[NTSysADM] SMB Signing Mystery

2016-05-16 Thread Charles F Sullivan 
In troubleshooting a CIFS/SMB issue, I am trying to configure SMB signing
to cause a failed connection.

-  On the server (Windows 2012 domain member), I have SMB signing
disabled. Server – Digitally Sign Communications (always): Disabled |
Digitally Sign Communications (if client agrees): Disabled

-  On the client (Windows 7 non-domain member), I have SMB signing
required. Client – Digitally Sign Communications (always): Enabled |
Digitally Sign Communications (if server agrees): Enabled



I did remember to reboot after making any changes to these settings.



When I type \\fileserver  from the client, I get
prompted for credentials, enter the credentials and make a successful
connection. The account has write access and I’m able to copy a file to the
share, delete, etc. Does anyone know why this would succeed?



Charlie Sullivan

Sr. Windows Systems Administrator

Boston College

197 Foster St. Room 367

Brighton, MA 02135

Re: [NTSysADM] SMB Signing Mystery

2016-05-16 Thread Nathan Shelby 
When the client connects in this situation you are creating a signed
session.

Microsoft has a blog post explaining the effects of the GPOs on SMB signing
that explain the behavior your seeing:

https://blogs.technet.microsoft.com/josebda/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2/



Nathan Shelby
Director of Information Technology – Quote Wizard 
nshe...@qw-corp.com / 206-753-2626
Malo Periculosam Libertatem Quam Quietum Servitium

On Mon, May 16, 2016 at 7:01 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:

> In troubleshooting a CIFS/SMB issue, I am trying to configure SMB signing
> to cause a failed connection.
>
> -  On the server (Windows 2012 domain member), I have SMB signing
> disabled. Server – Digitally Sign Communications (always): Disabled |
> Digitally Sign Communications (if client agrees): Disabled
>
> -  On the client (Windows 7 non-domain member), I have SMB
> signing required. Client – Digitally Sign Communications (always): Enabled
> | Digitally Sign Communications (if server agrees): Enabled
>
>
>
> I did remember to reboot after making any changes to these settings.
>
>
>
> When I type \\fileserver from the client, I get prompted for credentials,
> enter the credentials and make a successful connection. The account has
> write access and I’m able to copy a file to the share, delete, etc. Does
> anyone know why this would succeed?
>
>
>
> Charlie Sullivan
>
> Sr. Windows Systems Administrator
>
> Boston College
>
> 197 Foster St. Room 367
>
> Brighton, MA 02135
>
>
>

[NTSysADM] Server loses it's activation?

2016-05-16 Thread David McSpadden 
I have had 2 servers in the past 3 months loose there activation and then I can 
not reactivate them.
I rebuilt the first one but this second one is already in production.

Talking to licensing at Microsoft for an hour and all they kept trying to do is 
run slui 4 but it just sits and spins.
Ran the MSG tools and got validation code 6.
Ran chkdisk c:
Ran sfc /scannow
No bad files.
Sppsvc is not running and I get access denied when trying to start it up.
This is a server 2012 r2 standard.

Can I run a repair on the OS and that will fix it?
Or am I screwed?

Both these servers have the same third party software.  I am thinking something 
of theirs is screwing up the activation but I just can't tell.



David McSpadden
System Administrator
Indiana Members Credit Union
P: 317.554.8190
[Description: Description: imcu email icon]  [Description: 
Description: facebook email icon]    
[Description: Description: twitter email icon] 


[Description: Description: email logo]
[http://www.amuletsolutions.com/images/mcp.gif]

This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.

Please consider the environment before printing this email.

[NTSysADM] badPwdCount clarification

2016-05-16 Thread Christopher Bodnar 
Can someone clarify this for me, a little confused on this.

Let's say I have 4 domain controllers (all 2008 R2) in a single site (PDCE1, 
DC2, DC3, DC4). And let's say account lockout is set to 5, and there are no 
RODCs in the environment. Here are the various badPwdCount values on the domain 
controllers for a test account:

PDCe1=1
DC2=2
DC3=1
DC4=1

If the test account enters another bad password, the logon sever that services 
the request (say DC2) will increment by 1, as well as the PDCe1. So the new 
values will be:

PDCe1=2
DC2=3
DC3=1
DC4=1

Is this correct so far? And if so, at the next attempt the account enters a 
valid password, again to DC2, the new values will be:

PDCe1=0
DC2=0
DC3=0
DC4=0

Or will they be:

PDCe1=0
DC2=0
DC3=1
DC4=1

So should the value get reset on all domain controllers, or just the PDCE and 
the DC servicing the request?

Thank you,




Christopher Bodnar
Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture 
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com


[cid:image001.png@01D1326B.600058E0]

The Guardian Life Insurance Company of America

www.guardianlife.com





-
This message, and any attachments to it, may contain information that is 
privileged, confidential, and exempt from disclosure under applicable law.  If 
the reader of this message is not the intended recipient, you are notified that 
any use, dissemination, distribution, copying, or communication of this message 
is strictly prohibited.  If you have received this message in error, please 
notify the sender immediately by return e-mail and delete the message and any 
attachments.  Thank you.

RE: [NTSysADM] SMB Signing Mystery

2016-05-16 Thread Charles F Sullivan 
Thanks much. That’s what I was looking for.



Basically, there is no negotiation in Vista and later. For either SMB1 or
2, signing will always happen if either server or client requires it, even
if the other party has it disabled.



I like that better than the Windows 2003 model, even though that was more
intuitive.



*From:* listsad...@lists.myitforum.com [mailto:
listsad...@lists.myitforum.com] *On Behalf Of *Nathan Shelby
*Sent:* Monday, May 16, 2016 10:31 AM
*To:* ntsysadm@lists.myitforum.com
*Subject:* Re: [NTSysADM] SMB Signing Mystery



When the client connects in this situation you are creating a signed
session.



Microsoft has a blog post explaining the effects of the GPOs on SMB signing
that explain the behavior your seeing:



https://blogs.technet.microsoft.com/josebda/2010/12/01/the-basics-of-smb-signing-covering-both-smb1-and-smb2/






Nathan Shelby
Director of Information Technology – Quote Wizard 
nshe...@qw-corp.com / 206-753-2626
Malo Periculosam Libertatem Quam Quietum Servitium



On Mon, May 16, 2016 at 7:01 AM, Charles F Sullivan <
charles.sulliva...@bc.edu> wrote:

In troubleshooting a CIFS/SMB issue, I am trying to configure SMB signing
to cause a failed connection.

-  On the server (Windows 2012 domain member), I have SMB signing
disabled. Server – Digitally Sign Communications (always): Disabled |
Digitally Sign Communications (if client agrees): Disabled

-  On the client (Windows 7 non-domain member), I have SMB signing
required. Client – Digitally Sign Communications (always): Enabled |
Digitally Sign Communications (if server agrees): Enabled



I did remember to reboot after making any changes to these settings.



When I type \\fileserver  from the client, I get
prompted for credentials, enter the credentials and make a successful
connection. The account has write access and I’m able to copy a file to the
share, delete, etc. Does anyone know why this would succeed?



Charlie Sullivan

Sr. Windows Systems Administrator

Boston College

197 Foster St. Room 367

Brighton, MA 02135

Re: [NTSysADM] badPwdCount clarification

2016-05-16 Thread Micheal Espinola Jr 
I believe this wiki article breaks it down granularly enough to answer your
questions:

http://social.technet.microsoft.com/wiki/contents/articles/32490.active-directory-bad-passwords-and-account-lockout.aspx

--
Espi


On Mon, May 16, 2016 at 12:04 PM, Christopher Bodnar <
christopher_bod...@glic.com> wrote:

> Can someone clarify this for me, a little confused on this.
>
>
>
> Let’s say I have 4 domain controllers (all 2008 R2) in a single site
> (PDCE1, DC2, DC3, DC4). And let’s say account lockout is set to 5, and
> there are no RODCs in the environment. Here are the various badPwdCount
> values on the domain controllers for a test account:
>
>
>
> PDCe1=1
>
> DC2=2
>
> DC3=1
>
> DC4=1
>
>
>
> If the test account enters another bad password, the logon sever that
> services the request (say DC2) will increment by 1, as well as the PDCe1.
> So the new values will be:
>
>
>
> PDCe1=2
>
> DC2=3
>
> DC3=1
>
> DC4=1
>
> Is this correct so far? And if so, at the next attempt the account enters
> a valid password, again to DC2, the new values will be:
>
>
>
> PDCe1=0
>
> DC2=0
>
> DC3=0
>
> DC4=0
>
>
>
> Or will they be:
>
>
>
> PDCe1=0
>
> DC2=0
>
> DC3=1
>
> DC4=1
>
>
>
> So should the value get reset on all domain controllers, or just the PDCE
> and the DC servicing the request?
>
>
>
> Thank you,
>
>
>
>
>
>
>
>
>
> *Christopher Bodnar*
> Enterprise Architect II, Corporate Office of Technology:Enterprise
> Architecture and Engineering Services
>
> Tel 610-807-6459
> 3900 Burgess Place, Bethlehem, PA 18017
> christopher_bod...@glic.com
>
> [image: cid:image001.png@01D1326B.600058E0]
>
> * The Guardian Life Insurance Company of America*
>
> * www.guardianlife.com *
>
>
>
>
>
> --
> - This message, and any
> attachments to it, may contain information that is privileged,
> confidential, and exempt from disclosure under applicable law. If the
> reader of this message is not the intended recipient, you are notified that
> any use, dissemination, distribution, copying, or communication of this
> message is strictly prohibited. If you have received this message in error,
> please notify the sender immediately by return e-mail and delete the
> message and any attachments. Thank you.
>
>

Re: [NTSysADM] A New Choice in Webster’s Life

2016-05-16 Thread Andrew S. Baker 
Congrats, my friend. That looks like a good gig, you've found there.
I never thought you would give up the wayfarers (er, consultant's) life…

Regards,




ASB
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…

GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A










Sent with Mixmax





On Fri, May 13, 2016 12:09 PM, Webster webs...@carlwebster.com wrote:
Thought some of you might like to know this.



http://carlwebster.com/new-choice-websters-life/



Thanks





Webster

Re: [NTSysADM] badPwdCount clarification

2016-05-16 Thread Andrew S. Baker 
Thanks, Micheal. That's an awesome article.
Regards,




ASB
http://XeeMe.com/AndrewBaker

Providing Expert Technology Consulting Services for the SMB market…

GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A










Sent with Mixmax





On Mon, May 16, 2016 4:54 PM, Micheal Espinola Jr michealespin...@gmail.com 
wrote:
I believe this wiki article breaks it down granularly enough to answer your
questions:

http://social.technet.microsoft.com/wiki/contents/articles/32490.active-directory-bad-passwords-and-account-lockout.aspx

--
Espi

On Mon, May 16, 2016 at 12:04 PM, Christopher Bodnar < 
christopher_bod...@glic.com > wrote:
Can someone clarify this for me, a little confused on this.



Let’s say I have 4 domain controllers (all 2008 R2) in a single site (PDCE1,
DC2, DC3, DC4). And let’s say account lockout is set to 5, and there are no
RODCs in the environment. Here are the various badPwdCount values on the domain
controllers for a test account:



PDCe1=1

DC2=2

DC3=1

DC4=1



If the test account enters another bad password, the logon sever that services
the request (say DC2) will increment by 1, as well as the PDCe1. So the new
values will be:



PDCe1=2

DC2=3

DC3=1

DC4=1



Is this correct so far? And if so, at the next attempt the account enters a
valid password, again to DC2, the new values will be:



PDCe1=0

DC2=0

DC3=0

DC4=0



Or will they be:



PDCe1=0

DC2=0

DC3=1

DC4=1



So should the value get reset on all domain controllers, or just the PDCE and
the DC servicing the request?



Thank you,









Christopher Bodnar
Enterprise Architect II, Corporate Office of Technology:Enterprise Architecture
and Engineering Services

Tel 610-807-6459
3900 Burgess Place, Bethlehem, PA 18017
christopher_bod...@glic.com





The Guardian Life Insurance Company of America

www.guardianlife.com










- This message, and any attachments to
it, may contain information that is privileged, confidential, and exempt from
disclosure under applicable law. If the reader of this message is not the
intended recipient, you are notified that any use, dissemination, distribution,
copying, or communication of this message is strictly prohibited. If you have
received this message in error, please notify the sender immediately by return
e-mail and delete the message and any attachments. Thank you.

RE: [NTSysADM] A New Choice in Webster’s Life

2016-05-16 Thread Webster 
Me neither but they made me an offer my wife said I better not turn down! ☺

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Andrew S. Baker
Sent: Monday, May 16, 2016 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] A New Choice in Webster’s Life

Congrats, my friend.   That looks like a good gig, you've found there.

I never thought you would give up the wayfarers (er, consultant's) life… 
[simple_smile]



Regards,

 ASB
 http://XeeMe.com/AndrewBaker

 Providing Expert Technology Consulting Services for the SMB market…

 GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A



Sent with 
Mixmax
[https://app.mixmax.com/api/track/v2/JS3qOJ4gfE3EWQFel/gIt92YuwWah12ZAVmbvpnYzFmI/i02bj5Sb1J3bmRXa51mLzR3cpxGQtRWYzl3c05mI]






On Fri, May 13, 2016 12:09 PM, Webster 
webs...@carlwebster.com wrote:

Thought some of you might like to know this.



http://carlwebster.com/new-choice-websters-life/



Thanks





Webster

RE: [NTSysADM] A New Choice in Webster’s Life

2016-05-16 Thread James Rankin 
Ask your new employers if you can come to BriForum London on Thursday then as 
part of your “onboarding”

I will buy all the ginger ale, they can pick up the flight costs ;-)

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Webster
Sent: 16 May 2016 22:24
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A New Choice in Webster’s Life

Me neither but they made me an offer my wife said I better not turn down! ☺

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker
Sent: Monday, May 16, 2016 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] A New Choice in Webster’s Life

Congrats, my friend.   That looks like a good gig, you've found there.

I never thought you would give up the wayfarers (er, consultant's) life… 
[simple_smile]



Regards,

 ASB
 http://XeeMe.com/AndrewBaker

 Providing Expert Technology Consulting Services for the SMB market…

 GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A



Sent with 
Mixmax
[https://app.mixmax.com/api/track/v2/JS3qOJ4gfE3EWQFel/gIt92YuwWah12ZAVmbvpnYzFmI/i02bj5Sb1J3bmRXa51mLzR3cpxGQtRWYzl3c05mI]






On Fri, May 13, 2016 12:09 PM, Webster 
webs...@carlwebster.com wrote:

Thought some of you might like to know this.



http://carlwebster.com/new-choice-websters-life/



Thanks





Webster

RE: [NTSysADM] A New Choice in Webster’s Life

2016-05-16 Thread Webster 
Well I don’t start until the 23rd and I am in Phoenix working a designing a new 
AD since they have been ordered to rename their root domain.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Monday, May 16, 2016 2:50 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A New Choice in Webster’s Life

Ask your new employers if you can come to BriForum London on Thursday then as 
part of your “onboarding”

I will buy all the ginger ale, they can pick up the flight costs ;-)

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: 16 May 2016 22:24
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A New Choice in Webster’s Life

Me neither but they made me an offer my wife said I better not turn down! ☺

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker
Sent: Monday, May 16, 2016 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] A New Choice in Webster’s Life

Congrats, my friend.   That looks like a good gig, you've found there.

I never thought you would give up the wayfarers (er, consultant's) life… 
[simple_smile]



Regards,

 ASB
 http://XeeMe.com/AndrewBaker

 Providing Expert Technology Consulting Services for the SMB market…

 GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A



Sent with 
Mixmax







On Fri, May 13, 2016 12:09 PM, Webster 
webs...@carlwebster.com wrote:

Thought some of you might like to know this.



http://carlwebster.com/new-choice-websters-life/



Thanks





Webster

Re: [NTSysADM] A New Choice in Webster’s Life

2016-05-16 Thread James Rankin 
Ah, shame...I am giving your wonderful scripts an honorary mention in my first 
session.



Sent from my slightly schizophrenic, but rather cool, BlackBerry Android
From:webs...@carlwebster.com
Sent:16 May 2016 11:27 p.m.
To:ntsysadm@lists.myitforum.com
Reply to:ntsysadm@lists.myitforum.com
Subject:RE: [NTSysADM] A New Choice in Webster’s Life


Well I don’t start until the 23rd and I am in Phoenix working a designing a new 
AD since they have been ordered to rename their root domain.

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of James Rankin
Sent: Monday, May 16, 2016 2:50 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A New Choice in Webster’s Life

Ask your new employers if you can come to BriForum London on Thursday then as 
part of your “onboarding”

I will buy all the ginger ale, they can pick up the flight costs ;-)

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Webster
Sent: 16 May 2016 22:24
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] A New Choice in Webster’s Life

Me neither but they made me an offer my wife said I better not turn down! :)

From: listsad...@lists.myitforum.com 
[mailto:listsad...@lists.myitforum.com] On Behalf Of Andrew S. Baker
Sent: Monday, May 16, 2016 2:18 PM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] A New Choice in Webster’s Life

Congrats, my friend.   That looks like a good gig, you've found there.

I never thought you would give up the wayfarers (er, consultant's) life… 
[simple_smile]



Regards,

 ASB
 http://XeeMe.com/AndrewBaker

 Providing Expert Technology Consulting Services for the SMB market…

 GPG: 1AF3 EEC3 7C3C E88E B0EF 4319 8F28 A483 A182 EF3A



Sent with 
Mixmax







On Fri, May 13, 2016 12:09 PM, Webster 
webs...@carlwebster.com wrote:

Thought some of you might like to know this.



http://carlwebster.com/new-choice-websters-life/



Thanks





Webster

[NTSysADM] Windows7/10 mapped drive disconnects

2016-05-16 Thread Poppy Lochridge 
Greetings,

We have a client organization who's experiencing a problem none of us have seen 
before.

They have a new fileserver - Windows 2012 R2 - and drives mapped via GPO.
As users are working, their mapped drives periodically disconnect - drive icon 
acquires the red "X" and any database programs open (including accounting) 
starts tossing out errors, forcing them to close the databases to continue.
Most of the time, if they just open the mapped drive, Windows reconnects and 
they can re-open what they were working on. Occasionally, they instead get the 
error indicating that the device is in use. Very similar to the old issue 
documented in https://support.microsoft.com/en-us/kb/297684

This wasn't happening on their old server - a Windows SBS 2008 system. It's not 
been a smooth migration - we're still pulling services off of the old system 
and trying to get it decommissioned without taking them down. It also isn't 
happening on any other network we're aware of - not ours, nor any other clients 
with similar combinations of systems.

We've implemented the "autodisconnect" setting, but it isn't resolving the 
problem. Wondering if anyone here is encountered something similar?

--P

Poppy Lochridge
Senior Technology Consultant
NetCorps
1245 Pearl Street
Eugene, OR 97401
541-465-1127 x104

po...@netcorps.org
http://www.netcorps.org

Re: [NTSysADM] Windows7/10 mapped drive disconnects

2016-05-16 Thread Susan Bradley 
Fellow consultant/buddy of mine is experiencing likewise on a RDS 
server.  He has a case opened up.  Hang loose while I check with him 
what's up.



On 5/16/2016 5:51 PM, Poppy Lochridge wrote:


Greetings,

We have a client organization who’s experiencing a problem none of us 
have seen before.


They have a new fileserver – Windows 2012 R2 – and drives mapped via GPO.

As users are working, their mapped drives periodically disconnect – 
drive icon acquires the red “X” and any database programs open 
(including accounting) starts tossing out errors, forcing them to 
close the databases to continue.


Most of the time, if they just open the mapped drive, Windows 
reconnects and they can re-open what they were working on. 
Occasionally, they instead get the error indicating that the device is 
in use. Very similar to the old issue documented in 
https://support.microsoft.com/en-us/kb/297684


This wasn’t happening on their old server – a Windows SBS 2008 system. 
It’s not been a smooth migration – we’re still pulling services off of 
the old system and trying to get it decommissioned without taking them 
down. It also isn’t happening on any other network we’re aware of – 
not ours, nor any other clients with similar combinations of systems.


We’ve implemented the “autodisconnect” setting, but it isn’t resolving 
the problem. Wondering if anyone here is encountered something similar?


--P

Poppy Lochridge

Senior Technology Consultant

NetCorps

1245 Pearl Street

Eugene, OR 97401

541-465-1127 x104

po...@netcorps.org 

http://www.netcorps.org