Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


Windows Server 2012





Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello everyone. We have setup a Windows Server 2012 r2 instance on AWS. We would like to setup Active Directory and have users be able to auth against it. I understand AWS has its own AD service available, but we run Okta in our organization and need a Windows server Okta agent running to sync against our AD, hence the windows server. I am having a hard time with the users being able to login to the domain on a computer. We would like to use the same domain name of our email (ie contoso.com) which also hosts our website. I understand we need to add something the SRV records to our domain DNS which is hosted on AWS as well.
Also, we use Ruckus APs that can authenticate against an AD, which we cannot get to reach the AD server.

Any suggestions?

Thank you.
Problems using Powershell and Active Directory?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

I have an internal CA. It's got a Root CA (offline) and a Subordinate CA (Enterprise). I am looking to enable code signing. I was successfully able to publish the template and get the cert for the administrators. What I can seem to figure out is how to get the PC to fully trust any certificate from the CA for code signing. I have the Root CA cert in the Trusted Root Cert Authorities and The subordinate in the Intermediaries Authorities. I know that code signing looks at the "trusted publisher" store. What I don't understand is why it's not trusting the certificate since it's issued by a CA that is in the trusted Cert Authorities. Anyways, I tried adding the Root and sub CA certs into the Trusted Publisher store and that also didn't work. The only way I could get full trust was to put the public cert into the Trusted Publishers store. I would like to just make it so that any code signing cert we ever issue, is trusted by my clients. what are requirements to make this happen? I don't want to update GPOs for evreyone's individual code signing certificates. Thank you.
We have a public website and it changed to new IP address. And A DNS record for the website is located at DNS1.

So user's path for DNS name resolution is;
User laptop------DNS2-------DNS1

DNS1 is configured as a forwarder in DNS2.

I just requested to change A record to DNS1 admin and he changed. I can resolve to new IP;
c:>nslookup website.com DNS1

But if I try to resolve with DNS2, it still returns the old IP address. It seems as DNS2 is not getting the change yet, TTL issue in cache.

Is there a way to delete only a single record for website.com?? It's AD integrated DNS server, I went to DNS concole> Advanced View> Cache Lookup, there was no record for website.com. I want to delete the record in DNS 2 and gets new DNS record from DNS1
Here's the scenario, can someone please give any ideas?

Using MDT 2012 with WDS to image Win7x64 computers, the MDT server has been up and working for a couple of years. I have one type of computer that will F12, start the MDT task sequence but hang 'Attempting Multicast Transfer' on the installing OS bit.

In WDS it is showing as 'Waiting' in the Multicast Transmissions window (see attached). If I right click and select 'Bypass Multicast' it starts installing.

when there's just one machine connected it should start imaging straight away, why are these machines endlessly waiting for a multicast session? and not just starting the MDT. Even if 2 machines are waiting (which presumably makes it  a multicast session) it still doesn't start.

Other models of computer seem to work just fine.....of course.
I have a Windows Server 2012 R2 terminal server (we'll call it TERM01) on which we need access to a shared drive from another source (in this proof of concept case \\FileServer\test$) in order to redirect the documents folder.  The fileserver with the network share is also a Windows Server 2012 R2 server.  The folder redirection has been configured in a GPO with a scope that affects members of a security group (rdp-users).  Each time I log into TERM01 with a regular user who is a member a that security group, the folder redirection portion of the GPO fails.  I believe I have determined the cause of the failure.  In testing access to the share, I connected directly to the UNC path that is used by the GPO and I am able to establish a connection.  I can successfully create a new folder so long as I do not change the name.  If I give the new folder any name other than New Folder or if I try to rename the folder after the fact, I get the error “Can’t find the specified file” as seen in the image below.  This situation only occurs if the new folder on the remote share is created while logged into the TERM01 server only.  When I log into another server, TERM02 also a Windows Server 2012 R2 terminal server, the folder redirection does not fail and my profile folder, ladleyb, is created as seen image below also.  When I go into the ladleyb folder, I can create files with any name I choose but the folders will still only allow the default name.  The effective NTFS permissions indicate …

I have a question about difficulties I am experiencing trying to connect my root DC (has PDC fsmo rule) to an external time source (time.nist.gov).
The server is running Server 2012 and all member servers are supposed to be synchronizing with this server to obtain the time.
I have followed the steps in the following KB article:


as well as downloading and running the applicable "fix me" msi.

Even modified the registry entries mentioned in the article.

After restarting the time service (w32time), the time is still not updating to the correct internet time.

After running the following query commands, here is the output received:

C:\Windows\system32>w32tm /query /source
Local CMOS Clock

C:\Windows\system32>w32tm /query /configuration

EventLogFlags: 2 (Local)
AnnounceFlags: 5 (Local)
TimeJumpAuditOffset: 28800 (Local)
MinPollInterval: 6 (Local)
MaxPollInterval: 10 (Local)
MaxNegPhaseCorrection: 3600 (Local)
MaxPosPhaseCorrection: 3600 (Local)
MaxAllowedPhaseOffset: 300 (Local)

FrequencyCorrectRate: 4 (Local)
PollAdjustFactor: 5 (Local)
LargePhaseOffset: 50000000 (Local)
SpikeWatchPeriod: 900 (Local)
LocalClockDispersion: 10 (Local)
HoldPeriod: 5 (Local)
PhaseCorrectRate: 7 (Local)
UpdateInterval: 100 (Local)


NtpClient (Local)
DllName: C:\Windows\system32\w32time.DLL …
I have been asked to patch office 365 but the conventional way using SCCM cannot be used because the current version level is at SCCM 2012 R2 (1302) on 2008 R2 SP1 Standard. Active Directory is at 2003, I can’t upgrade SCCM to 1606 to support office 365 because of AD SCCM would fall out of support if we changed it.

I have been tasked with patching O365 I have a few suggestions but need some advice on achieving this

1: Set up a file share for the patching and use group policy. Really dont want to take this approach as its labour intensive.

2: Set a new instance of WSUS up on a 2012 server with WSUS ver 4.0 and deploy 365 patching from it only snag is I dont know if I can run SCCM client patching along side a separate instance of WSUS. Is this achievable or is there a better solution.

We aren’t using azure the o365 is static.

Any suggestions would be greatly received
I have a website called www.tios.ie which is composed of a WCF service  and a Webform client. Both the client application and the Service application are separate projects. Until now I have hosted the client (which has a service reference to the service) in IIS8.5 express in the "default web site"  and I have not needed to host the service application , just build and reference in client.

I now want to host both the Client application and the Service application in IIS, outside of "default web site". I created two folders TiosServiceHosting & TiosClientHosting  and published both applications to these respectively with the service in port 81 and Client in port 82. However when I now call the website it is unable to find it.
Is it possible to host two applications like this outside of the standard port# :80 If so how do I go about it ? An example would be great.

Application Host file
            <site name="Default Web Site" id="1">
                <application path="/" applicationPool="DefaultAppPool">
                    <virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" />
                 <application path="/bin/roslyn" applicationPool="DefaultAppPool">
                    <virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot\bin\roslyn" />
                <application path="/appinit" applicationPool=".NET v4.5">

Open in new window

I'm planning to migrate single site to 4 sites. I read many articles and took notes.
One thing I don't see anywhere, what do I do with  Default-First-Site-Name?
Do I create 4 sites and move all DCs to 4 sites and don't create a link to/from  Default-First-Site-Name?
Or do I utilize  Default-First-Site-Name as one of 4 sites?

The other question, what happen to 24 hour running member servers running application, file server which uses ldap?
Will it experience disconnection? Anything to keep in mind?

I have a SAN Network isolated from the reset of the network and I have a Single Windows 2012 server I am using as a gateway for monitoring and updating.

I dont have any budget so using FreeProxy Internet Suite to route internet traffic and SMTP traffic for updates and monitoring alerts.

the issue I have is that the storage will not send using the Proxy and also DNS is not working for updates.

What is the best solution to all my Windows 2012 R2 Gateway machine to pass all traffic out keeping the network isolated.

Are your AD admin tools letting you down?
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Hi All

Does anyone know how to update to the latest powershell version on Hyper-V Server 2012??

I am not able login Exchange Admin Center .

I have installed SSL certificate yesterday but It was fine till yesterday.
Veeam B&R 9.5
Windows 2012 R2 Veeam Server
Windows 2012 R2 Veeam Proxy Servers have 4

When Backup runs from Veeam B&R I get this event id 157

Log Name:      System
Source:        disk
Date:          10/18/2017 8:07:12 PM
Event ID:      157
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      SERV001-2012R2.net.com
Disk 1 has been surprise removed.

This happens on all servers I listed above.  

Would like to know if I can suppress this event

I applied KB2955164  no change

I ran diskpart automount disable    and diskpart automount scrub     no change

Has anyone figured this one out?


I am getting a NetBT 4319 error on my server saying that I should type nbtstat -n to find out what name is in conflict state.  I have two Network Cards on this machine that interact with the same network, so is that what the problem is?
So we have a very strange situation.  One user's account is getting locked out continuously and instantly from the moment we unlock it.   We have an event ID 4767 where the account was unlocked, then instantly an event 4740 where that account is locked out.

Doesn't say what locked it or why.

This is only happening on 3 out of 5 domain controllers.  The other two domain controllers  will show status unlocked until the next sync then it will show locked.  

We have turned off all computers this users has ever touched, turned off his phone, ipad and anything else that would have ever had his account info on it.

It's still getting locked out on those 3 domain controllers.

Anyone seen this behavior before?  Any suggestions on what could be causing it and how to resolve it?

We are on windows 2012 R2 domain/forest functional level,  4 AD sites, the 3 DC's that are locking out instantly are spread out among 2 sites.  the 2 DC's that are not locking out instantly are at the remaining sites.
all FSMO roles are on one of the DC's that locks out the account instantly.
I have a url in my database so when I display a record per page I would like to have the web page from the url display as part of the report page. I see I can do it in 2016 but I only have 2012.
Hi, recently due to some unauthorized changes on web.config we had to restore the complete windows server 2012 backup.
after restoration Crawl is not running and its showing top level 3 errors: protocol handlers missing with three web applications URL.
and below is the event and uls log error message.
 6482      Critical      Application Server Administration job failed for service instance Microsoft.Office.Server.Search.Administration.SearchServiceInstance (343233de-d8ff-47cf-8dca-19f0a590431b).  Reason: Unable to cast COM object of type 'Microsoft.Office.Server.Search.Administration.MSSITLB.CGatheringManagerClass' to interface type 'Microsoft.Office.Server.Search.Administration.MSSITLB.IGatherManagerAdmin3'. This operation failed because the QueryInterface call on the COM component for the interface with IID '{0FF1CE15-013A-0000-0000-000000000000}' failed due to the following error: Error loading type library/DLL. (Exception from HRESULT: 0x80029C4A (TYPE_E_CANTLOADLIBRARY)).  Technical Support Details: System.InvalidCastException: Unable to cast COM object of type 'Microsoft.Office.Server.Search.Administrati...      58ab239e-eb29-4066-30de-79ee6e9a7605
10/17/2017 06:12:57.73*      OWSTIMER.EXE (0x32AC)                         0x31AC      SharePoint Server                   Shared Services                     6482      Critical      ...on.MSSITLB.CGatheringManagerClass' to interface type 'Microsoft.Office.Server.Search.Administration.MSSITLB.IGatherManagerAdmin3'. This operation failed because the QueryInterface call …
I wrote a parser that reads from several files to produce a consolidated file.
This works fine when invoked interactively either from the command line or from file manager.
When I run this from Task Scheduler, the program starts, and writes the header to the target file, but nothing from there.
When run interactively, all of the data populate.

VB.Net  written using VS 2017
Running on Windows Server 2012
Does anybody know the exact function/meaning of the Windows regedit setting

I find no real documentation from Microsoft, but some sources state something like:
  "This key tells the system to wait for TCPTimedWaitDelay to pass before reopening a socket."

It sounds like that would be applicable only for creating new outbound connections, not for responding to inbound connections.
Is that correct, does anybody know?

Thus, TCPTimedWaitDelay affects handling of both outbound and inbound connections, but StrictTimeWaitSeqCheck only affects outbound connections?

And if not - why bother with StrictTimeWaitSeqCheck at all. Why not just set TCPTimedWaitDelay to 0?

Also, in addition, I cannot find any formal Microsoft documentation on the default value for TCPTimedWaitDelay. Some sources say 240 seconds and some say 120 seconds. My test results lead me to think that the default value changed at some time (when?) and at least since Win2012 it is 120. Any ideas on this?
Fill in the form and get your FREE NFR key NOW!
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

I've got a normal MS (IIS8) web serve (IIS8 on Windows 2012), to which client browsers connect to request html pages.

One client (or rather its proxy) behaves like this:
1) Outbound connections use a quite small port range
2) Connections in time-wait ,or where the other side is supposed to be in time-wait, are reused for new outbound connections after 60 seconds (the web server uses 120 seconds for this setting, hence the incompatibility)
3) New connections initiated from the client do NOT use a TCP sequence number that is always larger than the last packet sequence number on that particular src/dst pair. Instead a completely random value is used as initial sequence number.

Issue 1) means that the client quite often makes the web server run into a "port re-use" situation, such that a new inbound connection is using a src/dst port combination that has already been used before (the server port is always 80, of course)
Nothing bad with this, though.

Issue 2) means that the the port re-use according to 1) sometimes occurs while the web server is still in time-wait state for that particular src/dst port pair.
This is a problem, as the web server will then not accept the request for some more time (until the server time-wait timeout period finishes), and the client will end up retransmitting its SYN connection attempt during that time, delaying connection.
However, that would not be so bad if it wasn't for issue 3)

Issue 3) means that when 2) happens, the web …
My setup is: HP Proliant 360G8 server with a p222 adapter added. On this adapter I've connected a external HP Ultrium tape unit. On the server I run VMware Vshpere 5.5. I've setup three virtual servers (DC/Exchange, file/printer and remote access desktop server). The fileserver also functions as the backup server with Symantec BackupExec 14 running. I've connected the external tape unit to this machine in the virtual machine setup. In backup Exec I've configured backupjobs (one running daily, one for fridays; the daily one runs over the designated tape each week, the friday jobs run on five tapes so I can run back into time for 5 weeks). The jobs are complete backups of all three servers (including all data, system state and bricklevel backup of Exchange).

What I run into is that at least once a week the fileserver completly 'freezes'. This goes to the point that you can't even power off from the VMware consile and need to reboot the whole server to get everything working again. From the log files i see this happens at a point just after the backup finishes. On most occasions, but not on all, the P222 card is shown as 'dead' in VMWare manager.

What I have done so far is: installed both windows server and backup exec completly fresh (as a new virtual server). I've replaced the P222 with a new adapter. I've update the firmware on the P222 and the driver in VMWare (april 2017). But nothing changes this behavior.

After the server 'freezes' it is completely …
hi everybody
i tested DAC in vmware like this post
but when in effective access tested access for my user it had all deny permision and limited access by the rule ,however i apply to it read,write and modify permission with the rule
and check the steps in above post two times and everything allright.
Does anyone have a comment?
Hello there.  I am wondering If I can use old IBM QLE2460 cards, fiber channel with a switch, like brocade 300 to emulate ethernet connections of 4GB.
In the same manner, I am wondering If I can HP 10GB MELLANOX CONNECTX-2 cards ( windows 2012R2 of windows 10) with a switch like  Mellanox MIS5025Q-1SFC to emulate 10GB connection. Also, it would be fantastic if there was ESXi 6.x support for this. Please advise!!!!  Are there any limitations that I would be aware???

Ps. When I say emulate I mean to use Fibre or Infinity band to work as ethernet with proper drivers and switch configuration.
I am a scripting newby, but have a script that works for updating AD users based on a .csv file.  The working script is based on whether or not there is a street address for a users office location.  Here is the example of the working script for that portion and it will dump a success or error file in the C:\Temp directory:

Import-module ActiveDirectory


$userList = Import-Csv 'ADUpdate.csv'

  foreach ($user in $userList)
      $ErrorActionPreference = "Stop"
      $myu=Get-ADUser -Filter "mail -eq '$($user.mail)'" -SearchBase "DC=NCU,DC=local" -server $ADServer
        if ($user.streetaddress -eq "") {
         $myu | Set-ADUser -office $user.physicalDeliveryOfficeName -department $user.Department -title $user.title -description $user.title -company $user.company -state $user.st3 -manager $user.manageralias -server $ADServer
            Else {
         $myu | Set-ADUser -office $user.physicalDeliveryOfficeName -department $user.Department -title $user.title -description $user.title -company $user.company -streetAddress $user.streetAddress -state $user.st3 -postalCode $user.postalCode -manager $user.manageralias -server $ADServer
      $user  | export-csv -path "C:\Temp\ADUpdater-Success.txt" -delimiter "`t" -append
      $msg =$msg + " : " +  $_.Exception.Message
      $msg =$msg + " : " +  $_.Exception.InnerException
        $msg = $msg + "`r`n`r`n"

Im trying to access CRM from our external domain via ADFS and am having some troubles.

we have an ADFS server in both internal and external domains, the CRM is hosted on the internal domain and is able to be accessed and authenticated over the internal ADFS using HTTPS://crm.internal.domain 

I have a relying party trust on the internal ADFS that works.

Both ADFS servers are federated and port 443 is open between them, im able to update the metadata from both sides.

On the external domain I have a host record for HTTPS://crm.external.domain which is a virtual IP for an F5 load balancer that points to the crm.internal IP address

Im not sure if having the F5 is causing the problem but we need to have the servers behind the vIP to hide their real ip.

Do i need another relying party trust on the external ADFS server for the internal CRM? should i be able to browse to the internal CRM metadata page from the external domain?

Thanks for any help :)

Windows Server 2012





Windows Server 2012 is the server version of Windows 8 and the successor to Windows Server 2008 R2. Windows Server 2012 is the first version of Windows Server to have no support for Itanium-based computers since Windows NT 4.0. Windows Server 2012, now in its second release (Windows Server 2012 Release 2) includes Foundation, Essentials, Standard and Datacenter, and does not support IA-32 or IA-64 processors.