poniedziałek, 4 listopada 2024

exhausted connections? exhausted sockets?

Windows 2019, Windows 2022 by default has got port available from 49152 to 65535 - available 16384 ports. On another server I've got the same issue - no connection to domain controller or to different server, connections reamains intact, I can connect to server remotely - by C$ or by some ports, on server I can't establish new rdp connection with message that there are no available domain controllers, gpupdate is not working, zabbix monitoring is not working, but... after change of available ports by expanding range to 32768-65535 magically everything start works.
netsh intreface ipv4 tcp set dynamicportrange

wtorek, 22 października 2024

memory considerations for Active Directory

Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters

Name: EDB max ver pages (increment over the minimum)
Type: REG_DWORD
Value:
Note The value for the setting is the number of 16KB memory chunks (or 32KB memory chunks on a 64-bit processor) that will be reserved. For example:
9600 = ~150 MB 32-bit, ~600 MB 64-bit
12800 = ~200 MB 32-bit, ~800 MB 64-bit
16000 = ~250 MB 32-bit, ~1000 MB 64-bit
19200 = ~300 MB 32-bit, ~1200 MB 64-bit

When to increase? When allocated buckets are on high values...

performance tunning for Active Directory

NTDS\Request Latency - should be as low as possible - at the end is the defined timeout - by default - 120 seconds, but we don't want to be there...
Number of LDAP threads - by default is 4 per cpu core, so in environment with 4 cores is 16 - so if we have current value of 16 and cpu use at 100% so maybe we have bottleneck? CPU queue is another sign of issues.
NTDS\Estimated Queue Delay - shoud be 0 - is higher we have a problem - querries are wainting to process

wtorek, 6 sierpnia 2024

operatingSystem and operatingSystemVersion in my current environment

It's update since 2019, my current environment: (Windows Servers Line)

10.0 (20348) Windows Server 2022 Standard
10.0 (17763) Windows Server 2019 Datacenter
10.0 (17763) Windows Server 2019 Standard
10.0 (14393) Windows Server 2016 Datacenter
10.0 (14393) Windows Server 2016 Standard
6.3 (9600) Windows Server 2012 R2 Datacenter
6.3 (9600) Windows Server 2012 R2 Standard
6.2 (9200) Windows Server 2012 Datacenter
6.2 (9200) Windows Server 2012 Enterprise
6.2 (9200) Windows Server 2012 Standard
6.1 (7601) Windows Server 2008 R2 Enterprise Service Pack 1
6.1 (7600) Windows Server 2008 R2 Datacenter
6.1 (7600) Windows Server 2008 R2 Enterprise
6.1 (7600) Windows Server 2008 R2 Standard
6.0 (6003) Windows Server® 2008 Standard Service Pack 2
6.0 (6002) Windows Server 2008 Enterprise Service Pack 2
6.0 (6002) Windows Server 2008 Standard Service Pack 2
6.0 (6002) Windows Server® 2008 Standard Service Pack 2
6.0 (6002) Windows Server® 2008 Standard without Hyper-V Service Pack 2
6.0 (6001) Windows Server® 2008 Enterprise Service Pack 1
6.0 (6001) Windows Server® 2008 Standard Serivce Pack 1
5.2 (3790) Windows Server 2003 Service Pack 2
5.2 (3790) Windows Server 2003 Service Pack 1
5.2 (3790) Windows Server 2003
5.0 (2195) Windows 2000 Server Service Pack 4
5.0 (2195) Windows 2000 Server Service Pack 2
5.0 (2195) Windows 2000 Server Service Pack 1

We have had Windows NT 4.0 servers but there is no information regarding these times. At first configuration of Windows 2000 Active Directory we had about 250 domain controllers (yes, above two hundred).

10.0 (19045) Windows 10 Enterprise LTSC
10.0 (19045) Windows 10 Enterprise
10.0 (19044) Windows 10 Enterprise LTSC
10.0 (19044) Windows 10 IoT Enterprise LTSC
10.0 (19044) Windows 10 Enterprise
10.0 (19044) Windows 10 Enterprise
10.0 (19042) Windows 10 Enterprise
10.0 (19041) Windows 10 Enterprise
10.0 (19041) Windows 10 Pro
10.0 (18363) Windows 10 Enterprise
10.0 (18363) Windows 10 Pro
10.0 (18362) Windows 10 Enterprise
10.0 (18362) Windows 10 Pro
10.0 (17763) Windows 10 Enterprise LTSC
10.0 (17763) Windows 10 Enterprise
10.0 (17763) Windows 10 Pro
10.0 (17134) Windows 10 Enterprise
10.0 (16299) Windows 10 Enterprise
10.0 (16299) Windows 10 Pro
10.0 (15063) Windows 10 Enterprise
10.0 (15063) Windows 10 Pro
10.0 (14393) Windows 10 Enterprise 2016 LTSB
10.0 (14393) Windows 10 Enterprise
10.0 (10586) Windows 10 Enterprise
10.0 (10240) Windows 10 Enterprise
10.0 (9926) Windows 10 Enterprise Technical Preview
6.3 (9600) Windows 8.1 Enterprise
6.3 (9600) Windows 8.1 Pro
6.2 (9200) Windows 8 Enterprise
6.2 (9200) Windows 8 Pro
6.2 (8400) windows 8 Release Preview
6.2 (8250) Windows 8 Consumer Preview
6.2 (8102) Windows Developer Preview
6.2 (6001) Windows Vista™ Ultimate Service Pack 1
6.1 (7601) Windows Embedded Standard Service Pack 1
6.1 (7601) Windows 7 Ultimate Service Pack 1
6.1 (7601) Windows 7 Enterprise Service Pack 1
6.1 (7601) Windows 7 Professional N Service Pack 1
6.1 (7601) Windows Workstation Service Pack 1
6.1 (7600) Windows 7 Ultimate Evaluation
6.1 (7600) Windows 7 Ultimate
6.1 (7600) Windows 7 Enterprise
6.1 (7201) Windows 7 Ultimate
6.1 (7100) Windows 7 Ultimate
6.0 (6002) Windows Vista™ Business Service Pack 2
6.0 (6001) Windows Vista™ Enterprise Service Pack 1
6.0 (6001) Windows Vista™ Business Service Pack 1
6.0 (6000) Windows Vista™ Ultimate
6.0 (6000) Windows Vista™ Enterprise
6.0 (6000) Windows Vista™ Business
6.0 (5600) Windows Vista™ Ultimate
6.0 (5381) Windows Vista™ Ultimate
6.0 (5365) Windows Vista™ Ultimate Service Pack 1
6.0 (5365) Windows Vista™ Ultimate
5.1 (2600) Windows XP Professional Service Pack 3
5.1 (2600) Windows XP Professional Service Pack 2
5.1 (2600) Windows XP Professional Service Pack 1
5.0 (2195) Windows 2000 Professional Service Pack 4
5.0 (2195) Windows 2000 Professional Service Pack 3
5.0 (2195) Windows 2000 Professional Service Pack 2
5.0 (2195) Windows 2000 Professional Service Pack 1
5.0 (2195) Windows 2000 Professional
4.0 Windows NT


Some MacOS
14.5 (79) macOS
13.4 (66) macOS
13.3 macOS
13.2.1 macOS
13.2 macOS
13.1 macOS
13.0 (380) macOS
13.0 macOS
12.6.3 macOS
12.6.2 macOS
12.6 (320) macOS
12.6 (115) macOS
12.6 macOS
12.5.1 macOS
12.4 macOS
12.3.1 macOS
12.3 (258) macOS
12.5 (83) macOS
12.5 macOS
12.4 (79) macOS
12.2.1 macOS
12.2 (62) macOS
12.2 (49) macOS
12.2 macOS
12.1 macOS
12.0.1 macOS
11.7.2 macOS
11.7 (817) macOS
11.6 (165) macOS
11.6 macOS
11.5.2 macOS
11.4 (71) macOS
11.4 macOS
11.3.1 macOS
11.2.3 macOS
11.2.1 macOS
11.2 macOS
11.1 (69) macOS
11.1 macOS
11.0 (29) macOS
10.15.7 Mac OS X
10.15.6 Mac OS X
10.15 (287) Mac OS X
10.15 (266) Mac OS X
10.15 (76) Mac OS X
10.15 (57) Mac OS X
10.15.5 Mac OS X
10.15.4 Mac OS X
10.15.2 Mac OS X
10.15 (2) Mac OS X
10.15.1 Mac OS X
10.14.6 Mac OS X
10.14.5 Mac OS X
10.14.4 Mac OS X
10.14.3 Mac OS X
10.14 (109) Mac OS X
10.14 (95) Mac OS X
10.11.6 Mac OS X
10.8 (60) Mac OS X
10.8 (6) Mac OS X
10.6.8 (Build 10K549) Mac OS X

niedziela, 4 sierpnia 2024

Missing trusted root ca from Microsoft - TPM Root CA 2014

Why I don't have got below root ca certificate - why is not trusted by default? Something wrong with my home configuration?

Microsoft TPM Root Certificate Authority 2014
CN = Microsoft TPM Root Certificate Authority 2014
O = Microsoft Corporation
L = Redmond
S = Washington
C = US


I've got subordinate CN = NCU-STM-KeyId-571f806b47cce79bfa35947ced88b8d1005ae09e but is not trusted - because I haven't got above certificate, cdp:

http://www.microsoft.com/pkiops/crl/Microsoft TPM Root Certificate Authority 2014.crl

środa, 31 lipca 2024

ldap querries are not paged? Windows Active Directory

case:
  • java code

  • forest Active Directory in 2016 version, one parent, two children

  • java code querrying root domain (parent) for group (universal) in child1 domain

  • group has got members from child2 domain

  • uri ldap://parent

  • only first 1000 members are returned

  • ldap policy for returning 1500 objects means that 1500 will be returned, paging is not working



  • possible reason? referrals are not paged so it is prevention against resoure exhaustion of querried domain controller - I've seen it in Technet, but... I can't remember where... maybe on Oracle JNDI?

    wtorek, 23 lipca 2024

    recover/restore security groups in Azure

    Restoring/recovering security groups in Azure is always permanent - we can't back with them... so in case of accidental deletion in On-Premise environment we are always in ... - according to this thread.

    So if You have aadc - Azure AD Connect or something different to sync on premise with Azure every time when accidental deletion occurs every time deleted group will be lost. Stupid. Sollution for small companies.