Hi All,
I recently had an issue with a client computer not wanting to join to the domain.
The computer would not join due to the following error:
Unable to join computer to the domain: Network Path not found.
After lots of research, I finally found a solution.
First, please verify if you DNS is fine on your DC by running the following command on the DC:
dcdiag /test:dns
If all tests pass, check out the following:
Open Network and Sharing centre on the client computer, Click change adapter settings, right click the active network adapter and click properties.
Check to see if the Client for Microsoft Networks is there. If not, click on Install, then Client, click on Add and then click OK. Ensure it is now displaying under the installed components. Close all Windows and restart.
You should be able to join the domain now.
A few extra things you could also check:
Ping the domain from the client PC and ensure it returns with the correct IP.
Ensure your DC is your primary DNS on your IP config.
Ensure your DC also point to itself for dns primary.
I hope this will save someone some time.
Regards,
Sakkie
Infinite Server Life
Thursday, 9 October 2014
Thursday, 2 May 2013
Windows Server W32 Time service time set up
Hi Guys,
If anyone ever experienced the issue of your client computers not synchronizing time or received the following error upon logon:
System cannot log you in due to the following error:
There is a time difference between the Client and Server.
I have found a solution to this problem by adjusting the server's time sources.
Please follow the following steps to set your server up correctly for time synchronization:
Open up a elevated command prompt and enter the following:
1. net stop w32time - This is to stop the time service.
2. w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org" - This is to configure the external time source.
3. w32tm /config /reliable:yes - This is to configure the server as a reliable time source.
4. net start w32time - This starts the time server again.
After the service has started again, your time should sync perfectly.
I hope this has been informative and would like to thank you for reading.
Best Regards,
Sakkie Jamneck
"If you can't explain it simply, you do not understand it well enough." - Albert Einstein
If anyone ever experienced the issue of your client computers not synchronizing time or received the following error upon logon:
System cannot log you in due to the following error:
There is a time difference between the Client and Server.
I have found a solution to this problem by adjusting the server's time sources.
Please follow the following steps to set your server up correctly for time synchronization:
Open up a elevated command prompt and enter the following:
1. net stop w32time - This is to stop the time service.
2. w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org, 1.pool.ntp.org, 2.pool.ntp.org" - This is to configure the external time source.
3. w32tm /config /reliable:yes - This is to configure the server as a reliable time source.
4. net start w32time - This starts the time server again.
After the service has started again, your time should sync perfectly.
I hope this has been informative and would like to thank you for reading.
Best Regards,
Sakkie Jamneck
"If you can't explain it simply, you do not understand it well enough." - Albert Einstein
Thursday, 25 April 2013
Deploy and Install MSI packages via a single GPO
Hi Guys,
As time passed by, I got a bit pre-occupied with stuff happening in both my personal and work life so I could not blog for a while. I thought it would be nice for a change to blog about the setup of specific features in Windows Server except for just troubleshooting problems.
This article is discussing how to deploy and install .msi packages from your Windows Server through the use of a single GPO (Group Policy Object).
What probably interests me most of this option, is that you can also remove the software should it cause any issues.
So how I am going to explain this is in a step by step format to set this up easily without any hassles.
To kickstart this process, log onto your Domain Controller with an Administrative account.
Make sure your MSI package you wish to deploy is located on the server and is shared. Read and Execute permissions must also be assigned to the folder for the users you wish to install the selected update on.
Next,
Click on Start and navigate to All Programs -> Administrative Tools -> Group Policy Management.
Right Click on your domain and click on Create and Link GPO Here.
You will be prompted to enter a name for the desired GPO. Name it something like MSI Deployment Firefox.msi.
Right Click on the GPO and select Edit. Group Policy Editor will now open.
Here we basically have two options:
Computer Configuration: This will install the software for a specific computer no matter which user is using the computer.
User Configuration: This will install the software for only specific users on the domain once they log on.
For this tutorial we shall take the User Configuration Option.
Under User Configuration browse to Policies -> Software Settings -> Software Installation
Right Click Software Installation and select New and then Package.
Next, browse to your MSI file and choose it.
Note: Please navigate to the network path of this file for example \\DC\Software\MSI\Firefox.msi.
Next you will be given 3 options:
Published: A program can be published for one or more users. This program will be added to the Add or Remove Programs list and the user will be able to install it from there.
Assigned: A program can be assigned per-user or per-machine. If its assigned per-user, it will be installed when the user logs on. However, if its assigned per-machine then the program will be installed for all users when the machine starts.
Advanced: This option can be chosen for more advanced options.
For the purposes of this tutorial, we will choose Advanced.
After you choose advanced, a dialogue box will appear with a Name Textbox. This name you can make just what you want. By default it is the name of the .msi package.
If you click on the deployment Tab, under the first two radio buttons, you will see that you can choose between Published or Assigned deployment. For this tutorial we will choose Assigned because we want the software to install at logon automatically.
Move down to the Deployment Options checkboxes.
You will now see three checkboxes you can modify:
Uninstall this application when it falls out of the scope of management: This is the option that you would select if you want the program to be uninstalled if the Group Policy is removed.
Do not display this package in the Add/Remove Programs control panel: If you want the application not to appear in the Add/Remove Programs control panel.
Install this application at logon: If you want this program to be installed at logon.
You can now set the Installation user interface option to your desire.
The rest of dialogue box you can leave as default and click on OK.
Now you can close Group Policy Editor and add your preffered users to your Security Filtering. Run gpupdate /force on the server and ask users to reboot and the softare should install.
And that is how we do it.
I hope this has been informative for you and would like to thank you for viewing.
Best Regards,
Sakkie
"Everybody's a genius, but if you judge a fish by it's ability to climb a tree, it will spend it's whole life believing it is stupid."
As time passed by, I got a bit pre-occupied with stuff happening in both my personal and work life so I could not blog for a while. I thought it would be nice for a change to blog about the setup of specific features in Windows Server except for just troubleshooting problems.
This article is discussing how to deploy and install .msi packages from your Windows Server through the use of a single GPO (Group Policy Object).
What probably interests me most of this option, is that you can also remove the software should it cause any issues.
So how I am going to explain this is in a step by step format to set this up easily without any hassles.
To kickstart this process, log onto your Domain Controller with an Administrative account.
Make sure your MSI package you wish to deploy is located on the server and is shared. Read and Execute permissions must also be assigned to the folder for the users you wish to install the selected update on.
Next,
Click on Start and navigate to All Programs -> Administrative Tools -> Group Policy Management.
Right Click on your domain and click on Create and Link GPO Here.
You will be prompted to enter a name for the desired GPO. Name it something like MSI Deployment Firefox.msi.
Right Click on the GPO and select Edit. Group Policy Editor will now open.
Here we basically have two options:
Computer Configuration: This will install the software for a specific computer no matter which user is using the computer.
User Configuration: This will install the software for only specific users on the domain once they log on.
For this tutorial we shall take the User Configuration Option.
Under User Configuration browse to Policies -> Software Settings -> Software Installation
Right Click Software Installation and select New and then Package.
Next, browse to your MSI file and choose it.
Note: Please navigate to the network path of this file for example \\DC\Software\MSI\Firefox.msi.
Next you will be given 3 options:
Published: A program can be published for one or more users. This program will be added to the Add or Remove Programs list and the user will be able to install it from there.
Assigned: A program can be assigned per-user or per-machine. If its assigned per-user, it will be installed when the user logs on. However, if its assigned per-machine then the program will be installed for all users when the machine starts.
Advanced: This option can be chosen for more advanced options.
For the purposes of this tutorial, we will choose Advanced.
After you choose advanced, a dialogue box will appear with a Name Textbox. This name you can make just what you want. By default it is the name of the .msi package.
If you click on the deployment Tab, under the first two radio buttons, you will see that you can choose between Published or Assigned deployment. For this tutorial we will choose Assigned because we want the software to install at logon automatically.
Move down to the Deployment Options checkboxes.
You will now see three checkboxes you can modify:
Uninstall this application when it falls out of the scope of management: This is the option that you would select if you want the program to be uninstalled if the Group Policy is removed.
Do not display this package in the Add/Remove Programs control panel: If you want the application not to appear in the Add/Remove Programs control panel.
Install this application at logon: If you want this program to be installed at logon.
You can now set the Installation user interface option to your desire.
The rest of dialogue box you can leave as default and click on OK.
Now you can close Group Policy Editor and add your preffered users to your Security Filtering. Run gpupdate /force on the server and ask users to reboot and the softare should install.
And that is how we do it.
I hope this has been informative for you and would like to thank you for viewing.
Best Regards,
Sakkie
"Everybody's a genius, but if you judge a fish by it's ability to climb a tree, it will spend it's whole life believing it is stupid."
Monday, 4 February 2013
Roaming profile logging on as temporary profile
Hi All,
I'm sure most of you would agree with me, but Roaming Profiles are the absolute worst!
I cannot even begin to tell you how many issues I have had with this before and everytime I deal with it, it only becomes more painful.
One specific issue I experienced many times is the Temporary profile issue. This occurs when logging on to Windows and receiving the following message:
Windows XP:
"Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off."
OR
Windows 7:
"You have been logged on with a temporary profile. You cannot access your files and files created in this profile will be deleted when you log off. To fix this, log off and try logging in later. Please see the event log for details or contact your system administrator."
This can be a very annoying problem especially if recreating the profile does not solve the problem.
To rectify this, set the local group policy on the local computer which is logging you in with a temp profile.
To do so, start up "Run" on the PC and type gpedit.msc
Once this is open, navigate to the following:
Computer Configuration -> Administrative Templates -> System -> User Profiles
Enable the Do not log users on with temporary profiles option.
Also configure the Do not check for user ownership of Roaming Profile Folders option.
Close the Group policy editor and open up command prompt.
Type in:
gpupdate /force
Once this has completed, proceed to restart the computer and log in again. The problem should now be rectified.
Please note that throughout this article I assume there is enough space on the client computer as well as the neccesary permissions set on the roaming profile folder.
I would like to thank you for reading and hope this has been informative for you.
Best Regards,
Sakkie
Dare to Dream...
I'm sure most of you would agree with me, but Roaming Profiles are the absolute worst!
I cannot even begin to tell you how many issues I have had with this before and everytime I deal with it, it only becomes more painful.
One specific issue I experienced many times is the Temporary profile issue. This occurs when logging on to Windows and receiving the following message:
Windows XP:
"Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off."
OR
Windows 7:
"You have been logged on with a temporary profile. You cannot access your files and files created in this profile will be deleted when you log off. To fix this, log off and try logging in later. Please see the event log for details or contact your system administrator."
This can be a very annoying problem especially if recreating the profile does not solve the problem.
To rectify this, set the local group policy on the local computer which is logging you in with a temp profile.
To do so, start up "Run" on the PC and type gpedit.msc
Once this is open, navigate to the following:
Computer Configuration -> Administrative Templates -> System -> User Profiles
Enable the Do not log users on with temporary profiles option.
Also configure the Do not check for user ownership of Roaming Profile Folders option.
Close the Group policy editor and open up command prompt.
Type in:
gpupdate /force
Once this has completed, proceed to restart the computer and log in again. The problem should now be rectified.
Please note that throughout this article I assume there is enough space on the client computer as well as the neccesary permissions set on the roaming profile folder.
I would like to thank you for reading and hope this has been informative for you.
Best Regards,
Sakkie
Dare to Dream...
Tuesday, 29 January 2013
An attempt to resolve the dns name of a domain controller in the domain being joined has failed.
Hi Everyone,
I had a project over the last weekend where I had to implement Active Directory in one of our client's infrastructure.
In the past I have handled many of these projects, but never experienced the following error when trying to add a computer to the domain:
"An attempt to resolve the dns name of a domain controller in the domain being joined has failed. please verify this client is configured to reach a dns server that can resolve dns names in the target domain."
Interestingly enough this only occurs with Windows 7 and Windows Vista machines and could possibly occur with Windows 8.
This is due to Win 7 and Vista discovering the Active Directory controller in a different way than XP would do.
In my specific scenario, the client had an alternate DNS server and would like to keep it that way, though DNS is a required role when running DCPROMO.
Fixes and explanations over the net ranges from problems with a specific build of Windows to even manual recreation of the DNS records.
The fix I found worked was not found on an article.
If you are not using a DHCP server, set the DNS settings in your adapter settings to the PRIMARY DNS of your AD server and id need be, the secondary DNS your DNS server or a public DNS server for instance Google's DNS.
If you are using DHCP, configure it as described above in your DHCP and renew client IPs.
Remember to not put your DNS server as the primary, but rather as the secondary due to the way Windows 7 discovers AD servers.
I hope this has been informative for you and I'd like to thank you for reading.
Best Regards,
Sakkie
Dare to dream...
I had a project over the last weekend where I had to implement Active Directory in one of our client's infrastructure.
In the past I have handled many of these projects, but never experienced the following error when trying to add a computer to the domain:
"An attempt to resolve the dns name of a domain controller in the domain being joined has failed. please verify this client is configured to reach a dns server that can resolve dns names in the target domain."
Interestingly enough this only occurs with Windows 7 and Windows Vista machines and could possibly occur with Windows 8.
This is due to Win 7 and Vista discovering the Active Directory controller in a different way than XP would do.
In my specific scenario, the client had an alternate DNS server and would like to keep it that way, though DNS is a required role when running DCPROMO.
Fixes and explanations over the net ranges from problems with a specific build of Windows to even manual recreation of the DNS records.
The fix I found worked was not found on an article.
If you are not using a DHCP server, set the DNS settings in your adapter settings to the PRIMARY DNS of your AD server and id need be, the secondary DNS your DNS server or a public DNS server for instance Google's DNS.
If you are using DHCP, configure it as described above in your DHCP and renew client IPs.
Remember to not put your DNS server as the primary, but rather as the secondary due to the way Windows 7 discovers AD servers.
I hope this has been informative for you and I'd like to thank you for reading.
Best Regards,
Sakkie
Dare to dream...
Sunday, 9 December 2012
Remote Desktop Licensing Service not starting up
Hi Guys,
Recently I was faced with a problem at one of our clients' Remote Desktop Licensing Services not starting up in services.msc.
The error received when trying to start up the service through the Services snap in, was not efficient in trouble shooting the issue.
To troubleshoot this issue effectively, please take the following steps:
Recently I was faced with a problem at one of our clients' Remote Desktop Licensing Services not starting up in services.msc.
The error received when trying to start up the service through the Services snap in, was not efficient in trouble shooting the issue.
To troubleshoot this issue effectively, please take the following steps:
- Open Server Manager
- Expand Roles and click on Remote Desktop Services.
- You should see an error in the events of this role.
Go through the errors and see if you spot the following error:
The Remote Desktop Licensing service cannot start. The following error occurred: Can't initialize Cryptographic - error code 5.
After going through numerous articles on how to solve this to no avail, I decided to look deeper into the issue.
This issue is being caused by the RSA cryptographic files loosing their permissions, thus locking out the licensing manager and disabling it naturally.
To solve this issue, open up Run on your server and insert the following path:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys
Please verify if all permissions on these files are set correctly. On Server 2008, you should see a little "lock" symbol over the files if the permissions are set incorrectly. Please ensure the following permissions are set:
System: Full Control
Administrator: Full Control
Domain Admins: Full Control
Network Service: Full Control
After these permissions have been set successfully, try and start the RD Licensing Service now, which should solve your problem.
If you are still having issues, go one folder back up and verify that the other folder as well has the correct permissions.
I hope that this has been informative to you as I spent quite some time on this one and hope to save you some time.
Yours Truly,
Sakkie
Dare to Dream.
Subscribe to:
Posts (Atom)