How to Troubleshoot High LSASS.EXE CPU Utilization on an Active Directory Domain Controller
Hi, The CPU utilization is reaching quite high on an AD domain controller which is running on a Windows Server 2012 R2 OS and as per the below link, I have tried to gather the logs to troubleshoot the issue and waited for more than 4 hours but unfortunately, the report didn't get generated. https://support.microsoft.com/en-us/help/2550044/how-to-troubleshoot-high-lsass-exe-cpu-utilization-on-an-active-direct Appreciate your support to eliminate this issue once and for all Thanks in advance
Windows Server 2012R2 NIC Teaming - big problem
Hi, I am in the process of building a new physical backup server, and I would like to team the NIC's in order to double the throughput. I have attempted to configure 2x NIC teams with 2x physical NIC's in each. Team 1 will be for the LAN access for accessing the VM's to backup, and Team 2 will be for the iSCSI network, in order to attach the backup storage directly. I set the teams up as LACP, and then configured the connected switch with LACP port channels using a Cisco Catalyst 9300 switch on the connected ports. This all seemed to work fine initially, and network performance looked good on both NIC teams. I was able to connect the iSCSI volumes and the local LAN was working properly, so everything looked to be working. That was until I rebooted. After a reboot, both the iSCSI and the LAN died. The only way I could recover it was to either shut/no shut the port channel, or disable/re-enable the NIC team, or simply change the IPv4 address around. It simply will not recover from a reboot. Then to add more issues, the connected iSCSI targets became corrupted, and I had to recover the backup targets on another server (VM) using chkdsk /f. I noticed that when I disabled the iSCSI NIC team after one reboot, the LAN NIC team came up all by itself without any reconfiguration. My question is - am I doing this right? I've read that iSCSI is supported and I cant seem to find any issues on behaviour like this being normal in Server 2012 R2. I'm putting it down to some kind of bug at the moment, but it might be the way I've set it up. Is an LACP port channel the way to go here? Thanks 🙂
Windows Server 2012 AD FS SSO from Salesforce
I'm trying to setup SSO in Salesforce by AD FS by following https://help.salesforce.com/articleView?id=identity_provider_examples_3p_adfs.htm&type=5 URL & MC Remedyforce and Single Sign-On. But when I tried to open https://ibl-unisys.ibl-unisys.local/adfs/ls/ This site can’t be reached error occurred. Maybe due to Identity provider issue. When I hit Set-AdfsProperties -EnableIdpInitiatedSignonPage $true in Powershell it give error. Below mentioned snapshot for your reference; Basically i want to connect Salesforce with MS Server 2012 active directory. I perform all steps from BMC documents "BMC Remedyforce and Single Sign-On" Configuring Single Sign-On Using ADFS 2.0 & Configure SSO to Salesforce Using Microsoft AD FS as the Identity Provider but failed to connect with it. Need suggestion. Following are setting & error as well: AcceptableIdentifiers : {} AddProxyAuthorizationRules : exists([Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", Value == "S-1-5-32-544", Issuer =~ "^AD AUTHORITY$"]) => issue(Type = "http://schemas.microsoft.com/authorization/claims/permit", Value = "true"); c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", Issuer =~ "^AD AUTHORITY$" ] => issue(store="_ProxyCredentialStore",types=("http ://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrust ManagerSid({0})", param=c.Value ); c:[Type == "http://schemas.microsoft.com/ws/2008/06/identity/claims/proxytrustid", Issuer =~ "^SELF AUTHORITY$" ] => issue(store="_ProxyCredentialStore",types=("http ://schemas.microsoft.com/authorization/claims/permit"),query="isProxyTrust Provisioned({0})", param=c.Value ); ArtifactDbConnection : Data Source=np:\\.\pipe\microsoft##wid\tsql\query;Initial Catalog=AdfsArtifactStore;Integrated Security=True AuthenticationContextOrder : {urn:oasis:names:tc:SAML:2.0:ac:classes:Password, urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, urn:oasis:names:tc:SAML:2.0:ac:classes:X509...} AutoCertificateRollover : True CertificateCriticalThreshold : 2 CertificateDuration : 365 CertificateGenerationThreshold : 20 CertificatePromotionThreshold : 5 CertificateRolloverInterval : 720 CertificateSharingContainer : CN=9a261be4-fd91-4d09-8043-654210d3673f,CN=ADFS,CN=Microsoft,CN=Program Data,DC=ibl-unisys,DC=local CertificateThresholdMultiplier : 1440 ClientCertRevocationCheck : None ContactPerson : DisplayName : ADFS for Salesforce IntranetUseLocalClaimsProvider : False ExtendedProtectionTokenCheck : Allow FederationPassiveAddress : /adfs/ls/ HostName : Ibl-unisys.ibl-unisys.local HttpPort : 80 HttpsPort : 443 TlsClientPort : 49443 Identifier : http://ibl-unisys.ibl-unisys.local/adfs/services/trust InstalledLanguage : en-US LogLevel : {Errors, Information, Verbose, Warnings} MonitoringInterval : 1440 NetTcpPort : 1501 NtlmOnlySupportedClientAtProxy : False OrganizationInfo : PreventTokenReplays : False ProxyTrustTokenLifetime : 21600 ReplayCacheExpirationInterval : 60 SignedSamlRequestsRequired : False SamlMessageDeliveryWindow : 5 SignSamlAuthnRequests : False SsoLifetime : 480 PersistentSsoLifetimeMins : 10080 KmsiLifetimeMins : 1440 PersistentSsoEnabled : True PersistentSsoCutoffTime : 1/1/0001 12:00:00 AM KmsiEnabled : False LoopDetectionEnabled : True LoopDetectionTimeIntervalInSeconds : 20 LoopDetectionMaximumTokensIssuedInInterval : 5 PasswordValidationDelayInMinutes : 60 SendClientRequestIdAsQueryStringParameter : False WIASupportedUserAgents : {MSAuthHost/1.0/In-Domain, MSIE 6.0, MSIE 7.0, MSIE 8.0...} ExtranetLockoutThreshold : 2147483647 ExtranetLockoutEnabled : False ExtranetObservationWindow : 00:30:00 GlobalRelyingPartyClaimsIssuancePolicy : c:[Type == "http://schemas.microsoft.com/2012/01/devicecontext/claims/isre gistereduser"] => issue(claim = c);c:[Type == "http://schemas.microsoft.com/2012/01/devicecontext/claims/identifier"] => issue(claim = c); PromptLoginFederation : FallbackToProtocolSpecificParameters PromptLoginFallbackAuthenticationType : urn:oasis:names:tc:SAML:1.0:am:passwordWindows server 2012 R2 standard keeps checking for updates
Hi, I've recently upgraded a member server from windows server 2008 R2 to Windows server 2012 R2 and after the upgrading, I tried to run the windows update but the update wizard keeps on checking for updates from the last 3 days. I've first disabled the WU and background intelligent transfer services and deleted all the files and folders in C:\windows\softwaredistribution folder and then enabled the WU & background intelligent transfer services and run the windows update wizard again and the issue still persists
