Windows Server 2016

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.

Share tech news, updates, or what's on your mind.

Sign up to Post

Looking for some help concerning the RDS Gateway Role and load balancing.

I have an pre-production RDS environment that contains 3x Gateway Servers. I have tested the environment by connecting through each one of the individual Gateways and everything works just fine.

I'm now at the point where I want to use my hardware load balancer to receive the connections and distribute them between the 3 Gateways. I would also like to use the UDP Transport on 3391 as well.

The part that I don't completely understand is that I'm assuming that each individual connection, which will be coming in initially on TCP 443 and then UDP 3391 would need to be routed to the same gateway?

It would make sense and be easy to set the LB up to balance both ports to the 3 Gateways, but without any specific load balancer magic, connection "A" might go to one gateway for 443 and a different gateway for 3391.

It's possible that I could be overthinking this and I'm not sure if this is a flat out requirement. In the case where the user initially connects on Port 443 to Gateway A, then the UDP traffic comes in and the LB forwards that to Gateway B. Does Gateway B know to forward that UDP traffic to Gateway A if all the gateways have the farm properties configured?

These are the things that I don't really know.
0
Ensure Business Longevity with As-A-Service
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

We are trying to identify some workgroup computer which the user did not put the name of the workgroup correctly.  

Is there a way to identify the IP of the computer?
0
I had this question after viewing RDS, unable to click start menu or delete files from profile.

I had the same problem and the Cortana is disabled for the RDS servers but still have the same!
0
Have some issues with a Domain - windows Server 2016 acting as a PDC and fileserver and some Windows10pro clients.

Windows clients connect to the fileserver without issues. They mount the fileserver shares and can read and write files. But there's one issue I haven't found a solution yet:
If a user wihthout administrator rights stores an office file (MS Office as well as LibreOffice!!) into a folder of a fileserver share, the store command works without any issues. But if the user closes the document, it vanishes. It doesn't vanish completely but only for non-administrative users. Administrators see the document and can open, modify and store it. If you take a look at the properties of the document in the security tab, there is no owner assigned to the document. Some Administrator must assign an owner and give rights to "Everybody" "Full Access" - then the document is visible and modifiable by non-administrators as well. It stays visible, if a non-administrator stores it again.
This behaviour is only with office documents. A text document (notepad, wordpad etc...) works without any issues.

Is there somebody who has seen this behaviour and has hints for me to solve it?
Best Regards
Bernhard
0
I'm setting up Windows Server 2016 Standard.
My objective is to have 2 VMs that are connected into their own subnet for a testbed.
I've read about the internal switches, etc. but don't see how to make a physical connection to each of the subnets AND be independent.
(Perhaps the testbed objectives are a bit different than a typical production network).
I am imagining adding a couple of NICs so there will be:
A NIC for the Hyper-V manager.
A NIC for each of the subnets.

A nudge in the right direction would help a lot!
0
My boss is unimpressed by the fact that AlwaysOn Availability Groups on our non-clustered environment can only do a Manual Failover in the event of disaster.

I have been tasked with redesigning our setup to support Automatic Failover, and everyone knows you need a clustered environment to do that (right?)

However, before even getting down to the details, Automatic Failover requires that the Availability Group be set up with Synchronous Commit, which is obvious, but in the testing phase of our current AG-setup, we discovered that the performance (responsiveness, readiness) of our instances were dramatically slower on Synchronous Commit vs Asynchronous Commit.

To please my boss, I would have to set up our AG to have the responsiveness of Asynchronous Commit while having the high availability of Automatic Failover.  Is there any hope for me?

Our Environment:

Servers:
Intel Xeon 2643 v2 x 2
1.50 TB RAM
All-flash Samsung Enterprise SSD storage in RAID 10
Windows Server 2016 Datacenter
SQL Server 2017 Enterprise
Mellanox Dual 40G NIC

Network:
Cisco Nexus 3132X 40G (access layer)

A typical database in our environment is 300GB-1TB, and tables can easily have 10 million records.
0
[embed=file 1418213]Hi,

I just received a new server  and tried to install Windows Server 2019, but I get an error.
I have never seen it before.
Can you help?
[embed=doc 1418213]
0
ADFS installed on Windows 2016 with WAP server on Windows Server 2016 in DMZ.

Continually receive event 253 in ADFS Admin event logs on WAP server.

Cannot find any information on Google (first time ever) regarding this event and possible resolutions.

AD FS proxy service failed to start a listener for the endpoint 'Endpoint details:
       Prefix : /.well-known/webfinger
       PortType : HttpsDevicePort
       ClientCertificateQueryMode : None
       CertificateValidation : None
       AuthenticationSchemes : Anonymous
       ServicePath : /.well-known/webfinger
       ServicePortType : HttpsDevicePort
       SupportsNtlm : False
'
Exceptiondetails:
System.Net.HttpListenerException (0x80004005): Access is denied
   at System.Net.HttpListener.AddAllPrefixes()
   at System.Net.HttpListener.Start()
   at Microsoft.IdentityServer.WebHost.HttpListenerBase.Start(UInt32 contextPoolSize)
   at Microsoft.IdentityServer.ProxyService.ProxyHttpListener.Start()
   at Microsoft.IdentityServer.ProxyService.EndpointManager.ApplyConfiguration(ProxyEndpointConfiguration proxyEndpointConfiguration)

User action: Ensure that no conflicting SSL bindings are configured for the specified endpoint.

I am using the same wildcard goDaddy cert on both ADFS and WAP servers. Although I have read that this is recommended.

The WAP server is successfully trusted by the ADFS server. Have tried moving WAP server from DMZ to local network although same event 253 is recorded every minute.

Have installed and …
0
I manage an active directory domain at the Windows Server 2012 Domain and Forest functional levels with two replicating DCs.  This domain was first created as a 2000 AD domain, and then migrated to Windows Server 2003, then migrated to Windows Server 2008 R2, and then again to Windows Server 2012.  So the AD domain has been active for about 20 years now, and I am concerned the domain may now have a lot of extra baggage that is no longer needed or even applies.  Our environment has also hosted Exchange NT Server, Exchange Server 2003, and now an Exchange 2010 server.  We plan on moving to O365 as well. I do not plan on O365 mailboxes integrated/managed by AD.  We are looking at no more than 20 mailboxes.

I also believe AD now employs more secure channels of replication that needs to be manually applied, and was not automatically applied during the 2012 AD level migration.

Later this year, I will purchase a new Windows Server 2019 server that will host a new DC. My understanding employing a new 2019 server as a domain controller only allows functional levels at 2016 domain and forest functional levels, so there is no 2019 domain/functional level option.  

So I have two options:

I have the choice of migrating the existing AD domain again to the 2016 functional levels once again of which is pretty easy and not much fuss.

Or, I can go ahead and setup a brand new 2016 AD domain/forest with a 2016 Server as a replicated DC, and 2019 server functioning as the primary …
0
We have a physical server that has had problems creating recovery points and running backup jobs for a while.

I've completely removed it from DPM and re-added it already and it still isn't helping.

I just get this:

"The replica of System Protection Computer\System Protection on server.domain.com is inconsistent with the protected data source. All protection activities for data source will fail until the replica is synchronized with consistency check. You can recover data from existing recovery points, but new recovery points cannot be created until the replica is consistent. For SharePoint farm, recovery points will continue getting created with the databases that are consistent. To backup inconsistent databases, run a consistency check on the farm (ID 3106).

DPM cannot create a backup because Windows Server Backup (WSB) on the protected computer encountered an error (WSB Event ID: 546, WSB Error Code: 0xAE1831C0). (ID 30229 Details: Internal error code: 0x80990ED0).

For resolution actions and more information on the WSB error, go to http://technet.microsoft.com/en-us/library/cc734488(WS.10).aspx.

Synchronize with consistency check."

I ran that sync with consistency check already. I ran all the options DPM gave me already. I also went to the Event Viewer and got this:

"The backup operation attempted at '‎2019‎-‎04‎-‎16T12:23:48.302153100Z' has failed to start, error code '2155413611' (%%2155413611). Please review the event details for a solution, and…
0
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Last year we did a few things starting with: https://www.experts-exchange.com/questions/29064169/Introducing-Windows-Server.html
Next, one of the Experts engaged in a planning task for us that was tailored to our particular situation; the result was an outline of an approach that makes sense to *me* and I'll be revisiting that soon.
Next, I set up a test lab with Windows Server 2016 Hyper-V VMs.  Not that I *plan* to have two servers per site but that I *anticipate* the possibility.
That's going to be revved up now and I'll probably configure a 2-subnet arrangement with a DC out of the 2 VMs on each.  That will do a pretty good job of emulating the real environment.
(I'm a rather great believer in partitioning machine roles and in keeping things simple to understand as much as is possible).

Some had asked what we are trying to accomplish:
- We aren't trying to implement file serving up front because we already have a pretty good system set up for that and it's not the focus.  BUT, I'm willing to consider it.  And that's the purpose of THIS question.
- We need to provide User and Access controls - that's the focus.  And, I'm hoping to grease the skids for things like SIEM that we now do sans-server.  Keeping individual machines "connected" either passively or with agents still proves to be challenging.  There are always a handful of machines that don't respond - even after ALL the machines have been made responsive.  I suspect Windows updates more than anything has …
0
I am thinking this could be an issue with ANT and JAVA 8, but not quite sure. I am attempting to perform a build with ANT and I am getting the following error. This is being completed on Windows Server 2016. Any pointers would be great. Attached is the output for, ant -d  I have performed this same build on Server 2008 R2 leveraging Apache Ant(TM) version 1.8.4 and JAVA 6 with no issues.

Cause: The name is undefined.
Action: Check the spelling.
Action: Check that any custom tasks/types have been declared.
Action: Check that any <presetdef>/<macrodef> declarations have taken place.

D:\Program Files\ANT\bin>ant -version
Apache Ant(TM) version 1.10.5 compiled on July 10 2018


D:\WebSphere85\AppServer\java\bin>java -version
java version "1.8.0_171"
Java(TM) SE Runtime Environment (build 8.0.5.17 - pwa6480sr5fp17ifix-20180726_01(SR5 FP17+IJ08001))
IBM J9 VM (build 2.9, JRE 1.8.0 Windows Server 2016 amd64-64-Bit Compressed References 20180725_392885 (JIT enabled, AOT enabled)
OpenJ9   - a8cda37
OMR      - 4d1cb10
IBM      - 21870d6)
JCL - 20180619_01 based on Oracle jdk8u171-b11
build.txt
0
Windows 2016 server always logs in as a temporary user
0
On a Windows 2016 Server Standard, single server, which also functions as the domain controller for a small office, upon each restart I get Event ID 1202 shown below

"The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
 
Additional Information:
Error: 160 (One or more arguments are not correct.)"


While searching for solutions or tips on this Event ID, I saw an advice on running the following command: Dfsrdiag pollad /verbose. When I run the command, I get the expected result -Operation Succeeded - see attached screenshot. This error happens upon each reboot. It clearly says that the service will run again in 60 minutes. The error doesn't come back in 60 minutes, so apparently there is no issue. Does anyone have an explanation why do these errors come up upon reboot on a single domain server?

Thank you.
Dfsrdiag_command_results.jpg
0
What software/offsite storage is ideal for backing up servers? Do you do a file backup as well as an image/vm backup?
0
I have a domain controller Windows 2012 R2 and Windows 2016 and I am trying to find out who added DNS A and CNAME records to the internal DNS zones.

Is there a way to accomplish that?

for example, user firstname.lastname added record "wrongdns" in zone "internal.company.com" ?
0
hi guys,
just a general question.

how do i find out what version of .net framework is installed in my server.
got a windows 2016 server, wanted to know what version .netframework i got ?

if i go to control panel- add/remove programs, it shows .netframework 4 multi-targeting pack and version as 4.0.30319
0
Hello everyone,

I think I know the answer beforehand but I have to ask anyway. Is there ANY possible scenario where I keep my passwords (for LDAP, SQL, etc) in some sort of encrypted way in my server running Windows Server and IIS?

Here's the deal. I'm making a corporate intranet site for my company in PHP and they want me to have all the passwords for all the services in different files that even I will not be able to access or, if I do, I can't "read" the passwords because they are encrypted.

I suppose encryption is out of the way as I would have to know the "salt" and unencription method to actually be able to use those passwords but I was thinking that, being under a Windows enviroment, I could have PHP read the values from some TXT files in a directory where I couldn't get access to. Is that possible to do in IIS? Could one PHP file get the neccessary permission to read a TXT file in another local/remote server so it can read the different passwords from different files?

It's not exactly the kind of security they're asking me (they love encryption) but in this way, I think I might be able to convince them. They do not even believe having these files outside the root folder for the site is secure enought as I will be able to read them (LDAP user for example needs to have a non-expiring password that I can't get).

Thanks in advance.
0
Hi Expert,

I would like to check why am I getting "To sign in remotely, you need the right to sign in through Remote Desktop Services." even if I add the feature Remote desktop services still same. I also went to local security policy > Allow log on through Remote Desktop Services and give all the right like domain admins, computers, users and user account direct, but still same. This only happens to my client pc and my two DC is all right only domain account. This issue happen out of I configure my WSUS but it's on other DC.

I wanted to remove remote desktop services also cannot, two feature under it greyed out. I am using Win Server 2016 on Hyper V on Win 10 physical desktop, it's a test lab for self-learning though. Appreciate if any expert can assist me on.

Thanks!
0
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

I have a Windows Server 2016 r2 and want to prevent users from being able to move any files. They need to be able to edit and add to the folders. What is the best way to accomplish this?
0
DB2 10.5 on Windows Server 2012 R2

I am trying to get DB2 to work with the DB2ADMN group on a windows server.  I want any account in the DB2ADMN group to have sysadmin rights on DB2.  From everything I have read and from other questions I have posted here, this should work, but it does not.  
Here is what I have done.

Create the windows group DB2ADMNS and add my domain1\AITDB2Service account to it.  This is a domain account and it runs the DB2 service under Windows and it is a local admin on the windows server.

db2set DB2_GRP_LOOKUP=LOCAL,TOKENLOCAL
db2 update dbm cfg using sysadm_group DB2ADMNS
DB2STOP
DB2START


When I look at the DBM CFG see this.

SYSADM group name                        (SYSADM_GROUP) = DB2ADMNS
 SYSCTRL group name                        (SYSCTRL_GROUP) =
 SYSMAINT group name                     (SYSMAINT_GROUP) = xxx
 SYSMON group name                        (SYSMON_GROUP) = xxx


I can log into DB2 using AITDB2Service no issue, even though when I look at the SECURITY tab in TOAD, the AITDB2Service user is not there.  I can do selects and updates and such on tables, but I can't do CREATE TABLE or run a backup. When I try to run a backup I get...

SQL1092N  The requested command or operation failed because the user ID does
not have the authority to perform the requested command or operation.  User
ID: "AITDB2SERVICE".


If I try to grant privileges using AITDB2Service I get this.

GRANT DBADM WITH
0
I may have caused my own problem, now I am just looking for a way out of it.  lol

I installed Exchange Server 2016 Standard on a Windows Server 2016 Standard machine.  Both are fresh installs but now I have all of my data transferred from the old server to the new one so I would love to not have to build both again to clear up the problem.  :)

Once the Exchange Server was built and I configured my Send Connector and Receive Connector, I wasn't getting any mail flow in either direction.

Subsequently running Setup.exe showed me that I forgot to select the Edge Transport role and the UI would not let me modify my selections to add it.

I decided to uninstall Exchange and start over.  That didn't work however and the uninstall did not complete successfully.  Not remembering that I was an EE member, I tried to manually delete the files/directories and then restart the Setup.exe to re-install.

However, I got all the way down to one program that I cannot delete.  It is in use according to Windows so the installs are not running correctly as it still thinks that Exchange is in a partial install state.

Are there any known procedures for completely uninstalling/removing Exchange Server 2016 manually so that I can then run a new install and select Mailbox Role and Edge Transport role during the installation process?

Thanks
0
Hi Expert,

I have created a new DC in Hyper V (On physical server Windows 10), I wanted it to join my existing domain but unable to join getting "The server is not operational" My my DC is working fine, it's on the same network and same subnet, using the same default switches on Hyper-V. My DC DNS server is not static IP though. I am able to ping my main DC, my domain is a .com though. Any places should I check on? Appreciate if any expert can assist me on.

Thanks!
0
HP 1910 and LACP link aggregation

trying to get another trunk port into existing BAGG and whatever i do it doesnt work, change the port and nothing. created new BAGG , same thing...

the idea is to use two ports (BAGG) and windows teaming LACP hyper-v
0
How do I set up Windows Server 2016 so that I am able to assign a collection of users to the same roaming profile which is configured to be mandatory?

It appears that Windows Server 2016 does not allow for a roaming profile to be shared by multiple users, because I am able to use the profile for the user that originally generated the profile but not for any other user. I have cascaded the ACLs of the shared roaming profile to give everyone access to it, but it appears that there is a setting that requires that the profile folder be owned by the user that is logging in.

What is the best way to override this so I am able to share the same roaming profile between multiple users?
0

Windows Server 2016

Windows Server 2016 is the successor to Windows Server 2012 R2. Built upon the same core code as Windows 10, Windows Server 2016 brings enhancements in security, servicing, and connectivity. A particular focus on this release was hybrid-cloud scenarios, and has close ties to Azure and other Microsoft cloud initiatives. This does not detract from the many improvements that are available for on-premises-only deployments

Windows Server 2016 comes in Datacenter, Standard, and Essentials editions, and for servicing, has adopted windows 10's cumulative model. The new nano-server install is designed to be remotely managed and is designed to be kept current through continuous feature updates. The full GUI install operates similarly to windows 10's "Long Term Servicing Branch" (LTSB) model with cumulative security updates.

Windows Server 2016 has also shifted from a per-processor-and-CAL licensing model to a per-core-and CAL licensing model. This brings Windows Server's licensing more in line with Microsoft's other products and makes hybrid-cloud license planning easier as well.