Making Game: Windows 2012 R2 Windows Search issue. Hangs and doesn’t work after day or two been restarted or index rebuild

Original Source Link

I have upgraded from Windows Server 2008 R2 x64 to Windows Server 2012 R2 x64.
In previous installation I had some issues with Windows Search after Security Roll-up (January or February 2020). It started to hang up till restarted. I’ve wrote a script and added it to Planner to start one time per night. After system upgrade problem occurred. Been solving it for a week already. What has been done:

  1. reinstalled role Windows Search
  2. cleaned registry path HKLMSoftwareMicrosoftWindows Search
  3. index rebuild
  4. tons of registry tweaks like CoreCount = 1 and so on.

Problem didn’t solved.

I’ve started SysInternals ProcessMon and filtered access to registry path and got some errors:

High Resolution Date & Time:    28.05.2020 14:11:17,9562745
Event Class:    Registry
Operation:  RegQueryValue
Result: BUFFER OVERFLOW
Path:   HKLMSOFTWAREMicrosoftWindows SearchCrawlScopeManagerWindowsSystemIndexDefaultRulesURL
TID:    17260
Duration:   0.0000116
Length: 144

enter image description here

It’s usual path for crawler containing path for user to exclude – file:///C:[516392d7-8e63-47db-b92c-872191c3cd72]UserssomeuserAppData

Found some February CVE corresponding to BufferOverflow in IE Search, but they been fixed by security roll-ups in March 2020.

Current system been updated with all updates including latest May Security Rollup (May 12, 2020—KB4556846).

I don’t have any idea what to do next.

Tagged : / / /

Server Bug Fix: Why don’t Active Directory user accounts automatically support Kerberos AES authentication?

Original Source Link

I’m playing around with a test domain on Windows Server 2012 R2. I’m operating at the highest possible functional level and have no backwards-compatibility issues in my small test environment. However, I’ve realized that despite the fact that I have support for Kerberos AES authentication, it is not enabled by default for any users. I have to actually go into a user’s properties and check off “This account supports Kerberos AES 128 bit encryption” and/or “This account supports Kerberos AES 256 bit encryption” to enable it.

(I first realized this when adding a test account to the “Protected Users” group, which sets policy to require AES. Afterwards, all my network logins started failing until I checked those boxes.)

I figure that this might be disabled by default to ensure backwards-compatibility for some systems, but I can’t find a way to enable this for all users, or even an explanation of the current behavior.

Any ideas?

Checking the Kerberos AES checkboxes for the users would cause authentication failures on pre-Vista clients. This is probably the reason that it’s not set by default.

The Kerberos AES support checkboxes correspond to the value set in an attribute called msDS-SupportedEncryptionTypes

To change this for more than one user, you can utilize PowerShell and the ActiveDirectory module:

# The numerical values for Kerberos AES encryption types to support
$AES128 = 0x8
$AES256 = 0x10

# Fetch all users from an OU with their current support encryption types attribute
$Users = Get-ADUser -Filter * -SearchBase "OU=SecureUsers,OU=Users,DC=domain,DC=tld" -Properties "msDS-SupportedEncryptionTypes"
foreach($User in $Users)
{
    # If none are currently supported, enable AES256
    $encTypes = $User."msDS-SupportedEncryptionType"
    if(($encTypes -band $AES128) -ne $AES128 -and ($encTypes -band $AES256) -ne $AES256)
    {
        Set-ADUser $User -Replace @{"msDS-SupportedEncryptionTypes"=($encTypes -bor $AES256)}
    }
}

Tagged : / / /

Linux HowTo: Emails sent via application on RDS server stuck in outbox – Outlook

Original Source Link

We currently generate and process documents via an application hosted on a RDS server. Users access the application via remote desktop applications and do not login to there desktop on the server.

Some users email large amounts once or twice a week (~200-300) in a batch, which defaults to Outlook as the sender, and outlook runs in the background as the user does not utilise outlook on the server other than sending emails from the application.

We are encountering an issue where all emails become stuck in the outbox, until you login to the users server profile, open outlook, and “send all” emails from the outbox. This has never been the case before and only recently over the past few months become an ongoing issue.

I have tried, with no success;

  1. Change the outlook profile to store emails locally, instead of online. (This does not work, it causes an error which i cannot recall off the top of my head)
  2. Leaving outlook open on the users server profile. This also does not seem to be consistent and the user will show two seperate logins under task manager. (One for remote apps, one for server profile)

Office is up to date, i’m unsure where to look from here. Any guidance would be greatly appreciated.

Please check if the thread below is helpful to you.

https://social.technet.microsoft.com/Forums/office/en-US/22d06ecb-ff51-45f9-a4b1-1de72c55439b/outlook-2013-emails-stuck-in-outbox?forum=officeitpro

Tagged : / /

Making Game: Emails sent via application on RDS server stuck in outbox – Outlook

Original Source Link

We currently generate and process documents via an application hosted on a RDS server. Users access the application via remote desktop applications and do not login to there desktop on the server.

Some users email large amounts once or twice a week (~200-300) in a batch, which defaults to Outlook as the sender, and outlook runs in the background as the user does not utilise outlook on the server other than sending emails from the application.

We are encountering an issue where all emails become stuck in the outbox, until you login to the users server profile, open outlook, and “send all” emails from the outbox. This has never been the case before and only recently over the past few months become an ongoing issue.

I have tried, with no success;

  1. Change the outlook profile to store emails locally, instead of online. (This does not work, it causes an error which i cannot recall off the top of my head)
  2. Leaving outlook open on the users server profile. This also does not seem to be consistent and the user will show two seperate logins under task manager. (One for remote apps, one for server profile)

Office is up to date, i’m unsure where to look from here. Any guidance would be greatly appreciated.

Please check if the thread below is helpful to you.

https://social.technet.microsoft.com/Forums/office/en-US/22d06ecb-ff51-45f9-a4b1-1de72c55439b/outlook-2013-emails-stuck-in-outbox?forum=officeitpro

Tagged : / /

Server Bug Fix: Somehow IIS site SSL certificate keeps automatically changing

Original Source Link

enter image description here

Like the attached image, for some unknown reason, the SSL certificate sometimes will automatically changes that lead me to switch it back over and over again. We have look for the pattern but can’t really find any clue.

So my questions are

  1. What may be the root cause?
  2. Is there any way we can write a batch or anything to switch it back?
Tagged : / /

Server Bug Fix: Special permissions to see other domain resources?

Original Source Link

casual user need to have some special accesses to view resources(mainly users) in other domains?
I have on tab Domains and Trust a lot of domains on the tab incoming trust with details like: trust type- external, transitive-No. It is the reason? I can see only my main domain, any other on AD Users and Computer

Tagged : /

Server Bug Fix: Connection via PSSession between servers

Original Source Link

I’ve got 3 machines(2x servers and desktop) and when I try to connect between servers I’ve got errorcode 0x80090302.

1) Connection via PSSession from desktop works to both servers

2) Credentials are correct

3) I try set-item wsman:localhostClientTrustedHosts * and it didn’t help

4) Test-NetConnection to ports 5985 and 5986 between servers works correct

and I have no idea what else can be a reason of this problem

Tagged :

Server Bug Fix: FTP Hostname and Username combied “|” (IIS windows server 2012 r2)

Original Source Link

I have setup a working FTP site but a specific setup is being asked…

This is credentials I use to login to my FTP (This works just fine)

Host: “Myhostname”
Username: “MyUserName”
Password: “MyPassword”
Port: 21

What I am being told is that we need the credentials to be

Host: “Myhostname”
Username: “Myhostname|MyUserName”
Password: “MyPassword”

Of course when I try to use this type of Username I am not allowed access to my FTP

Is there a way to enable the “|” into the username?

You only need that complex user name when you enabled FTP virtual host names.

More information can be found from this Microsoft article

Tagged : / / /

Server Bug Fix: Windows Server 2012 R2 and permissions for folder created with gpo

Original Source Link

I would like to ask. How can I set up automatically permissions for folder which is created by GPMC this method:
http://www.morgantechspace.com/2014/03/Create-a-Folder-on-Desktop-through-Group-Policy.html

Server creating this folder automatically for every user which is logged in for the first time.

Thank you very much for help

You can create a batch file to do this and use the same GPO to run the batch file after create the folder.

  1. Create a bat file and write:

timeout 10

icacls "%userprofile%DesktopSupportTeam" /grant Everyone:M

Timeout 10 to wait until the folder is created. Everyone:M is to grand Everyone access to the folder.

  1. Put the batch file on a shared folder on your network. Make sure to Everyone have access to this shared folder.

  2. Add the batch file to the GPO –> User Configuration –> Windows Settings –> Scripts–> Logon

Click on Add –> Browse for the batch file (where you save the bat file “The Shared folder on your network”, you don’t need to add any script parameters).

  1. Logoff and back in. (permissions are applied when the user logs on to the computer).

Okay. Sorry. I can’t write earlier.
So I tried create new folder using your steps, but the script don’t run and I don’t know why. I setted up excactly how you describe.

So. My script is located here:

\SERVER-LUNAScripts$wwwroot dir.bat

and Everyone have access to this script and here is my wwwroot dir.bat

timeout 10
if not exist "\SERVER-LUNAUsers$%username%wwwroot" mkdir "\SERVER-LUNAUsers$%username%wwwroot"

When I run the command manually, it works. Thanks

I found the solution why is logon script via GPO delayed. You need to enable and change policy via GPO:
https://support.microsoft.com/en-us/kb/2895815

Thanks for help

Tagged : / /

Server Bug Fix: Task Scheduler “On Remote Disconnect from any user session” triggers when connecting, too

Original Source Link

I have two scheduled tasks, one with the “On connection to user session” type, any user, connection from remote computer. That triggers when an RDC connection is established.

The other is “On disconnection from user session”, any user, connection from remote computer. That triggers on RDC disconnection… but also RDC connection! How can I only have it actually fire for RDC disconnection?

Tagged : /