Announcement

Collapse
No announcement yet.

Anyone Experienced with Server 2003 TS & AD ?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #61
    Re: Anyone Experienced with Server 2003 TS & AD ?

    i would not clear the logs. Over time that will tell us a story on why and when.

    I had one AD server that was so bad that it was having issues at a company i was called to do work on and everything pointed to an old virus that hit it and caused issues. I had to rebuild another one. I had no proof other than old registry entries and malware scan that showed too many issues.

    how many people use to the server ? does this happen same time everytime ? Does it happen when people come in the day and everyone signs in in the morning at the same time ?

    Just creating a backup AD server is easy and that might be the quickest thing to do even if you have a spare pc. I have ran one on an old pc until i fixed the old server. I am not sure 100 percent that is your issue but i know you can do it that way. AD is very lightweight.

    The question in your thread is about what you can have running on AD server and TS server is hard to answer. I have run AD with TS server on it but I do not like doing that. The main reason is because AD controls everything and then if there is a problem with TS server you have to reboot. So at least AD and TS on two servers like you have. Then your questions about AD is that per say is where domain comes from and all your security and what you can and can not do.

    The only thing that concerns me is that your have an antivirus server running on the same box. It is common but not best practice as AV can take down a server and run it resources very low.

    I would move the antivirus server to a beefy pc or off the domain server.

    The 2008 box could you raise itfrom the ashes and make it a Backup domain controller.

    I will see if i can find a video or something to show you what to looking for.

    Well building the AD server can be very quick as you have all the settings on the old one.
    Last edited by mmoore5553; 11-09-2013, 08:27 AM.

    Comment


      #62
      Re: Anyone Experienced with Server 2003 TS & AD ?

      No A/V software is installed any longer (Post 56). I removed that a long time ago as it was always causing issues. It would update and scan when it felt like, usually in the middle of the day. Nor had it been upgraded to a newer (better) version.

      We can have 20-30 people on plus network devices at any time during the day. I recall that it's a 50 seat license.

      >>if you do not clear the logs I would not do that<<

      ? ? ?

      Is that do or don't?

      T
      veritas odium parit

      Comment


        #63
        Re: Anyone Experienced with Server 2003 TS & AD ?

        Sorry i wrote that before coffee this morning. I rewrote my thread. I would not do that as that is the only clue we have into the past. I would first look at any warns or if you can extract log then do it.

        That is a small network so that is good as you do not need a big computer to put AD on.
        Also are we sure the sql database is not doing a backup or purge in the mornings ?

        When does this usually happen ?

        Comment


          #64
          Re: Anyone Experienced with Server 2003 TS & AD ?

          Also download hijackthis and run on all DC's I want to see what you have left over in the registry that might be causing an issue.

          http://www.majorgeeks.com/files/details/hijackthis.html

          do a system scan and save the log. After that upload the log files. Also have you ran malwarebytes just to be sure nothing in on it that might be causing the slow down when logging in. Just wondering as i run about three or four antivirus when you see that issue with people getting slow login or when you reboot and see preparing network connections.

          Sorry if you have done all this but making sure it is not something basic we are missing first.

          Comment


            #65
            Re: Anyone Experienced with Server 2003 TS & AD ?

            I did a log purge about a week ago. Rather issue-free over the past week until this AM. APP (201) server had a blank screen but did prompt for admin login. Never went any farther than the grey screen after 5 minutes. Shut down cold and restart. Back in operation.

            Backup operation ran fine at 12:15 am and somewhere between then and 7:30 am they could not get in. I've zipped and attached the event logs for Application and System.

            T
            Attached Files
            Last edited by Toasty; 11-18-2013, 10:14 AM.
            veritas odium parit

            Comment


              #66
              Re: Anyone Experienced with Server 2003 TS & AD ?

              Odd as the event log is not showing me some of the information because I am not on windows 2003 or because I am not on your network

              The description for Event ID 10119 from source WinRM cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

              If the event originated on another computer, the display information had to be saved with the event.


              that is what it says so hard to track and only thing it shows is that it shut down at 948. Is there a way when you export that it saves all the information ?

              I have dealt with WinRM errors before and they always pointing back to active directory or group policy.

              Comment


                #67
                Re: Anyone Experienced with Server 2003 TS & AD ?

                I don't see any option other than save logs. Export as tab delimited is even less informative.

                There is the Winlogon event 1218 @ 7:58 under Application where it could not contact Terminal Server. That was me trying to remote in.

                I have 21 Warnings under System on TS (200) @ 6:54 am from Print regarding deletions and purges. This is the owner remoting in. This may be a trigger, but he does not go to APP (201).

                I have 3 warnings under Application beginning at 7:39 pm last evening, at 1:39 am and 7:42 am today on MAIN (202):
                Replication of license information failed because the License Logging Service on server lc-app.lifecare.com could not be contacted.

                ----------------

                From MSDN blogs:

                The WinRM service is unable to start because of a failure during initialization.

                Additional Data
                The error code is 1300.

                To fix this, do the following:

                Open secpol.msc
                Navigate to Local Policies -- User Rights Assignment
                Select the value "Generate Security Audits"
                Add the user account to the list

                The ability does not exist as the Add User or Group button is greyed out.

                T
                veritas odium parit

                Comment


                  #68
                  Re: Anyone Experienced with Server 2003 TS & AD ?

                  If it is grayed out that means you are controlling it by group policy which is okay but you need to add that user that is controlling the service. I am not sure what you have but by default it usually is network service.

                  You need to add that person to group policy or check who you are using under services.

                  Printing via terminal services should have issues if you do not have local printer mapped. Or they are picking the wrong printer. Curious do you have a script running that kills the terminal sessions of the user at a specific time. That way the server is not holding onto server old sessions and taken up memory and resources ?

                  Comment


                    #69
                    Re: Anyone Experienced with Server 2003 TS & AD ?

                    Also on windows 2003 there was an article on technet where you disabled license information. I had to do it our our 2003 servers.

                    http://social.technet.microsoft.com/...m=winservergen

                    Comment


                      #70
                      Re: Anyone Experienced with Server 2003 TS & AD ?

                      Also as I was sitting here thinking about things. Have you shut off tcp chimney offloading on your servers ? I always do that for most of my servers as i have seen it cause issues before with databases, remote login , and just AD look up. I am not sure if this will help you but it is something i just normally shut off right away. Especially with an exchange server.

                      Comment


                        #71
                        Re: Anyone Experienced with Server 2003 TS & AD ?

                        >>You need to add that person to group policy or check who you are using under services.<<

                        The error shows the User as N/A

                        Script runs at 11:30 pm that kicks all TS sessions. I had problems with clients not doing so and locking the database(s), making it impossible to backup. Did that last year.

                        I will investigate the printer bit. I think the ones called for are not mapped.

                        >>Have you shut off tcp chimney offloading on your servers ?<<

                        Google time. I don't have a clue on that one...?

                        License logging was off on TS. I now have it disabled MAIN & APP.

                        T
                        veritas odium parit

                        Comment


                          #72
                          Re: Anyone Experienced with Server 2003 TS & AD ?

                          well here is how to disable it but you can do a registry entry too

                          http://support.microsoft.com/kb/945977

                          Also this is a good article to help understand it a little bit.

                          http://www.symantec.com/business/sup...&id=TECH197934

                          You can still find the user if you look under services and then winRM if i remember right.

                          Comment


                            #73
                            Re: Anyone Experienced with Server 2003 TS & AD ?

                            NT AUTHORITY\NetworkService

                            So, perhaps N/A means NT AUTHORITY instead of "not available"...?


                            Netsh int ip set chimney DISABLED

                            run on TS, APP, & MAIN. I will reboot overnight. Always with much trepidation...

                            T
                            Last edited by Toasty; 11-18-2013, 03:14 PM.
                            veritas odium parit

                            Comment


                              #74
                              Re: Anyone Experienced with Server 2003 TS & AD ?

                              You will have to setup networkService up in the group policy. --odd it should have told you NetworkService and not N/A. That is very strange

                              yes that is the command you need to run. Well like i always said when rebooting a server - god bless this server ...
                              Last edited by mmoore5553; 11-18-2013, 03:30 PM.

                              Comment


                                #75
                                Re: Anyone Experienced with Server 2003 TS & AD ?

                                Have tried looking this up and can not edit anything to add the service. All buttons are greyed out. Am I on the wrong server?

                                T
                                veritas odium parit

                                Comment


                                  #76
                                  Re: Anyone Experienced with Server 2003 TS & AD ?

                                  yep you are on the wrong server. I have to look up the command to see which server is sending out the GPO.

                                  Comment


                                    #77
                                    Re: Anyone Experienced with Server 2003 TS & AD ?

                                    if you have windows 7 just install this on your pc. You might have to go into control panel and program and features and add windows feature and look for it

                                    http://www.microsoft.com/en-us/downl...s.aspx?id=7887

                                    this is the best way to work with group policy as you do not have to be on the server. Plus you will see tons more group policies you might have in place.
                                    Last edited by mmoore5553; 11-18-2013, 05:55 PM.

                                    Comment


                                      #78
                                      Re: Anyone Experienced with Server 2003 TS & AD ?

                                      Ok. This means I have to be on the Local network/domain there, so from home this doesn't work. Every outside connection goes thru the SonicWall(s) via a specific URL. i.e. - https://remote.XYZ.com

                                      I've been on both the APP & MAIN servers, and neither gives me the ability to add anything. Both are greyed out.

                                      T
                                      Last edited by Toasty; 11-18-2013, 07:16 PM.
                                      veritas odium parit

                                      Comment


                                        #79
                                        Re: Anyone Experienced with Server 2003 TS & AD ?

                                        odd as I am not sure why it is grayed out. It is only grayed out 1. if you are on the wrong server or 2. you are not a domain admin. Which i assume you are.

                                        Comment


                                          #80
                                          Re: Anyone Experienced with Server 2003 TS & AD ?

                                          Sent you a PM.

                                          T
                                          veritas odium parit

                                          Comment

                                          Working...
                                          X