Troubleshooting Active Directory Replication

In Windows 2003 there was a useful gui tool replmon but they didn’t continue developing and shipping it.

But you can also do it comfortable with the command repadmin. Here the most important commands:
repadmin /showrepl
repadmin /showrepl * /errorsonly
repadmin /showrepl * /csv
repadmin /queue
repadmin /queue DCServerName
repadmin /replsummary

repadmin /syncall DCServerName /APed
* All Partitions Push enterprise distinguished Name
** Pushes all DCs to start the replication

admin on March 3rd 2015 in IT, Windows Server

No Comments »

Windows 2012 R2 Single Sign On with RemoteAPP Web Access

It took me quite long to figure it out to get RemoApp on WebAccess working with “Web Single Sign On”.

Here the steps to get it done:

1. ISS Certificate for https

If you have an internal CA you need to create a certificate for IIS and make sure it is trusted on your client computer to connect via https to:

Certificate can be created or imported here in IIS:
1. Run inetmgr
2. Choose your IIS Server
3. Import or create a certificate in Server Certificates

Follow these steps to activate it in IIS:
1. Run inetmgr
2. Go to IIS Server\Sites\Default Web Site\Bindings\https:
3. Edit Setting and pick there the SSL Certificate

If you have an internal CA and it is already trusted on your client computer then you don’t require to do anything otherwise you need add the Root Certificate into the Trusted Root Certifications Container.

Important: You should also have valid certificates for your connection broker and rdp etc.

2. Change “Form Based Authentication” to SSO
1. Run inetmgr and enable only Windows Authentification in RDWeb Authentication

2. Backup and edit %SYSTEMROOT%\Web\RDWeb\pages\web.config

3. Change Authentification Method (Comment Forms out)
<authentication mode=”Windows”/>
<authentication mode=”Forms”>
<forms loginUrl=”default.aspx” name=”TSWAAuthHttpOnlyCookie” protection=”All” requireSSL=”true” />

4. Change Security Mode (Comment it out)
<windowsAuthentication enabled=”false” />
<anonymousAuthentication enabled=”true” />

4. Backup and edit %SYSTEMROOT%\Web\RDWeb\Pages\en-us\Default.aspx

5. Change to private mode
public bool bShowPublicCheckBox = false, bPrivateMode = true, bRTL = false;

3. IE Security
In my environment it just worked when I didn’t use you the FQDN for my Server in Internet Eplorer. As soon as I used the FQDN it asked me to put in the credentials and to avoid that I made sure that our internal domain is added to the Intranet Zone in Internet Explorer.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List

* with value 1

4. Trusted RDP Connection
Even you can login to the webapage now without beeing prompted you will still get a warning dialog as soon as you click on an icon.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client

And add the thumbprints of the RDP Certificates in “Specify SHA1 thumprints of certificates representing trusted .rdp publishers”

5. Allow Delegation of Default Credentials for RDP
So finally you get a last dialog which will ask yo to put in the credentials. If you don’t like that you can solve it with following GPO.

Create a GPO:
Computer Configuration\Policies\Administrative Templates\System\Credential Delegation\Allow delegation default credentials

And add: TERMSRV/*

admin on February 12th 2015 in IT, Windows Server

No Comments »

Context menu appears slow with right mouse click on desktop on Windows 8.1

When I right clicked on my desktop it took about 30 second until the context menu appeared. I tried to solve it with updating the graphic card drivers but it still didn’t help. Finally I found the solution.

Delete all Graphiccard related entries in the registry:

admin on January 20th 2015 in Windows

No Comments »

How to make a member Domain Controller to the primary Domain Controller in an emergency

So if you can’t recover the Primary Domain Controller then you have no other choice than making a member DC to a PDC. You can seize the roles with ntdsutil.

Run command prompt with domain admin rights:
1. ntdsutil
2. roles
3. connections
4. connect to server MyMemberDC
5. q
6. Seize domain naming master
7. Seize PDC
8. Seize RID master
9. Seize schema master
10. q q
11. dsa.msc

* We don’t seize Infrastructure Master because it should be on another DC where the Global Catalog isn’t installed.
* You can get help in ntdsutil anytime if you just write help and press enter

admin on January 17th 2015 in Windows Server

No Comments »

Google Cardboard – virtual reality cheap for your smartphone

I have always been a big fan of virtual reality but haven’t been following it for a long time. Somewhere on the net I heard about Google Cardboard and I thought i give it a shot. I didn’t have very high expectations because it is made just of carton, lenses and magnets. To my suprise the experience was awesome.

More Info:

What it looks like:
Google Cardboard

admin on January 12th 2015 in Virtual Reality

No Comments »

Run Android Apps on Windows or Mac

There are several software (emulator) to run android apps on your windows or mac computer. I tried so far BlueStacks and Genymotion. BlueStacks made a cluttered and slow impression and Genymotion worked smoothely and fast.

Here you can download Genymotion:

If you want to install Android apps on Genymotion you need to install Google Play Store first. Follow this step by step:
1. Create a virtual device
2. Download the right Google Play Store version
3. Drag&Drop the zip file in the running virtual device
4. Let it install and restart the device
5. Run Google Play Store and run all updates

admin on January 1st 2015 in Mobile

No Comments »

Shows Printer as Offline even you can Ping

Deactivate it in the ports settings SNMP Status Enabled.


admin on July 8th 2014 in IT, Windows, Windows Server

No Comments »

GPO Loopback

Usually the user content of a GPO will be ignored if it is a ou which just hast computers in it. But what to do if you want certain user settings to have them applied to just certain computers. For example for Terminal Servers you might have them more restricted.

To do this you need to activae Loopback:
[Computer Configuration\Administrative Templates\System\Group Policy\User Group Policy loopback processing mode]

There are two modes:
1. Merge
If user settings are already applied they will be used and will be replaced with the new ones in the loopback process.

2. Replace
Ignores all already applied user GPOs und will just use the ones in the loopback process.

admin on July 7th 2014 in IT, Windows

No Comments »

Checking DNS Server in Windows

To check if the DNS Server is working probably you can do so:
server [servername_query_from]

admin on June 27th 2014 in Internet, IT, Windows, Windows Server

No Comments »

Find User’s SID

Run following command:
wmic useraccount get name,sid

admin on June 6th 2014 in IT, Windows, Windows Server

No Comments »

Check out new movies online website. Download and buy movies now.