Windows Server 2016

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.

Hello Everyone and as always many humble thanks for insights and for your time.
I have a rather silly question, but since I have not done this before I need to ask. LOL
We have a number of INTERNAL appliances and websites that complain (see screenshot) that the website is NOT secure and this is becoming an annoyance to users (having to click through to advanced to bypass the warning). My understanding is that to mitigate this I have to bring up an internal Root Certificate Authority installed on a server (2016), member server and not DC, as well as set GPO to push it out to clients. Does that sound about right? If yes can anyone kindly comment on how they did it (SHA256 I assume, 5 year validity, etc.) - perhaps point to some decent articles - and point out any obvious gotchas that those who tried it experienced. Very much appreciated. Than you.
CERTerror.jpg
0
I'm trying to reACL a file server because my robocopy isn't going smoothly. Apparently, there's no single account with access to all the files.

I figure the way to re-acl everything was to take ownership at the root folder and push that down but considering it's a 10TB file server, is there a better way to do this so I can robocopy the entire server?
0
Hello,

I am setting up a Windows 2016 VM and one of the disks has 3TB size.  I will setup shadow copies to backup the data locally.    

Does anyone see and potential issue?  Is there a KB which shows the limitation if there is one?

Any feedback is appreciated.  

Many thanks.
0
Hi All,

I am currently setting up an offline Root CA using Windows Server 2016 Core. Part of the istall requires using the certsrv snapin. As this isnt part of the server core install (is it?) I am using a Windos 10 machine. Neither machine is in a domain. I can browse to the server quite happily (\\servername). It prompts me for the username and password. If I try to use the certsrv snapi in or server manager I cannot connect with access denied (Certsrv) or WinRM Negotiate authentication error (Server Manager).

I have enabled remote management via sconfig and turned off windows firewall on the Windows core machine. What else am i missng?

Cheers,
Paul
0
HyperV  VM  IP addressing questions.

I have setup a test server i want to take live and have made some progress but wondering about IP addressing under the circumstances below.


My server is Windows Server 2016 Standard and it's the host.
It's ipV4 is set to automatically detect from an ethernet port on my wireless router.

That ethenet from the router is connected to the built in ethernet port on my server.
It's ip from the wifi box is 192.168.1.4
Gateway is 192.168.1.1

I added a Hyper V Switch that is connected to a hardware ethernet card installed INSIDE the server

I have a VM of Windows Server 2016 Standard.
I have added the following roles:  AD, DNS, DHCP

So I want my test laptop to connect to the AD Domain to be in the 10.0.0.?  range

Overall, I want to know how i need to setup all the ip addressing, such as:

What ipv4 address should the Hyper-V Switch be? (Its on that ethernet card I added and I have the Hyper-V Switch pointed to that card)
What ipv4  and DNS scope info so I need as it relates to the AD, DNS and DHCP (scope?)
0
I was having an issue connecting to our CIFSs shares that are on our NetApp storage.

So the CIFS SVM initially creates an AD computer account in the domain. Then a windows client is able to use that account to \\CIFS\Share into the NetApp CIFS volume.

But it stopped working with "no logon servers available" and "we can't login with your credentials"

I noticed the AD computer values are missing as if it was no longer joined. I replicated this issue in my lab and duplicated the results pretty much by disabling the account.

How can I rejoin a CIFS server to the domain and gain access?
0
Windows 10 updates are pausing for 7 days and I can't figure out why.  If I resume manually they pause again after a reboot.   I have set up Group Policy on our Server 2016 domain controller with the following settings.

GPO Update Settings
0
I have a computer that's running quite slowly today.  I'm remoting into the PC, so I can't see what's going on first hand.

After loading up taskmgr and clicking on the Performance tab, I don't see any disks.

What comes to mind for you, here?

This box is running Windows Server 2016

Missing disk readings in Taskmgr
0
Dear Experts,

I am trying to formalize our server update procedures.  Since the existing procedure was not created recently, I would like to bring it to date.
We have a WSUS server, and I was thinking of using Group Policy for deployment.  (right now, we are using SolarWinds patch manager, and manually pushing the patches every week)
I am only including Microsoft Windows Server and SQL Server updates, and we have test server group we can use first before rolling out to production.
I would like to know what would be the more recent best practices for:

1. How long I should wait to deploy the patch after it comes out. (Unless it is Zero-day security category)  
2. How should I track the success/failure rate, besides going through WSUS app report on the WSUS server.
3. What should be the Automatic Approval policy?  Always with Critical patches?
4. Is there a better way rather than using GPO?

Please advise.  Thank you.
0
PowerShell Script Request: Remote Windows 2016 Server Page File and Location.
1
I have a windows 2016 server. I get "Security Update for SQL Server 2016 Service Pack 2 CU (KB4535706) failure error when I patch the server. The other Windows patches are ok.
Experts out there might have a solution for this. I would appreciate it if you could shed light on this.
0
Hey Experts.  I need to copy data from a directory on a server (serverA) but a Windows service on the server needs to be stopped before the data is copied.  Not sure how to get the script to check for the Windows service (say spooler) to be stopped before the script continues on.  Thank you in advance for any help!
0
Hi Experts,

my exchange server 2016 restarts each night.
How to troubleshoot this ?
Where to look into ?
0
Script to list logons on a specific domain controller, which the user actually logged onto that domain controller. Trying to look up examples and I just keep finding ways to find a specific user, I want all of the logons for the past X hours, of any user.
1
Hello, I'm trying to up an Oracle Database for a customer, and i have a few issues with it.

When i'm on a DOS and type "lsnrctl status <service_name>
i got an answer "Instance <name>, status BLOCKED, comport 1 handler(s) for this service..."
Command Success. (Could be not 100% accurate as I trad myself from french)

In a other hand, when i'm trying to connect with SQLPlus on the DB,  i got the following :
"ORA-01033: ORACLE initialization or shutdown in progress"

All services linked to Oracle are running exept OracleRemExecServiceV2.

As my lsnrctl start, stop and status gives answers, I dont know if problem comes from my listener.ora/tnsnames.ora (that was the previous problem I got and think have pass through).

Also SQLDeveloper send back the ORA-01033 error too.

The oracle DB version is 12c 12.1.0.2.0.
OS is Windows Server 2016 64 bits

Blocked Message afterr lsnrctl status

ORA 01033 at login attempt
I've tried to shutdown then startup DB, reload services.
The only thing I got is tnsping answer well.

If you need anything more for precision feel free to ask.

Thank by advance if you have an answer, I digged in many sites but no one give a clear answer that applied well for me.
0
Hi All,

We are looking at installing a Server 2016 server (standalone) with the CS role. We are primarily going to be using it to secure our DC's (currently 2008R2 - but will be upgraded soon), for LDAPS but may look to utilise it further for other devices/servers as well. I am looking for opinion / best practices on how to set this up.

I was thinking that we would only need one enterprise server currently for our needs. I have read however that it is better to have two, a root and subordinate with the root turned off. Would this be over kill given our needs?

Secondly what length key would be best and algorithm to use. According to MS SHA2 with a 2048 key should be fine, however I have also read that that SHA256 would be better.

Should we stick with the default 5 year certificate lifespan.

Which template is most suited for securing the DC / LDAPS

Should I create a dedicated account for access to the server / servers

Finally if one Enterprise root server is deployed, should this be turned off when not in use. I read a MS article that says this is not recommended.

Thanks for your help.

Paul
0
The group I work for has acquired a company, where an external consultant isn't playing ball with handing over the keys to domain admin which we now look after internally.

Could someone point me in the right direction, we need to recovery the domain admin credentials.

Any advice would be great.

Looking for a simple way as possible even it it involves software

Ian
0
How big does AD have to be (and how slow does the link need to be) to justify installing a new domain controller in a regional office using the IFM (Install From Media) method?

I think we'll have a 50 mbps symmetrical site-to-site VPN.

Our NTDS folder is 375 megs in size.

Should I use IFM or just do it the regular way?

I'm no pro so picking the easy method is very much preferable.

Reading about IFM here:
https://social.technet.microsoft.com/wiki/contents/articles/8630.step-by-step-guide-to-install-an-additional-domain-controller-by-using-ifm.aspx

I became concerned reading this passage:

"Important :
The next steps are required to change the SYSVOL folder security settings. These steps change the file hash, which will become the same file hash as in the IFM. If you use DFS Replication, SYSVOL will keep the presided data only if the file hash on the source domain controller and the destination server are the same
On the destination server, right-click the SYSVOL folder, and then click Properties.
Click the Security tab, and then click Advanced.
Click the Auditing tab, and then click Edit.
Clear the Include inheritable auditing entries from this object’s parent check box, and then select it again.
Click Apply, and then click OK.
"

The existing domain controllers are Server 2012 and the new one will be Server 2016.  The functional level will remain at Server 2008 R2
0
Hi all,
Recently I have created smtp rely on exchange .
I can send email to inside organization but unable to send external domain.
how can I configure smtp rely on exchange 2016 for sending external domain
0
Working through some issues on a Server 2016 Essentials server and noticed that the remote web access portal site (remote,domain.com/remote) is not accessible internally (on the LAN) but works fine externally. If I ping the site internally from the Server 2016 Essentials server, it replies back with the public IP address of the server. This seems correct and matches what we see on other Server 2016 Essentials servers with Anywhere Access/RWA working internally and externally. Likewise, if we compare DNS settings (Forward Lookup Zones) between working and non-working servers, settings appear to be the same.

Internally, if I enter the public IP in a browser, the page does not resolve. Externally, it does resolve, as does the DNS address - remote.domain.com/remote.

Running the Anywhere Access repair wizard did not address the issue. It completes successfully, but does not allow us to access the site internally on the same LAN as the server. Doesn't matter if I try from the server itself or a client workstation.
0
hi,

I am creating hyper V CentOS VM but it seems never can reboot to server UI screen,  I see this screen when I was configuration the disk but I gave it 500GB, can't see why it can't see it.

CentOS disk space

any reaosn why ?

disk space in total:

disk space in total
0
Hi team,

[Server00]: PS C:\Users\dperezb\Documents> Install-WindowsUpdate

Confirm
Are you sure you want to perform this action?
Performing the operation "(13/02/2020 8:59:39) Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.281.594.0)[197MB]" on target
"MDMVFS01".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): A

X ComputerName Result     KB          Size Title
- ------------ ------     --          ---- -----
1 Server00     Accepted   KB2267602  197MB Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.281.594.0)
1 Server00     Accepted   KB4524244   67KB Security Update for Windows Server 2016 for x64-based Systems (KB4524244)
1 Server00     Accepted   KB4537764    1GB 2020-02 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4537764)
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    + CategoryInfo          : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate

I connect with a administrator user.

Regards.
0
Document folder redirection was applied about a year ago, redirected to a file server with a path like \\server\users\Documents. These [url="https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-folder-redirection"] directions were followed. Upon creating the GPO for the redirection, a mapped drive was never specified as the ideal behavior was that the user would click on their Documents folder and have no knowledge of the files actually being on a server rather than saved locally. However, it appears that the policy created a mapped drive and the users have been accessing their files by clicking on the mapped drive instead of their Documents folder.

This wasn't an issue until one day the drive went from being Z: to U: and no users could find their documents. In the group policies, we cant find anything specifying a mapped drive. We have un-applied the GPO and redirected the documents to a different server. The new redirection works, and we specified a new mapped drive at \\server\users\%USERNAME%\Documents to avoid this issue in the future.

However, the Z: drive still appears, and short of creating a login script to delete the drive every time, I'm not sure how to get rid of it. Any advice?
0
Hi, I'm working on updating / upgrading our WSUS infrastructure from Windows Server 2012 R2 to Windows Server 2019.  ANd since I am building from scratch, I figured I would reevaluate some settings.

The one in particular is whether to implement SSL (8351) or stick to the default (8350) as I've done in the past.

So, I figured why not ask the experts (gurus) in the community to see how they run their WSUS environment.

The other items is what do you typically run for downstream servers, autonomous or replica?


Thanks in advance.
0
Dear Team,

Recently we have upgarded our AD from 2008 R2 to 2016 .

When i do readmin everything is ysncing .
But when i use gpudate i am getting error on 2016 DCs but successful is 2008R2.

Can you please help me sort this.
I have attached the screenshot also.
lec3.jpg
0

Windows Server 2016

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.