I enable either Global-level or Share-level encryption on Win 2012 and try to access the encrypted share from a Non-SMB3 client (Win 7). As we know, "RejectUnencryptedAccess"by default is TRUE in Win 2012. So any unencrypted access (ie, connection from Win 7 client) will be rejected with a STATUS_ACCESS_DENIED message in either Session Setup Response or Tree Connect Response based on whether Server-level encryption or Share-level encryption is enabled. There is no problem here, it works as expected.

But when "RejectUnencryptedAccess" is set to FALSE in Win 2012, as per the documentation, the connection should be established and share be accessed without any error or denial. But seems that is not the case with me.

Neither I get any Access Denied error nor the Share is opening.

On further looking at the SMB2 Packet capture, the Session Setup and Tree Connect Responses were successful. After that, there were several "Create Request File: wkssvc" and "Create Response File: wkssvc" packets.

Can someone confirm if this is the case / is it expected behavior / or am I missing something?

Hello All,

I am experiencing a rather annoying problem with Windows 2012 Fileservices, my problem is the following :
Opening Office files takes a long time on a windows 7 machines, other files are perfectly fine.

I have searched this issue and i seen that there a few registry tweaks to fine tune, i did that and it didn't help much.

My setup is :
VM Cluster / SAN / Dedicated fiber storage for Windows 2012 Fileserv that's mapped as a RAW device .

Any idea's ?

Thanks !

I have configured the FSRM options with the correct SMTP server and default administrator recipients - that works! Email test is successful.

However, the email notifications for users is not sending the users email? what am I missing?

I have a RAID 5 array on a Perc 6/i with 2 1.8TB volumes, I want to extend/expand Disk 0 onto Disk 1 so that I end up with one 3.6TB disk.

how do I do this?

Stacey P. Shoemaker

Hello experts,

I deployed two PCs with the Windows 7 via MDT 2012. Then I found that it could not connect to the samba network drive. I'm pretty sure the samba is fine, as the rest of our PCs don't have any problem. I disabled the firewall and without any anti-Virus software. I changed the LAN management and set the samba port 139 and 445 in smb.conf. 

Any of you have some ideas about this situation?

Thank you in advance!

BRs

Yumin

Our users have the default recommended permissions for their Redirected Documents folders that do not include any access permissions for the Administrators group.

Very frequently administrators have a need to go into these folders.  The most current reason is that we need to share out the folder containing their Outlook PST files so we can import these files into their new Archive mailboxes and then get rid of the PSTs.

The users cannot even do this themselves because they cannot create shares when they are accessing their Documents folder through a redirected network share.

The administrator must log in locally to the file server, take ownership of the user's entire My Documents folder, grant the Administrators group full control, then drill down to the folder containing the PST files and grant Exchange Trusted Subsystem modify access, then share that folder with the Exchange Trusted Subsystem also having at least Modify access through the share.

One problem we are having is when we take ownership and grant the Administrators group full control, somehow during this process, the user loses their permissions to the files and folders and we end up having to manually grant permissions back to the user for folders and then the subfolders below.  Then we need to change the ownership back the user so file audits show correctly as belonging to the user rather than belonging to the administrators group.

What is the most streamlined way to accomplish these access permission changes and then put everything back they way they were when the import in their Exchange mailbox is complete?

How can we grant local server administrators group members and domain Exchange Trusted Subsystem permissions after taking ownership without the user losing their permissions as part of the process?

On my Windows Server 2012 I go to Optimize Drives and I select Change Settings as it SHOULD be Defragmenting Weekly as it states.  I found that when I clicked on Choose Drives the Select all was choosen but NO drives showed up.  I just checked, if I DEselected the Select all, the drives did NOT magically appear.  I am up to date on all software and updates.  This is a VMWare Virtual Server, however I do NOT think that that would be the issue, although it COULD.  The image below shows the settings as they were without any options selected or changed.  It was set it and forget it for the weekly server optimization or server defrag.

This is development so I can edit "LIVE" and not worry.  I am not sure if there is something I can check or look into.

Dear Support,

This is to inform you that we are using Windows Server 2008 R2 Enterprises Edition (x64) & suddently it is showing the message "The Application was unable to start correctly (0xc0000005. Click OK to close the application." 

 I have already checked all the technical steps as per Microsoft solutions like-

these are the steps that I have been done.

1. I have checked regedit Hkey_Classes_Root>exefile>shell>open>(default) as "%1" %*

2. Uninstalled dotnet frameware & re-installed correctly.

2. Microsoft C++ 2005,2008 redistributable re-installed.

3. The Windows has been updated.

4. check by "Microsoft Fix-it" & executed, the report is clean.

5. The Anti Virus is disabled (Quick Heal).

6. & all the junk files are cleaned as well (like- %temp%).

But its still showing the error while we are trying to open a application (most of the *.exe), [Application name.exe has stopped working>The Application was unable to start correctly (0xc0000005. Click OK to close the application.

Kindly do the needful solutions urgently.

Regards,

Akib Ahmed

Mob- +91 8584047126

Email: itsupport.asansol@pinnaclehonda.com

Chandrani Enterprises Pvt. Ltd. | Asansol

Nh-2, Bogra Chatti, Asansol, Burdwan - 713332 (W.B.), India.

I found NFS Cmdlets in Windows PowerShell is not working forWindows 8.1, Windows 8 and Windows 7 for all desktop Windows OS.

I am getting below message while executing the Cmdlet on Windows 8.1.

PS C:\Users\Administrator> New-NFSshare
New-NFSshare : The term 'New-NFSshare' is not recognized as the name of a cmdlet, function, script file, or operable
program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1
+ New-NFSshare
+ ~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (New-NFSshare:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

PS C:\Users\Administrator>

According to windows technet these NFS Cmdlets are applicable for Windows 8, 8.1, Server 2012, 2012 R2. But on server these Cmdlets are working fine but on Desktop OS these are missing.

http://technet.microsoft.com/en-us/library/jj603081.aspx

Thanks in advance for your help.

Nitin

Hello!

Windows Server 2012 NIC Teaming (LBFO) Deployment and Management (http://www.microsoft.com/en-us/download/details.aspx?id=30160) says:

"3.4    Interactions between Configurations and Load distribution algorithms
3.4.1    Switch Independent configuration / Address Hash distribution

This configuration will send packets using all active team members distributing the load through the use of the selected level of address hashing (defaults to using TCP ports and IP addresses to seed the hash function).

Because a given IP address can only be associated with a single MAC address for routing purposes, this mode receives inbound traffic on only one team member (the primary member). This means that the inbound traffic cannot exceed the bandwidth of one team memberno matter how much is getting sent."

Q1)Am I correct that a user after connecting to a server will be able to save data to the server  with the "bandwidth of one team member" but read using aggregated bandwidth of all team memebers?

"3.4.2    Switch Independent configuration / Hyper-V Port distribution

This configuration will send packets using all active team members distributing the load based on the Hyper-V switch port number.  Each Hyper-V port will be bandwidth limited to not more than one team member’s bandwidth because the port is affinitized to exactly one team member at any point in time.

Because each VM (Hyper-V port) is associated with a single team member, this mode receives inbound traffic for the VM on the same team member the VM’s outbound traffic uses.  This also allows maximum use of Virtual Machine Queues (VMQs) for better performance over all. "

This mode is best used for teaming under the Hyper-V switch when

1. The number of VMs well-exceeds the number of team members; and
2. A restriction of a VM to not greater than one NIC’s bandwidth is acceptable"

Q2) If "each VM (Hyper-V port) is associated with a single team member"  than more than one VM per Hyper-V port will result in a bandwidth < 1 team member...Why this mode is best used forThe number of VMs well-exceeds the number of team members?

Q3) Don't these words  - "each VM (Hyper-V port) is associated with a single team member" - mean there can't be more than one VM per Nic (team member)?  ...I know that they don't...Just trying to perceive the meaning of them...

"1.1.1     NIC Teaming and Virtual Machine Queues (VMQs)

When the team is in switch-independent mode and is using an address hash load distribution algorithm,the inbound traffic will always come in on one NIC (the primary team member) – all of it on just one team member."

Q4) Given that ALL team members are connected to a switch (switches) what prevents other team memebers from receiving the inbound traffic? Does the inbound traffic somehow blocked on those (non primary) nics?

Thank you in advance,

Michael

Hi,

I added a RAID 5 Disk (3 * 4TB = 7.28TB usable) from a Dell Poweredge R720 server to my storage pool named "Backups".

The Physical disk was nearly full so I extended the RAID disk using Dell Server Administrator by adding another physical disk to the RAID array (4 * 4TB = 10.91TB usable).

However, in the Storage Pool GUI in Server 2012 SP1 the Physical Disk still only shows as 7.28TB even though the disk is actually 10.91TB.

Can anyone explain how I can extend the capacity of the physical disk in Storage Spaces to match the actual size of the now extended physical RAID disk? I have tried rebooting and refreshing but it doesn't update the new size.

When I look in the orginal disk management tool I can see the RAID disk listed at the correct 10.91TB.

Also when I use powershell I get the following:

Microsoft Partner

Hi

WE have a folder structure that we want to copy with robocopy. The parent folder in the structure is set to not inherit its permissions. It has custom security permissions and all the folders within it are set to inherit, so they get their permissions from that parent. 

Robocopy creates the destination folder but sets it to inherit the permissions. This causes all the child folders to have the wrong permissions. 

The only work around we've found is to create the parent folder on the destination by hand and set the permissions, but given the number of permissions, I'd like to find a solution.

We're using "robocopy c:\shares\myfolder '\\otherserver\c$\shares\myfolder' /sec /z /e"

The structure is like this;

c:\

- shares

-- myfolder <- set to not inherit permissions.

---- lots of sub folders

Any ideas why this might be ?

Olly

Hi All,

Is it supported to implement Access Based Enumeration together + Dynamic Access Control toghethet with Distributed File System Namespaces in Windows Server 2012

Kind regards

Mikael

I have recently upgraded a clients servers to Windows Server 2012 & since doing so have lost the ability to scan to folder.

Both servers are domain controllers and previously on a 2008 domain controller I would have had to make the following change to allow scan to folder:
 Administrative Tools
 Server Manager
 Features
 Group Policy Manager
 Forest: ...
 Default Domain Policy
Computer configuration
 Policies
 Windows Settings
 Security Settings
 Local Policies
 Security Options
 Microsoft Network Server: Digitally Sign Communications (Always)
 - Define This Policy
 - Disabled

However I have applied this to the Windows 2012 server but am still unable to scan, possibly due to added layers of security in server 2012. The error on the scanner is Authentication with the destination has failed check settings.
I have also tried the following at the server:
Policies -> Security Policies
Change Network Security: LAN Manager authentication level to: Send LM & NTLM - Use NTLMv2 session security if negotiated.
Network security: Minimum session security for NTLM SSP based (including secure RPC) clients and uncheck the require 128 bit.
Network security: Minimum session security for NTLM SSP based (including secure RPC) servers and uncheck the require 128 bit
I have created a user account on the server for the ricoh and set this in the settiings of the Ricoh and verified everything is correct.

Are there any other things I have missed?

Hi all,

Nothing, to my knowledge, has changed since we fixed the last problem. No passwords, computer names or IP's have been changed. I've tried restarting the machine and the DNS services, flushed the dns and reregistered on all machines as well as replicating the AD a couple of times. Previously this seemed to fix the problem but I'm not so lucky this time.

Logs showing: ID: 5002 - dfs rep service encountered an error communicating with partner x for replication group y. Error: 1825 (A security package specific error occurred)

I've tried to do a propagation report between the two servers but this fails with a login failure - the target account name is incorrect. This machine is part of a domain controlled by AD. Would resetting the computer account in AD fix this and what implications would this have?

I've tried removing and re-creating the group but this now gives me: 'Computer name' The server's OS version cannot be retrieved. Access is denied. The dfsr service status cannot be queried. MachineName value is invalid.

The other interesting log that keeps appearing is: Event ID:64 "Certificate for local system with Thumbprint ... is about to expire or already expired." I don't think this one is related but thought I should mention it in case it helps...

I can successfully ping each partner from the opposite partner however I have noticed that the response is IPv6. There are a few entries on our DC which relate to these machines and the addresses are the ones I'm getting back from the ping. I'm confused at this point as to why they're there. We've never used IPv6 and all other servers in the domain are IPv4 based. I'm slightly reluctant to go in and remove these, as the servers are in a production environment. Could someone advise on the best way to update these, if required?

Windows firewalls are switched off and the machines are all on the same LAN.

Just for info, I'll list the related services and the accounts they're running under. (I've tried restarting these services but that didn't seem to make a difference):

DCOM Server Process Launcher - started - auto - local system
DFS Namespace - started - auto - local system
DFS Replication - started - auto -local system
Remote Procedure Call - started - auto - network service

Can anyone shed some more light on this one please? I really don't understand what's caused the problem to reappear. (DCDIAG comes back clear.)

Thanks in advance.

Mark

On a Windows 2008 R2 EE server, I have a G drive, and it had an Exchange 2010 database on it. I removed the DB from Exchange, and I proceeded to remove the DB and other files from the G drive.

I answered yes to permanently deleting the DB file since it is too big to recover. 

After emptying the RecycleBin, I noticed that the G drive still had 20GB in use.  I don't see anything.

When I looked at the Shadow Copy tab, I see 20GB in use, but I don't have Shadow Copy enabled.

Any suggestions?

Thanks

Ron

Hi,

I was just looking into the FRSM file expiration task, and was wondering is it possible to expire old files and move them to a different drive but retain the file structure?

Or does this task just dump them in the specified directory?

Thanks

Phil

We have an interesting problem for the forums.  We have implemented Distributed File Services for managing our shares.

SecurityGroupA has similar ACL assignments to FolderA and FolderB.

SecurityGroupB has limited ACL assignments to FolderB.

When a member of SecurityGroupA moves a file from FolderA to FolderB, the file does not not inherit from FolderB.  We believe the issue is the DFS link gets redirected, but since the file's physical location doesn't actually move so no ACL changes happen and SecurityGroupB cannot see the file.

If we break folder inheritance, then reapply inheritance to all child objects, this "fixes" ACL assignments and SecurityGroupB can see the file.

One process I am considering is enabling file auditing and using event log "file creation" to trigger an ACL refresh script.  That's about as far as I have got to developing the process, though.

Has anybody with DFS implementations run into this?  If so, how did you address the ACL refresh?

Thanks,

CS

Hi,

We've recently re-installed to Windows Server 2008 R2, and wanted to assign Storage to our server.

HBA we're using is a Qlogic which came with SANSurfer, however upon assigning the luns. The luns are not visible within device manager or disk management. When we take a look in SANSurfer the connections (storage array controllers) to the LUNs are visible there but not the disk arrays.

Anyone come across this before?

Thanks