Just a quick post on something that was not immediately obvious when it happened to me.
When deploying vCSA 5.5 and trying to add it to the domain, I was presented with the following error.
I immediately did all the all the usual checks, making sure it had a static IP and correct DNS servers etc..
The one thing missing however was a FQDN for the hostname (in the network tab).
This is the second article in a series of vSphere Security articles that I have planned. The majority of this article is based on vSphere/ESXi 5.1, though I will include any 5.5 information that I find relevant. The first article in this series was vSphere Security: Understanding ESXi 5.x Lockdown Mode.
Why would you want to join an ESXi host to an Active Directory domain? Well you’re not going to get Group Policies applying, what you’re really doing is adding another authentication provider directly to the ESXi host.
It’s a fairly common requirement – setting up a guest WiFi network that is secure from the rest of your LAN. You need a secure WLAN access for the domain laptops which has full access to the Server and Client VLANs, but you also need a guest WLAN for visitors to the office which only allows internet access. Since the budget is limited, this must all be accomplished via a single Access Point – for this article, the access point is a Cisco WAP4410N.
vMA is available as a Virtual Appliance (OVF) from VMware. To install it on VMware Workstation 7, open Workstation and select Import or Export to import a new OVF, the URL for the latest OVF for vMA is on the vMA download page
As per this article on virtualkenneth.com, you need to edit the VMX file to change the SCSI card and OS type, otherwise you’ll have a kernel panic on boot.
I logged onto a production domain controller this morning and checked the event logs to be confronted with this:
Event ID 1030 and 1058 every 5 minutes, looking into the detail for these events I can see its a replication issue for one of the GPOs.
Event Type: Error Event Source: Userenv Event Category: None Event ID: 1030 Date: 29/03/2010 Time: 04:01:29 User: NT AUTHORITY\SYSTEM Computer: DC01 Description: Windows cannot query for the list of Group Policy objects.
I recently resolved an ongoing DNS issue where the Active Directory Integrated DNS was loaded in both the Domain and the DomainDNSZones partition of AD - this is a separate issue and should be resolved differently. My problem when I tried to verify that the fixed DNS setup had propogated around my domain controllers, DC01 and DC02. DC01 kept failing “DCDIAG /TEST:DNS” with errors regarding the root hint servers. Googling about it was clear that a lot of people were suffering the same issue, but no article I read had correctly identified the solution.
I recently had an issue where a hosting environment was registering a lot of Netlogon Event 1030/1058 issues, being unable to find the Group Policy objects or download them. In this example, the server DC is the domain controller for DOMAIN.LCL.
_Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
User: NT AUTHORITY\SYSTEM
Windows cannot query for the list of Group Policy objects.
We have a folder redirection policy in place for all of our users in combination with a roaming profile policy - this policy is applied to the OU that contains our users. Unfortunately this policy was accidently linked to the root of our domain too, causing our Domain Admin users to be redirected too - something we do not want. When the mistake was discovered, the policy was unlinked, but the redirection remained (despite being set to revert when users fall out of scope).
Well, I’ve been away with my friends at Firebrand again and guess what…MCSE Windows Server 2003!
70-293 Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure 70-298 Designing Security for a Microsoft Windows Server 2003 Network
I was adding a shiny new domain controller to my server farm earlier today, we have just two Windows 2000 SP4 domain controllers on old kit and they are due to retire. With the hardware selected, purchased and a fresh copy of Windows Server 2003 R2 installed, I set to installing Active Directory. DCPromo.exe fires up and I go through the configuration steps until… "The Active Directory Installation Wizard cannot continue because the forest is not prepared for installing Windows Server 2003.