Posts
Showing posts from August, 2018
Troubleshooting AD Replication
- Get link
- X
- Other Apps
Replication is another common AD trobleshooting scenario. AD replication issues usually turn out to be caused by one of the following: a) Faulty, substandard or misconfigured network equipment or WAN links b) USN rollback issues caused by using unsupported restore methods (disk imaging of DC's, P2V utilities, snapshots, etc.) c) DNS issues d) Lingering objects For 'a'; the classic examples are VPN Accelerators, Firewalls that are either rejecting traffic or only allowing packets of a specific size through, Stateful Packet Inspection on Firewalls, etc. A firewall that is 'allowing all traffic through' is still a firewall that can be affecting the replication. This includes personal firewalls or network filters installed locally on DC's and can even include the Windows Firewall Service or ISA Server Firewall Client if it is running on the DC....
What is logged to the Userenv.log file?
- Get link
- X
- Other Apps
Winlogon is the main component that logs data to the Userenv.log file (through userenv.dll). If Userenv debug logging is enabled as per KB 221833, the userenv.log file will include the following: - Slow link detection - Machine Group Policy Application - Processes and applications which start up as part of Userinit.exe (this includes most Startup items) - Machine startup and shutdown scripts - Profile loading or unloading at user login/logoff - User Group Policy Application - Internet Explorer GPO processing - User login and logoff scripts - Firewall r...
- Get link
- X
- Other Apps
The following case came in recently: I’ve added a new W2k8 DC to our domain, it seemed to replicate fine and DCPROMO didn’t report any errors. However, I seem to be getting authentication errors when trying to connect via RDP from the new W2k8 DC to other DC’s in the forest. I’m only seeing this when Vista and/or W2k8 are involved on both ends, I’m concerned that we may have an error in our AD after the W2k8 upgrade. Here’s what turned out to be causing the issue: - With Windows 2008, the concept of RODC’s is introduced. Each RODC has its own Kerberos Ticket Granting Ticket (krbtgt) account that it uses to issue Kerberos tickets (compared to RWDC’s which all share the same krbtgt account within the domain). This is to make sure a compromise of an RODC doesn’t compromise the security of the krbtgt account on all DC’s. - ...
Troubleshoot Possible Root Causes for Account Lockouts
- Get link
- X
- Other Apps
Possible Root Causes for Account Lockouts ? Persistent drive mappings with expired credentials Active sync devices (cell phone,etc..) ? Mobile devices using domain services like Exchange mailbox ? Service Accounts using cached passwords ? Scheduled tasks with expired credentials ? Clear the stored credentials - cmd "RunDll32.exe keymgr.dll,KRShowKeyMgr" ? Misconfigured domain policy settings issues ? Disconnected Terminal Server sessions ? Programs that may pass user credentials to a centralized network program or middle-tier application layer --- Client side troubleshooting Mobile device / BYOD Server side checklist --- Client side Perform the below steps on client side (local desktop / laptop) Check If a Local User Account is present with the same Name as AD account. If same ID is available, rename local ID to some other ID. Clear Temporary Files Delete Cookies / Temp Files / History / Saved passwords / Forms from al...
Troubleshoot Use the System File Checker tool to repair missing or corrupted system files
- Get link
- X
- Other Apps
Use the System File Checker tool to repair missing or corrupted system files Applies to: Windows 8.1 Windows 8.1 Enterprise Windows 8.1 Pro More System File Checker is a utility in Windows that allows users to scan for corruptions in Windows system files and restore corrupted files. This article describes how to run the System File Checker tool (SFC.exe) to scan your system files and to repair missing or corrupted system files. If a Windows Resource Protection (WRP) file is missing or is corrupted, Windows may not behave as expected. For example, some Windows functions may not work, or Windows may crash. Run the System File Checker tool (SFC.exe) To do this, follow these steps: Open an elevated command prompt. To do this, do the following as your appropriate: Show all Windows 8.1 or Windows 8 Windows 10, Windows 7, or Windows Vista If you are running Windows 10, Windows 8.1 or Windows 8, first run the i...