Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 741
  • Last Modified:

Active directory not opening after apply plug n play service disable through GPO

I have active directory n domain controller on Windows server 2008 r2. Yesterday i have disable two services as part of hardening, Print spooler and plug n play services.I ran gpupdate /force command. After some time, Windows activation windows is popping on my server. Even active directory users n computers is not opening and GPO console is not opening. i have attached two error screenshots when i try to open GPO console now. I am unable to start the plug n play service even i have logged in with domain administrator account. plaese help.
GPO-Error.JPG
GPO-error2.JPG
0
syinfra
Asked:
syinfra
1 Solution
 
Kent DyerIT Security Analyst SeniorCommented:
What is the first rule of change management - if you are unable to open an app because of the result of the change you just made..  roll it back - period..

Once you have rolled it back - does AD work again?

If it works, take the new code into a test lab and sort it out there.
0
 
Sajid Shaik MSr. System AdminCommented:
start the plug and play service and restart the domain .. then check
0
 
syinfraSenior Deputy ManagerAuthor Commented:
Hi Shaik,

I am unable to start the service of Plug n Play. This is my big problem. Any workaround for this. I have doing this by logging with Domain administrator.
0
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

 
Sajid Shaik MSr. System AdminCommented:
go to the services... right click the plug and play service

check dependencies ..

and start them all...

in services - click start up type - automatic status services should started..

try this...
0
 
syinfraSenior Deputy ManagerAuthor Commented:
dependencies services are also disabled and cannot be enabled or start through this user. Any other idea?
0
 
Sajid Shaik MSr. System AdminCommented:
did u tried in safe mode ?
0
 
Sajid Shaik MSr. System AdminCommented:
is it physical server or virtualserver ?
0
 
syinfraSenior Deputy ManagerAuthor Commented:
A Virtual server in Hyper v
0
 
syinfraSenior Deputy ManagerAuthor Commented:
Server is running in Safe mode. But it is not giving access to start this service.
0
 
Sajid Shaik MSr. System AdminCommented:
check the virtual disk service ...


go to services. and start the virtual disk service

all the best
0
 
Sajid Shaik MSr. System AdminCommented:
virtual disk service is depends on plug n play services... check weather it's start or not...

if not start it...
0
 
syinfraSenior Deputy ManagerAuthor Commented:
We have checked, but still whenever i tried to start virtual disk service. It is saying the dependency service not started, so it could not start. ERROR 1068
0
 
Sajid Shaik MSr. System AdminCommented:
go to regedit

Please navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PlugPlay and
locate Start registry key

right click Start registry key Edit Dward Value  (value Data change to 2) select the Hexa Decimal

Change Startup type : Automatic -2

Automatic - 2

please take backup of your registry firs before attempting to regedit.
0
 
MaheshArchitectCommented:
Have you tried to restart domain controller in normal mode, if yes, what error you are getting ? still you are facing same issues ?

If yes, How many domain controllers do you have ?

if you have more than one functional DCs, check if you are able to open all AD snap ins including GPMC on another functional server
Also check if all AD services are running on that server for ex:
Netlogon
NTFRS (File replication service)
Intersite messaging
Kerberos key distribution center
security accounts manager
AD domain services
Also check if Sysvol and netlogon shares are populated

In that case just remove affected server from network and if it contains FSMO roles just seize them on functional DC then do metadata cleanup on functional DC and rebuild the affected server from scratch and promote it again as ADC

if this is the only domain controller you have, then check if you have valid AD system state backup and if yes, just make authoritative restore of system state on affected server by restarting it in directory service restore mode and then check if its working

Mahesh.
0
 
syinfraSenior Deputy ManagerAuthor Commented:
Woilla.....Excellent. I have never think that i can escape from this problem. But yess, after mad these registry changes, i got my DC back.

GURU.....You too good man. God for me.

Cheers,

You deserves a bottle.

-Abhijit
From Syinfra
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now