Scribd Logo
Upload

Welcome to Scribd!

  • Troubleshooting AD

    Uploaded by

    Velmurugan
    63 views8 pages
    1) The document provides solutions to common Windows server issues like AD account lockouts, RDP encryption settings, sharing drives, and installing software. 2) It also includes instructions for configuring and testing Windows failover clusters, including requirements, installation steps, and commands to add or remove nodes. 3) The document contains information for time synchronization, checking FSMO roles, and disabling automatic IPv4 configuration on Windows 2012 servers.

    Original Description:

    Troubleshooting and solutions

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    1) The document provides solutions to common Windows server issues like AD account lockouts, RDP encryption settings, sharing drives, and installing software. 2) It also includes instructions for configuring and testing Windows failover clusters, including requirements, installation steps, and commands to add or remove nodes. 3) The document contains information for time synchronization, checking FSMO roles, and disabling automatic IPv4 configuration on Windows 2012 servers.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    63 views8 pages

    Troubleshooting AD

    Uploaded by

    Velmurugan
    1) The document provides solutions to common Windows server issues like AD account lockouts, RDP encryption settings, sharing drives, and installing software. 2) It also includes instructions for configuring and testing Windows failover clusters, including requirements, installation steps, and commands to add or remove nodes. 3) The document contains information for time synchronization, checking FSMO roles, and disabling automatic IPv4 configuration on Windows 2012 servers.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    Problem: AD account continuous lockout

    Solution: 1) Credential manager, remove generic credentials

    2) rundll32.exe keymgr.dll, KRShowKeyMgr and remove previously stored passwords

    How to check FSMO roles

    PS C:\Windows\system32> netdom query fsmo

    Schema master - Forest wide

    Domain naming master - Forest wide

    PDC - Domain wide

    RID pool manager - Domain wide

    Infrastructure master - Domain wide

    Windows Remote Desktop Protocol Weak Encryption Method Allowed

    wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting WHERE


    TerminalName="RDP-Tcp" CALL SetEncryptionLevel 3

    wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting WHERE


    TerminalName="RDP-Tcp" CALL SetSecurityLayer 2

    Setting SHARE and ADMIN access to specific user

    net share ADMIN$ /delete

    net share ADMIN$ /grant:uidai\vms.team,full /user:100

    net share C$ /delete

    net share C$=C:\ /grant:uidai\vms.team,full


    How to export list of users as CSV format

    Get-ADGroupMember "domain admins" | FT SamaccountName > C:\Adminaccounts.xls

    How to check GP Results

    gpresult –v

    To install .NET Framework 3.5 from installation media located on a network share, use the following
    command:

    Install-WindowsFeature Net-Framework-Core -source \\network\share\sxs

    Where \\network\share\sxs is the location of the source files.

    How to check whether system contacting WSUS Server


    From system telnet to 10.6.80.30 on port 8530 and 8531.

    RDP Patches

    KB2574819,
    KB2592687,
    KB3080079

    Microsoft Windows 2012R2 Std Failover Clusters Build, Configurations

    Requirements

    Steps 1)

    Two Server with same configurations such as, same hardware, same capacity RAM, then Windows
    server 2012R2 Standard to be installed.

    1) OS Installation
    2) OS activation
    3) Hostname to be assigned
    4) Teaming should be configured, before that need to confirm if any VLAN id been tagged in any of
    Management or production interface
    5) IP address to be assigned
    6) Server should be joined into Domain and it should reach domain controller
    7) All the Hardening should be done
    A) CA systemEdge
    B) Mcafee endpoint protection
    C) DLP endpoint agent to be installed
    D) Snare to be installed and configured
    E) SIEM team should be discovered the server through 10.5.90.24

    Step 2)

    Login the two nodes using AD credentials and Install MPIO (Multipath I/O) and it will be rebooted, then
    respective storage OEM would be identified

    In MPIO option. If any other OEM we found then it should be removed.

    Install Failover cluster manager in Features in both nodes

    Shared storage for both nodes 500GB, and 1GB for Quorum Disk to be assigned by storage team.

    We need to identify given Cluster Hostname as well Virtual IP (Cluster IP) to assign while configure
    cluster.

    We need to check by enabling storage in Disk management in server manager whether shared storage
    assigned to build cluster, then all the disks in storage to be disabled

    Step 3)

    Open Failover cluster and provide Hostname of both nodes and enter in options to be discovered in
    cluster. Then Run All recommended test and it will asks for configure Cluster hostname and IP address

    Then Cluster will be created. We need to check and name on shared storage disk as cluster disk and
    other 1GB disk as quorum.

    We need to make sure whether failover is happening on both nodes by stopping cluster services in each
    node so that shared disk, quorum disk will be moved from one node to another active node.

    Eviction in Cluster

    It is an option to remove one node from cluster and again able to add it into cluster.

    Command to enable feature to supports large amount of SAN storage before allocation on server

    Solution:

    fsutil behavior set DisableDeleteNotify 1 DisableDeleteNotify = 1

    NOTE: SAN will be assigned as 2TB one by one etc.,

    Command to enable feature to automatically mount of SAN storage drives after allocation on server
    post reboot

    Solution:

    AUTOMOUNT ENABLE
    How to disable Autoconfiguration IPv4 Address in Windows 2012 R2 Server

    Solution:
    This issue I saw in Windows 2012 Sever and got to know that this can be seen in Windows 2008 and Windows
    7 PC’ also. hope below steps will help you to resolve the IP Address conflicting issue in your virtual
    environment.
    When you enter Ipconfig /all command you will see something like this.
    C:\Windows\system32>ipconfig /all

    First you need to check the ip version 4 interfaces and the interface ID numbers. for that you can type,

    C:\Windows\system32>netsh interface ipv4 show inter

    Now you know your Ethernet interface ID is no 12. Then you can run below mentioned command.
    C:\Windows\system32>netsh interface ipv4 set interface 12 dadtransmits=0 store=persistent
    After that you need to restart your Server and once it boot up, check the network settings.
    C:\Windows\system32>ipconfig /all

    Creating Clusters
    Windows Time Sync Issue

    Solution:

    w32tm /query /status

    net stop w32time

    net start w32time

    net time \\10.5.212.21 /set /y


    AD account frequent lockout:

    Solution:

    4625, 4740 will applied in event viewer.

    To check who disabled AD account:

    Solution:

    4725 will applied in event viewer.

    Cleanup cluster node post destroy of clusters:

    cluster node hostname /forcecleanup

    You might also like