they like for Windows desktops? We've been well served with WSUS/GPO/NOD32 but we have check some audit boxes off. I have a friend currently going in circles with Bit9. The sales and documentation say the recommended hardware for X number of users is level X. Installation and Technical support are saying the hardware should be at level X + OMG MORE MORE FASTER FASTER EVERYTHING CORES RAM IOPS TOO SLOW MORE MORE MORE MORE!!!!!! The disconnect between the two is striking and expensive.
|
# ¿ Apr 24, 2015 20:25 |
|
Here's some useful information about virtualizing Domain Controllers. It'll help you understand what the problem is not only with virtualizing DCs, but why snapshot restoration on DCs can be a bad idea. It'll also help you understand replication a bit better: https://technet.microsoft.com/en-us/library/hh831734.aspx Important line from the link above: quote:Beginning with Windows Server 2012, AD DS virtual domain controllers hosted on hypervisor platforms that expose an identifier called VM-Generation ID can detect and employ necessary safety measures to protect the AD DS environment if the virtual machine is rolled back in time by the application of a VM snapshot. GPF fucked around with this message at 18:41 on May 27, 2016 |
# ¿ May 27, 2016 18:39 |
|
Maneki Neko posted:Your DNS server is broke. Nslookup on windows always tries to add the suffix (which is weird behavior, but the way it's always been): I looked at the link and what you typed, and I'm having trouble believing it. Going to check at work tomorrow.
|
# ¿ Jul 18, 2016 20:25 |
|
GreenNight posted:I had a 5 day Server 2016 class and the only new poo poo was basically Nano and Hyper V stuff. Then it was a bad class. Hit https://blogs.technet.microsoft.com/ausoemteam/2016/08/14/whats-new-in-windows-server-2016-standard-edition-part-1/ and go through the parts. Tons of stuff has been changed, improved, modified, and added from 2012 R2, and this is just on Standard Server, not Datacenter. GPF fucked around with this message at 19:49 on Sep 2, 2016 |
# ¿ Sep 2, 2016 19:45 |
|
Fudge posted:What exactly do you mean by configurations pointing at one another? When you're putting a Windows DC up, many times people will fire up the DNS server on that DC and use Active Directory replication to update the DNS servers in a domain or in a forest. But AD is very reliant on DNS being right. So, to ensure a DC/DNS server can always get correct information into DNS regarding its SVC and other record types, most people set the first DNS IP on a DC interface to 127.0.0.1. That means AD will attempt to do DNS activities with the closest possible DNS server: the one it's hosting. The second (or even more) DNS IPs on that interface would point to other DNS servers hosting that zone. That way, if the DC is restarting and DNS isn't yet ready to accept changes or give answers, the DC can still push DNS settings to a writable DNS server. The primary question is this: Two DCs in one site, two DCs in another. Should the DCs in the other site point to each other or to one or both of the other site. Personally, I'd have every DC have the IP of every other DC running DNS in their DNS settings. Here's why: When a Windows box is trying to do DNS activities, it first sends the request to the first IP in the DNS list. After waiting a short time for a reply, it then sends that request to EVERY OTHER IP IN THE LIST OF DNS SERVERS, one after the other as fast as it can. If the first IP responds, great! That's the one it'll use for that cycle. If not, and one of the others respond, great! It'll use that one for that cycle. If none respond, that's when we have bigger problems. So, it really doesn't matter what order the IPs are in after the first one...they'll all be sent at the same time...local site or remote site. And, yes, you can have a long list of DNS servers on an interface, not just two. The main thing is that DCs with DNS servers running AD Integrated zones should always point to writable DNS zones that also are running AD integrated zones. If you're running DNS on a DC but using primary and secondary zones...what's your problem? Hah? <smeks u upside the hed> Why you make your mamma cry?
|
# ¿ Sep 23, 2016 19:19 |
|
Fudge posted:That's why I asked what specifically he was talking about. I'm not sure if you're answering the question he's asking. Well, here's the original question: lol internet. posted:Quick question about DCs & Sites and Services You can find lots of references that say you need more than one DC and good reasons for that. You can also find lots of references about how to set up the DNS IPs for those DCs, but I've rarely come across a good reason written in those refs. Most explanations I see essentially treat it as "This is what you do for reasons so do it". Notice his second sentence, "Normally...". This would only be true if the DCs were also DNS servers, but depending on your setup and traffic patterns and site setup and bandwidth and other things, you may not set up a DC as a DNS server. You might not even set it up as a Global Catalog server. And, the DC must point to writable DNS servers so it can update the SRV records for its information in the zone. So, with that being said, and the facts about how a Windows system does its DNS queries, I did answer his question. If they're all running DNS, and the domain they control has a zone in DNS that is AD Integrated, then have the first IP point to itself, then all the others. Use reservations in DHCP or type them in statically...doesn't matter, and their order after the first one doesn't matter either. Which reminds me about the second part of the question. A site is considered to be two things by MS: High bandwidth/low latency connections, and subnets in that setup. 100Mb connection between the two sets of DCs? That's high bandwidth and probably low latency. Might even be the same subnet depending on how things are hooked up. So, unless he has real solid reasons to build sites, attach subnet objects to those sites, and place those DCs into the site objects so AD understands these two locations are not local to each other, then it's not worth adding the complexity and enforced delay of AD updates. GPF fucked around with this message at 20:32 on Sep 23, 2016 |
# ¿ Sep 23, 2016 20:23 |
|
|
# ¿ Mar 28, 2024 10:17 |
|
Fudge posted:And your take on sites is weird. They're extremely simple to set up, and if you have two physically seperate locations and you're not using different subnets then I guess it wouldn't even be a question because it wouldn't work. But if there are two subnets there isn't a compelling case to not use them. Are you trying to say replication would be an issue here? Well, I can understand thinking that sites just gives you a separation, but it's more than that. Let's say you have two sites, set up correctly with subnet objects and a single DC for the shsc.forum domain in each site. You make a change to a user account on the DC in the first site, and at the fastest you can set it, the second DC won't see the changes until 15 minutes later. This doesn't apply to things like account lockout/disable or password changes, but it does apply to almost all the other stuff. So, if I was in the same situation as the person that posted earlier, I'd leave both DCs in the same site and just use that high speed connection between the two locations for client communication back to the DCs. However, if I were using site-based technology or didn't need everything to replicate quickly, then sure, a multi-site setup would be fine even with DCs living in both sites. I just would have to account for and deal with the delays that are going to happen regarding replication of AD objects between the sites. I work in a huge multi-site, multi-child domain infrastructure where much of it is out of my direct control, so I have to consider these delays when writing certain automation, troubleshooting, or just discussing things with the groups upline from me.
|
# ¿ Sep 24, 2016 23:16 |