Microsoft will release security update in March 2020 for all supported Windows platforms that will enable LDAP channel binding and LDAP signing on Active Directory servers by default. The DC will reject Simple Authentication and Security Layer (SASL) LDAP binds that do not request signing (integrity verification) or to reject LDAP simple binds that are…
Author: Hanson
After upgraded the SCCM server got upgrade to a new version, I found some computer upgrade failed after I used the client push installation. The log file showed the authentication error. A client push installation account must be specified that has administrative rights to the intended client computer. So the task is how to check…
I finally finished the project which raised the Active Directory domain and forest functional level from Windows 2008 R2 to Windows Server 2016. It’s time to log the steps and issue I met during the long journey. The prerequisite of raise AD functional level to Windows server 2016 is that there is no any DC…
After I deployed security updates via SCCM server, I found some servers couldn’t find the updates. On the SCCM server console, I also saw some servers have no client installed, but I clearly knew I installed them recently. These servers were virtual machines created by other technician in last 2 or 3 months. I remembered…
My admin account got locked out again. I thought I fixed this issue and posted an article at http://www.itreliable.com/wp/its-really-odd-ad-admin-account-got-locked-by-configuration-manager-health-evaluation-job/ But something still caused the issue, not as often as it was. I checked the time it happened and I found this event in the Event Viewer. Subject: Security ID: S-1-5-18 Account Name: DC201$ Account Domain: AD Logon…
Install-WindowsFeature –Name GPMC Run this PowerShell command will install the GPMC on a Windows Server 2016 member server allowing you to edit Group Policy objects without logging into a Domain Controller.
Since last week, I could not connect to 2 remote desktop servers which are in a different city. The error message was “Remote Desktop can’t connect to the remote computer for one of these reasons:” With many years experience, I could tell it’s network related issue. As the issue happening, the servers were still in…
Since last Monday the same admin account got locked every night. Windows Event Messages – — Event 1 of 1: Log Name: Security Source: Microsoft-Windows-Security-Auditing Logged: 03/09/2019 00:35:58 Event ID: 4740 Level: Audit Success User: Computer: ABCDC1.AD.ABC.COM A user account was locked out. Subject: Security ID: S-1-5-18 Account Name: DC201$ Account Domain: AD Logon ID:…
System Center Orchestrator runbook can run PowerShell Script and WMI query to manage remote computer. PowerShell Remoting depends on Windows Remote Management (WinRM), which is Microsoft’s implementation of the WS-Management (WS-Man) protocol. The protocol relies on HTTP or HTTPS and uses the TCP ports 5985 and 5986, respectively. WS-Management encrypts all PowerShell communication even if…
System Center Configuration Manager (SCCM) is a very popular tool to deploy software updates. Usually I can setup a deadline to force the computer to install software updates then reboot automatically. But I have a unique situation that there is another team need to take a long process which includes many maintenance steps to make…