We help IT Professionals succeed at work.
I have set up an FTP site on a Server Standard 2019 for external access.
How do I add external users that can log into the FTP site via a username/password combination.
Is it possible to do this without creating them as local network/domain users?
I noticed that our Windows Server 2019 DCs were logging excessive amounts of AD and LDAP log entries - noticeably more than what I have been used to seeing over the years.  In tracking down why I noted that if I went to \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Diagnostics that the log settings were set for "16 LDAP Interface Events" and "8 Directory Access" to log level 3 for the LDAP logs and 5 for the AD logs, which clearly explains the excessive logging.  

This is the MS KB I used to determine the diagnostic log settings and locations: https://support.microsoft.com/en-us/help/314980/how-to-configure-active-directory-and-lds-diagnostic-event-logging

So, I manually changed each of 4 DCs (all running Win Server 2019 DC 1089 and patched up to date and healthy otherwise) so that the logging levels of LDAP and AD are set to 0.  I make the registry change, close the registry, reopen, hit F5 to view the changes, they display as 0.  Some time in the next 15 minutes or so I come back and check the logs and they have started logging excessively again, so I check the registry keys and they are reset back to 3 for LDAP and 5 for Directory Access.  So, I do the changes again, reboot the server, check the changes and they are fine on reboot but 10-15 minutes later the log levels revert to the original values (3 and 5).  

I have made a registry txt file to insert the keys and they insert fine and 15 minutes later revert.  This is true on all 4 DCs.  It seems as …
I'm getting around to deploying LAPS.
Our system has 3 physical DCs and no other servers.
The DC platforms should be well-capable of supporting virtual machines - but aren't yet.

In everything that I've read recently, it's not recommended to install LAPS fat client on a DC but, rather, on a "management server" whatever that is.  

1) I could easily annoint a domain-joined Windows 10 Pro workstation to be a "management server" as I already have some that qualify

2) I might also set up a Windows Standard 2019 virtual machine on one of the DC platforms.

The former will be easiest if that's an acceptable approach - as we won't have to build up and support another machine.
The latter will be more involved (for me) but surely doable.

What are the pros and cons in your view?
what is the best VMware configuration for terminal servers in windows 2019. how many users can be connected at a time.  how do I monitor the number of users getting connected and to accordingly allocate resources to ensure server does not crash when exceeding the threshold limit of users.
I know that the general rule is never to perform an in-place upgrade, but I'm at a loss as to the best way to accomplish my objective.

Currently have a 2012r2 hyper-v host with 4 2012r2 guests.  I need to add a couple more guests, win2019.  Current setup is on direct storage.  Since "technically" 2019 is not supported on hyper-v 2012r2 what is the best way to proceed?  Can I upgrade the existing host to hyper-v 2016/2019?  If so, what is the best way to get there?  I do NOT have a cluster setup so I don't think that path works.
I have a Windows Server 2019 Standard Host that is not on the Domain with 1x Windows Server 2019 Standard VM.

A full Bare Metal backup takes place at 23:30 daily to an external RDX cart via Windows Server Backup.

I am connected to the Host today and have noticed that the available disk space isn't where it should be.  I can see many AVHDX files in the C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks folder which should not exist.

The 'date modified' for each of these files coincides with the daily backup schedule.

The VM is a production Server running Microsoft SQL Server with no snapshots / checkpoints in place.

What could the cause be and how do I go about resolving this issue?

I understand that Windows Server Backup may be creating the AVHDX files to perform the Hyper-V Backup, however why aren't these files being merged with the main VHDX files?

Thanks in advance for your suggestions...

EDIT: Running Get-VMSnapshot from Powershell returns nothing... However when I view the Hard Drive details within the Virtual Machine Settings in Hyper-V Manager I am greeted with "Edit is not available because checkpoints exist for this virtual machine."
Hi Experts,

I have to install some new DCs in to a network.
The old DCs should be deleted afterwards.

When I setup the new DCs, lets say the new PDC with all FSMO roles, how to setup the DNS servers ?

What is the best practice for the DNS servers ?
Lets say I have two new DCs in a cluster.
DC1 and DC2. What about the network settings for DNS ?

What I know the first DNS is always the other DC, in this case DC2.
On DC2 the first entry is always DC1.

Please let me know your Expertise please.
I have a network topology with 3 sites, each with a unique subnet and each with a Domain Controller in the same domain: DC1, DC2 and DC3
The sites are each interconnected with private links having speeds up to 50Mbps.  The interfaces

The NTDS Settings are all automatically generated and look like this:

DC1 > DC2 and DC3
DC2 > DC1
DC3 > DC1

I have the replication interval set at the minimum 15 minutes.
I'm seeing intermittent replication failures between DC1 and DC2.
Since the failures aren't 100%, I discount any normal configuration issues.
But, the failures are troubling and I'm trying to get rid of them or at least reduce their occurrence.

Since the configurations at DC2 and DC3 are virtually identical and the private link interface is the same for both at DC1, I might focus on hardware at the DC2 end of its link.
But I rather suspect something else.

If I run repadmin /replsummary, the results are:
Sometimes 0% fails.
Sometimes 100% fails where DC2 is involved.
Sometimes 0%>x%<100% where DC2 is involved.

Failures between DC1 and DC2 can be in either direction.
I see NO failures between DC1 and DC3 in either direction.  Never.

Failures are often the familiar 1722 which I believe tells us next to nothing.
Sometimes I've seen another but not so often.
There appear to be no system issues while this is going on. I suspect that replications happen successfully often enough for that.   But prudence suggests that it be fixed.  I'm …

I have a new 2019 hyper-v setup taking over from server 2012/2008 legacy servers. My new setup -

vm2 - Apps, DC, DNS, Print server
vm3 - RD Broker, RD Gateway, RD licencing, RD Web access.
vm4 - RD Session host 1,
VM5 - RD Session host 2.

I have configured many RD environments before with no issues and have matched everything like for like. The issue is have is that when I try to connect to the RD Environment via the web page i receive an error -

"Remote desktop can't find the computer vm3.domain.local. This might mean that vm3.domain.local does not belong to the specified network. Verify the computer name and domain that you are trying to connect to."

I receive the above message internal or external to the network.

I have looked through many threads on the net and it seems to be related to DNS. I have tried several fixes with no success.

On VM3 event viewer i receive event ID WARNING 304. "The account on client computer met connection authorization policy and resource authorization policy requirements, but could not connect to resource vm3.domain.local. Connection protocol used: "HTTP". The following error occurred: "23005". " 

If anyone know how to fix this or point me in the right direction, I would be most thankful.
Setting up a Hyper-V server 2019 w/2 VM's.  The server has 2 physical ethernet ports.  What is the best recommendation on how to configure the Host and 2 VM's Networks?
I'm hosting a Server 2019 RDS environment for a multi-tenant Quickbook access. How do I go about completely disabling UAC? I believe UAC is causing an issue with Standard Users opening open company files within QuickBooks even though they have full permissions to the file directory.
Hi Guys,
I just installed Windows Server 2019 + windows 10.
I created users in AD. When i try to login with this user in windows 10 workstation it prompt me this message.
I don't understand why are involved RDS, It should be a simple client AD authentication.
Has something change in Windows Server 2019 authentication?

Hi Experts,

I have some questions regarding DC upgrades.

The forrest and domain Level is 2008R2.

I have to install many WIN2019 DCs.

What is the minimum level I need ?
How to raise the level in steps ?
Which exchange version is supported ?
I'm trying to figure out how to define VLANs on a Broadcom NetXtreme-E BCM57416 NIC under Windows Server 2019.

It's very straight forward with Intel NICs and drivers, for example:
Intel NIC VLAN TabWindows Network Adapters
I'm unable to determine the way to produce the same results with these Broadcom NICs.
I tried the Broadcom Advanced Control Suite 4, but it did not detect these adapters.
I'm using the latest drivers available,

Any help would be appreciated.  Thanks!

I have two DHCP servers running under windows server 2016. My question is how can I deny any other unauthorized DHCP server in the network? The server are connected to Cisco 9300 switch then to core switch 6807

Each server has two LAN's with an IP address


Hi, I have a Windows server 2019 essentials. AD configured. We installed the 5 Terminal Server Licenses (Open) for device (we also try for user) correctly. The licenses are well installed

But we don't know why this licenses cannot be used. We only have 2 connections permitted (as before we installed the 5 RDS licenses).rds licenses
Thanks for your help.
the permissions for this gpo in the sysvol folder are inconsistent with those in active Directory. It is recommended that these permissions be consistent. To Change the Sysvol permission to hose in active Directory, click ok""
I get this error when opening a Gropu Policy Object
I recently migrated the DC from Server 2008R2 to Server2019, I've seen no issues for the past while other than this.
Is there a gotcha for just hitting the recommended "OK"?
I was able to set up the Remote Desktop gateway and use RDP externally with my user account to log on to my machine, and other PCs in the company. However, when I try for any other account, I get an error, even if that person is in the Remote Desktop Users group for the gateway. It's a single server setup. The error I get is the "Remote desktop cannot connect to the remote computer" message.

Even log shows an ID 6274 in auditing - "There are not sufficient access rights to process the request."

I believe the RDG_CAP_ALLUsers is set up correctly for domain users and client computer membership is left blank.

Any suggestions on how to proceed? Thanks.
I have a shared folder with many subfolders with many files called DATA
I moved the DATA folder to a new server but inadvertently left access to the old DATA folder.
A few changes were made to a few files on the old DATA.
I'm wanting to consolidate the two so I don't miss any files.
I'm looking at Robomirror as a solution.
Does anyone have any suggestions?
Thanks very much!
IIS and ASP.net problem.

I have an application that I recently moved from Windows Server 2008 to Windows Server 2019.

Some of the data being saved contains </=, which produces an error: A potentially dangerous Request.Form value was detected from the client

My page header contains:
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="WaferRFP.aspx.vb" Inherits="Wafers_WaferRFP" ValidateRequest="false" %>

I have also tried adding:
<pages validateRequest="false"></pages>
to the System.web section of the Web.config file, but I am still getting the error message.

What am I missing?

I need to uninstall the trendmicro agent on a group of computers.  When I use add/remove program to install, it is prompting me for a password and the install process fails.  I think something is corrupted.  I then use the Microsoft tool in this link and it works like a charm.

Does anyone know a command line tool that does a similar uninstall?  I need to perform this action on a lot of computers I need to call something from my script.  

Hi Friends

I am new to Win 2019, i would like some assistance in configuring group policy. I am looking to achive the following through group policies:-
a. USB Blocking
b.Password Policy to be set across all users in ADS.
c. Account lockout Policy
d. Desktop idle timeout ( For locking systems after specific intervals of non-use)


We're a medium-sized business, with about 200 employees in multiple locations trying to enhance our remote access strategy. We would want staff to be able to remotely access their PCs and view their multiple monitors, typically in the event where we have to close the office, but still have power.

Right now, we have an older terminal services server. Some staff currently remote into this server, then remote in again to their office PC from that server. It works ok, so we're thinking of buying a newer server, with RDS and more CALs to support this on a larger scale. However, since this is more for a business continuity scenario, I'm thinking maybe there's a way to set this up in AWS or similar, and just spin it up if needed.

Not sure how easy that is. I also don't know if it's easy to just buy, let's say 5 remote CALs now, then I could just go to Microsoft direct and buy 50 more if necessary and get a key right away if such a situation called for it?

Maybe there's other cost-effective solutions that I should consider?

I'm developing a GPO that will set Audit Policies.

I've read a few things and have followed various suggestions from https://helpcenter.netwrix.com/Configure_IT_Infrastructure/Windows_Server/WS_Local_Policies.html
I *have* noted that Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object says:
When Advanced Audit Policy Configuration settings are used, the "Audit" Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings" policy setting under Local Policies \Security Options must also be enabled.
and have Enabled it in the GPO.

gpresult /scope:computer /r says the GPO has been applied.
And, I see that this one rerquired setting above is grayed out and Enabled.  That's what I might expect.
But the remaining settings in Advanced Audit Policy Configuration \ System Audit Policies - Local Group Policy Object are NOT set.
That's puzzling.

Any suggestions would be appreciated!

Just for reference, if there's a better way, all I really want to do is to "reasonably" replace the following script with a GPO:

auditpol /set /category:"Account Logon" /failure:enable /success:enable     
auditpol /set /category:"Account Management" /failure:enable /success:enable  
auditpol /set /category:"DS Access" /failure:enable /success:enable   
auditpol /set /category:"Logon/Logoff" /failure:enable /success:enable 
auditpol /set /category:"Object Access" /failure:enable 

Open in new window

So I inherited 2 CA servers, one is root that remains powered off and another that handles issuing.  They are both 2008r2. So just hoping to clarify my steps to see if i'm missing anything.

Build two new 2019 servers
power on root, backup ca and keys and registry
backup ca, keys and reg on issuing ca
remove roles from both and rename/ip
add 2 new servers to AD with both same names/ip as old servers
install CA roll on both
restore backups/reg

am I missing anything?