Windows Server 2012

18K

Solutions

9K

Contributors

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Share tech news, updates, or what's on your mind.

Sign up to Post

My AD Domain's functional level is Windows Server 2012.

I currently have two DC's that are both Windows Server 2012 servers. The primary DC: Prometheus holds all the FSMO roles,
and the other DC is simply a replicating DC. Both of these DC's reside on server hardware that is now 6+ years old.

I just installed a Windows Server 2019 server (Host Name: DC) to the network, and promoted it as a DC.

My goal is to install another Windows Server 2016 to the network, and promote it as a DC (Hostname:  DC2).

I then want to move all the FSMO roles from the DC: Prometheus to the new Windows Server 2019 Server: DC.

Then I want to demote and remove both Windows Server 2012 servers (Prometheus and Chronos),
and simply remove them entirely from the network since they have a high probability of incurring hardware related failures.

I am thinking once I have both new DCs operational I can raise the functional level of the domain to Windows Server 2016.  Not a big deal, but if an option I may do so.

Do you foresee any issues moving forward?
0
Windows Server 2012 Essentials to 2016 Essentials.
Since 2016 is brought up as a DC, and then 2012 is removed, what is the correct way to use the http://server/connect software to refresh the client backup and server shortcuts/functions to the new 2016 server?  

If I just run connect it gives errors about how the computer is already in the domain, but don't want to lose existing user profiles with shortcuts, favorites, etc.

I have to believe there is a recommended way to approach this but I cannot find it.
0
Windows 2012 R2 cannot enable TLS 1.2, even though I have followed all of M$'s steps to enable it in the registry. I have run IISCrypto, and it made registry changes. I then rebooted. No change. TLS testing still says I'm only running TLS 1.0.
0
change gpo’s  so. domain controller and client are set to ldap. require signing

nothing is broken but what’s a good test to make sure the setting is in action.  two domains (trusted) and. clients and member servers to domain controllers.  windows 2012 r2. and win 8.1. 10
0
Windows 2012 R2 was installed with all FSMO role & windows essential service. (DC1)
I was having another DC with windows 2016 installed (ADC2)

Windows 2012 R2 was having some issue, so I decided to transfer FSMO roles to ADC2 https://www.dtonias.com/transfer-fsmo-roles-domain-controller/
So I successfully transferred all FSMO role to ADC2

Then I removed Windows essential service (as I was not using it) from DC1.

I forced demoted the DC1 ignoring warning that Certificate service is installed on DC.

I missed backing up CA  as given on :https://social.technet.microsoft.com/Forums/windowsserver/en-US/d922860b-c8cd-4ed5-9b0b-05391c18afc0/demoting-a-domain-controller-with-a-ca-on-it

I never added any certificate on CA. In the network, MS exchange 2013 server is also running that is using public SSL certificate.

Do I need this active directory CA role or service for smooth working of network?
https://community.spiceworks.com/topic/373554-demote-a-dc-with-certificate-authority

Or I should ignore this & proceed to shutdown DC1.
0
FRS to DFRS Migration Stuck on start on 1 DC  from 3 DC
SYSVOL folder created successfully  
all the 3 DC servers are servers 2012 R2 , the DC the we have problem with him located on different network segment  and all FW rules are open between the DC servers
dcdiag-report.txt
0
I am not able to access the share folders from Windows 2016 Datacenter to any of the windows server at a specific location. Getting error message "Parameter incorrect" .Tried the below:
1) Check the firewall ports to the target server and port 445 is responding.
2) Tried to access the share from windows 2012 server and it works.
3) Tried to access //hostname/Admin$ and it fails with error Parameter incorrect.
Is there any specific setting within 2016 datacenter which is stopping this?
0
How big does AD have to be (and how slow does the link need to be) to justify installing a new domain controller in a regional office using the IFM (Install From Media) method?

I think we'll have a 50 mbps symmetrical site-to-site VPN.

Our NTDS folder is 375 megs in size.

Should I use IFM or just do it the regular way?

I'm no pro so picking the easy method is very much preferable.

Reading about IFM here:
https://social.technet.microsoft.com/wiki/contents/articles/8630.step-by-step-guide-to-install-an-additional-domain-controller-by-using-ifm.aspx

I became concerned reading this passage:

"Important :
The next steps are required to change the SYSVOL folder security settings. These steps change the file hash, which will become the same file hash as in the IFM. If you use DFS Replication, SYSVOL will keep the presided data only if the file hash on the source domain controller and the destination server are the same
On the destination server, right-click the SYSVOL folder, and then click Properties.
Click the Security tab, and then click Advanced.
Click the Auditing tab, and then click Edit.
Clear the Include inheritable auditing entries from this object’s parent check box, and then select it again.
Click Apply, and then click OK.
"

The existing domain controllers are Server 2012 and the new one will be Server 2016.  The functional level will remain at Server 2008 R2
0
Hello, we have created a policy in Group Policy, Default Domain Policy, that locks out client screens after 15 minutes of inactivity. It works fine but we have some machines that we do not want the screens to lock. The DC is a Windows Server 2012 r2 and the clients are Windows 10. Any ideas on how we could accomplish this? I have attached a 2-page file that shows where this is enabled.

Thank you.
0
Windows Update WSUS on Windows 2012 R2 Server

I just changed the Configure automatic updating from a 3 Auto download and notify for install  to 4 Auto download and schedule the install   schedule install day 0  every day and scheduled install time 03:00

The Install during automatic maintenance option is not checked

This is all configured using a GPO

The process installed the updates on most of my computers and servers some took the second day and that is ok.

My issue is that on some of the computer and servers they automatically rebooted and for the servers I wish this not to happen the desktops it is ok.

On the windows 2016 Servers this happens

On the 2012 R2 servers when I logged on I saw Installed updates have been applied and will restart in 1 day

Any way that I can stop the automatic reboot ?

Thank you

Tom
0
During DC Promo a replication partner was defined, however, it was the wrong replication partner and replication is taking a very long time.

Is there a way to stop the replication and force it to replicate from another partner?  SYSVol is not online yet and that is what seems to be taking the time in replication.

2012 r2

TIA
0
I have two scheduled tasks set to trigger on security event IDs, 4767 and 4740 that fire on two of my domain controllers.  They run a short powershell script like this:

$eventcontent = wevtutil qe security "/q:*[System [(EventID=4767)]]" /f:text /rd:true /c:1
$SmtpClient = new-object system.net.mail.smtpClient
$MailMessage = New-Object system.net.mail.mailmessage
$SmtpClient.Host = "[smtp server]"
$mailmessage.from = ("[DC1@domainname]")
$mailmessage.To.add("[alert@domainname]")
$mailmessage.Subject = $eventcontent
$mailmessage.Body = $eventcontent
$smtpclient.Send($mailmessage)

Open in new window


The script works, as every time we have a lock or unlock we receive the email.  The problem is that every morning between 2 and 6AM we get a set of three email, one of which is blank, the other two continuously reference the same old pair of logs.

Interesting details:
It was the case that all three of them were blank emails for a while, until I expanded the size of the security event log.  At that time two of them started to contain event information.  The event information they contain are one user account lock and the corresponding unlock for that user account (4767 and 4740).  These two emails come from two different domain controllers, the lock event coming from the PDC.  The third (which is blank) comes also comes from the PDC.

I don't have any idea how to approach this, there is nothing special about the logs that are getting resent every day, so if anyone has any ideas I'm all ears.  Thanks!
0
Looking for a backup solution for multiple servers at multiple clients. We have a 40tb server with ftp at our office as the hosting server. Need to be able to do incremental backups, restore via web would be nice, the clients need to be able to access a web interface and see their backups, logs etc. Email notifications are essential. We tried duplicati but it crashes on most clients (files in use maybe). Trying URBackup but its slow. Hyper-V support is a plus as well as MS SQL backups. Free or Paid is fine.
0
I have a simple network, all flat, using default vlan 1 on my LAN.  I do have 2 switches that have a different vlan to separate my camera traffic.


I am implementing 2 more switches, stacked, (vlan 90) that I need them to be able to access the rest of my current network, vlan 1.
I'm going to create the new vlan on the core switch and add an IP address to it.  I know that all my uplink ports need to also be trunk ports,
so it can pass all the vlans,  I'm guessing, all I need to do is add the new vlan on every current switch in my network and that's all I have to do from a
networking standpoint.  I also need to add the IP helper command on my core switch, so I can pass the DHCP info to my DCs.  Am I missing anything else
I need to do?

In regards to my AD, I'm running windows server 2012R2 for all 3 of my domains.  I'm running DHCP and DNS.
So I'm assuming I need to create a new lookup zone for this new vlan and IP range.
Besides that, am I missing anything?  What else would I need to do?

Is there anything else I need to do to make this happen?

vlans
0
Hi,

Until recently I was able to right click on the users in
Remote Desktop Services > Collections > Connections and either select Disconnect, Send Message, Shadow, Log Off

I now get these errors:

Trying to log off a disconnected user:
Unable to disconnect session 0 on RD-HOST01.company.com.

Trying to send a message to a user:
Unable to send a message to session 0 on RD-HOST01.company.com

Trying to Shadow a user:
Failed to enumerate sessions on server RD-HOST01.company.com Error 1722

Any suggestion on how to fix?

Thanks,
Josh
1
Hello,
I have an HP Proliant DL380 Gen9, where i want to install Windows Server 2012 R2.
After updating the BIOS firmware with the latest Service Packs, and trying to install the OS, i get the following error message at 79%, that i do not know the exact cause, or how to resolve that problem:
error.PNGI will be so grateful if anyone can help me,
Thank you in advance,
0
Hi
We have windows 2012 DC and windows 10 workstation.

On the APPSvr-1 we have a share called Applications and this drive gets mapped as “S ”drive  when any user log into the workstations.

On this share I have created a folder \\ APPSvr-1\Applications\ Fin\Fin Revision

Within the Fin Revision folder, there are many MP3files saved on this folder.

For every users, I would like to create a shortcut pointing to Fin Revision folder where and the MP3 files.

On all the windows workstation I can see the folder “Fin Revision” under
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fin\Fin Revision

But there are no MP3 files within the Fin Revision folder.

Please see the snapshot of the GPO that has be set up and let me know if I am missing any settings.
Thanks
Shortcut-snap-in-the-GPO.png
0
We use StorageCraft ShadowProtect (5.2.7) on a Windows 2012 R2 server (domain controller / file server). We were using a slightly older version of ShadowProtect for many years but had an issue with the ShadowProtect service not starting recently. We upgraded it to 5.2.7 and the issue was addressed and backup ran successfully once. However, it started failing with the error "Cannot take snapshot. VSS provider not started." Backup attempt/failure causes several VSS writers to go into failed state. I can fix all of them by restarting services except for NTDS writer. They all go back to normal state if I restart the server but backup still fails with the same issue.
I tried a backup with diskshadow command and it reaches the step "Including writer NTDS" and then fails with the following errors:

* Returned HRESULT: 8004230f
* Error text: VSS_E_UNEXPECTED_PROVIDER_ERROR

StorageCraft support pointed me to the following article but it didn't help and they told me this is a Microsoft case.

https://support.storagecraft.com/s/article/Error-VSS-Provider-is-not-started-or-is-not-registered?language=en_US&name=Error-VSS-Provider-is-not-started-or-is-not-registered&fromCase=1


The server shows no apparent disk issues (C and D drives). The D drive has Shadow Copy enabled and runs successfully at 7AM and 12PM daily and I was able to restore a previous version from a recent task.

If anyone has any suggestion for addressing this VSS issue, I would greatly appreciate it.
0
How can I get in contact with a qualified engineer that can fix some issues and help me properly configure my server?  It gets the job done for basics, but I am running into warnings and critical errors that are beyond my knowledge level.
0
I Finally got approved to do the upgrade 8 years past due in my opinion From Exchange Server 2007 to 2010 or 2013.  I want to be able to keep my exchange server 2007 online so I was wondering if I should Install Exchange server 2010 and do the migration from 2007. Are should I install 2013 and do the migration from Exchange 2007. I currently have set up a new Dell server and have 4 servers running 2016 1 is a Domain controller, I also have a backup domain controller for 2012. I have raised my domain and forest functionality only to windows server 2008 so the current exchange server 2007 will still work while this migration is taking place. Any suggestions on opinions on how I can accomplish this task with no data loss and no issues or minimal issues Thank You
0
Compact Repair Removing Tables from the ACCDB

Short version: I recently upgraded my office machines to Win 10 Pro.  Now, when I pull an accdb from my client’s machine to my office machine, then run a compact/repair on the transferred data, on my machine, tables are lost.

This is new behavior since I upgraded my office machines to Win 10 Pro.  I have been working with this client for 10 years and many times have pulled accdb’s from their machine to my machines and compacted them with no issues.  I tried this on another machines in the office that was recently upgraded and the compact/repair also removed tables.

Here’s the current configuration.

Client Machine            Windows 2012 R2      Access 2013
Office machine            Windows 10            Access 2013

Compacted ACCDB size      1.03GB


Much longer story with much more, probably too much, detail
I am adding new functionality to a client’s Access 2013 application.  I wanted to test with their current data so I pulled it to my office machine from their server.  The first thing I did on my office computer was run a compact/repair.  At the end of the compact repair there were tables missing from the accdb.  I thought maybe the data was corrupted so I created a blank database, pulled in all of the tables from their original, non-compacted DB and then ran the compact repair on the new DB.  Same result, tables were removed.

I connected back into the client’s server backed up the accdb, then ran a compact/repair on their server.  No issue …
0
Coming back to this, a while ago i was looking to set up a  2016 RDS farm.

  • We do not want staff to access the terminal server or apps directly externally.
  • We want them to authenticate via VPN first.

Internally we have modified a RDP shortcut that connects staff to the RD session host via the RDS broker. And that works as fine if they are already in the system. But this option is not viable for the remote users. We are using Barracuda SSL VPN and it has a built in RDP client within itself. I see no way to edit the built in RDP client or upload a custom RDP client. If we put in the RDS broker address in the built RDP client users will not get redirected to the RDS session hosts instead they will be logging onto the broker itself.

the other option is to bypass the broker completely, we'll leave everything as is but we take the load balancing over to our physical LB and have it to decide which RD session host clients will be redirected to. While it may not be the ideal setup i do not see any adverse effects unless I'm missing something.







Currently RDS Web access, Gateway, Broker & licensing is installed on 1 server. Host session is on another server.
0
Hello,
    I'm deploying a new Windows 2012 R2 server for the sole purpose of AD FS.  My only use case for AD FS at this point is to setup SSO with an application we use.  I'm good with the install portion of the AD FS role but my question comes in with my domain being a .corp and the certificate I'm planning on using is a wildcard cert with a .net suffix.  During the Active Directory Federation Services Configuration Wizard when you get to the Specify Service Properties it asks you for the SSL Certificate, Federation Service Name and Federation Service Display Name.

I hit the drop down for SSL Certificate and pick mydomain.net.

Federation Service Name I put adfs.mydomain.net or adfs.mydomain.corp?

Any thoughts are appreciated....
0
I have done an upgrade on a RD Server from 2008R2 to 2012R2.  Since the upgrade no clients are able to start the remote app using the downloaded remote app link from the internal website.  

A user is able to start the app link, it request credentials, then it returns a remote computer can not be reached error.

The same user is able to connect using the standard RDP connection and can start the program from the remote desktop.  The error only happens with the published remote app link.
0
Dear Experts, we were configuring the Exchange rule but got issue here. can you suggest?

It seems that the web GUI cannot be updated when I inserted the keyword. How can I fix it?

1.png
2.png
3.png
4.png
5.PNG
0

Windows Server 2012

18K

Solutions

9K

Contributors

Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.