Category Archives: Windows
Printer Migration between 2008 and 2012
To manage the migration process, use one of the following:
- The Printer Migration Wizard, which you access through Print Management, a snap-in in Microsoft Management Console (MMC).
- The Printbrm.exe command-line tool. or Printmig.exe
Before you can start the migration process, you must ensure the Print and Document Services role is installed on the destination server (PRNT-SRV in our case).
1- Backup the source server (our 2008 R2 server) using the Printer Migration Wizard
From our Windows Server 2012 we will use the Print Management console to perform the Migration.
1- Open Server Manager, click Tools, and then click Print Management.
2- Right Click Print Management, and select Migrate Printer
3- Select “Export printer queues and printer drivers to a file” and click Next
4- Provide the Server name from which you want to extract to printer queues and drivers. and click next.
5- Review the list and click Next
6- Provide a location and a file name to save the extracted data and click Next
7- When the export is complete click Finish.
2- Restore printers to the destination server (PRNT-SRV) using the Printer Migration Wizard
1- Right-click Print Management, and then click Migrate Printers to open the Printer Migration Wizard. Select Import printer queues and printer drivers from a file, and then click Next
After selecting the file we created when we exported the Print Queues and drivers, click Next
2- Review the printers to be imported and click Next.
3- Select “This Print Server (\\PRNT-SRV)” if you are running the Print Management console from the target server, or select the appropriate server in your domain by selecting “A print server on the network”
4- Set the import options and click Next
Wen the wizard completes, ensure that you do not have any errors, test the printers,
- View event log messages about the migration.
- Manually check the destination server for each printer migrated from the source server.
- Verify that the printer associated with each printer queue is online
- Confirm that a printer queue’s special settings, permissions, or drivers were preserved during the migration
- Check the properties for each queue on the destination server and verify that any special settings are still applicable.
- If the driver installs any non-standard settings that have been altered as a result of the migration, verify those as well
- Make any necessary changes, such as adding a port monitor or a new driver
If you are using Active Directory Domain Services (AD DS) to publish printers, do not publish printers to AD when you restore printers. This prevents duplicate printers from being displayed by AD DS before the destination server configuration is verified.
On the source server, you must unpublish printers before renaming the source server. To do this, select all printers in the Print Management snap-in, right-click the selected printers, and then click Remove from Directory. This prevents printers from being published twice to AD when the source server is renamed.
After renaming the destination server to the source server’s original name, you can publish all printers on the destination server to AD DS. To do this, select all printers in the Print Management snap-in, right-click the selected printers, and then click List in directory.
Export the DHCP database from a server that is running Microsoft Windows Server 2003 or Windows Server 2008
To move a DHCP database and configuration from a server that is running Windows Server 2003 or Windows Server 2008 to another server that is running Windows Server 2008:
1. Log on to the source DHCP server by using an account that is a member of the local Administrators group.
2. Click Start, click Run, type cmd in the Open box, and then click OK.
3. Type netsh dhcp server export C:dhcp.txt all , and then press ENTER.
Note: You must have local administrator permissions to export the data.
Configure the DHCP server service on the server that is running Windows Server 2008
1. Click Start, click Administrative Tools, click Server Manager. If needed acknowledge User Account Control.
2. In Roles Summary click Add Roles, click Next, check DHCP server, and then click Next.
Import the DHCP database
1. Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section.
2. Copy the exported DHCP database file to the local hard disk of the Windows Server 2008-based computer.
3. Verify that the DHCP service is started on the Windows Server 2008-based computer.
4. Click Start, click Run, type cmd in the Open box, and then click OK.
5. At the command prompt, type netsh dhcp server import c:dhcpdatabase.txt all , and then press ENTER, where c:dhcpdatabase.txt is the full path and file name of the database file that you copied to the server.
Note When you try to export a DHCP database from a Windows 2000/2003 domain controller to a Windows Server 2008 member server of the domain, you may receive the following error message:
Error initializing and reading the service configuration – Access Denied
Note You must have local administrator permissions to import the data.
6. To resolve this issue, add the Windows Server 2008 DHCP server computer to the DHCP Admins group at the Enterprise level and redo steps 4 & 5.
7. If the “access is denied” error message occurs after you add the Windows Server 2008 DCHP server computer to the DHCP Admins group at the Enterprise level that is mentioned in step 6, verify that the user account that is currently used to import belongs to the local Administrators group. If the account does not belong to this group, add the account to that group, or log on as a local administrator to complete the import and redo steps 4 & 5.
Authorize the DHCP server
1. Click Start, point to All Programs, point to Administrative Tools, and then click DHCP.
Note You must be logged on to the server by using an account that is a member of the Administrators group. In an Active Directory domain, you must be logged on to the server by using an account that is a member of the Enterprise Administrators group.
2. In the console tree of the DHCP snap-in, expand the new DHCP server. If there is a red arrow in the lower-right corner of the server object, the server has not yet been authorized.
3. Right-click the server object, and then click Authorize.
4. After several moments, right-click the server again, and then click Refresh. A green arrow indicates that the DHCP server is authorized.
Server 2012 CUI to GUI and Vice-versa
Method #1: Convert Server Core to Full Gui using PowerShell
Get ready to convert Server Core to Full Gui using Windows PowerShell. In order to do this, login to Server core with administrator account and open the PowerShell through opened command prompt. To open PowerShell type “start PowerShell” on command prompt and press enter. The PowerShell will open in a new window. See the screenshot.
Start PowerShell on Server Core
Now convert server core to full Gui using with the following “install-WindowsFeature” PowerShell command.
Fist of all get the name of GUI features with “Get-WindowsFeature *GUI*” command.
Windows GUI Shell
You see the two Graphical Management Tools and Infrastructure and Server Graphical Shell which we need to install it.
Install-WindowsFeature -Name Server-Gui-Mgmt-Infra, Server-Gui-Shell -Source:E:\sources\install.wim
Convert Server Core to Full Gui
The “E:” is the DVD ROM of my computer and the Windows Server 2012 R2 is already in.
OK, when the installing features has finished successfully, restart the server core using “Shutdown -r -t 0” command.
Restart Server Core
After rebooting the system, you will see the Windows Server with full Gui and all necessary graphical management tools.
Convert Server Gui to Server Core
Finally Windows Server with full Gui is here.
Convert Windows Server Full Gui to Server Core
OK, let’s convert Server from full Gui back to Server Core using “Uninstall-WindowsFeature” PowerShell command. We can do it with graphical as well, but the command is easy and you must learn for exam.
Uninstall-WindowsFeature -Name Name Server-Gui-Mgmt-Infra, Server-Gui-Shell -Restart
Uninstall Windwos Feature with PowerShell
The command will uninstall and remove features and convert Server Gui to Server Core. After restarting system, you will see your old Server core with only one opened command prompt.
Method #2: Convert Server Core to Full Gui using DISM
Deployment Image Servicing and Management (DISM.exe) is a command-line tool that can be used to service a Windows image or to prepare a Windows Pre-installation Environment (Windows PE) image. DISM can be used to service a Windows image (.wim) or a virtual hard disk (.vhd or .vhdx). But here we are using DISM to Install Windows Features or convert Server Core to full Gui with DISM.
Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt /Source:E:\sources\install.wim
Convert Server Core to Full Gui using DISM
After installing Windows features with DISM, type “Y” to restart the system.
Remove Windows Features with DISM
To remove the Gui features or Convert Server full Gui back to Server Core, do with the following command.
Dism /online /Disable-feature /featurename:ServerCore-FullServer
Default Port Assignments for Common Services
Port Assignments for Commonly-Used Services
There are many services associated with the Windows 2000 operating system. These services might require more than one TCP or UDP port for the service to be functional. Table C.3 shows the default ports that are used by each service mentioned.
Table C.3 Default Port Assignments for Common Services
| Service Name | UDP | TCP |
|---|---|---|
| Browsing datagram responses of NetBIOS over TCP/IP | 138 | |
| Browsing requests of NetBIOS over TCP/IP | 137 | |
| Client/Server Communication | 135 | |
| Common Internet File System (CIFS) | 445 | 139, 445 |
| Content Replication Service | 560 | |
| Cybercash Administration | 8001 | |
| Cybercash Coin Gateway | 8002 | |
| Cybercash Credit Gateway | 8000 | |
| DCOM (SCM uses udp/tcp to dynamically assign ports for DCOM) | 135 | 135 |
| DHCP client | 67 | |
| DHCP server | 68 | |
| DHCP Manager | 135 | |
| DNS Administration | 139 | |
| DNS client to server lookup (varies) | 53 | 53 |
| Exchange Server 5.0 | ||
| Client Server Communication | 135 | |
| Exchange Administrator | 135 | |
| IMAP | 143 | |
| IMAP (SSL) | 993 | |
| LDAP | 389 | |
| LDAP (SSL) | 636 | |
| MTA – X.400 over TCP/IP | 102 | |
| POP3 | 110 | |
| POP3 (SSL) | 995 | |
| RPC | 135 | |
| SMTP | 25 | |
| NNTP | 119 | |
| NNTP (SSL) | 563 | |
| File shares name lookup | 137 | |
| File shares session | 139 | |
| FTP | 21 | |
| FTP-data | 20 | |
| HTTP | 80 | |
| HTTP-Secure Sockets Layer (SSL) | 443 | |
| Internet Information Services (IIS) | 80 | |
| IMAP | 143 | |
| IMAP (SSL) | 993 | |
| IKE (For more information, see Table C.4) | 500 | |
| IPSec Authentication Header (AH) (For more information, see Table C.4) | ||
| IPSec Encapsulation Security Payload (ESP) (For more information, see Table C.4) | ||
| IRC | 531 | |
| ISPMOD (SBS 2nd tier DNS registration wizard) | 1234 | |
| Kerberos de-multiplexer | 2053 | |
| Kerberos klogin | 543 | |
| Kerberos kpasswd (v5) | 464 | 464 |
| Kerberos krb5 | 88 | 88 |
| Kerberos kshell | 544 | |
| L2TP | 1701 | |
| LDAP | 389 | |
| LDAP (SSL) | 636 | |
| Login Sequence | 137, 138 | 139 |
| Macintosh, File Services (AFP/IP) | 548 | |
| Membership DPA | 568 | |
| Membership MSN | 569 | |
| Microsoft Chat client to server | 6667 | |
| Microsoft Chat server to server | 6665 | |
| Microsoft Message Queue Server | 1801 | 1801 |
| Microsoft Message Queue Server | 3527 | 135, 2101 |
| Microsoft Message Queue Server | 2103, 2105 | |
| MTA – X.400 over TCP/IP | 102 | |
| NetBT datagrams | 138 | |
| NetBT name lookups | 137 | |
| NetBT service sessions | 139 | |
| NetLogon | 138 | |
| NetMeeting Audio Call Control | 1731 | |
| NetMeeting H.323 call setup | 1720 | |
| NetMeeting H.323 streaming RTP over UDP | Dynamic | |
| NetMeeting Internet Locator Server ILS | 389 | |
| NetMeeting RTP audio stream | Dynamic | |
| NetMeeting T.120 | 1503 | |
| NetMeeting User Location Service | 522 | |
| NetMeeting user location service ULS | 522 | |
| Network Load Balancing | 2504 | |
| NNTP | 119 | |
| NNTP (SSL) | 563 | |
| Outlook (see for ports) | ||
| Pass Through Verification | 137, 138 | 139 |
| POP3 | 110 | |
| POP3 (SSL) | 995 | |
| PPTP control | 1723 | |
| PPTP data (see Table C.4) | ||
| Printer sharing name lookup | 137 | |
| Printer sharing session | 139 | |
| Radius accounting (Routing and Remote Access) | 1646 or 1813 | |
| Radius authentication (Routing and Remote Access) | 1645 or 1812 | |
| Remote Install TFTP | 69 | |
| RPC client fixed port session queries | 1500 | |
| RPC client using a fixed port session replication | 2500 | |
| RPC session ports | Dynamic | |
| RPC user manager, service manager, port mapper | 135 | |
| SCM used by DCOM | 135 | 135 |
| SMTP | 25 | |
| SNMP | 161 | |
| SNMP Trap | 162 | |
| SQL Named Pipes encryption over other protocols name lookup | 137 | |
| SQL RPC encryption over other protocols name lookup | 137 | |
| SQL session | 139 | |
| SQL session | 1433 | |
| SQL session | 1024 – 5000 | |
| SQL session mapper | 135 | |
| SQL TCP client name lookup | 53 | 53 |
| Telnet | 23 | |
| Terminal Server | 3389 | |
| UNIX Printing | 515 | |
| WINS Manager | 135 | |
| WINS NetBios over TCP/IP name service | 137 | |
| WINS Proxy | 137 | |
| WINS Registration | 137 | |
| WINS Replication | 42 | |
| X400 | 102 |
Basic vs Dynamic Disks and MBR vs GUID
Basic and Dynamic Disks
Before partitioning a drive or getting information about the partition layout of a drive, you must first understand the features and limitations of basic and dynamic disk storage types.
For the purposes of this topic, the term volume is used to refer to the concept of a disk partition formatted with a valid file system, most commonly NTFS, that is used by the Windows operating system to store files. A volume has a Win32 path name, can be enumerated by the FindFirstVolume and FindNextVolume functions, and usually has a drive letter assigned to it, such as C:. For more information about volumes and file systems, see File Systems.
In this topic:
There are two types of disks when referring to storage types in this context: basic disks and dynamic disks. Note that the storage types discussed here are not the same as physical disks or partition styles, which are related but separate concepts. For example, referring to a basic disk does not imply a particular partition style—the partition style used for the disk under discussion would also need to be specified. For a simplified description of how a basic disk storage type relates to a physical hard disk, see Disk Devices and Partitions.
Basic Disks
Basic disks are the storage types most often used with Windows. The term basic disk refers to a disk that contains partitions, such as primary partitions and logical drives, and these in turn are usually formatted with a file system to become a volume for file storage. Basic disks provide a simple storage solution that can accommodate a useful array of changing storage requirement scenarios. Basic disks also support clustered disks, Institute of Electrical and Electronics Engineers (IEEE) 1394 disks, and universal serial bus (USB) removable drives. For backward compatibility, basic disks usually use the same Master Boot Record (MBR) partition style as the disks used by the Microsoft MS-DOS operating system and all versions of Windows but can also support GUID Partition Table (GPT) partitions on systems that support it. For more information about MBR and GPT partition styles, see the Partition Styles section.
You can add more space to existing primary partitions and logical drives by extending them into adjacent, contiguous unallocated space on the same disk. To extend a basic volume, it must be formatted with the NTFS file system. You can extend a logical drive within contiguous free space in the extended partition that contains it. If you extend a logical drive beyond the free space available in the extended partition, the extended partition grows to contain the logical drive as long as the extended partition is followed by contiguous unallocated space. For more information, see How Basic Disks and Volumes Work.
The following operations can be performed only on basic disks:
- Create and delete primary and extended partitions.
- Create and delete logical drives within an extended partition.
- Format a partition and mark it as active.
Dynamic Disks
Dynamic disks provide features that basic disks do not, such as the ability to create volumes that span multiple disks (spanned and striped volumes) and the ability to create fault-tolerant volumes (mirrored and RAID-5 volumes). Like basic disks, dynamic disks can use the MBR or GPT partition styles on systems that support both. All volumes on dynamic disks are known as dynamic volumes. Dynamic disks offer greater flexibility for volume management because they use a database to track information about dynamic volumes on the disk and about other dynamic disks in the computer. Because each dynamic disk in a computer stores a replica of the dynamic disk database, for example, a corrupted dynamic disk database can repair one dynamic disk by using the database on another dynamic disk. The location of the database is determined by the partition style of the disk. On MBR partitions, the database is contained in the last 1 megabyte (MB) of the disk. On GPT partitions, the database is contained in a 1-MB reserved (hidden) partition.
Dynamic disks are a separate form of volume management that allows volumes to have noncontiguous extents on one or more physical disks. Dynamic disks and volumes rely on the Logical Disk Manager (LDM) and Virtual Disk Service (VDS) and their associated features. These features enable you to perform tasks such as converting basic disks into dynamic disks, and creating fault-tolerant volumes. To encourage the use of dynamic disks, multi-partition volume support was removed from basic disks, and is now exclusively supported on dynamic disks.
The following operations can be performed only on dynamic disks:
- Create and delete simple, spanned, striped, mirrored, and RAID-5 volumes.
- Extend a simple or spanned volume.
- Remove a mirror from a mirrored volume or break the mirrored volume into two volumes.
- Repair mirrored or RAID-5 volumes.
- Reactivate a missing or offline disk.
Another difference between basic and dynamic disks is that dynamic disk volumes can be composed of a set of noncontiguous extents on one or multiple physical disks. By contrast, a volume on a basic disk consists of one set of contiguous extents on a single disk. Because of the location and size of the disk space needed by the LDM database, Windows cannot convert a basic disk to a dynamic disk unless there is at least 1 MB of unused space on the disk.
Regardless of whether the dynamic disks on a system use the MBR or GPT partition style, you can create up to 2,000 dynamic volumes on a system, although the recommended number of dynamic volumes is 32 or less. For details and other considerations about using dynamic disks and volumes, see Dynamic disks and volumes.
For more features of and usage scenarios for dynamic disks, see What Are Dynamic Disks and Volumes?.
The operations common to basic and dynamic disks are the following:
- Support both MBR and GPT partition styles.
- Check disk properties, such as capacity, available free space, and current status.
- View partition properties, such as offset, length, type, and if the partition can be used as the system volume at boot.
- View volume properties, such as size, drive-letter assignment, label, type, Win32 path name, partition type, and file system.
- Establish drive-letter assignments for disk volumes or partitions, and for CD-ROM devices.
- Convert a basic disk to a dynamic disk, or a dynamic disk to a basic disk.
Unless specified otherwise, Windows initially partitions a drive as a basic disk by default. You must explicitly convert a basic disk to a dynamic disk. However, there are disk space considerations that must be accounted for before you attempt to do this. For more information, see How To Convert to Basic and Dynamic Disks in Windows XP Professional.
Partition Styles
Partition styles, also sometimes called partition schemes, is a term that refers to the particular underlying structure of the disk layout and how the partitioning is actually arranged, what the capabilities are, and also what the limitations are. To boot Windows, the BIOS implementations in x86-based and x64-based computers require a basic disk that must contain at least one master boot record (MBR) partition marked as active where information about the Windows operating system (but not necessarily the entire operating system installation) and where information about the partitions on the disk are stored. This information is placed in separate places, and these two places may be located in separate partitions or in a single partition. All other physical disk storage can be set up as various combinations of the two available partition styles, described in the following sections. For more information about other system types, see the TechNet topic on partition styles.
Dynamic disks follow slightly different usage scenarios, as previously outlined, and the way they utilize the two partition styles is affected by that usage. Because dynamic disks are not generally used to contain system boot volumes, this discussion is simplified to exclude special-case scenarios. For more detailed information about partition data block layouts, and basic or dynamic disk usage scenarios related to partition styles, see How Basic Disks and Volumes Work and How Dynamic Disks and Volumes Work.
Master Boot Record
All x86-based and x64-based computers running Windows can use the partition style known as master boot record (MBR). The MBR partition style contains a partition table that describes where the partitions are located on the disk. Because MBR is the only partition style available on x86-based computers prior to Windows Server 2003 with Service Pack 1 (SP1), you do not need to choose this style. It is used automatically.
You can create up to four partitions on a basic disk using the MBR partition scheme: either four primary partitions, or three primary and one extended. The extended partition can contain one or more logical drives. The following figure illustrates an example layout of three primary partitions and one extended partition on a basic disk using MBR. The extended partition contains four extended logical drives within it. The extended partition may or may not be located at the end of the disk, but it is always a single contiguous space for logical drives 1-n.
Each partition, whether primary or extended, can be formatted to be a Windows volume, with a one-to-one correlation of volume-to-partition. In other words, a single partition cannot contain more than a single volume. In this example, there would be a total of seven volumes available to Windows for file storage. An unformatted partition is not available for file storage in Windows.
The dynamic disk MBR layout looks very similar to the basic disk MBR layout, except that only one primary partition is allowed (referred to as the LDM partition), no extended partitioning is allowed, and there is a hidden partition at the end of the disk for the LDM database. For more information on the LDM, see the Dynamic Disks section.
GUID Partition Table
Systems running Windows Server 2003 with SP1 and later can use a partition style known as the globally unique identifier (GUID) partition table (GPT) in addition to the MBR partition style. A basic disk using the GPT partition style can have up to 128 primary partitions, while dynamic disks will have a single LDM partition as with MBR partitioning. Because basic disks using GPT partitioning do not limit you to four partitions, you do not need to create extended partitions or logical drives.
The GPT partition style also has the following properties:
- Allows partitions larger than 2 terabytes.
- Added reliability from replication and cyclic redundancy check (CRC) protection of the partition table.
- Support for additional partition type GUIDs defined by original equipment manufacturers (OEMs), independent software vendors (ISVs), and other operating systems.
The GPT partitioning layout for a basic disk is illustrated in the following figure.
The protective MBR area exists on a GPT partition layout for backward compatibility with disk management utilities that operate on MBR. The GPT header defines the range of logical block addresses that are usable by partition entries. The GPT header also defines its location on the disk, its GUID, and a 32-bit cyclic redundancy check (CRC32) checksum that is used to verify the integrity of the GPT header. Each GUID partition entry begins with a partition type GUID. The 16-byte partition type GUID, which is similar to a System ID in the partition table of an MBR disk, identifies the type of data that the partition contains and identifies how the partition is used, for example if it is a basic disk or a dynamic disk. Note that each GUID partition entry has a backup copy.
Dynamic disk GPT partition layouts looks similar to this basic disk example, but as stated previously have only one LDM partition entry rather than 1-n primary partitions as allowed on basic disks. There is also a hidden LDM database partition with a corresponding GUID partition entry for it. For more information on the LDM, see the Dynamic Disks section.
Detecting the Type of Disk
There is no specific function to programmatically detect the type of disk a particular file or directory is located on. There is an indirect method.
First, call GetVolumePathName. Then, call CreateFile to open the volume using the path. Next, use IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS with the volume handle to obtain the disk number and use the disk number to construct the disk path, such as “\\?\PhysicalDriveX“. Finally, use IOCTL_DISK_GET_DRIVE_LAYOUT_EX to obtain the partition list, and check the PartitionType for each entry in the partition list.
Kerberos
Kerberos: The basic protocol
The Kerberos authentication protocol is the default authentication protocol of Windows Server 2003. This section examines how the protocol works by breaking down the complexity of the protocol into five steps.
The first two excerpts provide important introductory information to consider while reading through the five steps. Then, step 1 explains how Kerberos uses symmetric key cryptography to authenticate entities. Step 2 describes the three different entities that the Kerberos protocol deals with and why a key distribution center (KDC) is necessary, step 3 sheds light on the connection between the session key and the master key and step 4 describes the two ways in which the KDC distributes the encrypted session keys to the user and the resource server. Finally, step 5 explores an important weakness in the protocol involving the Ticket Granting Ticket limiting the use of the master keys.
The two excerpts at the end pull together the five steps and include a brief explanation of how Kerberos extensions relate to Windows 2000, XP and Windows Server 2003. Helpful diagrams are provided throughout the section to help readers visualize the various steps.
The following sections explain the basic Kerberos protocol as it is defined in RFC 1510. Those not familiar with Kerberos may be bewildered by the need for numerous diverse keys to be transmitted around the network. In order to break down the complexity of the protocol, we will approach it in five steps:
- Step 1: Kerberos authentication is based on symmetric key cryptography.
- Step 2: The Kerberos KDC provides scalability.
- Step 3: A Kerberos ticket provides secure transport of a session key.
- Step 4: The Kerberos KDC distributes the session key by sending it to the client.
- Step 5: The Kerberos Ticket Granting Ticket limits the use of the entities’ master keys.
VPN in Server 2012R2
A virtual private network also known as a VPN is a private network that extends across a public network or internet. It enables users to send and receive data across shared or public networks as if their computing devices were directly connected to the private network.
Virtual Private Network can be straightforwardly installed and configured on a Windows Server 2012 R2 Essentials by running the Set up Anywhere Access wizard and selecting Virtual Private Network (VPN) option on the following screen.
If you want to know about Remote Web Access, or run through the sequential screens of Anywhere Access wizard, please visit this post.
When you choose to enable VPN using this wizard, the following roles/features get installed on the Essentials Server: Remote Access, DirectAccess and VPN (RAS), IP and Domain Restrictions, IIS Management Scripts and Tools, Network Policy and Access Services Tools, and Windows Internal Database.
You can also enable these roles/features from the Server Manager or PowerShell command-lets, however on Windows Server Essentials we recommend enabling it using the Set up Anywhere Access wizard.
It’s noteworthy that Windows Server 2012 R2 Essentials allows client machines to join their server without having to be inside the company network using a feature called Remote Domain Join. So, if VPN is enabled on Server Essentials, you may connect a remote client to the local network via VPN, run the Connect wizard from http://<servername>/connect or http://<domainname>.remotewebaccess.com/connect URL and join the remote client to the server. The process is very simple and straightforward.
As a prologue to discuss some common issues with VPN on Windows Server 2012 R2 Essentials, let us first glance through the default Routing and Remote Access (RRAS) settings. You may also find the specifics about these settings on TechNet.
Note: Server Essentials automatically manages the routing for VPN, and therefore Routing and Remote Access (RRAS) UI is hidden on the server to prevent tampering of RRAS settings. As a result, to view, change or troubleshoot the Remote Access settings, you need to install Remote Access GUI and Command-Line Tools using Server Manager or the following PowerShell command:
Add-WindowsFeature RSAT-RemoteAccess-Mgmt
This feature enables Routing and Remote Access console and respective command-line tools to manage VPN and DirectAccess. Note that this role may not be required on the server unless you need to change the settings for VPN or DirectAccess.
Default Settings of VPN on Windows Server 2012 R2 Essentials
To check the default settings for the VPN, open Routing and Remote Access Manager. Right click server name, and select Properties.
On the General tab, IPv4 must be enabled:
The Security tab consists of the Authentication Methods… and SSL Certificate Binding:
The Authentication Methods should have Extensible authentication protocol (EAP) and Microsoft encrypted authentication version 2 (MS-CHAP v2) enabled. You can confirm it by clicking the Authentication Methods… button on the Security tab.
The SSL Certificate Binding section on the Security tab displays the certificate active for VPN. This also indicates that we enable VPN on SSL and that you do not have to allow any port other than port 443.
Let’s move on to the IPv4 tab. By default the VPN clients are set to receive IP from DHCP, but you may require to change it to a Static address pool for troubleshooting purposes.
On the IPv6 tab, the options Enable IPv6 Forwarding and Enable Default Route Advertisement are selected by default.
The IKEv2 tab consists of the default options to control the IKEv2 client connections and Security Association expiration.
The PPP tab contains the settings for Point-to-Point protocol and are as follows:
The Logging tab on the server properties page contains the level of logging enabled for Routing and Remote Access.
To enable additional logging for the Routing and Remote Access, select the option Log additional Routing and Remote Access information. Once this option is selected additional log files are created in the %windir%\Tracing directory that provide deeper insight to troubleshoot RRAS issues. Make sure to disable the additional logging once the troubleshooting is complete.
You may also gather and modify information for Remote Access from an elevated Windows PowerShell terminal. Here are some common commands:
|
Command |
Purpose |
| Get-Command -Module RemoteAccess | Displays a list of commands available with RemoteAccess module |
| Get-RemoteAccess | Displays the configuration of VPN and DirectAccess (DA) |
| Get-VpnAuthProtocol | Displays authentication protocols and parameters set on the VPN |
| Get-VPNServerConfiguration | Displays VPN server properties |
Here is a sample output:
You can look at the help file of each of these commands for a detailed description. Better yet, you can use the following command to insert the help contents of each of these commands for the module RemoteAccess to a text file as:
$(foreach ($command in (Get-Command -Module RemoteAccess)) {Get-Help $command.Name} ) | Out-File HELP.txt
Different Between Remote Desktop Connection & Windows Remote Assistance?
What Is Remote Desktop Connection?
Remote Desktop Connection is a Windows tool that allows you to access and control a computer from a remote location.
There are a few things you need to know and set, in order to successfully establish a remote desktop connection to another computer:
- The computer to which you will connect has to allow remote connections. This is set from the host computer’s System Properties.
- You need to know the name or the IP address of the computer you want to connect to. If you’re trying to connect to a computer in the same LAN as you, you can use its name or IP address. In case you’re trying to connect to a computer over the Internet, you’ll need the IP address of the host computer. Using its name won’t work.
- You have to know the credentials of an administrator account from the host computer, or the credentials of a standard user account that has been enabled for Remote Desktop connections.
Once you’ve connected to a remote computer, you will gain full control of it. That means you can use the remote computer as if you are in front of it. You can access any documents, run all programs, use any devices that are connected to it, etc.
The host computer will display nothing on its screen, so no one will see what you are doing remotely.
If you want to know more about Remote Desktop Connection, read these tutorials:
- How to Enable Remote Desktop Connections in Windows 7 & Windows 8
- How to Connect Remotely to a Windows PC from Windows 7 & Windows 8.1
What Is Windows Remote Assistance?
Windows Remote Assistance is a tool that allows you to remotely give or receive technical support to or from other Windows users.
Run>msra
In order for Windows Remote Assistance to work, there are a few things that you need to set up:
- The user who will receive assistance has to have Windows Remote Assistance enabled in his/her computer’s System Properties.
- The user in need of help has to request assistance via Windows Remote Assistance.
- The person providing the technical assistance will need to know the connection password set by the user who needs help.
- The user in need of assistance has to approve the remote connection.
Once the remote connection is established, both users will see the same computer screen. If the user who asked for assistance wants to, he/she can share the control of his/her computer. This way, users at both ends will be able to control the computer’s mouse and keyboard.
For further information on Windows Remote Assistance, check this tutorial: How to Provide Remote Support with Windows Remote Assistance.
What Are The Differences Between Remote Desktop Connection & Windows Remote Assistance?
Going through the previous questions in this article, you already know what’s different between these two Windows feature. However, let’s sum them all up:
- Remote Desktop Connection works only if the host computer allows remote connections, while Windows Remote Assistance works only if the user receiving assistance allows Remote Assistance connections to his/her computer.
- Remote Desktop Connection allows you to take full control of a remote computer (including exclusive access to the Desktop, documents, programs, etc.), while Windows Remote Assistance allows you to give partial control to your own computer (shared desktop, mouse and keyboard) in order to get help from a remote friend or technical person.
- Remote Desktop Connection requires you to know the credentials of an account found on the remote computer, while Windows Remote Assistance requires an invitation.
- Remote Desktop Connection doesn’t need any additional permissions, while Windows Remote Assistance asks the user seeking help to manually accept an incoming remote connection.
- Remote Desktop Connection will show the computer screen only on the client computer (the user that initiated the remote connection), while Windows Remote Assistance will show the same Desktop to both parties involved.
Conclusion
Remote Desktop Connection and Windows Remote Assistance have similar names and both are used for remote connections to other computers. However, as we’ve seen in this article, their purposes are quite different. If you have questions, use the comments below to let us know.
Offline domain joining
- No Network
- Unattended to install windows.
- If Writable DC replication happen rarely with RODC
- Does not require forest/domain to be raised
Server
======
C:\Djoin /Provision /Domain ami.net /Machine WS2 /Savefile C:\ (Enter)
WS2join.txt (File Created in C:\)
Go to users and computers and check the Computer account would be created or not
WorkGroup
=========
CMD with Admin Privilege
C:\Djoin /RequestODJ /Loadfile E:\WS2join.txt /Windowspath %windir% /LocalOS
Restarted
Note : for log in Server DC must online in the network.
TECH INFO 