Windows Server 2016

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am in the process of moving my KMS server that will be hosting two domains.
I have made the DNS change for both domain DNS to point to the new KMS server.

_VLMCS._tcp.OldDomain.local        SRV service location:
          priority       = 0
          weight         = 0
          port           = 1688
          svr hostname   = vollic.NewDomain.local
vollic.NewDomain.local       internet address = 192.168.94.50

I can ping it from any machine on either domain.
When is set the SKMS to force it to talk to the new KMS server it does register successfully.

The issue I am having is if you allow the client to auto discover it registers with the oldDomain KMS server.

DO I just have to wait it out?
0
Turn Raw Data into a Real Career
Turn Raw Data into a Real Career

There’s a growing demand for qualified analysts who can make sense of Big Data. With an MS in Data Analytics, you can become the data mining, management, mapping, and munging expert that today’s leading corporations desperately need.

Hi,

Windows Server 2016 Version 1607 does not update through WSUS and/or internet. Tried stopping bits and update service, deleting the SoftwareDistribution folder and also searched for updates with firewall on and off. The wsus server is correctly set through group policies. The updating process is stuck at 0% downloading. On some servers it helped deleting the softwaredistribution folder, on some it does nothing. I do not know what to do next.

Please help me!
0
Hy i need help to exchange 2016 when i activat oof the mail is bounced to the firewall because the sender is blanck.
The firewall use batv.
When i desactivate It, it's Good.
I want to kown if it's possible to add sender  or how i can pass the pass the firewall when batv is activate
0
I have a WSUS server that has grown exponentially, even when i run the WSUS server clean up wizard, there is no difference. this server is set up on a virtual machine. is there a way i can retire old updates?  to create more space on my server ? i can see 2015 updates. can i delete these  updates?  Please i need assistance>
0
Hello all,

I recently setup RDS on Server 2016. I have everything working correctly, and can access apps that I have published on the web console. However, I published the RDP client, and when trying to connect to a VM, it hangs on "Securing Remote Connection" then a popup box says "Internal Error."

I had it working on my own environment, but I do not recall how I fixed that problem. Does anyone have ideas on what I could try or fix?
0
Does anyone know if there will be any additional Group Policy features relating to USB/Removable Device restrictions in Windows Server 2019? I have heard there was, but can't seem to find anything specific.
0
Hi,

Can anyone point me in the right direction for documents on how to migrate from 2012 Foundation to 2016 Essentials.

TIA
Gareth
0
One of my clients is a single server environment, Windows server 2016 Essentials, running SQL Server (Express) 2014.  

They are running Thompson Reuters PracticeCS with the database hosted on this server.

Until about 4 weeks ago, things were running along normally.  Then, logins started failing until a variable time between 8:00 am and 8:30 am.  Once the logins start working, they work for everyone the reset of the day.  

Backups run at 12:00 am and finish within minutes.  The database is "Always on".

I have contacted the vendor and they claim that it is a SQL problem and refuse to help troubleshoot.

Any help is appreciated.  Below are the recent logs.  At 8:37, users could log in.

Date      Source      Severity      Message
9/18/2018 8:37      spid53      Unknown      Starting up database 'ReportServer$SQLEXPRESSTempDB'.
9/18/2018 8:31      spid20s      Unknown      Starting up database 'ReportServer$SQLEXPRESSTempDB'.
9/18/2018 8:27      spid60      Unknown      Starting up database 'ReportServer$SQLEXPRESSTempDB'.
9/18/2018 8:17      spid53      Unknown      Starting up database 'ReportServer$SQLEXPRESSTempDB'.
9/18/2018 8:15      spid51      Unknown      Starting up database 'ReportServer$SQLEXPRESSTempDB'.
9/18/2018 8:11      spid53      Unknown      Starting up database 'CSP_203449_DBSPC'.
9/18/2018 8:11      Logon      Unknown      Login failed for user 'CreativeSolutionsPracticeCsDatabaseOwner'. Reason: Failed to open the explicitly specified database 'CSP_203449_DBSPC'. [CLIENT: 10.0.0.62]
9/18/2018 8:11      Logon      Unknown      Error: 18456<c/> Severity: 14<c/> State: …
0
Hi Experts,

on one of my network segments I use a DHCP server.
Now I have to install WLAN for GUESTs and I want to use another VLAN.
How to configure my DHCP server to serve also my VLAN ?
0
Running dcdiag /v gives me the following warning

A warning event occurred.  EventID: 0x00001796
            Time Generated: 09/17/2018   18:28:17
            Event String:
            Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.

            NTLM is a weaker authentication mechanism. Please check:

                  Which applications are using NTLM authentication?
                  Are there configuration issues preventing the use of stronger authentication such as Kerberos authentication?
                  If NTLM must be supported, is Extended Protection configured?

            Details on how to complete these checks can be found at http://go.microsoft.com/fwlink/?LinkId=225699.

https://groups.google.com/forum/#!topic/microsoft.public.windows.server.active_directory/ISLY7NnqV-Y
Thanks for posting here!
There is a policy for this stuff.
Computer Configuration
-Windows Settings
--Security Settings
---Local Policies
----Security Options
Network security:LAN Manager authentication level
You may choose to "Send NTLMv2 response only\refuse LM & NTLM"

If you want to apply this to a domain, configure it at the default domain
controller policy.
Or you may configure it to your whole domain as well.
The Kerberos is the default mode and cannot be disabled and thus no need to
0
Managing Security Policy in a Changing Environment
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

I recently setup Folder Redirection on Windows Server 2016.  
It is working great for the most part.
So far two issues:

1. Anyone who is not the user that has access can see and read and copy the files, they can copy a file into their folder but the user cannot see it, something to do with special permissions? In order to copy the users files to this new server from an old one I had them in a certain location on the server and logged into a workstation as the user and then as the user copied them from that location  into their folder redirect folders like desktop, documents etc.

2. Sometimes have issues where the users cannot see their files.
0
Hey all, we are getting rid of our on premise DC which has our file server on it as well and move to the cloud completely....the question is how to handle our file server in the cloud.  

I see two options:

1) Use azure files....I know it doesn't have Azure AD integration yet but I am ok with that since you can still do some sort of permissioning.  But is there a way to deploy the mapped drive automatically to Azure AD and/or Intune users?

2) Use a Server 216 server in the cloud and put the file server on it....the problem is that I think it has to be joined to Azure AD-DS...and go over a site2site vpn which would be pretty slow.

Another question that I have is…if we implement Azure AD-DS….and join an Azure VM to Azure AD-DS, does that make Azure AD useless and unusable?

Do we need a site-2-site VPN tunnel between Azure and our offices to use Azure AD-DS?

How would our client desktops/users in the office access the Azure VM and authenticate if Azure AD-DS? Do we have to join the local client machines to Azure AD-DS or will our Azure AD accounts (tied to our O365 accounts) still work?
0
When copying files from a NAS toour  new server,  I was testing to copy the files using Robocopy with the following command:

ROBOCOPY <NAS folder> <Destination folder> /S /J /ZB /MIR /DCOPY:DAT /COPY:DATSOU /SECFIX /TIMFIX /MT:48 /R:3 /W:5 /log:log.txt

Afterwards, the administrator does not have access to any of the folders, so I cannot gain access to the folders/files.  If I take ownership it wipes out the original folder owner/permissions.  I looked at using icacls command: icacls <Server Share path>  /grant "Domain Admins":F /t  but it gives an access denied message what I try to add the administrator user.

Should I be using a different approach to copy the files to the new server while adding the administrator user access to the entire directory/file structure?
0
Hello everyone,

I've been trying to set up a VPN between windows server 2016 and mac os x client.

The connection gets established but I can not access the resources.
The internet connection is also gone. What I really wanted to do is split vpn.

This is the configuration on the Server:
#################################################
#################################################
#listen on IPv4
local 10.0.60.51
 
#the default port is 1194
port 1194
 
#UDP protocol chosen for better protection against DoS attacks and port scanning
proto udp
 
#using routed IP tunnel
dev tun
 
# ----------------------------------------------
# Zertifikate
# ----------------------------------------------
 
dh ..//server-keys//dh4096.pem
ca ..//server-keys//ca.crt
cert ..//server-keys//lexp-svr-101.crt
key ..//server-keys//lexp-svr-101.key
 
# ----------------------------------------------
# Server-Setup
# ----------------------------------------------
 
#set OpenVPN subnet
server 10.64.60.0 255.255.255.0
 
#maintain a record of client-to-virtual-IP-address
ifconfig-pool-persist ipp.txt
 
#cryptographic cipher, must be the same (copied) on the client config file as well
#cipher AES-256-CBC
 
client-to-client
 
# ----------------------------------------------
# Client-Settings (inkl Special Dir)Files
# ----------------------------------------------
 
#client-config-dir "C:\Program Files\OpenVPN\ccd"
push "route 10.0.60.0 255.255.255.0"
 
 
# 

Open in new window

0
Hello! We're moving from 2008R2 to 2016 for RDS and we'd like to open it to a test group to iron out any issues before switching. Our '08R2 farm is still operational and working. We've created a 2016 RDSH collection with 1 RDCB, 1 RDGW and 3 RDSH servers. The 3 RDSH servers are in a collection called rdfarm.

The issue: We can successfully connect to the collection internally by using the RDP shortcut downloaded from RWA however, it does not work outside our office. When attempting to connect from a home PC, it shows the correct FQDN but then an error is returned that remote desktop can't connect to the remote computer due to remote access is not enabled, the remote comuter is turned off or the remote computer is not available on the network.

A couple of notes about our deployment:

1) The GW & RWA services are on the same machine.
2) We will not be using RWA for our users, just RDP for connecting externally.
3) Our internal domain is .local, so we have split DNS. We have a forward zone for both rdfarm.domain.com (A record for the IP of rdcb1) and rdgw1.domain.com (A record for the IP or rdgw1).
4) We're using a wildcard cert from GoDaddy and it's trusted on both the GW & CB. It's been installed on all 3 RDSH servers as well.
5) The collection name has been set in the registry of the CB.
6) The firewall rule is this
      rdfarm.domain.com:443->rdcb1

Things we've checked:

1) Port scan shows that port 443 is open and accessible from the IP and FQDN for the …
0
Whats the best way to preserve Domain controllers IP addresses when migrating to 2016 Server from 2018 R2? Remove 1st the old DC's and after replication install new DC's with same names on the same old DC's IP's addresses? Thanks.
0
We are running out of space on our domain controller, server 2016.  we only have one drive and we're hoping to extend it.

The domain controller is virtualized, currently with 40gb, on vmware esxi.

will it be an issue if we increase the volume size via vmware esxi and then extend the drive via disk management?

Will this impact AD at all?
1
Need help determining if the files below can be deleted? They're located in System Volume Information folder on the D: partition.
data
0
Hi, I have a Exchange Server 2010 and am Installing a new Server with Exchange 2016, what is the simplest and best way to move the database over?
0
Making Bulk Changes to Active Directory
LVL 8
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

How can I enable SMBv3.1.1 encryption in latest OSs i.e. Windows Server 2016 etc. Wherever possible having backward compatibility with older OSs supporting only SMBv2 using windows group policy.
0
Hi,
I have 2 servers 2016:
-A is the hyper-v host and also a DC
-B is virtual and is the DC, file server etc.

A frooze because of lack of memory but B continued working fine.

I shutdowned B today and then I closed A.

I rebooted A  and B started fine.

But when I try to do from A \\B\ it tells me \\B is not accessible. You might not have permission to use this network resource. Contact the administrator.....have access permissions. The target account name is incorrect.
I see in the A Events  id 4 error Microsoft-Windows-Security-Kerberos :
"The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server ppdc16b$. The target name used was DNS/ppdc16b.pp.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (PP.LOCAL) is different from the client domain (PP.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name …
0
Unable to create new Active Directory user in Server 2016 domain controller via Active Directory Users and Computers. I get error: An Internal error occurred (See attachment).  Not sure how to diagnose or fix.
Error.jpg
0
I built a new domain controller 2016 and raised functional level, forest level and transferred roles fsmo roles from 2008R2. We also have an on prem exchange 2010. I am trying to install ad prep and exchange 2016 to migrate but it is giving me the following when I try to run .\setup.exe /Mode:Install /Roles:Mailbox   /IAcceptExchangeServerLicenseTerms. I get the following error message. Please advise....

RuntimeAssembly was started with the following command: '/Mode:Install /Roles:Mailbox /IAcceptExchangeServerLicenseTerms /sourcedir:L:"'.
The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\v8.0, wasn't found.
The registry key, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ExchangeServer\v14, wasn't found.
No Exchange Server with identity 'EXCH-Name' was found.
Schema Update Required Status : 'False'.
0
Server 2016 VM Guest as Server 2016 started going exceptionally slow with everything, Google Chrome, File Explorer, Software Application, Services, Control Panel.
It started running like it was on 2400rpm spindles.
The host: (2) 12 Core Xeons, 64 GB RAM, RAID 10 on Samsung PM863a SSDs. Server 2016 Datacenter
The Guest: 6/12 Cores (Tired with both), 24GB RAM, 500GB storage, Server 2016 DC.
The server had been running fine since installation (~6 months ago) and they did a software update last Thursday and had no issues, they did a Windows update Thursday night also.
Friday they ran fine without issue, the 3 day weekend came and went Tuesday morinig they had issues with the server running slow. The other 2 guest VMs with the same OS and less resources and they are running fine.
Any help would be appreciated.
0
I am setting up a new server with server 2016 standard.  My time keeps going 4 hours off.  Time zone is correct in server and BIOS, also time is correct in BIOS.(date is also correct)  I went to date and time and there is a statement in red "some settings are managed be your organization"  I am logged in as Domain admin.  I went into the group policy "security settings\local policy\user rights assignment > change date and time, but could change the settings.   Any help is greatly appreciated, thx tim
1

Windows Server 2016

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.