ADFS Server Updatepassword 407 Error
Hi fellow tech community participants, I have an ADFS Server (Windows Server 2016) which has recently started to throw errors when trying to use https://adfs.contoso.com/adfs/portal/updatepassword to change a user password. The user is getting a message like "user id or password is incorrect even though the username and password are correct. In the Eventlog of the ADFS I can see a 407 Error with the following content: Password change failed for following user: Additional Data User: user@domain.com Server on which password change was attempted: Error details: UserNotFound What bothers me the most is that there seems to be no server on whicht the change was attempted. Using nltest I get the following output: C:\Windows\system32>nltest /DsGetDc:contoso.com /pdc Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN I can ping the PDC just fine and I can see that it tried using that server 3 days ago when someone entered a wrong password in the change password dialog. Does anyone know how to resolve this? Regards Carste
Physical Windows 2016 server crashed after patching
After Patching a physical Windows 2016 server, reboot and stuck at loading screen with error "Fatal Error C0000034 Applying Update Operation". I following many suggestions online, but nothing seems to be working. Now the server is looping and stuck at same screen but without error code anymore. I also tried to do an upgrade to Windows server 2019, but it won't allow me to do upgrade from iLO mount ISO, need to be able to boot into Windows to do upgrade. Any suggestions? I tried to find Microsoft support number to call for help but can't find any. Anyone know what is going on with the server? or how to fix it?
Windows Servers Uptime Report using PowerShell
Hi Folks, A customer has mix of Windows servers (2012, 2016, 2019) on-premises environment. Customer needs to generate a report via PowerShell about the availability of servers. During my search I found a script on this link and its modified version is attached. Please note, this script reads windows events and based on that produces result. There is a problem where I need help, this script doesn't run against list of servers via a CSV file or a text file and we suspect it is not producing correct result. Can somebody please review this script and help us with the right syntax or what is missing here? Thanks in advance.ADCS Notification bug in Server manager
Hi, i'm coming here for some help on the server manager. Has anyone ever had a persistent notification problem on the server manager after a role deployment despite the correct configuration of the role in question? And did you find a solution to remove the notification? On my side, I have a problem with an ADCS that has been installed, configured, ... But a notification asks us to configure the role, and it is already configured. We've set up : Certification Authority Certification Enrollment Policy Web Service I tried to edit a registry key : Set-ItemProperty ` –Path registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\Roles\16 ` –Name ConfigurationState ` –Value 2 But nothing happened, same with a reboot. I find that we could uninstall and reinstall the role but that's not really a solution because the ADCS is actually in production. Does anyone have any idea ? env: Windows Server 2016 up to date
Remote App strange behavior with saved credentials
This problem has confused me for awhile now, and I haven't been able to find any solution. I'm not sure if this is an issue with the mstsc.exe on the client, or if it's an issues server side at this point. The bottom line issue, is that the "Remember me" checkbox for the remote app credentials will stop showing up, preventing the user from saving his or her credentials for the remote app connection. So, here's the scenario. I have a Windows Server 2016 environment, with it's own domain that provides access to applications to remote clients via Remote App services. Joining the clients to the domain isn't an option. We have a publicly trusted certificate deployed in our Remote App servers. When we setup a client machine, we do so through the Remote App and Desktop Connections control panel app, and enter the RDweb url. The client machines are a mix of Windows 7 machines to Windows 10. When we give the users their credentials, it's always in the format of <username>@<domain name> not <domain name>\<username> When we initially setup the client machine, usually the user will save his credentials. Which is fine. However, when their password expires, or when they want to change it through the web interface, things get weird. When everything is working fine, in the windows credential manager there are two entries, both in the Windows Credentials section. 1) <public FQDN of remote app collection> with the username in the format of <username>@domainname> 2) TERMSRV/<public FQDN of remote app collection> with the username in the format of <username>@domainname> When the users change their passwords via the RDWeb portal page, obviously it doesn't update their saved credentials. The expectation would be that the remote desktop client would prompt them for their new password, with the option to save it, as how it was when it was originally setup. And this is what happens, some times. They get prompted for their password, with a screen that shows them their username in the <domain>\<username> format, with the remember me box. Eventually though, it will break. And this is 100% repeatable by changing the password on the AD side, and trying to conenct again from the client. At some point, one of those times they change their password, they will be prompted for their new password with a credential screen with no remember me box. When it does this. if you look in the credential manager, there will be 3 entries. Windows Credentials: TERMSRV/<RDSessionHost FQDN> with username in <domain name>\<username> format TERMSRV/<public FQDN of remote app collection> with the username in the format of <username>@domainname> Generic Credentials: TERMSRV/<public FQDN of remote app collection> with username in <domain name>\<username> format After this happens, the users will never get the remember me box again, unless they completely delete the session from their control panel, and re-add it. Manually fixing the credentials in the credential manager to make them match how they were when it was working fine works temporarily, but will break again next time they reboot their computer, or the session disconnects from the servers. I’m not sure what to do with this next. If anyone has any ideas, it'd be greatly appriciated.
Problem with in-place upgrade of windows server 2016 to 2022
Hello, I am having issues while trying to upgrade the servers. We have two Windows Server 2016 Domain Controllers. AD, DNS, NPAS roles are installed on the DCs. I have built a new 2022 Server. I was trying to upgrade the schema by running ADprep /forestprep and ADprep /domainprep on Primary DC that holds the schema master role. I am constantly getting this error. I have tried everything and checked all the permissions. Here is the output of my ADprep execution: PS D:\support\adprep> .\adprep.exe /forestprep ADPREP WARNING: Before running adprep, all Windows Active Directory Domain Controllers in the forest must run Windows Server 2003 or later. You are about to upgrade the schema for the Active Directory forest named 'amii.ca', using the Active Directory domain controller (schema master) 'AVMVPRDMFT ADS01.amii.ca'. This operation cannot be reversed after it completes. [User Action] If all domain controllers in the forest run Windows Server 2003 or later and you want to upgrade the schema, confirm by typing 'C' and then press ENTER to co ntinue. Otherwise, type any other key and press ENTER to quit. C Current Schema Version is 87 Upgrading schema to version 88 Verifying file signature Connecting to "AVMVPRDMFTADS01.amii.ca" Logging in as current user using SSPI Importing directory from file "D:\support\adprep\sch88.ldf" Loading entries... Add error on entry starting on line 26: Insufficient Rights The server side error is: 0x2098 Insufficient access rights to perform the operation. The extended server error is: 00002098: SecErr: DSID-031514A0, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0 2 entries modified successfully. An error has occurred in the program ERROR: Import from file D:\support\adprep\sch88.ldf failed. Error file is saved in C:\Windows\debug\adprep\logs\20240416200415\ldif.err.88. If the error is "Insufficient Rights" (Ldap error code 50), please make sure the specified user has rights to read/write objects in the schema and configurat ion containers, or log off and log in as an user with these rights and rerun forestprep. In most cases, being a member of both Schema Admins and Enterprise A dmins is sufficient to run forestprep. Adprep was unable to upgrade the schema on the schema master. [Status/Consequence] The schema will not be restored to its original state. [User Action] Check the Ldif.err log file in the C:\Windows\debug\adprep\logs\20240416200415 directory for detailed information. Adprep was unable to update forest information. [Status/Consequence] Adprep requires access to existing forest-wide information from the schema master in order to complete this operation. [User Action] Check the log file, ADPrep.log, in the C:\Windows\debug\adprep\logs\20240416200415 directory for more information. Please advise. Thank you
