Add first Windows Server 2008 R2 Domain Controller to Server 2003 domain.

Before introducing first Windows Server 2008 R2 domain controller to your Server 2003 domain you must prepare your forest and domain. This is done running ADPREP tool from Windows Server 2008 R2 DVD.
Note that you do not need to run adprep if you are merely joining Windows Server 2008 R2 server to the domain as a member server.

adprep from Windows Server 2008 R2 DVD

Before running adprep:
  • Backup your Active Directory.
  • If possible try the procedure in a test environment to make sure there are no conflicting applications in your environment.
  • Make sure you are member of Domain Admin, Schema Admin and Enterprise Admin groups.
  • Make sure replication is working properly:
    On a domain controller run repadmin /showreps and check Last attempt date and status.
    Also run repadmin /replsum and check for errors.


Prepare forest

  • Log on to your schema master Domain Controller (DC)
    To find out which server is your Schema Master, run netdom query fsmo on any DC.
  • Insert Windows Server 2008 R2 DVD into DVD drive.
  • Open Command Prompt and run:
    • on 32 bit computer D:\support\adprep\adprep32.exe /forestprep
    • on 64 bit computer D:\support\adprep\adprep.exe /forestprep
    This assumes that your DVD drive has letter D:
    adprep.exe /forestprep
  • Let opration to complete. Make sure there were no errors.
  • Allow Active Direcotry to replicate changes throughout the forest

Prepare domain

  • Log on to your infrastructure operations master Domain Controller (DC).
    To find out which server is your infrastructure operations master, run netdom query fsmo on any DC.
  • Insert Windows Server 2008 R2 DVD into DVD drive.
  • Open Command Prompt and run:
    • on 32 bit computer D:\support\adprep32.exe\adprep /domainprep /gpprep
    • on 64 bit computer D:\support\adprep\adprep.exe /domainprep /gpprep
    This assumes that your DVD drive has letter D:
    adprep /domainprep /gpprep
  • Let operation to complete. Make sure there were no errors.
  • Allow Active Directory to replicate changes throughout the domain

Add a new Server 2008 R2 Domain Controller

  • Log-on onto Windows Server 2008 R2 member server machine using domain admin account
  • Start > Run > dcpromo > OK
  • Follow the wizard to install the first Server 2008 R2 DC
    Active Directory Domain Services Installation Wizard
 

Windows 2003 Terminal Server - Prevent roaming profile changes from propagating to the server for certain users

Scenario:

There a two types of terminal server users and they need to have profiles setup in 2 different ways:
  1. First group - use single shared profile located on the network \\Server\ShareName\TMS-Profile.  Any changes user makes to the profile are not propagated to the network copy of the profile - every time users log on they receive a fresh profile copy.
  2. Second group - every user have an individual user profile located on the network \\Server\ShareName\UserName. All changes are saved back to the network profile copy on log-off.

Solution:

Normally I would use group policy to setup all terminal server settings, including user profiles. In this scenario problem is that "Prevent Roaming Profile changes from propagating to the server" is part of Group Policy Computer Configuration section, therefore policy can't be filtered for different user groups.

I resolved this by setting Terminal Server Profile Path in AD user object Properties.
Terminal Server - Prevent roaming profile changes from propagating to the server for certain users

  1. First group of users had profile path set to the \\Server\ShareName\TMS-Profile. To prevent changes propagating back to the server profile was made mandatory. To make profile mandatory you simply rename NTUSER.DAT to NTUSER.MAN which is located in profile root folder (this is hidden system file). Read more about mandatory profiles here.
  2. Second group of users had profile path set simply to \\Server\ShareName\UserName without any additional configuration.
This is not perfect solution, but it works well enough as there are not too many terminal server users. If anyone knows better and more efficient way to achieve this let me know.


Windows cannot log you on because your profile cannot be loaded - Indexing Service (cidaemon.exe) locks files in roaming profiles.

Users started complaining about occasionally having problems logging-on on Windows 2003 Terminal Server via Remote Desktop client.

A quick check in Event Viewer Application logs revealed following errors:

Source: Userenv
Even ID: 1509
Type: Error
Description:
Windows cannot copy file \\server2\tms\profile_path\user\Favorites\File.url. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.
DETAIL - Access is denied.

Source: Userenv
Even ID: 1500
Type: Error
Description:
Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.
DETAIL - Access is denied.

Interestingly, all or most of the offending files were Internet Explorer Favourites, or Temporary Internet Files. File permissions check didn't indicate any permissions issue, however it wasn’t possible to delete any of these files – they appeared to be locked. Process Explorer revealed that files are locked by cidaemon.exe process.

cidaemon.exe is Windows Indexing Service component. It is supposed to release all its file locks as soon as other process tries to access the file, but for reasons better known to Microsoft is often not doing this. There is not much use of Indexing Service on Windows 2003 (especially Terminal Server) so we disabled it completely which immediately fixed the problem.

There are two ways to disable Indexing Service:
  • Windows Explorer > Search > Change preferences > Without Indexing Service > No, do not enable Indexing Service > OK
    Disable Indexing Service
  • Start > Run > services.msc
    Stop Indexing Service and set Startup type to Disabled
    Disable Indexing Service

VMware vSphere Client error - Error parsing the se...

If you are trying to run older version of VMware vSphere Client on Windows 7, or fully updated Windows XP you may get following errors:

VMware vSphere Client error - Error parsing the server "[server]" "clients.xml" file

The type initializer for VirtualInfrastructure.Utils.HttpWebRequestProxy' threw an exception.

These errors are caused by an updated Microsoft .NET version.

You have couple of options here.
Probably easiest fix is to download latest version of vSphere Client from VMware. If for some reason you can't do this follow instructions below


  1. Download system.dll file. This file is taken from older version of Microsoft .NET installation.
  2. Copy this file to C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\lib
    On 64 bit OS path would be: C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\lib
    If lib folder doesn't exist then create it.
  3. Open file C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe.config in a text editor and just before last line </configuration> paste following code:
    <runtime>
    <developmentMode developerInstallation="true"/>
    </runtime>
  4. Control Panel > System > Advanced > Environment Variables
    In System Variables click New and add following system variable:
    Name: DEVPATH
    Value: C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\lib
    Remember that on 64 bit system instead of Program Files you have to use Program Files (x86)
  5. Launch VMware vSphere Client again. This time it should run without any errors.

Newsletter

Subscribe to receive occasional updates on new posts.
Your email will not be used for any other purpose and you can unsubscribe at any time.
Please wait