El Impacto del Service Pack 1 (SP1) de Windows Server 2008 R2 en Directory Services

Windows2008SP1RC02Hoy vamos a ver algunos de los cambios que se han añadido en el Service Pack 1 en referencia a los servicios de directorio (Directory Services). Espero que les sea de utilidad. Saludos, Roberto Di Lello.

  • ¿Qué significa “Support for Managed Service Accounts (MSAs) in secure branch office scenarios” ("Soporte para cuentas de servicio gestionado (MSAs) en escenarios de oficina sucursal segura"?)
  • ¿Qué significa "Apoyo a un mayor volumen de tráfico de autenticación en los controladores de dominio conectado a redes de alta latencia"?
  • ¿Qué otras actualizaciones están incluidas en Service Pack 1 para servicios de directorio?

Estos temas están descriptos en el documento Notable Changes in Windows 7 and Windows Server 2008 R2 Service Pack 1.doc pueden ver el link al sitio oficial al final de la nota.

Recordemos que la información que se enumera a continuación son de dominio público, y queda a nuestro criterio si queremos prevenir un futuro problema o es mejor esperar a que ocurra; lo ideal es probarlo en un laboratorio para ver que el SP no rompe nada de nuestra arquitectura.

Managed Service Accounts (MSAs)

Este escenario hace referencia a la nota You cannot create or delete managed service accounts in a perimeter network in Windows 7 or in Windows Server 2008 R2.

En este caso tenemos los RODCs en una red en la que los usuarios pueden acceder directamente, pero esos mismos usuarios no pueden tener acceso de escritura a los DCs (DMZ o una branch office {sucursal}). Después de aplicar SP1 los RODCs sabrán cómo enviar la solicitud a un DC con permisos de escritura para las operaciones de MSA.

En definitiva, en este escenario no se puede crear o eliminar cuentas de servicio gestionado. Además, recibirá el código de error 0xc00000e5.

Este problema se encuentra solucionado al instalar el SP1 en todos los RODC.

Autenticación

Este escenario hace referencia a la nota A time-out error occurs when many NTLM authentication requests are sent from a computer that is running Windows Server 2008 R2, Windows 7, Windows Server 2008, or Windows Vista in a high latency network.

Este tema es un poco más complicado. Consideremos el siguiente escenario:

  • Hay una red de alta latencia entre un controlador de dominio y un equipo que ejecuta Windows Server 2008 R2, Windows 7, Windows Server 2008 o Windows Vista.
  • Muchas de las solicitudes de autenticación NTLM deben enviarse al controlador de dominio.

En este escenario, algunas solicitudes de autenticación NTLM producirán un error y generan un error en tiempo de espera. Además, se registra el siguiente evento:

Event ID : 5783
Category : None
Source : NETLOGON
Type : Error
Message : The session setup to the Windows NT or Windows 2000 Domain Controller \\DC01.contso.com for the domain CONTOSO-DOM
is not responsive. The current RPC call from Netlogon on \\DC01 to \\DC01.contso.com has been cancelled.

Por ejemplo, supongamos que un dominio de recursos y un dominio de cuenta están conectados mediante una red de alta latencia. Cuando muchos usuarios tienen acceso a un recurso en el dominio de recursos, muchas de las solicitudes de autenticación NTML se generan y envían al dominio de cuentas. En este escenario, algunas solicitudes de autenticación NTLM producirá un error. Por lo tanto, los usuarios relacionados no pueden tener acceso a recursos incluso si tienen permisos suficientes.

El servicio de Netlogon tiene un "Acelerador" que controla el número máximo de llamadas simultáneas sobre un canal seguro. En controladores de dominio, esto incluye los canales seguros de dominios de confianza externos (es decir, no confianzas de bosque de Kerberos). En equipos miembros, es para autenticar DCs para solicitudes de intra-bosque o a otros dominios y bosques. En redes de alta latencia con una tonelada de NTLM autenticación, las aplicaciones podrían empezar a tener problemas de autenticación, que van desde un rendimiento lento a errores.

Este problema se produce debido a una limitación en la función de autenticación que se controla mediante la entrada de registro MaxConcurrentAPI. De forma predeterminada, estaciones de trabajo tienen una API simultánea llamadas y servidores miembro pueden enviar dos llamadas simultáneas. Controladores de dominio tienen una sola llamada simultánea por canal de seguridad para dominios de confianza.

Esta limitación permite que el cliente envíe a sólo 10 solicitudes simultáneas. Si el cliente debe enviar las solicitudes de autenticación NTLM adicionales para el controlador de dominio, deben esperar a esas otras solicitudes. Sin embargo, el valor de tiempo de espera de una solicitud de autenticación NTLM es 45 segundos. Por lo tanto, algunas solicitudes de autenticación NTLM producirá un error y generan un error de tiempo de espera si estas solicitudes se transfieren en una red de alta latencia.

Como dijimos anteriormente, el registro MaxConcurrentAPI controla este tema:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters Nombre de valor: MaxConcurrentApi
Tipo de datos: REG_DWORD

El valor predeterminado, si el registro no existe es 1 si es un DC, 2 si es un servidor miembro y 1 si es un cliente, esto ha sido así desde NT 4.0 y nunca ha cambiado. Hasta que se aplique esta actualización, el valor máximo es de 10. Después de instalar la actualización, el valor máximo es de 150. En general, ya que los DCs sirven de autenticación de usuarios y en la mayoría de las empresas fuertemente no utilizan cuentas de miembros locales, sólo debería configurarse en los controladores de dominio; al hacerlo veremos que se genera un mayor uso de memoria, pero la alternativa es obviamente mucho peor.

Esto no tiene ningún efecto en Kerberos en absoluto y Kerberos no está restringido de esta manera. Si utilizamos NTLM innecesariamente (por una configuración incorrecta de apps, versiones viejas de las apps, malas apps, relaciones de confianza externas en lugar de relaciones de confianza del bosque, etc.) podeos utilizar Kerberos como una solución mas robusta en lugar de arreglarlo de esta manera.

Otras Actualizaciones

Hay 795 correcciones públicas que se rodó en SP1 y todos ellos están enumerados en el Hotfixes and Security Updates included in Windows 7 and Windows Server 2008 R2 Service Pack 1.xls que pueden ver el links oficial al final de la nota.

De estos, 104 actualizaciones pueden considerarse "puros" de servicios de directorio, otras 59 actualizaciones arreglan las cosas que victimizan DS: cosas como Networking, File System, SMB o backups. Hay también otras correcciones en el SP1.

Hay algunas cosas nuevas bastante interesantes aquí además de dos los arbitrarios en las notas de la versión, recomiendo que vean las siguientes tablas. Por ejemplo:

KB Article
KB Title
977542 A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode
979294 The Dcdiag.exe tool takes a long time to run in Windows Server 2008 R2 and in Windows 7
980254 The "dsget user -memberof -expand" command returns incorrect results in Windows Server 2008 R2 and in Windows 7
980360 Update for the Active Directory – Directory Services Best Practices Analyzer rules in Windows Server 2008 R2

Updates DS Puros

KB Article
KB Title
969851 Instead of the specified startup program, the whole desktop is started on a remote desktop connection when you change the "Terminal Services Profile" setting for the user account
969867 FIX: You cannot import or paste some group policies across domains by using the "Group Policy Management" MMC snap-in
970840 Some settings in Group Policy Preferences for Internet Explorer 7 do not deploy correctly to computers that are running Windows Server 2008 or Windows Vista
971277 You cannot access an administrative share on a computer that is running Windows Vista or Windows Server 2008 after you set the SrvsvcDefaultShareInfo registry entry to configure the default share permissions for a network share
971338 The terminal server roaming profile of a user account is not loaded correctly on a terminal server that is running Windows Server 2008 R2 or Windows Server 2008 after the user password is changed during session logon
972069 A terminal server that is running Windows Server 2008 cannot obtain terminal licenses from a Terminal Server license server that is running Windows Server 2008 after you enable the "License Server Security Group" Group Policy setting
974893 FIX: An unexpected Failure Audit event is logged for the local credential when you run a .NET Framework 2.0-based application that tries to connect to a remote computer
975142 You cannot install Active Directory Domain Services on a member server that is running Windows Server 2008 or Windows Server 2008 R2 in a branch office if the DNS and LDAP communication between the branch office and the forest root domain is blocked
975363 A time-out error occurs when many NTLM authentication requests are sent from a computer that is running Windows Server 2008 R2 or Windows 7 in a high latency network
976398 LDAP filters in the Group Policy preference settings do not take effect on a computer that is running Windows Server 2008 R2 or Windows 7
976399 FIX: You cannot apply Group Policy settings on a computer that is running Windows 7 or Windows Server 2008 R2 when security group filters are used in Group Policy preference settings
976424 Error code when the kpasswd protocol fails after you perform an authoritative restore: "KDC_ERROR_S_PRINCIPAL_UNKNOWN"
976494 Error 1789 when you use the LookupAccountName function on a computer that is running Windows 7 or Windows Server 2008 R2
976586 Error in Windows 7 or Windows Server 2008 R2 when unlocking a computer or switching users
976655 You cannot perform a system state restore in the Directory Service Restore mode on a read-only domain controller that is running Windows Server 2008 R2 if DFS Replication is used to replicate the SYSVOL folder
977180 Error message when an application or a service tries to query for any deleted objects by using a well-known GUID in a Windows Server 2008 R2-based domain if paged search is used: "0x8007202c Critical extension is unavailable"
977184 You cannot install Active Directory on an iSCSI boot computer that is running Windows Server 2008 R2
977222 No private key is associated with a certificate after you successfully install the certificate on a computer that is running Windows 7 or Windows Server 2008 R2
977229 You are unable to update the target location of offline file shares in the Offline File client side cache without administrative permission in Windows Server 2008 R2 or in Windows 7
977346 The Welcome screen may be displayed for 30 seconds during the logon process after you set a solid color as the desktop background in Windows 7 or in Windows Server 2008 R2
977353 A Group Policy Immediate Task preference item does not run on a client computer that is running Windows 7 or Windows Server 2008 R2
977397 The icon of an offline file that you changed in offline mode always indicates that synchronization is successful even when the synchronization fails on a client computer that is running Windows 7
977542 A hotfix is available to block standard users from logging on to a Window 7-based or Windows Server 2008 R2-based computer in safe mode
977579 Error message when you try to open a 3DES encrypted file that is migrated from Windows XP to Windows 7 or to Windows Server 2008 R2: "Access Denied"
977692 The Lsass.exe process exits unexpectedly on a domain controller that is running Windows Server 2008 R2 after a password is synchronized in Identity Management for UNIX (IDMU)
977695 The SceCli 1202 events are logged when some Group Policy settings are refreshed in Windows Server 2008 R2 and in Windows 7
977944 The "Desktop Wallpaper" Group Policy setting is not applied in Windows 7 or in Windows Server 2008 R2
978034 Active Directory Certificate Services cannot be reinstalled by using the "Use existing private key" option on a computer that is running in Windows Server 2008 R2
978116 In an MIT realm, user authentication fails after invalid credentials are received on a computer that is running Windows 7 or Windows Server 2008 R2
978387 FIX: The connectivity test that is run by the Dcdiag.exe tool fails together with error code 0x621
978489 Logoff process stops responding after you create a logoff Group Policy script on a client computer that is running Windows Vista or Windows Server 2008
978836 You cannot create or delete managed service accounts in a perimeter network in Windows 7 or in Windows Server 2008 R2
978837 The Group Policy Management Editor window crashes when you apply some changes for NRPT policy settings
978838 Error message when you run the "Set-GPPermission" cmdlet or the "Get-GPPermission" cmdlet: ""_ploc" is not a valid security group"
978918 Error code when an application uses the CredSSP in Windows Server 2008 R2: "0x80090329"
978977 An exclamation mark (!) may be displayed next to the smartcard reader in Device Manager after you start Windows 7 or Windows Server 2008 R2
979039 Error message when you view or modify the migrated Group Policy objects in Windows Server 2008 R2: "Attribute cannot be empty"
979214 The DirSync control search does not return the deactivated linked attributes from a modified object in a Windows Server 2008 R2-based domain
979294 The Dcdiag.exe tool takes a long time to run in Windows Server 2008 R2 and in Windows 7
979383 After you apply a WMI filter, the GPO does not take effect on a client computer that is running Windows 7 or Windows Server 2008 R2
979524 The DFS Replication service crashes randomly in x64-based versions of Windows Server 2008 R2
979548 You cannot enter an agreement number of a volume license that contains more than seven digits in Remote Desktop Licensing Manager or in TS Licensing Manager
979564 The DFS Replication Management Pack shows alerts for cluster network names that are in the “healthy” status on a Windows Server 2008 R2 failover cluster
979645 You cannot use a script to join a computer automatically into a specified OU in a Windows 2000 domain when the computer is running Windows 7 or Windows Server 2008 R2
979646 Some folders or some files are unexpectedly deleted on the upstream server after you restart the DFS Replication service
979731 Some Group Policy preferences are not applied successfully on computers that are running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2
979808 "Robocopy /B" does not copy the security information such as ACL in Windows 7 and in Windows Server 2008 R2
980027 A Windows Server 2008 domain controller or a Windows Server 2008 R2 domain controller cannot allocate new ports when Server for NIS is running
980254 The "dsget user -memberof -expand" command returns incorrect results in Windows Server 2008 R2 and in Windows 7
980360 Update for the AD DS Best Practices Analyzer rules in Windows Server 2008 R2
980628 The "Load a specific theme" Group Policy setting is not applied correctly on a computer that is running Windows 7 or Windows Server 2008 R2
980654 The DFS Replication service stops responding on the downstream server in Windows Server 2008 R2
980909 "The home folder could not be created" remote desktop error in Windows Server 2008 R2
980933 The Licensing Diagnosis tool returns a value of “0” for the number of RDS CALs that are available in Windows Server 2008 R2
981054 The Group Policy preference settings for the "Terminal Session" item-level targeting item are not applied in Windows 7 or in Windows Server 2008 R2
981111 An update is available for Best Practices Analyzer for the File Services role in x64 editions of Windows Server 2008 R2
981118 The CryptDecrypt function fails when you try to decrypt encrypted content on a computer that is running Windows 7 or Windows Server 2008 R2
981265 You cannot create a software installation Group Policy setting on a read-only domain controller in Windows Server 2008 R2
981394 A computer restarts when multiple Kerberos authentication requests are made at the same time in Windows 7 or in Windows Server 2008 R2
981750 Error message occurs when you use GPMC to view a software restriction Group Policy setting in Windows 7 and in Windows Server 2008 R2: "An error has occurred while collecting data for Software Restriction Policies"
981844 Smartcard application cannot read information from some smartcards on a computer that is running Windows 7 or Windows Server 2008 R2
981872 Access to a redirected folder or a home drive disconnects regularly on a computer that is running Windows Server 2008 R2 and Windows 7
981890 The user profile is not updated when you configure a client computer that is running Windows 7 or Windows Server 2008 R2 to use roaming user profiles
981936 Lots of the Event ID 476 events are logged when you use the Ntdsutil.exe tool to create an RODC installation media in Windows Server 2008 or in Windows Server 2008 R2
982606 The value of the "State" registry item is changed after a Group Policy preferences setting is applied in Windows Server 2008, in Windows Vista or in Windows Server 2008 R2
983402 The debug symbol file that corresponds to Dsadmin.dll is missing in Active Directory Lightweight Directory Services (AD LDS) for Windows 7
983531 You experience a significant delay when you try to log on to an Active Directory site from a computer that is running Windows 7 or Windows Server 2008 R2
983544 The "Modified time" file attribute of a registry hive file is updated when an application loads and then unloads the registry hive file without making any changes on a computer that is running Windows Server 2008 R2 or Windows 7
983551 Windows 7 or Windows Server 2008 R2 stops responding at the "Please wait" screen before you are requested to press Ctrl+ALT+DEL
983618 Some Group Policy settings are not displayed in the Group Policy Results report in Windows Server 2008, in Windows Vista, in Windows Server 2008 R2, or in Windows 7
983620 You cannot access a DFS share through a mapped network drive on a computer that is running Windows 7 or Windows Server 2008 R2
2028960 The Offline Files Disk Usage Limits settings do not reflect the settings that are defined in the GPO in Windows 7
2028962 The "Active Directory Users and Computers" MMC snap-in does not list all the accounts that have passwords cached on the RODC in Windows
2028988 The DFS Namespaces service requires a long time to process a "NetDfsAdd" request when a duplicated DFS link exists in Windows Server 2008 R2
2157973 The Security event that has Event ID 4625 does not contain the user account name on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
2171571 You incorrectly receive an error message when you join a computer that is running Windows 7 or Windows Server 2008 R2 to a Samba 3-based domain
2254754 You experience a GPO report-generation issue in the GPMC window when you try to generate the report in a localized version of Windows 7 or of Windows Server 2008 R2
2258620 You cannot find the "Find Now," "Stop," and "Clear All" buttons in the GPMC snap-in on a computer that is running Windows 7 or Windows Server 2008 R2
2274102 An application that uses DES encryption for Kerberos authentication cannot run on a Windows XP-based client computer in a Windows Server 2008 domain
2275950 An error occurs when you try to establish SSL connections to the nodes by using the alias name from an LDAPS client computer that is running Windows 7 or Windows Server 2008 R2
2276597 "LDAP_AUTH_UNKNOWN (0x56)" error code occurs when you call the "ldap_set_option" function in Windows 7 or in Windows Server 2008 R2 if you use the "LDAP_OPT_SASL_METHOD" session option
2284538 "Apply once and do not reapply" Group Policy setting is never applied after the first GPO deployment fails on a client computer that is running Windows 7 or Windows Server 2008 R2
2285823 The DFS Namespace service becomes inaccessible if the domain controller that plays the Inter-Site Topology Generator (ISTG) role is down on a Windows Server 2008 R2-based computer
2285835 An outgoing replication backlog occurs after you convert a read/write replicated folder to a read-only replicated folder in Windows Server 2008 R2
2302077 You experience poor performance when you call the "CryptAcquireContext" function in Windows Server 2008 R2 or in Windows 7
2345131 The logon screen appears two times when you resume a Windows 7-based or Windows Server 2008 R2-based computer from Sleep (S3) or from Hibernation (S4)
2351254 The StrongCRLCheck setting does not work on a Windows Server 2008 R2-based computer that has the RRAS role service installed
2379592 "Object reference not set to an instance of an object" error message when you view the GPO backup settings in the Group Policy Management Console
2382370 You cannot apply a Wi-Fi Protected Access 2 (WPA2) pre-authentication Group Policy setting to some client computers that are running Windows 7
2385775 Group Policy Modeling Wizard fails when you have registry updates in the Group Policy preference on a computer that is running Windows Server 2008 R2
2385838 Item-level targeting object picker dialog box shows only the domain in which the Gpmc.msc is started in Windows Server 2008 R2, in Windows 7, in Windows Vista or in Windows Server 2008
2386717 The "Enforce password history" and "Minimum password age" Group Policy settings do not work when you reset the password for a Windows Server 2008 R2-based or a Windows Server 2008-based computer
2386288 The SIS service does not de-duplicate some files that are replicated to a read-only replicated folder for DFS Replication in Windows Storage Server 2008 R2
2386730 An item-level targeting security group filter in Group Policy preferences settings does not work on a computer that is running Windows Server 2008 R2 or Windows 7 in a disjoint namespace
2386759 Group Policy preference settings for the settings on the Advanced tab in Internet Explorer 8 do not work as expected on a client computer that is running Windows 7 or Windows Server 2008 R2
2387778 You find a very large increase in the DFS Replication backlogs
2386802 The user cannot log back on to a client computer that is running Windows 7 or Windows Server 2008 R2 after you reset the password and then lock the computer
2389167 The "User Notice" value of the policy extension is displayed incorrectly in Windows Server 2008 R2 or in Windows 7 if the "UTF8String" data type is used
2390986 Folder redirection fails in Windows 7 and in Windows Server 2008 R2 when you use a large Fdeploy1.ini file to configure the Folder Redirection policy
2392951 The Security Configuration Wizard creates a duplicated rule in Windows Server 2008 and in Windows Server 2008 R2 when you edit an existing rule
2394663 An LDAP simple bind to a Windows Server 2008 R2-based domain controller fails when the user name has more than 255 characters in the distinguished name
2401600 The Dcdiag.exe VerifyReferences test fails on an RODC that is running Windows Server 2008 R2
2409711 A 30-second delay occurs when you log on to a computer after you configure the "Hide all icons on Desktop" Group Policy and the "Normal Wallpaper" Group Policy in Windows 7 or in Windows Server 2008
2434932 Temporary files do not synchronize correctly to a non-DFS share on a server from a client computer that is running Windows 7 or Windows Server 2008 R2

Updates DS Secundarios

KB Article KB Title
974674 Description of the Windows NT Backup Restore Utility for Windows 7 and for Windows Server 2008 R2
975512 Some SMB clients cannot access cluster file shares but they can access non-cluster file shares that are located on a computer that is running Windows Server 2008 or Windows Server 2008 R2
975680 Virtual Disk Service (VDS) crashes when you try to extend a dynamic volume in an NTFS file system on a computer that is running Windows Vista, Windows Server 2008, Windows Server 2008 R2, or Windows 7
975688 A snapshot may become corrupted when the Volume Shadow Copy Service (VSS) snapshot providers take more than 10 seconds to create it on a computer that is running Windows 7 or Windows Server 2008 R2
976099 VSS snapshot creation may fail after a LUN resynchronization on a computer that is running Windows 7 or Windows Server 2008 R2
976329 Error message when you run the ChkDsk.exe utility in read-only mode on a Windows-based computer: "The Volume Bitmap is incorrect" or "Error detected in index $I30 for file 5"
976538 File corruption may occur if you run a program that uses a file system filter driver in Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008
976782 Text in the General tab of the Windows Backup task in the Task Scheduler Library is not displayed in the localized language in Windows 7 or Windows Server 2008 R2
977015 You are repeatedly prompted to insert a new disk when you use the Backup and Restore tool in Windows 7 or the Windows Server Backup tool in Windows Server 2008 R2 to back up your files or to create a system image on a recordable Blu-ray disc (BD-R)
977096 You are unable to diagnose whether a snapshot creation failure is caused by issues in VSS hardware providers running in Windows 7 and in Windows Server 2008 R2
977158 DNS updates may be incorrectly reported as failed when you use a third-party DNS server application for DNS registration on a computer that is running Windows Server 2008 R2 or Windows 7
977375 Error message when some file system filter drivers that are transaction-aware are installed on a failover cluster node that is running Windows Server 2008 R2 and that has FSRM installed: "6704 (0x1A30) ERROR_TRANSACTION_ALREADY_ABORTED"
977417 You are prompted to provide authentication again when you open a new tab or a new window in a SSL Web site in Internet Explorer 8
977977 RSS network throughput performance decreases on Windows Server 2008 R2-based computers that have more than 32 processors
978000 Add a fix to improve the logging capabilities of the Storport.sys driver to troubleshoot poor disk I/O performance in Windows Server 2008 R2
978491 FIX: A server that is running Server Message Block Version 2 does not respond to certain FSCTL_SRV_NOTIFY_TRANSACTION requests from clients that are running Windows Vista or Windows Server 2008
978898 You cannot access a volume in Windows 7 or in Windows 2008 R2 when the volume is encrypted by a third-party encryption driver
979530 A Windows Server 2008 R2-based Remote Desktop server denies some connection requests randomly under heavy logon or logoff conditions
979710 You cannot log off the session for an iSCSI disk or take a disk offline from the Cluster Shared Volumes list in Windows Server 2008 R2 if the disk is an iSCSI disk or a fibre channel disk
979751 A domain user account that has a blank password cannot be used to authenticate against Microsoft SharePoint Server 2010 or against Windows Live SkyDrive
980082 Stop error in Win7 and in Win2008 R2 when you run a backup application: "0x0000007E SYSTEM_THREAD_EXCEPTION_NOT_HANDLED"
980259 The SNMP service does not respond to any SNMP requests after a Group Policy refresh in Windows Vista or in Windows Server 2008
980794 System state backup error in Windows Server 2008, in Windows Vista, in Windows 7 and in Windows Server 2008 R2: "Enumeration of the files failed"
981166 Some data is corrupted when cached and noncached I/O operations occur by using the same NTFS file handle
981208 Poor performance when you transfer many small files on a computer that is running Windows 7 or Windows Server 2008 R2
981506 "SSL Certificate add failed, Error: 1312" error message when you try to add a CTL in Windows Server 2008 R2 or in Windows 7
981765 The network performance is not as fast as expected on a computer that has NUMA-based processors and that is running Windows Server 2008 R2 or Windows 7
981836 Network connectivity for a Windows Server 2003-based Hyper-V virtual machine is lost temporarily in Windows Server 2008 R2
981851 The backup operation fails and the Wbengine.exe service stops in Windows Server 2008 R2 or in Windows 7 if one of the volumes in the operation does not exists any longer
981983 Cluster resources do not fail over automatically to other nodes when nodes cannot connect to the rest of a network in a Windows Server 2008 R2 failover cluster
982383 You encounter a decrease in I/O performance under a heavy disk I/O load on a Windows Server 2008 R2-based or Windows 7-based computer
982502 You cannot back up a file in Windows Server 2008 R2 or in Windows 7 if the path length is longer than 260 characters
982860 A computer that is running Windows 7 or Windows Server 2008 R2 takes four minutes to open a Microsoft Office 2003 document from a network share
983426 Some noncritical volumes are included in the system state backup image when you use the "-allCritical" switch in Windows Server 2008 R2 or in Windows 7
983458 You cannot save documents to a folder or change the permission settings of folders on a SMB 1.0-based remote server from a Windows-based computer that has security update 980232 (MS10-020) installed
983466 "A fatal error has occurred." error message when you use Windows Update on a Windows 7 or Windows Server 2008 R2-based computer that has a third-party filter driver installed
983528 The TCP receive window autotuning feature does not work correctly in Windows Server 2008 R2 or in Windows 7
983633 You cannot bring a volume online when the Snapshot Protection mode is enabled in Windows Server 2008 R2 or in Windows 7
2028566 A copy-on-write snapshot may become corrupted in Windows Server 2008 R2 or in Windows 7 if some snapshots that are stored on the same volume are deleted
2028965 Data corruption when multiple users perform read and write operations to a shared file in the SMB2 environment
2064460 The "BackupRead" function randomly fails together with error code 58 in Windows Server 2008 R2 or in Windows 7
2155024 A write operation to a volume is slower than usual in Windows Server 2008 or in Windows 7 after you create a snapshot of the volume
2194664 You cannot access a remote server that shares files and printers by using the SMB protocol from a computer that is running Windows Server 2008 R2 or Windows 7
2203302 An RDP connection that uses SSL authentication and CredSSP protocol fails in Windows 7 or in Windows Server 2008 R2
2223005 The network connection is lost for a Windows Server 2003-based or Windows XP-based virtual machine that is hosted on a computer that is running Windows Server 2008 R2
2253693 A VSS writer cannot create a snapshot on a computer that is running Windows 7 or Windows Server 2008 R2 if the snapshot set of the VSS writer has no disk volumes
2277439 The Cluster service stops responding if you run backup applications in parallel in Windows Server 2008 R2
2283445 The backup process requires significantly more time when you use the Windows Backup utility in Windows 7 if the size of the backup files increases
2309290 The DNS Server service does not respond to multi-label name resolution request correctly when background zone loading occurs in Windows Server 2008 R2
2309371 "HTTP 401" error message when you try to access web resources that require Kerberos authentication on a computer that is running Windows 7 or Windows Server 2008 R2
2314467 Error message when you add an InetOrgPerson user account to an RMS template in Windows Server 2008 R2: "No email address was found for the selected user or group"
2316513 The Lanmanserver service cannot start after you restart a computer that is running Windows 7 or Windows Server 2008 R2 if a volume that is referenced in the PATH variable is inaccessible
2353832 Authentication requests between nodes in the same failover cluster may be unable to use the Kerberos protocol if the Negotiate SSP is specified in Windows Server 2008 R2
2359344 The inheritable ACEs may not be propagated correctly to the child object on an NFS share when you enable the KeepInheritance registry value in Windows Server 2008 R2
2385596 An update that adds 33 configuration rules and 9 operation rules to BPA for DNS in Windows Server 2008 R2 is available
2386184 IP addresses are still registered on the DNS servers even if the IP addresses are not used for outgoing traffic on a computer that is running Windows 7 or Windows Server 2008 R2
2386854 Files remain encrypted after you copy the files from an encrypted folder to a WebDAV share if the files are copied by using a computer that is running Windows 7 or Windows Server 2008 R2
2411958 In Windows Server 2008 R2, the DNS Server service might crash when it handles many concurrent queries that are submitted through the DNS server plug-in interface
2415115 You cannot open, edit, or delete the Windows Security Health Validator after you install the Microsoft .NET Framework 4 on a computer that is running Windows Server 2008 R2

Mas Información:

Roberto Di Lello

Acerca del autor: Roberto Di Lello

Hola, soy Roberto Di Lello trabajo como Consultor Senior en Infraestructura, especializado en Tecnologias Microsoft con mas de 25 años en la industria. He sido galardonado como MS-MVP en Active Directory-Enterprise Mobility por 10 años, y actualmente soy MVP Windows Insider, ademas de poseer otras certificaciones de Microsoft. He trabajado en distintos projectos que involucran Migraciones, Implementaciones, y soporte de Active Directory y Microsoft Exchange, y en los ultimos años me he desempeñado armando equipos de trabajo para diferentes paises y areas de sistemas, he planificado a distintas migraciones a datacenters (ambiente cloud y mixtos). He tenido la oportunidad de participar como miembro del staff de Microsoft en eventos internacionales como ser TechEd NorteAmerica y MS Ignite (NA) al ser Trainer Certificado por Microsoft (MCT).

You May Also Like

4 Comments

  1. This piece of writing is in fact a good one it assists new web people, who
    are wishing in favor of blogging.

  2. whoah this weblog is fantastic i like reading your articles.
    Stay up the great work! You understand, lots of individuals are looking round for this info, you could help them greatly.

  3. Madelaine Solano, excuse my delay in answering but I’m catching up on all emails and queries via Web that I have pending.

    I take this opportunity to thank you for participating in the blog and help it continue to grow! I ask you to spread its address so we can reach more people. I tell you that there is much material in it. I invite you to see the labs, videos, tutorials, notes. If you want to find a topic or need help, you have the HELP tab where I explain a bit how to do, but you have the google search.

    Greetings and thanks!

Comments are closed.