Bad boy Warrior

Thanks Klasika. I did what it said on the document although i have restored the GPOs it took time as i had to create a New GPO - rename it to my GPO - then use the import method to pick up the settings from my backed up GPO before it was as before - this had to be done individually for each GPO. Is there a way to do all of them at once if so coudl you please advise. Thanks

Am i right in saying if i am on a DC i can only have 2 people login at the same time and they have to be adminsitrators BUT if i wanted a casual mate to login to the server with policies setup (to restrict him to do and what not to do) this can be only done by a terminal services client? I know many of you guys are against casual users accessing the server but i need to know this so i can set it up correctly - also coud this mate login using VPC connection but from his PC with the same restrictions (only for my server not his PC) and have normal access to his PC at the same time? if so coudl you post a link or advise how this is done? Is there a cheaper Terminal Services client that anyone knows? Thanks as always

Guys i have 2 questions: 1. I backed up all my GPOs using GPMC. I reformatted my server and now it doesnt recognise my GPOs. When i right click my domain in Group Policy Management then select Manage BAckups it finds all the GPOs i click restore and get the error message "Parameter is incorrect" - anyone know what to do? 2. I have 2 NICs on my server - is there any benefit here that i could have to improve perfomance or anything like that? Thanks peeps

I tried https:// that came with the same problem. Klasika - I have installed Remote desktop web client, i think that may be the same thing, if not could you give some instructions on installing terminal services web client please Thanks Another edit: Lets say i have changed the port from 3389 to 1234 - how should this be typed into the address bar or where do i input the new port? This is the error that i see when connecting via web:

Good point ill try that out and let you know. Thanks

Ok guys not sure about this one: When i use RDP i enter the IP address, username, password and domain - i am successfully logged in. If i go to a website and type in http//:IP_Add/tsweb it doesnt recognise anything and brings up page cannot be found. How come am i doing something wrong? My router is forwarding port 3389 to my server. So what seems to be going bonkers here? Thanks

My server doesnt use DHCP as it uses my router to assign DHCP - if that makes any sense so i was installing virtual server 2005 with Server 2003 to replicate the same network as i have now BUT it would use DHCP on the Virtual Server ONLY - is this possible? if yes could you guys give any advise on what i may need to keep into consideration. (the point is to see how DHCP works) Thanks as always to you guys for all your support

oh boy!!!!!!! ill give that site a shot but does ISA secure domain clients too? thx

Also i am going to install ISA on my server. Ive read some documenatation but its kind of confusing. So does anyone know how to quickly set up ISA 2004 where i have a domain setup so i dont get locked out or poor performance (I.e. what ports i can assign to be open) or do you reckon its not required with SP1 for server 2003 - does this also protect the clients?

Guys im back I was wondering - heres the crack first - my server listens on port 3389 for RDP. My router forwards port 3389 to my server. When i use a RDP client i think it uses port 3389 to connect to my servers port 3389 (after supplying the credentials) which connects. Now is there a way to change my server to stop listening to port 3389 and listen to another port and then change the settings on a RDP client so it doesnt connect to 3389 but to another port. So the whole experience is the same but using a different port I think its a registry trick but can be done. Thx again

Ok guys heres the crack. I set up Virtual Server and installed WS2003 onto it - i created a DC and that was about it - i deleted the Virtual Server version of WS2003 and suddenly i get these errors after i restared the server (main server). I ran DcDiag.exe and got this (Sorry for the system overload of info) Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\WIN_XP_PRO_CLIENT Starting test: Connectivity ......................... WIN_XP_PRO_CLIENT passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\WIN_XP_PRO_CLIENT Starting test: Replications [Replications Check,WIN_XP_PRO_CLIENT] A recent replication attempt failed: From WIN_XP_PRO_CLIENT_TWO to WIN_XP_PRO_CLIENT Naming Context: CN=Schema,CN=Configuration,DC=WS_2003_DOMAIN_CONTROLLER,DC=local The replication generated an error (8524): Win32 Error 8524 The failure occurred at 2005-04-24 12:06:29. The last success occurred at 2005-04-23 16:55:29. 9 failures have occurred since the last success. The guid-based DNS name 4806dcf3-884d-4553-bbb5-0e4bca62a203._msdcs.WS_2003_DOMAIN_CONTROLLER.local is not registered on one or more DNS servers. [WIN_XP_PRO_CLIENT_TWO] DsBindWithSpnEx() failed with error 1722, Win32 Error 1722. [Replications Check,WIN_XP_PRO_CLIENT] A recent replication attempt failed: From WIN_XP_PRO_CLIENT_TWO to WIN_XP_PRO_CLIENT Naming Context: CN=Configuration,DC=WS_2003_DOMAIN_CONTROLLER,DC=local The replication generated an error (8524): Win32 Error 8524 The failure occurred at 2005-04-24 12:05:26. The last success occurred at 2005-04-23 16:55:28. 9 failures have occurred since the last success. The guid-based DNS name 4806dcf3-884d-4553-bbb5-0e4bca62a203._msdcs.WS_2003_DOMAIN_CONTROLLER.local is not registered on one or more DNS servers. [Replications Check,WIN_XP_PRO_CLIENT] A recent replication attempt failed: From WIN_XP_PRO_CLIENT_TWO to WIN_XP_PRO_CLIENT Naming Context: DC=WS_2003_DOMAIN_CONTROLLER,DC=local The replication generated an error (8524): Win32 Error 8524 The failure occurred at 2005-04-24 12:07:31. The last success occurred at 2005-04-23 16:55:30. 9 failures have occurred since the last success. The guid-based DNS name 4806dcf3-884d-4553-bbb5-0e4bca62a203._msdcs.WS_2003_DOMAIN_CONTROLLER.local is not registered on one or more DNS servers. REPLICATION-RECEIVED LATENCY WARNING WIN_XP_PRO_CLIENT: Current time is 2005-04-24 12:40:46. CN=Schema,CN=Configuration,DC=WS_2003_DOMAIN_CONTROLLER,DC=local Last replication recieved from WIN_XP_PRO_CLIENT_TWO at 2005-04-23 16:55:26. CN=Configuration,DC=WS_2003_DOMAIN_CONTROLLER,DC=local Last replication recieved from WIN_XP_PRO_CLIENT_TWO at 2005-04-23 16:55:26. DC=WS_2003_DOMAIN_CONTROLLER,DC=local Last replication recieved from WIN_XP_PRO_CLIENT_TWO at 2005-04-23 16:55:27. ......................... WIN_XP_PRO_CLIENT passed test Replications Starting test: NCSecDesc ......................... WIN_XP_PRO_CLIENT passed test NCSecDesc Starting test: NetLogons ......................... WIN_XP_PRO_CLIENT passed test NetLogons Starting test: Advertising ......................... WIN_XP_PRO_CLIENT passed test Advertising Starting test: KnowsOfRoleHolders ......................... WIN_XP_PRO_CLIENT passed test KnowsOfRoleHolders Starting test: RidManager ......................... WIN_XP_PRO_CLIENT passed test RidManager Starting test: MachineAccount ......................... WIN_XP_PRO_CLIENT passed test MachineAccount Starting test: Services ......................... WIN_XP_PRO_CLIENT passed test Services Starting test: ObjectsReplicated ......................... WIN_XP_PRO_CLIENT passed test ObjectsReplicated Starting test: frssysvol ......................... WIN_XP_PRO_CLIENT passed test frssysvol Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... WIN_XP_PRO_CLIENT failed test frsevent Starting test: kccevent ......................... WIN_XP_PRO_CLIENT passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0xC000036B Time Generated: 04/24/2005 12:04:14 Event String: Driver VPCAppSv.sys has been blocked from An Error Event occured. EventID: 0x825A0011 Time Generated: 04/24/2005 12:04:40 (Event String could not be retrieved) An Error Event occured. EventID: 0xC25A001D Time Generated: 04/24/2005 12:04:40 (Event String could not be retrieved) An Error Event occured. EventID: 0xC0001B58 Time Generated: 04/24/2005 12:05:38 (Event String could not be retrieved) An Error Event occured. EventID: 0xC0001B6E Time Generated: 04/24/2005 12:06:23 (Event String could not be retrieved) An Error Event occured. EventID: 0x00004E8A Time Generated: 04/24/2005 12:06:27 (Event String could not be retrieved) ......................... WIN_XP_PRO_CLIENT failed test systemlog Starting test: VerifyReferences ......................... WIN_XP_PRO_CLIENT passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : WS_2003_DOMAIN_CONTROLLER Starting test: CrossRefValidation ......................... WS_2003_DOMAIN_CONTROLLER passed test CrossRefValidation Starting test: CheckSDRefDom ......................... WS_2003_DOMAIN_CONTROLLER passed test CheckSDRefDom Running enterprise tests on : WS_2003_DOMAIN_CONTROLLER.local Starting test: Intersite ......................... WS_2003_DOMAIN_CONTROLLER.local passed test Intersite Starting test: FsmoCheck ......................... WS_2003_DOMAIN_CONTROLLER.local passed test FsmoCheck Now WS_2003_DOMAIN_CONTROLLER - Is my WS2003 server as a domain controller WIN_XP_PRO_CLIENT - Is my main client WIN_XP_PRO_CLIENT_TWO - WAS my Virtual Server Machine anyone got a quick way of resolving this? Other than reformatting? Thanks people.

Thanks - ive already done that before and have same problem

I had slow connectivity problems to my network so i ran netdiag on my server. It produced the follwing report: Computer Name: ******** DNS Host Name: **************.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 31 Stepping 0, AuthenticAMD List of installed hotfixes : Q147222 Netcard queries test . . . . . . . : Passed [WARNING] The net card '1394 Net Adapter' may not be working because it has not received any packets. Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : ********** IP Address . . . . . . . . : 192.168.1.100 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.1.1 NetBIOS over Tcpip . . . . : Disabled Dns Servers. . . . . . . . : 192.168.1.100 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed WINS service test. . . . . : Skipped NetBT is disable on this interface. [Test skipped]. Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Skipped There are no interfaces that have NetBT enabled. [Test skipped] Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Skipped There are no interfaces that have NetBT enabled. [Test skipped] Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Failed [FATAL] File \config\netlogon.dns contains invalid DNS entries. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Skipped There are no interfaces that have NetBT enabled. [Test skipped] DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully Obviously this is causing the error: DNS test . . . . . . . . . . . . . : Failed [FATAL] File \config\netlogon.dns contains invalid DNS entries. [FATAL] No DNS servers have the DNS records for this DC registered. Ive checked around but cant find a resolution. Can anyone advise how to resolve this issue? Thannks ppl as always

Thanks for that atomic. Just 2 more questions if i can please. 1. So you cant use an internet connection AND vpn at the same time or can you? as when i did that i got locked out from my system whilst using RDP until i disabled Routing and Remote Access (this is what i used to create my VPN connection) 2 Im guessing this is the preferred way rather than paying MS for the extra Terminal Services license after the 60 or 120 day period- so these tools work exactly like TS but theyre free?? Thanks again

I dont get this.....so if someone has a VPN connection does it mean a VPN connection is just for someone from outside of a network connecting into a network or domain? What woudl happen if i connect to my servers VPN connection from outside of my network? what resources would i have if everything how could i test to see this? Thanks p.s. Sorry jpatto for asking a question and not giving an answer for your question (although i guess you do have the answer) but sorry for using your thread.......

thanks for clearing that. I think i found Radmin at http://www.freedownloadscenter.com/Network...r__Radmin_.html is there a way to install it without being at my PC that cant be connected using RDC/P? or what is recommeded way to install it (im trying to avoid getting the monitor hooked up with the server (yes lazy i know))

ok im slightly confused - i thought RDP and Remote Desktop connection are the same? as i do use Remote desktop connection but thought that was the same as RDP (Remote desktop Protocol) so whats the difference? Where can i get Radmin tool and what other 2 remote access tools would you recommed (any free ones are welcome ) Thanks again

I use RDP to connect to my server. I was playing around and picked the wrong option for VPN setup. I am now locked out so i cant access the server using RDP. So i tried Telnet <serverIP> 38 to see if i could access the server this way - i still coudn't. I know i could resolve the problem by going to the server and hooking up the monitor to resolve it but wanted to know what you guys would have done in this situation (just incase i was far away from the server so i know for future) Thanks as always

Im thinking about reinstalling my operating system and server and would like your advice on how it should be done. I am running Win XP pro SP2 and Windows Server 2003 SP1. I have a router which allows us to connect to the internet. The scenario is for a home based network so it means that i do not want the server to be on in order to access the internet (like many ppl on this forum) so whats the best way to have everything done and in which order as the server will be a domain controller thx ppl

ok i wont fret but why does it do this?

Guys im not sure about this so thought to ask you experts. I have one pc which is not on my domain but is part of my workgroup (my mum's computer its home edition) for some starnge reason whenever my mum logs onto her PC and enters the incorrect password it gets logged onto MY computers event log (security). When i open it this is what i see: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 16/04/2005 Time: 15:29:44 User: NT AUTHORITY\SYSTEM Computer: Mum'sPC Description: Logon Failure: Reason: Unknown user name or bad password User Name: Mum Domain: Mum'sPC Logon Type: 3 Logon Process: NtLmSsp Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: Mum'sPC For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. thx

sorry could you explain that a bit more as i dont know what autdit is and the file your referring to. thx

done that and i still have a few problems. So ill tell you one of them as i may be able to do the rest if i get this one right :angrym: When connect using RDP to my server i have this event written in my client event log: Event Type: Failure Audit Event Source: Security Event Category: Detailed Tracking Event ID: 861 Date: 07/04/2005 Time: 17:11:46 User: Kill-Bill\Quentin Tarantino Computer: PulpFiction Description: The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\mstsc.exe Process identifier: 2584 User account: Quentin Tarantino User domain: Kill-Bill Service: No RPC server: No IP version: IPv4 IP protocol: UDP Port number: 2149 Allowed: No User notified: No Now this as it says is caused by the FW so im assuming that i need to add C:\WINDOWS\system32\mstsc.exe to a safe list under these GPOs and my guess is Windows Firewall: Define Program Exceptions - so if i add C:\WINDOWS\system32\mstsc.exe to that GP shoudl it be put on both (client and server) and shoudl it be under the DOMAIN PROFILE only? or the Standard profile too? Thanks

ok i did that and have still some issues (same event id still logged in my client machine) ive set up the domain profile as in this picture - so what am i doing wrong? do i have enable something on the client machine? thx

which GPO do i need to alter or set? and is this for the LOcal Group Policy?