Hoy vamos a ver algunos de los cambios que se han añadido en el Service Pack 1 en referencia a los servicios de directorio (Directory Services). Espero que les sea de utilidad. Saludos, Roberto Di Lello.
-
¿Qué significa “Support for Managed Service Accounts (MSAs) in secure branch office scenarios” ("Soporte para cuentas de servicio gestionado (MSAs) en escenarios de oficina sucursal segura"?)
-
¿Qué significa "Apoyo a un mayor volumen de tráfico de autenticación en los controladores de dominio conectado a redes de alta latencia"?
-
¿Qué otras actualizaciones están incluidas en Service Pack 1 para servicios de directorio?
Estos temas están descriptos en el documento Notable Changes in Windows 7 and Windows Server 2008 R2 Service Pack 1.doc pueden ver el link al sitio oficial al final de la nota.
Recordemos que la información que se enumera a continuación son de dominio público, y queda a nuestro criterio si queremos prevenir un futuro problema o es mejor esperar a que ocurra; lo ideal es probarlo en un laboratorio para ver que el SP no rompe nada de nuestra arquitectura.
Managed Service Accounts (MSAs)
Este escenario hace referencia a la nota You cannot create or delete managed service accounts in a perimeter network in Windows 7 or in Windows Server 2008 R2.
En este caso tenemos los RODCs en una red en la que los usuarios pueden acceder directamente, pero esos mismos usuarios no pueden tener acceso de escritura a los DCs (DMZ o una branch office {sucursal}). Después de aplicar SP1 los RODCs sabrán cómo enviar la solicitud a un DC con permisos de escritura para las operaciones de MSA.
En definitiva, en este escenario no se puede crear o eliminar cuentas de servicio gestionado. Además, recibirá el código de error 0xc00000e5.
Este problema se encuentra solucionado al instalar el SP1 en todos los RODC.
Autenticación
Este escenario hace referencia a la nota A time-out error occurs when many NTLM authentication requests are sent from a computer that is running Windows Server 2008 R2, Windows 7, Windows Server 2008, or Windows Vista in a high latency network.
Este tema es un poco más complicado. Consideremos el siguiente escenario:
-
Hay una red de alta latencia entre un controlador de dominio y un equipo que ejecuta Windows Server 2008 R2, Windows 7, Windows Server 2008 o Windows Vista.
-
Muchas de las solicitudes de autenticación NTLM deben enviarse al controlador de dominio.
En este escenario, algunas solicitudes de autenticación NTLM producirán un error y generan un error en tiempo de espera. Además, se registra el siguiente evento:
Event ID : 5783
Category : None
Source : NETLOGON
Type : Error
Message : The session setup to the Windows NT or Windows 2000 Domain Controller \\DC01.contso.com for the domain CONTOSO-DOM
is not responsive. The current RPC call from Netlogon on \\DC01 to \\DC01.contso.com has been cancelled.
Por ejemplo, supongamos que un dominio de recursos y un dominio de cuenta están conectados mediante una red de alta latencia. Cuando muchos usuarios tienen acceso a un recurso en el dominio de recursos, muchas de las solicitudes de autenticación NTML se generan y envían al dominio de cuentas. En este escenario, algunas solicitudes de autenticación NTLM producirá un error. Por lo tanto, los usuarios relacionados no pueden tener acceso a recursos incluso si tienen permisos suficientes.
El servicio de Netlogon tiene un "Acelerador" que controla el número máximo de llamadas simultáneas sobre un canal seguro. En controladores de dominio, esto incluye los canales seguros de dominios de confianza externos (es decir, no confianzas de bosque de Kerberos). En equipos miembros, es para autenticar DCs para solicitudes de intra-bosque o a otros dominios y bosques. En redes de alta latencia con una tonelada de NTLM autenticación, las aplicaciones podrían empezar a tener problemas de autenticación, que van desde un rendimiento lento a errores.
Este problema se produce debido a una limitación en la función de autenticación que se controla mediante la entrada de registro MaxConcurrentAPI. De forma predeterminada, estaciones de trabajo tienen una API simultánea llamadas y servidores miembro pueden enviar dos llamadas simultáneas. Controladores de dominio tienen una sola llamada simultánea por canal de seguridad para dominios de confianza.
Esta limitación permite que el cliente envíe a sólo 10 solicitudes simultáneas. Si el cliente debe enviar las solicitudes de autenticación NTLM adicionales para el controlador de dominio, deben esperar a esas otras solicitudes. Sin embargo, el valor de tiempo de espera de una solicitud de autenticación NTLM es 45 segundos. Por lo tanto, algunas solicitudes de autenticación NTLM producirá un error y generan un error de tiempo de espera si estas solicitudes se transfieren en una red de alta latencia.
Como dijimos anteriormente, el registro MaxConcurrentAPI controla este tema:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters Nombre de valor: MaxConcurrentApi
Tipo de datos: REG_DWORD
El valor predeterminado, si el registro no existe es 1 si es un DC, 2 si es un servidor miembro y 1 si es un cliente, esto ha sido así desde NT 4.0 y nunca ha cambiado. Hasta que se aplique esta actualización, el valor máximo es de 10. Después de instalar la actualización, el valor máximo es de 150. En general, ya que los DCs sirven de autenticación de usuarios y en la mayoría de las empresas fuertemente no utilizan cuentas de miembros locales, sólo debería configurarse en los controladores de dominio; al hacerlo veremos que se genera un mayor uso de memoria, pero la alternativa es obviamente mucho peor.
Esto no tiene ningún efecto en Kerberos en absoluto y Kerberos no está restringido de esta manera. Si utilizamos NTLM innecesariamente (por una configuración incorrecta de apps, versiones viejas de las apps, malas apps, relaciones de confianza externas en lugar de relaciones de confianza del bosque, etc.) podeos utilizar Kerberos como una solución mas robusta en lugar de arreglarlo de esta manera.
Otras Actualizaciones
Hay 795 correcciones públicas que se rodó en SP1 y todos ellos están enumerados en el Hotfixes and Security Updates included in Windows 7 and Windows Server 2008 R2 Service Pack 1.xls que pueden ver el links oficial al final de la nota.
De estos, 104 actualizaciones pueden considerarse "puros" de servicios de directorio, otras 59 actualizaciones arreglan las cosas que victimizan DS: cosas como Networking, File System, SMB o backups. Hay también otras correcciones en el SP1.
Hay algunas cosas nuevas bastante interesantes aquí además de dos los arbitrarios en las notas de la versión, recomiendo que vean las siguientes tablas. Por ejemplo:
|
KB Article
|
KB Title |
| 977542 | A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode |
| 979294 | The Dcdiag.exe tool takes a long time to run in Windows Server 2008 R2 and in Windows 7 |
| 980254 | The "dsget user -memberof -expand" command returns incorrect results in Windows Server 2008 R2 and in Windows 7 |
| 980360 | Update for the Active Directory – Directory Services Best Practices Analyzer rules in Windows Server 2008 R2 |
Updates DS Puros
|
KB Article
|
KB Title |
| 969851 | Instead of the specified startup program, the whole desktop is started on a remote desktop connection when you change the "Terminal Services Profile" setting for the user account |
| 969867 | FIX: You cannot import or paste some group policies across domains by using the "Group Policy Management" MMC snap-in |
| 970840 | Some settings in Group Policy Preferences for Internet Explorer 7 do not deploy correctly to computers that are running Windows Server 2008 or Windows Vista |
| 971277 | You cannot access an administrative share on a computer that is running Windows Vista or Windows Server 2008 after you set the SrvsvcDefaultShareInfo registry entry to configure the default share permissions for a network share |
| 971338 | The terminal server roaming profile of a user account is not loaded correctly on a terminal server that is running Windows Server 2008 R2 or Windows Server 2008 after the user password is changed during session logon |
| 972069 | A terminal server that is running Windows Server 2008 cannot obtain terminal licenses from a Terminal Server license server that is running Windows Server 2008 after you enable the "License Server Security Group" Group Policy setting |
| 974893 | FIX: An unexpected Failure Audit event is logged for the local credential when you run a .NET Framework 2.0-based application that tries to connect to a remote computer |
| 975142 | You cannot install Active Directory Domain Services on a member server that is running Windows Server 2008 or Windows Server 2008 R2 in a branch office if the DNS and LDAP communication between the branch office and the forest root domain is blocked |
| 975363 | A time-out error occurs when many NTLM authentication requests are sent from a computer that is running Windows Server 2008 R2 or Windows 7 in a high latency network |
| 976398 | LDAP filters in the Group Policy preference settings do not take effect on a computer that is running Windows Server 2008 R2 or Windows 7 |
| 976399 | FIX: You cannot apply Group Policy settings on a computer that is running Windows 7 or Windows Server 2008 R2 when security group filters are used in Group Policy preference settings |
| 976424 | Error code when the kpasswd protocol fails after you perform an authoritative restore: "KDC_ERROR_S_PRINCIPAL_UNKNOWN" |
| 976494 | Error 1789 when you use the LookupAccountName function on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 976586 | Error in Windows 7 or Windows Server 2008 R2 when unlocking a computer or switching users |
| 976655 | You cannot perform a system state restore in the Directory Service Restore mode on a read-only domain controller that is running Windows Server 2008 R2 if DFS Replication is used to replicate the SYSVOL folder |
| 977180 | Error message when an application or a service tries to query for any deleted objects by using a well-known GUID in a Windows Server 2008 R2-based domain if paged search is used: "0x8007202c Critical extension is unavailable" |
| 977184 | You cannot install Active Directory on an iSCSI boot computer that is running Windows Server 2008 R2 |
| 977222 | No private key is associated with a certificate after you successfully install the certificate on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 977229 | You are unable to update the target location of offline file shares in the Offline File client side cache without administrative permission in Windows Server 2008 R2 or in Windows 7 |
| 977346 | The Welcome screen may be displayed for 30 seconds during the logon process after you set a solid color as the desktop background in Windows 7 or in Windows Server 2008 R2 |
| 977353 | A Group Policy Immediate Task preference item does not run on a client computer that is running Windows 7 or Windows Server 2008 R2 |
| 977397 | The icon of an offline file that you changed in offline mode always indicates that synchronization is successful even when the synchronization fails on a client computer that is running Windows 7 |
| 977542 | A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode |
| 977579 | Error message when you try to open a 3DES encrypted file that is migrated from Windows XP to Windows 7 or to Windows Server 2008 R2: "Access Denied" |
| 977692 | The Lsass.exe process exits unexpectedly on a domain controller that is running Windows Server 2008 R2 after a password is synchronized in Identity Management for UNIX (IDMU) |
| 977695 | The SceCli 1202 events are logged when some Group Policy settings are refreshed in Windows Server 2008 R2 and in Windows 7 |
| 977944 | The "Desktop Wallpaper" Group Policy setting is not applied in Windows 7 or in Windows Server 2008 R2 |
| 978034 | Active Directory Certificate Services cannot be reinstalled by using the "Use existing private key" option on a computer that is running in Windows Server 2008 R2 |
| 978116 | In an MIT realm, user authentication fails after invalid credentials are received on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 978387 | FIX: The connectivity test that is run by the Dcdiag.exe tool fails together with error code 0x621 |
| 978489 | Logoff process stops responding after you create a logoff Group Policy script on a client computer that is running Windows Vista or Windows Server 2008 |
| 978836 | You cannot create or delete managed service accounts in a perimeter network in Windows 7 or in Windows Server 2008 R2 |
| 978837 | The Group Policy Management Editor window crashes when you apply some changes for NRPT policy settings |
| 978838 | Error message when you run the "Set-GPPermission" cmdlet or the "Get-GPPermission" cmdlet: ""_ploc" is not a valid security group" |
| 978918 | Error code when an application uses the CredSSP in Windows Server 2008 R2: "0x80090329" |
| 978977 | An exclamation mark (!) may be displayed next to the smartcard reader in Device Manager after you start Windows 7 or Windows Server 2008 R2 |
| 979039 | Error message when you view or modify the migrated Group Policy objects in Windows Server 2008 R2: "Attribute cannot be empty" |
| 979214 | The DirSync control search does not return the deactivated linked attributes from a modified object in a Windows Server 2008 R2-based domain |
| 979294 | The Dcdiag.exe tool takes a long time to run in Windows Server 2008 R2 and in Windows 7 |
| 979383 | After you apply a WMI filter, the GPO does not take effect on a client computer that is running Windows 7 or Windows Server 2008 R2 |
| 979524 | The DFS Replication service crashes randomly in x64-based versions of Windows Server 2008 R2 |
| 979548 | You cannot enter an agreement number of a volume license that contains more than seven digits in Remote Desktop Licensing Manager or in TS Licensing Manager |
| 979564 | The DFS Replication Management Pack shows alerts for cluster network names that are in the “healthy” status on a Windows Server 2008 R2 failover cluster |
| 979645 | You cannot use a script to join a computer automatically into a specified OU in a Windows 2000 domain when the computer is running Windows 7 or Windows Server 2008 R2 |
| 979646 | Some folders or some files are unexpectedly deleted on the upstream server after you restart the DFS Replication service |
| 979731 | Some Group Policy preferences are not applied successfully on computers that are running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 |
| 979808 | "Robocopy /B" does not copy the security information such as ACL in Windows 7 and in Windows Server 2008 R2 |
| 980027 | A Windows Server 2008 domain controller or a Windows Server 2008 R2 domain controller cannot allocate new ports when Server for NIS is running |
| 980254 | The "dsget user -memberof -expand" command returns incorrect results in Windows Server 2008 R2 and in Windows 7 |
| 980360 | Update for the AD DS Best Practices Analyzer rules in Windows Server 2008 R2 |
| 980628 | The "Load a specific theme" Group Policy setting is not applied correctly on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 980654 | The DFS Replication service stops responding on the downstream server in Windows Server 2008 R2 |
| 980909 | "The home folder could not be created" remote desktop error in Windows Server 2008 R2 |
| 980933 | The Licensing Diagnosis tool returns a value of “0” for the number of RDS CALs that are available in Windows Server 2008 R2 |
| 981054 | The Group Policy preference settings for the "Terminal Session" item-level targeting item are not applied in Windows 7 or in Windows Server 2008 R2 |
| 981111 | An update is available for Best Practices Analyzer for the File Services role in x64 editions of Windows Server 2008 R2 |
| 981118 | The CryptDecrypt function fails when you try to decrypt encrypted content on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 981265 | You cannot create a software installation Group Policy setting on a read-only domain controller in Windows Server 2008 R2 |
| 981394 | A computer restarts when multiple Kerberos authentication requests are made at the same time in Windows 7 or in Windows Server 2008 R2 |
| 981750 | Error message occurs when you use GPMC to view a software restriction Group Policy setting in Windows 7 and in Windows Server 2008 R2: "An error has occurred while collecting data for Software Restriction Policies" |
| 981844 | Smartcard application cannot read information from some smartcards on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 981872 | Access to a redirected folder or a home drive disconnects regularly on a computer that is running Windows Server 2008 R2 and Windows 7 |
| 981890 | The user profile is not updated when you configure a client computer that is running Windows 7 or Windows Server 2008 R2 to use roaming user profiles |
| 981936 | Lots of the Event ID 476 events are logged when you use the Ntdsutil.exe tool to create an RODC installation media in Windows Server 2008 or in Windows Server 2008 R2 |
| 982606 | The value of the "State" registry item is changed after a Group Policy preferences setting is applied in Windows Server 2008, in Windows Vista or in Windows Server 2008 R2 |
| 983402 | The debug symbol file that corresponds to Dsadmin.dll is missing in Active Directory Lightweight Directory Services (AD LDS) for Windows 7 |
| 983531 | You experience a significant delay when you try to log on to an Active Directory site from a computer that is running Windows 7 or Windows Server 2008 R2 |
| 983544 | The "Modified time" file attribute of a registry hive file is updated when an application loads and then unloads the registry hive file without making any changes on a computer that is running Windows Server 2008 R2 or Windows 7 |
| 983551 | Windows 7 or Windows Server 2008 R2 stops responding at the "Please wait" screen before you are requested to press Ctrl+ALT+DEL |
| 983618 | Some Group Policy settings are not displayed in the Group Policy Results report in Windows Server 2008, in Windows Vista, in Windows Server 2008 R2, or in Windows 7 |
| 983620 | You cannot access a DFS share through a mapped network drive on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 2028960 | The Offline Files Disk Usage Limits settings do not reflect the settings that are defined in the GPO in Windows 7 |
| 2028962 | The "Active Directory Users and Computers" MMC snap-in does not list all the accounts that have passwords cached on the RODC in Windows |
| 2028988 | The DFS Namespaces service requires a long time to process a "NetDfsAdd" request when a duplicated DFS link exists in Windows Server 2008 R2 |
| 2157973 | The Security event that has Event ID 4625 does not contain the user account name on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2 |
| 2171571 | You incorrectly receive an error message when you join a computer that is running Windows 7 or Windows Server 2008 R2 to a Samba 3-based domain |
| 2254754 | You experience a GPO report-generation issue in the GPMC window when you try to generate the report in a localized version of Windows 7 or of Windows Server 2008 R2 |
| 2258620 | You cannot find the "Find Now," "Stop," and "Clear All" buttons in the GPMC snap-in on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 2274102 | An application that uses DES encryption for Kerberos authentication cannot run on a Windows XP-based client computer in a Windows Server 2008 domain |
| 2275950 | An error occurs when you try to establish SSL connections to the nodes by using the alias name from an LDAPS client computer that is running Windows 7 or Windows Server 2008 R2 |
| 2276597 | "LDAP_AUTH_UNKNOWN (0x56)" error code occurs when you call the "ldap_set_option" function in Windows 7 or in Windows Server 2008 R2 if you use the "LDAP_OPT_SASL_METHOD" session option |
| 2284538 | "Apply once and do not reapply" Group Policy setting is never applied after the first GPO deployment fails on a client computer that is running Windows 7 or Windows Server 2008 R2 |
| 2285823 | The DFS Namespace service becomes inaccessible if the domain controller that plays the Inter-Site Topology Generator (ISTG) role is down on a Windows Server 2008 R2-based computer |
| 2285835 | An outgoing replication backlog occurs after you convert a read/write replicated folder to a read-only replicated folder in Windows Server 2008 R2 |
| 2302077 | You experience poor performance when you call the "CryptAcquireContext" function in Windows Server 2008 R2 or in Windows 7 |
| 2345131 | The logon screen appears two times when you resume a Windows 7-based or Windows Server 2008 R2-based computer from Sleep (S3) or from Hibernation (S4) |
| 2351254 | The StrongCRLCheck setting does not work on a Windows Server 2008 R2-based computer that has the RRAS role service installed |
| 2379592 | "Object reference not set to an instance of an object" error message when you view the GPO backup settings in the Group Policy Management Console |
| 2382370 | You cannot apply a Wi-Fi Protected Access 2 (WPA2) pre-authentication Group Policy setting to some client computers that are running Windows 7 |
| 2385775 | Group Policy Modeling Wizard fails when you have registry updates in the Group Policy preference on a computer that is running Windows Server 2008 R2 |
| 2385838 | Item-level targeting object picker dialog box shows only the domain in which the Gpmc.msc is started in Windows Server 2008 R2, in Windows 7, in Windows Vista or in Windows Server 2008 |
| 2386717 | The "Enforce password history" and "Minimum password age" Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer |
| 2386288 | The SIS service does not de-duplicate some files that are replicated to a read-only replicated folder for DFS Replication in Windows Storage Server 2008 R2 |
| 2386730 | An item-level targeting security group filter in Group Policy preferences settings does not work on a computer that is running Windows Server 2008 R2 or Windows 7 in a disjoint namespace |
| 2386759 | Group Policy preference settings for the settings on the Advanced tab in Internet Explorer 8 do not work as expected on a client computer that is running Windows 7 or Windows Server 2008 R2 |
| 2387778 | You find a very large increase in the DFS Replication backlogs |
| 2386802 | The user cannot log back on to a client computer that is running Windows 7 or Windows Server 2008 R2 after you reset the password and then lock the computer |
| 2389167 | The "User Notice" value of the policy extension is displayed incorrectly in Windows Server 2008 R2 or in Windows 7 if the "UTF8String" data type is used |
| 2390986 | Folder redirection fails in Windows 7 and in Windows Server 2008 R2 when you use a large Fdeploy1.ini file to configure the Folder Redirection policy |
| 2392951 | The Security Configuration Wizard creates a duplicated rule in Windows Server 2008 and in Windows Server 2008 R2 when you edit an existing rule |
| 2394663 | An LDAP simple bind to a Windows Server 2008 R2-based domain controller fails when the user name has more than 255 characters in the distinguished name |
| 2401600 | The Dcdiag.exe VerifyReferences test fails on an RODC that is running Windows Server 2008 R2 |
| 2409711 | A 30-second delay occurs when you log on to a computer after you configure the "Hide all icons on Desktop" Group Policy and the "Normal Wallpaper" Group Policy in Windows 7 or in Windows Server 2008 |
| 2434932 | Temporary files do not synchronize correctly to a non-DFS share on a server from a client computer that is running Windows 7 or Windows Server 2008 R2 |
Updates DS Secundarios
| KB Article | KB Title |
| 974674 | Description of the Windows NT Backup Restore Utility for Windows 7 and for Windows Server 2008 R2 |
| 975512 | Some SMB clients cannot access cluster file shares but they can access non-cluster file shares that are located on a computer that is running Windows Server 2008 or Windows Server 2008 R2 |
| 975680 | Virtual Disk Service (VDS) crashes when you try to extend a dynamic volume in an NTFS file system on a computer that is running Windows Vista, Windows Server 2008, Windows Server 2008 R2, or Windows 7 |
| 975688 | A snapshot may become corrupted when the Volume Shadow Copy Service (VSS) snapshot providers take more than 10 seconds to create it on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 976099 | VSS snapshot creation may fail after a LUN resynchronization on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 976329 | Error message when you run the ChkDsk.exe utility in read-only mode on a Windows-based computer: "The Volume Bitmap is incorrect" or "Error detected in index $I30 for file 5" |
| 976538 | File corruption may occur if you run a program that uses a file system filter driver in Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008 |
| 976782 | Text in the General tab of the Windows Backup task in the Task Scheduler Library is not displayed in the localized language in Windows 7 or Windows Server 2008 R2 |
| 977015 | You are repeatedly prompted to insert a new disk when you use the Backup and Restore tool in Windows 7 or the Windows Server Backup tool in Windows Server 2008 R2 to back up your files or to create a system image on a recordable Blu-ray disc (BD-R) |
| 977096 | You are unable to diagnose whether a snapshot creation failure is caused by issues in VSS hardware providers running in Windows 7 and in Windows Server 2008 R2 |
| 977158 | DNS updates may be incorrectly reported as failed when you use a third-party DNS server application for DNS registration on a computer that is running Windows Server 2008 R2 or Windows 7 |
| 977375 | Error message when some file system filter drivers that are transaction-aware are installed on a failover cluster node that is running Windows Server 2008 R2 and that has FSRM installed: "6704 (0x1A30) ERROR_TRANSACTION_ALREADY_ABORTED" |
| 977417 | You are prompted to provide authentication again when you open a new tab or a new window in a SSL Web site in Internet Explorer 8 |
| 977977 | RSS network throughput performance decreases on Windows Server 2008 R2-based computers that have more than 32 processors |
| 978000 | Add a fix to improve the logging capabilities of the Storport.sys driver to troubleshoot poor disk I/O performance in Windows Server 2008 R2 |
| 978491 | FIX: A server that is running Server Message Block Version 2 does not respond to certain FSCTL_SRV_NOTIFY_TRANSACTION requests from clients that are running Windows Vista or Windows Server 2008 |
| 978898 | You cannot access a volume in Windows 7 or in Windows 2008 R2 when the volume is encrypted by a third-party encryption driver |
| 979530 | A Windows Server 2008 R2-based Remote Desktop server denies some connection requests randomly under heavy logon or logoff conditions |
| 979710 | You cannot log off the session for an iSCSI disk or take a disk offline from the Cluster Shared Volumes list in Windows Server 2008 R2 if the disk is an iSCSI disk or a fibre channel disk |
| 979751 | A domain user account that has a blank password cannot be used to authenticate against Microsoft SharePoint Server 2010 or against Windows Live SkyDrive |
| 980082 | Stop error in Win7 and in Win2008 R2 when you run a backup application: "0x0000007E SYSTEM_THREAD_EXCEPTION_NOT_HANDLED" |
| 980259 | The SNMP service does not respond to any SNMP requests after a Group Policy refresh in Windows Vista or in Windows Server 2008 |
| 980794 | System state backup error in Windows Server 2008, in Windows Vista, in Windows 7 and in Windows Server 2008 R2: "Enumeration of the files failed" |
| 981166 | Some data is corrupted when cached and noncached I/O operations occur by using the same NTFS file handle |
| 981208 | Poor performance when you transfer many small files on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 981506 | "SSL Certificate add failed, Error: 1312" error message when you try to add a CTL in Windows Server 2008 R2 or in Windows 7 |
| 981765 | The network performance is not as fast as expected on a computer that has NUMA-based processors and that is running Windows Server 2008 R2 or Windows 7 |
| 981836 | Network connectivity for a Windows Server 2003-based Hyper-V virtual machine is lost temporarily in Windows Server 2008 R2 |
| 981851 | The backup operation fails and the Wbengine.exe service stops in Windows Server 2008 R2 or in Windows 7 if one of the volumes in the operation does not exists any longer |
| 981983 | Cluster resources do not fail over automatically to other nodes when nodes cannot connect to the rest of a network in a Windows Server 2008 R2 failover cluster |
| 982383 | You encounter a decrease in I/O performance under a heavy disk I/O load on a Windows Server 2008 R2-based or Windows 7-based computer |
| 982502 | You cannot back up a file in Windows Server 2008 R2 or in Windows 7 if the path length is longer than 260 characters |
| 982860 | A computer that is running Windows 7 or Windows Server 2008 R2 takes four minutes to open a Microsoft Office 2003 document from a network share |
| 983426 | Some noncritical volumes are included in the system state backup image when you use the "-allCritical" switch in Windows Server 2008 R2 or in Windows 7 |
| 983458 | You cannot save documents to a folder or change the permission settings of folders on a SMB 1.0-based remote server from a Windows-based computer that has security update 980232 (MS10-020) installed |
| 983466 | "A fatal error has occurred." error message when you use Windows Update on a Windows 7 or Windows Server 2008 R2-based computer that has a third-party filter driver installed |
| 983528 | The TCP receive window autotuning feature does not work correctly in Windows Server 2008 R2 or in Windows 7 |
| 983633 | You cannot bring a volume online when the Snapshot Protection mode is enabled in Windows Server 2008 R2 or in Windows 7 |
| 2028566 | A copy-on-write snapshot may become corrupted in Windows Server 2008 R2 or in Windows 7 if some snapshots that are stored on the same volume are deleted |
| 2028965 | Data corruption when multiple users perform read and write operations to a shared file in the SMB2 environment |
| 2064460 | The "BackupRead" function randomly fails together with error code 58 in Windows Server 2008 R2 or in Windows 7 |
| 2155024 | A write operation to a volume is slower than usual in Windows Server 2008 or in Windows 7 after you create a snapshot of the volume |
| 2194664 | You cannot access a remote server that shares files and printers by using the SMB protocol from a computer that is running Windows Server 2008 R2 or Windows 7 |
| 2203302 | An RDP connection that uses SSL authentication and CredSSP protocol fails in Windows 7 or in Windows Server 2008 R2 |
| 2223005 | The network connection is lost for a Windows Server 2003-based or Windows XP-based virtual machine that is hosted on a computer that is running Windows Server 2008 R2 |
| 2253693 | A VSS writer cannot create a snapshot on a computer that is running Windows 7 or Windows Server 2008 R2 if the snapshot set of the VSS writer has no disk volumes |
| 2277439 | The Cluster service stops responding if you run backup applications in parallel in Windows Server 2008 R2 |
| 2283445 | The backup process requires significantly more time when you use the Windows Backup utility in Windows 7 if the size of the backup files increases |
| 2309290 | The DNS Server service does not respond to multi-label name resolution request correctly when background zone loading occurs in Windows Server 2008 R2 |
| 2309371 | "HTTP 401" error message when you try to access web resources that require Kerberos authentication on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 2314467 | Error message when you add an InetOrgPerson user account to an RMS template in Windows Server 2008 R2: "No email address was found for the selected user or group" |
| 2316513 | The Lanmanserver service cannot start after you restart a computer that is running Windows 7 or Windows Server 2008 R2 if a volume that is referenced in the PATH variable is inaccessible |
| 2353832 | Authentication requests between nodes in the same failover cluster may be unable to use the Kerberos protocol if the Negotiate SSP is specified in Windows Server 2008 R2 |
| 2359344 | The inheritable ACEs may not be propagated correctly to the child object on an NFS share when you enable the KeepInheritance registry value in Windows Server 2008 R2 |
| 2385596 | An update that adds 33 configuration rules and 9 operation rules to BPA for DNS in Windows Server 2008 R2 is available |
| 2386184 | IP addresses are still registered on the DNS servers even if the IP addresses are not used for outgoing traffic on a computer that is running Windows 7 or Windows Server 2008 R2 |
| 2386854 | Files remain encrypted after you copy the files from an encrypted folder to a WebDAV share if the files are copied by using a computer that is running Windows 7 or Windows Server 2008 R2 |
| 2411958 | In Windows Server 2008 R2, the DNS Server service might crash when it handles many concurrent queries that are submitted through the DNS server plug-in interface |
| 2415115 | You cannot open, edit, or delete the Windows Security Health Validator after you install the Microsoft .NET Framework 4 on a computer that is running Windows Server 2008 R2 |
This piece of writing is in fact a good one it assists new web people, who
are wishing in favor of blogging.
thanks Mmathew for your support!
whoah this weblog is fantastic i like reading your articles.
Stay up the great work! You understand, lots of individuals are looking round for this info, you could help them greatly.
Madelaine Solano, excuse my delay in answering but I’m catching up on all emails and queries via Web that I have pending.
I take this opportunity to thank you for participating in the blog and help it continue to grow! I ask you to spread its address so we can reach more people. I tell you that there is much material in it. I invite you to see the labs, videos, tutorials, notes. If you want to find a topic or need help, you have the HELP tab where I explain a bit how to do, but you have the google search.
Greetings and thanks!