[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


Windows Server 2012





Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello, I have a Windows 2012 Essentials server (AD, DNS and DHCP). I installed a new Windows 2016 Standard and promoted it to AD. I am having all sorts of weird issues. For example, I am getting no SYSVOL and NETDOMAIN folder on the new server post promotion of 2016. I tried doing the auto and non-auth DFSR sync but with no luck.

Are there any known issues between 2012 Esse and 2016 Std? Should I do the 2012 Esse to Std upgrade? I have an OVL for it. I am just afraid to do anything with the old server as its unreliable.

Here is my DCDIAG output:
Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = NEW-SERVER
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\NEW-SERVER
      Starting test: Connectivity
         ......................... NEW-SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\NEW-SERVER
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\Old-server.DOMAIN.local, when we were trying to reach
         ......................... NEW-SERVER failed test Advertising
      Starting test: FrsEvent
         ......................... NEW-SERVER passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events …
The Five Tenets of the Most Secure Backup
The Five Tenets of the Most Secure Backup

Data loss can hit a business in any number of ways. In reality, companies should expect to lose data at some point. The challenge is having a plan to recover from such an event.

Hi Guys,

We recently had a new customer get infected with some ransomware - thankfully backups all worked. The setup is as follows:

Main Windows 2012 R2 Server - DC1 - Has all the FSMO active directory roles.
Secondary Server No Longer Used Running Server 2008 - DC2 - Still a domain controller but ready to be decommissioned.

After the ransomware hit, we did a full system restore of there main server, DC1. Restore worked perfectly. One thing i have noticed since is the SYSVOL/NETLOGON folders was no longer shared and visible on the main server. When i browsed to the folder on the C Drive, it contained the encrypted files of the ransomware. So these must have replicated after the restore from DC2 (which was also infected). Active directory is working and users can login and also changes sync between the 2 however things like login scripts and the group policy manager do not work.

How do we go about rebuilding or restoring the SYSVOL folder on the main DC1 server? We have the SYSVOL folder off the backup to use.

Many thanks

I have users connecting utilizing CiscoAnyconnect through our Cisco ASA 5515, this is the setup;

User initiates a connection with CiscoAnyconnect
The ASA asks the user for active directory credentials and is then authenticated through our FSMO PDC
The ASA assigns the remote PC an ip address from the pool we have set on the ASA
The user then is logged in and can access our network as if they were in the building on the LAN
All of which functions fine.

My problem is, since I upgraded our domain servers to 2012r2 everyone with a login on our network can connect. Ticking off “access denied” on the dial in tab of an active directory account doesn’t stop a user from being able to log in. This used to function.

I didn’t originally set this up and I have been unable find how to restrict this,  and after spending 2 hours with a Microsoft support tech yesterday he clearly has no idea either.

I suspect that my DC thinks that this outside subnet is just another WAN on our network so it just lets anybody that has an AD account to connect. How do I make my DC understand that this is an outside subnet so the “access denied” on the “dial in” tab of the active directory account works again and actually restricts user from connecting via our VPN tunnel?

Thanks for any help

Windows2012 file server
D:\accounting granted full permission to GROUPA -------contains (user1, user2, user3 and user4)
Folders included
File included

Now Want to grant user5 with full access to folder3 and files.
I don't want user5 to be in GROUPA because I don't want user5 to access other folder and files other than folder3
I tried
1. Grant full to user5 on folder3 ----- but fail --- contains only read permission

How can I achieve my target????????
Hi guys,
I got 2012 R2 server, which acts as a dns server for our environment
All sites works good. It’s just one site is too slow or not opening.
“Xero.com” login page not opening or working through it too slow

I found its to do with dns. But I can resolve using nslook. My server resolving it. But when I use as dns - it works so fast/normal. But if I use my server as prinmary dns which I need to for mapdrives. Site is running slow.

Is there anyway to make resolve that one particular site to resolve with first then all others can work with my dns server ?
I assist a company that has 3 computers and a server.  Its a very basic setup.  Server is 2012 R2, and it manages AD, DNS, DHCP, Antivirus and FS.  2 computers have folder redirection enabled.
Lately we have been having a problem that I just cannot pin down.  2 of the computers in the morning and afternoon and fairly random times will just freeze.  Their mouse changes to the loading circle, and cannot really do anything.  This lasts from 30 seconds to 10 mins. These computers do not have folder redirection enabled.  The network switch is new, and there are no events in the servers logs, or the computer logs that correspond with the times.  One of the computers is quite new, running win 10, i5, 8GB, SSD.  

Some help is needed as this has been happening for months and I cannot find where the failure is.  Everything I see looks normal.  Hardware tests all pass.  

Please help!
We have a file server cluster in one of the sites running on windows 2012 R2. We will be migrating the file server to windows 2016.
We had an incident earlier that the hosting infrastructure that runs all the virtual servers went down. Now the company wants this to be considered and make a solution that in case such incident happens in the future, the users should still be able to access the files from the second site.
We have two sites with good bandwidth. I am thinking of using the new feature in window s 2016 DC i.e the storage replicas. We want an automated switchover if in case infrastructure in any of the sites has an issue, it should be accessible from the other site.
We have file server cluster in both sites. Either one of them goes down it should AUTOMATICALLY fail over to the other site.
Hi Guys,
I got the terminal server 2012R2
got outlook 2010 in it. i want to enable 2 options in outlook "under trust centre settings- under email security- under scripts in folder-allow script in shared folders and allow script in public folders"
is there any way to create GPO and apply to all users so it will be enabled automatically ?
while doing this - should i install Microsoft administrative templates ?

any ideas/helps to fix this , would be great.

thank you
I have a domain with an 03 server and 2012 (r2 I think) server.  The 2012 box is GC and has all the roles, but the 2k3 server is still a member of the domain etc - the domain function level is obv 2003.  Glad the 03 box wasn't decommissioned yet as the 2012 box got hit with ransomware.  Unfortunately their usb backup drive was also encrypted and they had no offsite setup.  I need to reload the OS as I can't get SQL running again - cant uninstall it, cant install it, cant repair...its all kind of jacked.  Whats the best process to get it reloaded and back as the GC of the domain? Do I need to assign the roles to the 03 box first, then dcpromo, then reinstall OS and probably with a different name then before for good measure?
I have taken over the admin responsibility of a root CA. I got some knowledge after reading several posts na experts comments to my previous question.
Our server is windows 2012 R2 and cryptographic provider is KSP. In this case,  I only need two steps below,

1- certutil -setreg ca\csp\CNGHashAlgorithm SHA256
2- Renew the CA's certificate with new key.
My understanding is that  the server will have both SHA1 and SHA256 root certs and new certificates for devices will be issued with SHA256 if any device request. And,  there will not be any issue with our  RADIUS/ NPS, Printers, WI-FI, PC etc since they are using the SHA1 certificates until their renewal period reaches next year.
My confusion is that  what would happen when i install a new PC?,
The new PC is going to have certificate with SHA256, but NPS server still has certificate with SHA1.
Does the HASH algo matter?
Fundamentals of JavaScript
LVL 12
Fundamentals of JavaScript

Learn the fundamentals of the popular programming language JavaScript so that you can explore the realm of web development.

I have a Server 2008 Standard sp2. This is a non R2 server. I have a Server 2012 Essentials that im trying to make the PDC, but I get this error when trying to make it a DC.

"Verification of replica failed.  The forest functional level is Windows 2000.  To install Windows Server 2012 domain or domain controller, the forest functional level must be Windows Server 2003."

However, when I go check the functioning level it is at 2008 level.
I can't get past 2nd Authentication on my Remote access server.  

Remote Access 2nd Authentication won't authenticate.  I am  using web access to allow a user to launch remote desktop to attach to their computer at work.  I have hosting all RD services on a single Hyper-V server running Server 2012.  I can login to RDWeb site a see my applications (Remote Desktop, Calc). I click on either app I get the remote app warning shown in Picture 1..  When I click connected I am prompted to Authenticate again with the screen in picture 2 .  I can't get past this screen even with proper password.  I have tried various user/admin account still no go.  Why can't it authenticate?  The really sad part is I had it working yesterday with 1 authentication and have done this to myself.  I am not sure what I changed to cause this.  Thanks.
i've domain controller win2012r2 and everything is ok and normal, i added win 2016 as additional domain after that i found some people and the are random that they are becoming not connected to the internet and it didn't happen before. i workaround it by restart or re-logon and they are working  but i don't know the new domain is there any thing extra should i do?

i checked the replica and it's working normally
I cannot run updates on server 2012 R2 - It says windows updates cannot check for updates, because some settings on this PC are controlled by your system administrator.
Hello, we have an RDS server with apps configured and specifically about 30 users using Outlook with their mailbox configured...

Now we want to add a second RDS server for load balancing, problem is, users are not competent enough to reconfigure their email, and its a big admin task for us.

Any ideas to help me make this new RDS painless for outlook users?
I'm unable to adjust the size of a server's page file. For some reason I is currently set to 0. Adjusting it and rebooting just leaves it at 0.

I discovered pagefile.sys is corrupted and cannot rename or delete it.

I'm getting an error: 0x80070570: The file or directory is corrupted and unreadable.

The server is Windows Server 2012 R2 Standard

I'm at the point where I'm considering restoring from backup.
I need some ideas on finding Group Policy -- and where things might be coming from.

We recently implemented a new Password Policy.  The issue is, it is not being applied to the users!

- We implemented complex passwords, can't reuse 3 passwords and only have to change every 365 days.
- I placed the policy in the OU in which the users live (because we want to have different policies per OU in the future)
- It is still forcing people to change them every 60 or 90 days (whatever they were previously made to do).
- I have removed that setting or changed in every policy I can find it.
- Other polices I have applied work.
- I have also tried doing it in the Win2012R2 console as Microsoft suggests for more granular password policies via groups -- no good.

Environment: Windows 2012R2 Active Directory Domain in Native Mode, 2 Domain Controllers

I am going to attach a screenshot of one of the OUs for reference.

What is the best way to find where this policy is being applied in a way that is not allowing me to even apply it when I put the policy at the top in the OU?  Help would be appreciated!  Thank you in advance!
I have a server with roaming profiles and folder redirection. The roaming pointing to a roaming folder on the server and the redirecting [desktop and my documents] to a user folder.

1 – Not on all computers the folders are redirected.

2 – Now I have a computer that already was redirected and now the desktop location when back to the roaming folder but without the desktop information, [the desktop is empty].
I am trying to diagnose GPO issues in a large production network, using command line and 'gpresult' I am able to see the GPO's that are applied but not their settings, is there a way to see all the settings and the applied GPOs.

If I use rsop.msc It does not show everything either, would it then be safe to assume that settings are not applying?
Problems using Powershell and Active Directory?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

I'm trying to deploy remote desktop on Server 2012 std, and hangs on the compatibility check stating; Unable to connect to the server by using Windows Powershell remotely
I am trying to run the set-dnsserverresourceset cmdlet on a list of servers in a text file.  The command below works for reading and listing all records in the file.

$l = Get-content C:\Records.txt | Get-DnsServerResourceRecord -name $_ -ZoneName company.biz -RRType A 
$i = foreach ( $r in $l) { Get-DnsServerResourceRecord -name $r -ZoneName company.biz -RRType

Open in new window

The problem is when I try to run

Set-DnsServerResourceRecord -NewInputObject $R -OldInputObject $R -ZoneName company.biz -whatif

newinput and oldinput do not seem to like reading data in from list. Any suggestions on how I can address this. Also how can I set the update PTR record  to auto update as well using this command?
Good evening dear,

Nice to greet you, I'm currently running a performance study at the memory level of the platform's virtual servers.

By validating the vROP, I was able to get a report indicating that some servers are using 99.93% of memory. The server that you use as proof in this image is one of monitoring.

According to the vROP, the server consumes almost all its 10 GB memory (99.93% according to vROP).

Validating the memory metrics in the vCentro pútico valid in the summary tab that the server consumes 921 MB, I also have an account to configure and says the same, 921 MB of active memory. I understand that Active Memory: is the amount of current memory consumed by the VM. Right ?. (See Pictures 1).

Additionally, I also check the Supervise tab and I am directed to Use to validate the other metrics.

Where it indicates Virtual Machine Memory, it says that the VM consumed is 10.06 GB. Of course, we add the VM overload which is 66 MB. Total of 10.06 GB. According to this value of 10.06 GB where the image of memory consumption is observed is completely full, here I should base myself on the value indicated by vROP 99.93%.?

In the value where it indicates assignment in the worst case is with a value of 10.11 GB. I understand that this value must be taken into account, because according to what you investigate indicates that it is the amount of memory allocated when all VMs consume their total amount of assigned resources.

With respect to the Guest …
Getting ready to update certificate for AD FS running on Windows Server 2012, IIS 7.5. (Yes-I know updating this configuration is preferable, but  it's not an option at this point)

Most documentation out there now is on updating certificates for AD FS is for server 2012 R2 and is very similar to 2012. However, documentation for 2012 R2 includes updating the SSL certificate using the set-adfssslcertificate Powershell cmdlet and the set-webapplicationproxycertificate Powershell cmdlet if you are running the Web application to extend ADFS to the internet.
Source: How to Update Certificates in AD FS and Server 2012 R2

For both 2012 and 2012 R2 the token-decrypting and token signing certificate can be self-signed and auto-generating. Currently we have both set to autogenerate.
For both 2012 and 2012 R2 the service communications certificate has to come from a trusted 3rd party CA and can be updated the same way in both; via the certificates interface in AD FS Management.
ADFS Certificates
Are there similar functions to update the SSL and web application proxy certificates for Server 2012 that work in place of the Powershell cmdlets that aren't supported in Server 2012? (The set-adfssslcertificate Powershell cmdlet and the set-webapplicationproxycertificate Powershell cmdlets.)
is there any method to get a list of AD users who are using weak passwords for windows 2012R2 domain.
I have an old Dell PE840 server running Microsoft 2012 r2 essentials, with the roles DNS, DHCP, CA, remote access VPN, and the essentials features for server folders,  client back-up/restore, and server backup.
I would like to move this software and data to a newer server which currently has windows 2012 r2 standard, and not being used at all.
Reading all the TechNet articles on the subject confuses me rather than giving me a straight-forward step-by-step path to follow. I would be happy to remove the o/s on the new box and just stay with the existing WSE 2012 r2, or not, whichever is easier.

Any thoughts on this query?
By the way, a certain amount of down-time (2-3 days) would not be a problem.

Windows Server 2012





Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.