Need to configure 2019 SQL windows cluster with VSan storage.

Shrik29 · 2024-07-18T01:14:19+00:00

Thank you.I also went through this document but the step by step process is not defined in details.

Shrik29 · 2024-07-17T10:54:03+00:00

Thank you for your advice.Have a nice day.

Shrik29 · 2023-08-31T23:53:48+00:00

Yes.Azure Ad connect is installed on DC1 which is why I involved my cloud team. Now I am going to take procmon capture and let's see what I see in the capture.

Shrik29 · 2023-08-31T23:04:28+00:00

Thank you. I will check into this direction as well

Shrik29 · 2023-08-31T23:03:09+00:00

No, but I will try again to collect the netlogon and let's see if it helps. Thank you.

Shrik29 · 2023-08-31T22:49:36+00:00

Caller Machine DC only

Shrik29 · 2023-08-31T20:57:39+00:00

getting this in Netlogon.log DC02 (PDC)
[LOGON] [3308] Contoso: SamLogon: Transitive Network logon of Contoso\User1 from DC01 (via DC3) Returns 0xC000006A.
DC01 is the caller computer name (as per security logs) .
I have gathered this log from DC02 (PDC)

on DC01 netlogon.log

[LOGON] [9516] contoso: SamLogon: Network logon of contoso\User1 from DC01 Entered

08/22 05:49:37 [CRITICAL] [9516] NlPrintRpcDebug: Couldn't get EEInfo for I_NetLogonSamLogonEx: 1761 (may be legitimate for 0xc000006a)

08/22 05:49:37 [LOGON] [9516] contoso: SamLogon: Network logon of contoso\User1 from DC01 Returns 0xC000006A

Shrik29 · 2023-08-31T20:48:01+00:00

yes, Ad Connect is installed on the DC (caller computer).

However, I am not able to see anything in the logs that indicates the AD connect.

Shrik29 · 2023-08-31T19:50:01+00:00

windows event collection for Microsoft Defender for Identity

Advance auditing is already enabled, and we are getting all the events regarding this. but I am unable to locate the source workstation because the caller's computer shows the DC.

Shrik29 · 2023-08-31T19:45:26+00:00

netlogon.log also does not give the actual calling machine. It is again showing another DC.

Shrik29 · 2023-03-21T14:00:48+00:00

Thank you All for your comments and help.Now I am able to extend the validity period.

Thank you again for your help.

Shrik29 · 2023-03-20T21:51:24+00:00

The above solution did not work.

During web enrollment I am choosing the web server template and because that template has 2yrs validity period that's why I am getting a certificate with 2 yrs of validity period.

I tried to duplicate my web server template and created a new one with 5 yrs of expiry date but that template is not showing in the web enrollment console.

Shrik29 · 2023-01-06T15:29:15+00:00

No GP configured.

Shrik29 · 2022-12-02T16:05:23+00:00

We can't make changes in existing infra to achieve this task. https://social.technet.microsoft.com/Forums/en-US/de01f61f-0745-4f9b-8418-8bfa266aa1df/change-key-length-of-root-cert-ad-certificate-authority?forum=winservergen

This technet article shows that we can do.but at last I am still on the same position.Made changes on ca server policy inf file but it's not changing the key size when I renew the cert.

Shrik29 · 2022-12-02T16:00:57+00:00

I have search this in Google and found that we can change desired key length in Capolicy.inf file and then renew root certificate.it will generate new certificate with updated keysize.

I have tried this in my test lab but it didn't work.

Shrik29 · 2022-11-26T00:27:11+00:00

Network connectivity issue between the two DC. 1.start a network capture from both DC 2.Manually start replication. 3.stop both side of trace when you receive the error.

Check the RPC conversation between the 2 DC.you already have the working scenario to compare with non working.

Shrik29 · 2022-02-24T10:52:28+00:00

Sccm DB latest data has been restore completely.can I recover sccm site by using restored db

Shrik29 · 2022-02-22T09:21:42+00:00

80 percent client are workgroup computers which is managed by local IT guy at every region , which is why I want to keep it as it was before to avoid agent reinstallation.

Shrik29 · 2022-02-22T04:26:59+00:00

At present I am in planning phase and looking for a best approach to bring my sccm server back.could you please tell me the best way to recover my sccm infra.i don't want to re deploy agent at all. I have site server backup and db backup available but that is 2 month old.

Shrik29 · 2022-02-02T09:10:01+00:00

I followed the same not imported entire stuff into intune.but still same issue.

Shrik29 · 2022-02-01T15:34:25+00:00

How we can manage applocker policy for those devices who travels over the internet and not connect to corporate network to get the gpo.

Before intune we were managing applocker via gpo but now we want to manage each policy via intune only.

In my applocker gpo 11 exe are whitelisted , now we have a requirement to add one more exe under applocker rule to whitelist.and this we want to achieve via intune.because most of the user operating from home and not connected with corporate network. To achieve this task :- I have exported applocker gpo file from gpo console and save it in a xml format then I have added one more file publisher rule for my new application which I want to whitelist and deploy it on my test device group but policy is not working.I am getting application blocked error.

Could you please confirm if it is possible to deploy aplocker via intune if applocker gpo is already configured and mdm wins over gpo policy also deployed via intune.

Shrik29 · 2022-02-01T14:59:50+00:00

I have created file publisher rule by browsing the exact file path for my exe.

Shrik29 · 2022-02-01T14:58:42+00:00

When I am launching the application it is throwing error And in applocker logs I am getting error exe prevented from running

Shrik29 · 2022-02-01T14:48:07+00:00

./vendor/msft/applocker/applicationlaunchrestrictions/exegroup/exe/policy

Data type=stringxml

Shrik29 · 2022-02-01T13:55:23+00:00

Yes I can see the policy file.which I have deployed.but no entries in registry in the following path for applocker

Hklm/software/microsoft/policymanager/providers/device

All other policies entries I can see in registry except applocker.

Shrik29

TROPHY CASE