Windows 2019, Windows 2022 by default has got port available from 49152 to 65535 - available 16384 ports. On another server I've got the same issue - no connection to domain controller or to different server, connections reamains intact, I can connect to server remotely - by C$ or by some ports, on server I can't establish new rdp connection with message that there are no available domain controllers, gpupdate is not working, zabbix monitoring is not working, but... after change of available ports by expanding range to 32768-65535 magically everything start works.
netsh intreface ipv4 tcp set dynamicportrange
poniedziałek, 4 listopada 2024
wtorek, 22 października 2024
memory considerations for Active Directory
Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
Name: EDB max ver pages (increment over the minimum)
Type: REG_DWORD
Value:
Note The value for the setting is the number of 16KB memory chunks (or 32KB memory chunks on a 64-bit processor) that will be reserved. For example:
9600 = ~150 MB 32-bit, ~600 MB 64-bit
12800 = ~200 MB 32-bit, ~800 MB 64-bit
16000 = ~250 MB 32-bit, ~1000 MB 64-bit
19200 = ~300 MB 32-bit, ~1200 MB 64-bit
When to increase? When allocated buckets are on high values...
Name: EDB max ver pages (increment over the minimum)
Type: REG_DWORD
Value:
Note The value for the setting is the number of 16KB memory chunks (or 32KB memory chunks on a 64-bit processor) that will be reserved. For example:
9600 = ~150 MB 32-bit, ~600 MB 64-bit
12800 = ~200 MB 32-bit, ~800 MB 64-bit
16000 = ~250 MB 32-bit, ~1000 MB 64-bit
19200 = ~300 MB 32-bit, ~1200 MB 64-bit
When to increase? When allocated buckets are on high values...
performance tunning for Active Directory
NTDS\Request Latency - should be as low as possible - at the end is the defined timeout - by default - 120 seconds, but we don't want to be there...
Number of LDAP threads - by default is 4 per cpu core, so in environment with 4 cores is 16 - so if we have current value of 16 and cpu use at 100% so maybe we have bottleneck? CPU queue is another sign of issues.
NTDS\Estimated Queue Delay - shoud be 0 - is higher we have a problem - querries are wainting to process
Number of LDAP threads - by default is 4 per cpu core, so in environment with 4 cores is 16 - so if we have current value of 16 and cpu use at 100% so maybe we have bottleneck? CPU queue is another sign of issues.
NTDS\Estimated Queue Delay - shoud be 0 - is higher we have a problem - querries are wainting to process
wtorek, 6 sierpnia 2024
operatingSystem and operatingSystemVersion in my current environment
It's update since 2019, my current environment: (Windows Servers Line)
We have had Windows NT 4.0 servers but there is no information regarding these times. At first configuration of Windows 2000 Active Directory we had about 250 domain controllers (yes, above two hundred).
Some MacOS
10.0 (20348) Windows Server 2022 Standard 10.0 (17763) Windows Server 2019 Datacenter 10.0 (17763) Windows Server 2019 Standard 10.0 (14393) Windows Server 2016 Datacenter 10.0 (14393) Windows Server 2016 Standard 6.3 (9600) Windows Server 2012 R2 Datacenter 6.3 (9600) Windows Server 2012 R2 Standard 6.2 (9200) Windows Server 2012 Datacenter 6.2 (9200) Windows Server 2012 Enterprise 6.2 (9200) Windows Server 2012 Standard 6.1 (7601) Windows Server 2008 R2 Enterprise Service Pack 1 6.1 (7600) Windows Server 2008 R2 Datacenter 6.1 (7600) Windows Server 2008 R2 Enterprise 6.1 (7600) Windows Server 2008 R2 Standard 6.0 (6003) Windows Server® 2008 Standard Service Pack 2 6.0 (6002) Windows Server 2008 Enterprise Service Pack 2 6.0 (6002) Windows Server 2008 Standard Service Pack 2 6.0 (6002) Windows Server® 2008 Standard Service Pack 2 6.0 (6002) Windows Server® 2008 Standard without Hyper-V Service Pack 2 6.0 (6001) Windows Server® 2008 Enterprise Service Pack 1 6.0 (6001) Windows Server® 2008 Standard Serivce Pack 1 5.2 (3790) Windows Server 2003 Service Pack 2 5.2 (3790) Windows Server 2003 Service Pack 1 5.2 (3790) Windows Server 2003 5.0 (2195) Windows 2000 Server Service Pack 4 5.0 (2195) Windows 2000 Server Service Pack 2 5.0 (2195) Windows 2000 Server Service Pack 1
We have had Windows NT 4.0 servers but there is no information regarding these times. At first configuration of Windows 2000 Active Directory we had about 250 domain controllers (yes, above two hundred).
10.0 (19045) Windows 10 Enterprise LTSC 10.0 (19045) Windows 10 Enterprise 10.0 (19044) Windows 10 Enterprise LTSC 10.0 (19044) Windows 10 IoT Enterprise LTSC 10.0 (19044) Windows 10 Enterprise 10.0 (19044) Windows 10 Enterprise 10.0 (19042) Windows 10 Enterprise 10.0 (19041) Windows 10 Enterprise 10.0 (19041) Windows 10 Pro 10.0 (18363) Windows 10 Enterprise 10.0 (18363) Windows 10 Pro 10.0 (18362) Windows 10 Enterprise 10.0 (18362) Windows 10 Pro 10.0 (17763) Windows 10 Enterprise LTSC 10.0 (17763) Windows 10 Enterprise 10.0 (17763) Windows 10 Pro 10.0 (17134) Windows 10 Enterprise 10.0 (16299) Windows 10 Enterprise 10.0 (16299) Windows 10 Pro 10.0 (15063) Windows 10 Enterprise 10.0 (15063) Windows 10 Pro 10.0 (14393) Windows 10 Enterprise 2016 LTSB 10.0 (14393) Windows 10 Enterprise 10.0 (10586) Windows 10 Enterprise 10.0 (10240) Windows 10 Enterprise 10.0 (9926) Windows 10 Enterprise Technical Preview 6.3 (9600) Windows 8.1 Enterprise 6.3 (9600) Windows 8.1 Pro 6.2 (9200) Windows 8 Enterprise 6.2 (9200) Windows 8 Pro 6.2 (8400) windows 8 Release Preview 6.2 (8250) Windows 8 Consumer Preview 6.2 (8102) Windows Developer Preview 6.2 (6001) Windows Vista™ Ultimate Service Pack 1 6.1 (7601) Windows Embedded Standard Service Pack 1 6.1 (7601) Windows 7 Ultimate Service Pack 1 6.1 (7601) Windows 7 Enterprise Service Pack 1 6.1 (7601) Windows 7 Professional N Service Pack 1 6.1 (7601) Windows Workstation Service Pack 1 6.1 (7600) Windows 7 Ultimate Evaluation 6.1 (7600) Windows 7 Ultimate 6.1 (7600) Windows 7 Enterprise 6.1 (7201) Windows 7 Ultimate 6.1 (7100) Windows 7 Ultimate 6.0 (6002) Windows Vista™ Business Service Pack 2 6.0 (6001) Windows Vista™ Enterprise Service Pack 1 6.0 (6001) Windows Vista™ Business Service Pack 1 6.0 (6000) Windows Vista™ Ultimate 6.0 (6000) Windows Vista™ Enterprise 6.0 (6000) Windows Vista™ Business 6.0 (5600) Windows Vista™ Ultimate 6.0 (5381) Windows Vista™ Ultimate 6.0 (5365) Windows Vista™ Ultimate Service Pack 1 6.0 (5365) Windows Vista™ Ultimate 5.1 (2600) Windows XP Professional Service Pack 3 5.1 (2600) Windows XP Professional Service Pack 2 5.1 (2600) Windows XP Professional Service Pack 1 5.0 (2195) Windows 2000 Professional Service Pack 4 5.0 (2195) Windows 2000 Professional Service Pack 3 5.0 (2195) Windows 2000 Professional Service Pack 2 5.0 (2195) Windows 2000 Professional Service Pack 1 5.0 (2195) Windows 2000 Professional 4.0 Windows NT
Some MacOS
14.5 (79) macOS 13.4 (66) macOS 13.3 macOS 13.2.1 macOS 13.2 macOS 13.1 macOS 13.0 (380) macOS 13.0 macOS 12.6.3 macOS 12.6.2 macOS 12.6 (320) macOS 12.6 (115) macOS 12.6 macOS 12.5.1 macOS 12.4 macOS 12.3.1 macOS 12.3 (258) macOS 12.5 (83) macOS 12.5 macOS 12.4 (79) macOS 12.2.1 macOS 12.2 (62) macOS 12.2 (49) macOS 12.2 macOS 12.1 macOS 12.0.1 macOS 11.7.2 macOS 11.7 (817) macOS 11.6 (165) macOS 11.6 macOS 11.5.2 macOS 11.4 (71) macOS 11.4 macOS 11.3.1 macOS 11.2.3 macOS 11.2.1 macOS 11.2 macOS 11.1 (69) macOS 11.1 macOS 11.0 (29) macOS 10.15.7 Mac OS X 10.15.6 Mac OS X 10.15 (287) Mac OS X 10.15 (266) Mac OS X 10.15 (76) Mac OS X 10.15 (57) Mac OS X 10.15.5 Mac OS X 10.15.4 Mac OS X 10.15.2 Mac OS X 10.15 (2) Mac OS X 10.15.1 Mac OS X 10.14.6 Mac OS X 10.14.5 Mac OS X 10.14.4 Mac OS X 10.14.3 Mac OS X 10.14 (109) Mac OS X 10.14 (95) Mac OS X 10.11.6 Mac OS X 10.8 (60) Mac OS X 10.8 (6) Mac OS X 10.6.8 (Build 10K549) Mac OS X
niedziela, 4 sierpnia 2024
Missing trusted root ca from Microsoft - TPM Root CA 2014
Why I don't have got below root ca certificate - why is not trusted by default? Something wrong with my home configuration?
Microsoft TPM Root Certificate Authority 2014
CN = Microsoft TPM Root Certificate Authority 2014
O = Microsoft Corporation
L = Redmond
S = Washington
C = US
I've got subordinate CN = NCU-STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e but is not trusted - because I haven't got above certificate, cdp:
http://www.microsoft.com/pkiops/crl/Microsoft TPM Root Certificate Authority 2014.crl
Microsoft TPM Root Certificate Authority 2014
CN = Microsoft TPM Root Certificate Authority 2014
O = Microsoft Corporation
L = Redmond
S = Washington
C = US
I've got subordinate CN = NCU-STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e but is not trusted - because I haven't got above certificate, cdp:
http://www.microsoft.com/pkiops/crl/Microsoft TPM Root Certificate Authority 2014.crl
środa, 31 lipca 2024
ldap querries are not paged? Windows Active Directory
case:
java code
forest Active Directory in 2016 version, one parent, two children
java code querrying root domain (parent) for group (universal) in child1 domain
group has got members from child2 domain
uri ldap://parent
only first 1000 members are returned
ldap policy for returning 1500 objects means that 1500 will be returned, paging is not working
possible reason? referrals are not paged so it is prevention against resoure exhaustion of querried domain controller - I've seen it in Technet, but... I can't remember where... maybe on Oracle JNDI?
possible reason? referrals are not paged so it is prevention against resoure exhaustion of querried domain controller - I've seen it in Technet, but... I can't remember where... maybe on Oracle JNDI?
wtorek, 23 lipca 2024
recover/restore security groups in Azure
Restoring/recovering security groups in Azure is always permanent - we can't back with them... so in case of accidental deletion in On-Premise environment we are always in ... - according to this thread.
So if You have aadc - Azure AD Connect or something different to sync on premise with Azure every time when accidental deletion occurs every time deleted group will be lost. Stupid. Sollution for small companies.
So if You have aadc - Azure AD Connect or something different to sync on premise with Azure every time when accidental deletion occurs every time deleted group will be lost. Stupid. Sollution for small companies.
Subskrybuj:
Posty (Atom)