weird nis server error about note: You receive a WMI error message when you access the "NIS Servers" node in the Identity Management for Unix MMC snap-in on a computer that is running Windows Server 2003 R2

Summary of: http://support.microsoft.com/kb/325379/en-us

repadmin /showattr pluto ncobj:domain: /filter:"(&(objectCategory=computer)(primaryGroupID=516))" /subtree /atts:operatingSystem,operatingSystemVersion,operatingSystemServicePack

REPADMIN /REPLSUM /BYSRC /BYDEST /SORT:DELTA

DCDIAG.EXE /e /test:frssysvol

DCDIAG /test:FSMOCHECK

NETDOM QUERY FSMO

REPADMIN /SHOWREPS <dcname>

see help index for “transfer of operations master roles”.

RID, PDC and Infrustructure are in “Active Directory Users and Computers”. Right click the domain name.

Transfer Operations Master, “use Active Directory Domains and Trusts” on start menu. Right click the domain name.

Transfer Schema Master, use command line.

>ntdsutil
ntdsutil: roles
fsmo maintenance: connection
server connections: connect to server neptune
fsmo amintenance: transfer schema master
yes

http://technet2.microsoft.com/windowsserver/en/library/ed42abd5-24c7-4b5a-8165-dbd96727ec841033.mspx?mfr=true

repadmin /showrepl

run adprep from the R2 CD

cd cmpnents\R2\ADPREP
adprep /forestprep

• Install OS Behind NAT
  1. specify drivers for SATA RAID - Intel ICH7R
  2. create 75G partition, leave the rest
  3. Install Drivers
  4. Update Windows

• dcpromo - aoe.vt.edu - don't need to add to domain first.
  1. this should install NAV and Mozilla
• Install nis and password sync (Add/Remove)
• run nisconfig.exe on 2008 servers to get listed in nis servers
  • http://support.microsoft.com/kb/971900
• Set static IP to 128.173.188.26 and put on WAN
• DNS (Add/Remove)
• Add as Global Catalog server from Active Directory Sites and Services
• WSUS (Download from Microsoft)
  1. Install IIS first
• install support from tools on the CD and create a link to adsiedit.msc

if you want to connect with the LDAP browser, you can just connect to Pluto's IP on port 389 (unencrypted ) with the following Base DN:

dc=aoe,dc=vt,dc=edu

And with the following user:

cn=Administrator,cn=Users,dc=aoe,dc=vt,dc=edu

• Check that Hardware Raid is enabled in BIOS.
• Install OS Behind NAT
  1. specify drivers for SATA RAID - Intel 82801GR/GH SATA Raid (Desktop ICH7R/DH)
  2. create 75G partition, leave the rest
  3. Install Drivers
  4. Update Windows
• install Print Services for Unix from the Windows CD's(add/remove)
• Set Up Printers (See below)
• install DHCP (See below)
• dcpromo - aoe.vt.edu - don't need to add to domain first.
  1. this should install NAV and Mozilla
• Install nis and password sync (Add/Remove)
• Set static IP to 128.173.188.26 and put on WAN
• DNS (Add/Remove)
• Add as Global Catalog server from Active Directory Sites and Services
• install support from tools on the CD and create a link to adsiedit.msc

http://support.microsoft.com/kb/325473

install DHCP from Add/Remove.

on old machine:

netsh dhcp server export c:\dhcpdatabase.txt all

Move the file to the new machine.

on new nachine:

netsh dhcp server import c:\dhcpdatabase.txt all

copier management 231-1622

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: workroombw.aoe.vt.edu
Port Name: workroombw.aoe.vt.edu
Locate Driver from list or use have disk:
  KONIA MINOLTA Di2010 PCL6
Printer Name: Workroom B&W Printer-Copier
Do yo want to use this printer as the default printer? No (next)
Share name: WorkroomBW (next)
Location:  215 Randolph
Comment: Black and white with finishing features.
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

to set the fax mode as default comm mode,

Util
admin
admin1
tx settings
quality/mode
comm mode
Fax, G3

dkellogg@vabs.net

email smtp host 198.82.183.88 port 25

admin password 23190611

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: workroomcolor.aoe.vt.edu
Port Name: workroomcolor.aoe.vt.edu
Locate Driver from list or use have disk:
  Fiery X3e 22C-KM PS v2.0
Printer Name: Workroom Color Printer-Copier
Do yo want to use this printer as the default printer? No (next)
Share name: WorkroomColor (next)
Location: Faculty Workroom
Comment: Color with finishing features.
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

Administrator password: 231-9061

To save the user settings:

Utility -> User Settings -> Scan/Fax Settings -> Default Scan/Fax Settings
  Press "Factory Default" then IMMEDIATELY  press "Current Setting" THEN press "OK"

Copier number 2053

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: workroomcolor.aoe.vt.edu
Port Name: workroomcolor.aoe.vt.edu
Locate Driver from list or use have disk:
  KONICA MINOLTA C350 PCL5c
Printer Name: Workroom Color Printer-Copier PCL5c
Do yo want to use this printer as the default printer? No (next)
Share name: WorkroomColorPCL (next)
Location: Faculty Workroom
Comment: Color printer-copier.  This driver is without the EFI Job Monitor!
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port: Standard TCP/IP port (next) (next)
Printer Name or IP Address: lexina.aoe.vt.edu
Port Name: lexina.aoe.vt.edu
Locate Driver from list or use have disk:
  Lexmark E330
Printer Name: Lexina
Do yo want to use this printer as the default printer? No (next)
Share name: lexina (next)
Location: 2xx Randolph Hall
Comment: 
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: gradlabprintserv.aoe.vt.edu
Port Name: gradlabprintserv.aoe.vt.edu (next)
  Custom: Settings... (OK) (next) (Finish)
Locate Driver from list or use have disk:
  Have Disk... HP LaserJet 2300 Series PCL 6 (next)
Printer Name: Graduate Lab HP LaserJet 2300 Series PCL
Do yo want to use this printer as the default printer? No (next)
Share name: gradlab (next)
Location: 315 Randolph Hall
Comment: 
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

replaced with P3005

P3005 repaired 2/24/2011 at ALI, Advanced Logic Industries with office located at the CRC.

David

552-6108 ext 4261

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: hp4050.aoe.vt.edu
Port Name: hp4050.aoe.vt.edu (next) (Finish)
Locate Driver from list or use have disk:
  HP LaserJet 4050 Series PCL (next)
Printer Name: HP LaserJet 4050 Series PS
Do yo want to use this printer as the default printer? No (next)
Share name: HP4050 (next)
Location: tbd
Comment: 
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: dl-printer.aoe.vt.edu
Port Name: dl-printer.aoe.vt.edu (next) (Finish)
Locate Driver from list or use have disk:
  HP LaserJet 4250 Series PS (next)
Printer Name: Design Lab HP LaserJet 4250 Series PS
Do yo want to use this printer as the default printer? No (next)
Share name: dl-printer (next)
Location: 217 Randolph Hall
Comment: Undergraduate Design Lab printer - Bring your own paper!
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

HP 4250 Manual

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: designjet.aoe.vt.edu
Port Name: designjet.aoe.vt.edu (next)
Device Port: Parallel 1 (next) (Finish)
Locate Driver from list or use have disk:
  HP DesignJet 500 42 by HP (next)
Printer Name: Design Lab HP DesignJet 500
Do yo want to use this printer as the default printer? No (next)
Share name: dl-plotter (next)
Location: 217 Randolph Hall
Comment: 42 inch wide plotter
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  LPR port (next) (next)
Name or address of server providing lpd: annexprinter.aoe.vt.edu
Name of printer or print queue on that server: annexprinter (next) (Finish)
Locate Driver from list or use have disk:
  HP LaserJet 2300 Series PCL 6 (next)
Keep existing driver (recommended) (next)
Printer Name: AnnexHP2300
Do yo want to use this printer as the default printer? No (next)
Share name: AnnexHP2300 (next)
Location: Randolph Annex
Comment: 
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: structuresprinter.aoe.vt.edu
Port Name: structuresprinter.aoe.vt.edu (next)
  Custom: Settings... (OK) (next) (Finish)
Locate Driver from list or use have disk:
  Have Disk... <del>Xerox Phaser 8400B PS</del> HP LaserJet 2015 Series PS(next)
Printer Name: Structures-Color
Do yo want to use this printer as the default printer? No (next)
Share name: Structures-Color (next)
Location: Femoyer 205
Comment: 
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  structprint2.aoe.vt.edu (next) (next)
Printer Name or IP Address: structprint2.aoe.vt.edu (was 128.173.188.54)
Port Name: structprint2.aoe.vt.edu (next)
  Custom: Settings... (OK) (next) (Finish)
Locate Driver from list or use have disk:
  Have Disk... HP 1022n (next)
Printer Name: Structures Printer 2 HP LaserJet 1022n
Do yo want to use this printer as the default printer? No (next)
Share name: structprint2 (next)
Location: Femoyer 319
Comment: 
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)
configuration page user Admin, standard local password

Add Printer (Next)
Local printer attached to this computer
  uncheck Automatically detect and install my Plug and Play printer (next)
Create New port:  Standard TCP/IP port (next) (next)
Printer Name or IP Address: multifunction.aoe.vt.edu
Port Name: multifunction.aoe.vt.edu (next)
  Custom: Settings... (OK) (next) (Finish)
Locate Driver from list or use have disk:
  Have Disk... (next)
Printer Name: Office Multifunction
Do yo want to use this printer as the default printer? No (next)
Share name: OfficeMulti (next)
Location: Randolph Workroom
Comment: 
  (next)
Do you want to print a test page? Yes or No (next)
  (Finish)

2316611

 
Disable sending e-mail direct from the product.
(selected) Enable sending e-mail direct from the product.
SMTP Gateway Settings
 SMTP Gateway 	 198.82.183.88
 SMTP Port 	(0-65535)  25
 
Default E-mail Settings
 
 'From:' E-mail Address: 	 multifunction@aoe.vt.edu
 'From:' Display Name: 	 AOEmultifunction
 Default Subject: 	 Sent from CM2320nf MFP
(not selected) Allow user to enter a subject with every e-mail.
(not selected) Allow user to enter a "Reply To:" with every e-mail.

	1 	Chris Hall 	cdhall@vt.edu
	2 	Rachel 	rahall@vt.edu
	3 	Durner 	cdurner@vt.edu
	4 	Jon 	joncouch@vt.edu

128.173.189.6 dhcp from pluto
mooney12!

To use a printer from a Linux machine that is shared from a Windows machine, first, install the Unix Print drivers on the Windows box. Then connect to the printer using LPD in a similar way to on Macs.

Worked automatically to alexandria for the first time since February with the 2003R2 on Neptune. The factors is that neptune is master and reload_yp was run with just neptune's server fir nis running.

http://blog.scottlowe.org/2007/01/15/linux-ad-integration-version-4/

auto.master and auto.home

These files were not being propogated to alexandria. Fixed by removing from AD and re-migrating. (See note below)

On Alexandria save the files:

ypcat -k auto.home

misc -rw alexandria.aoe.vt.edu:/export/misc
grad -rw alexandria.aoe.vt.edu:/export/grad
softvault -rw athena.aoe.vt.edu:/export/softvault
design -rw alexandria.aoe.vt.edu:/export/design
lab7 -rw athena.aoe.vt.edu:/export/lab7
facultystaff -rw alexandria.aoe.vt.edu:/export/facultystaff
caplab -rw athena.aoe.vt.edu:/export/caplab
sysadmin -rw alexandria.aoe.vt.edu:/export/sysadmin
sssl -rw alexandria.aoe.vt.edu:/export/sssl
undergrad -rw alexandria.aoe.vt.edu:/export/undergrad
diskhogs -rw athena.aoe.vt.edu:/export/diskhogs
structures -rw alexandria.aoe.vt.edu:/export/structures
grad2 -rw alexandria.aoe.vt.edu:/export/grad2

ypcat -k auto.master

/home auto.home -nosuid,intr,tcp

Remove from

Adsi Edit
  Domain [neptune.aoe.vt.edu]
    DC=aoe,DC=vt,DC=edu
      CN=defaultMigrationContainer30
        CN=aoe
Delete-->   CN=auto.home
Delete-->   CN=auto.master
      CN=System
        CN=RpcServices
          CN=ypServ30
Delete-->     CN=auto.home
Delete-->     CN=auto.master

These keys found by doing an Advanced custom search in Active Directory Users and Computers for

container nam starts with auto (turn on View, Advanced features)

Then, add them back by migrating the files from alexandria. Move the files from alexandria to neptune and put in C:\Temp

nismap create -i 1 -g " " -y auto.master  (This creates the key in system/RpcServices/ypServ30)
nis2ad -y aoe -a aoe -d C:\Temp -s localhost -r no -m auto.master (This creates the key in defaultMigrationContainer30/aoe)
nismap create -i 1 -g " " -y auto.master
nis2ad -y aoe -a aoe -d C:\Temp -s localhost -r no -m auto.master

The files should show up in C:\WINDOWS\idmu\nis\MapCache\aoe

During an update to the table, I discovered that there are several keys that need to be modified to get the entry into the file in C:\WINDOWS\idmu\nis\MapCache\aoe when adding an entry.

From adsiedit, after New, Object, nisobject: Change (or verify the following keys)

cn caplabhomes
distinguishedName CN=caplabhomes,CN=auto.home,CN=aoe,CN=defaultMigrationContainer30,DC=aoe,DC=vt,DC=edu
msSFU30Name caplabhomes(This was missing after the new nisobject was added.)
msSFU30NisDomain aoe (This was missing after the new nisobject was added.)
name caplabhomes
nisMapEntry -rw athena.aoe.vt.edu:/export/caplabhomes
nisMapName auto.home

to add groups to the automounter:

nismap add -a aoe -e "newvolume -rw athena:/export/newvolume" auto.home
nisadmin syncall

Refer to the DFS section for the client:

http://support.microsoft.com/kb/887303

(Dr Neu's loaner laptop issue.)

ad-auto-home.bmp

export-assignment.bmp

services-for-unix.bmp

http://technet.microsoft.com/en-us/library/dd379511%28WS.10%29.aspx

• Log on to the infrastructure master as a member of the Domain Admins group.

• Copy the contents of the \support\adprep folder (note the new location) from the installation DVD to the infrastructure master role holder.

• Open a Command Prompt window, navigate to the Adprep folder, and run adprep /domainprep /gpprep.

• Allow the operation to complete and the changes to replicate.

Installing IDMU: http://technet.microsoft.com/en-us/library/cc731178.aspx

Rename pluto

netdom computername CurrentComputerName /add:NewComputerName
netdom computername CurrentComputerName /makeprimary:NewComputerName

reboot

netdom computername NewComputerName /remove:OldComputerName

Added 2001:468:c80:610c::/64 to most all of the ipSec rules

• 3268 GC LDAP
• 3269 GC LDAPssl
• 515 http ?
• 443 https
• 1027 IIS
• 88 Kerb
• 749 kerb-admin
• 389 ldap
• 636 ldapssl
• 445 Microsoft-ds
• 3372 msdtc
• 135 msrpc
• 539 msrpc High
• 138 netbios dgm
• 137 netbios-ns
• 139 netbios-ssn
• 136 profiler

These not modified

• 111 Sum RPC Bind
• 5000-5020 Individual Sun RPC
• 23 telnet

http://technet.microsoft.com/en-us/library/cc754714%28WS.10%29.aspx#BKMK_Proc1

#

auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable
#

Restart the Windows Firewall service by typing the following commands, ending each by pressing ENTER:

net stop MPSSVC

net start MPSSVC

When you are ready to disable event logging, run the same command as in step 3, but use /success:disable /failure:disable at the end of the command. Then restart the service by performing step 4 again.

http://support.microsoft.com/kb/971900

Use ADSIedit to modify the GECOS attribute to have (or not have) “NIS Server” in the field.

What that means is to open ADSIEdit and find the entry for the computer. If it is a DC, the it will be in the “Domain Controllers” container. If it is a DC that has been removed as a domain controller, then it will likely be in the “Computers” container. Right click on the computer, for example CN=pluto-2k3 (which was retired as a DC) and scroll down to gecos and unset the entry. For the 2008 DC's, right click on CN=PLUTO, not CN=NTFRS Subscriptions. Then find gecos and change to “NIS Server”

http://blogs.technet.com/b/sfu/archive/2010/01/30/i-cannot-see-unix-attribute-tab-even-after-installing-idmu.aspx

Don't use the gui on 2003 to export (or backup) the database to move to 2008. Instead, use netsh dhcp ….

http://support.microsoft.com/kb/962355

http://technet.microsoft.com/en-us/library/cc754714%28WS.10%29.aspx#BKMK_Proc1

auditpol.exe /set /SubCategory:"MPSSVC rule-level Policy Change","Filtering Platform policy change","IPsec Main Mode","IPsec Quick Mode","IPsec Extended Mode","IPsec Driver","Other System Events","Filtering Platform Packet Drop","Filtering Platform Connection" /success:enable /failure:enable

http://technet.microsoft.com/en-us/library/ee126140(WS.10).aspx

1 Backup Database and Private Key

certutil.exe -backupdb <some-empty-directory>
certutil.exe -backupkey <above-directory>

2 Stop CA server

net stop certsvc

3 Backup CS Registry

reg export HKLM\SYSTEM\CurrentControlSet\Services\CertSvc\Configuration <output file.reg>

4 Backup CAPolicy.inf if used.

5 Remove CA role

Add/Remove Windows Components

6 rename neptune to neptune-2k3

netdom computername neptune-2k3.aoe.vt.edu /remove neptune.aoe.vt.edu

7 enumerate names

netdom computername neptune-2k3.aoe.vt.edu /enumerate:AllNames

8 make sure neptune is not listed before renaming new machine to neptune.

9 Re-assign ip address 128.173.188.40

1 rename

netdom renamecomputer <computer name> /newname:<new computer name>

restart

2 re-asign ip address 128.173.188.26

restart

3 import the CA certificate

To import the CA certificate

1. Start the Certificates snap-in for the local computer account.
2. In the console tree, double-click Certificates (Local Computer), and click Personal.
3. On the Action menu, click All Tasks, and then click Import to open the Certificate Import Wizard. Click Next.
4. Locate the <CAName>.p12 file created by the CA certificate and private key backup on the source CA, and click Open.
5. Type the password, and click OK.
6. Click Place all certificates in the following store.
7. Verify Personal is displayed in Certificate store. If it is not, click Browse, click Personal, and click OK.

4 Add CA role using Server Manager

On the Select Server Roles page, select the Active Directory Certificate Services

On the Role Services page, click the Certification Authority check box, and click Next.

On the Specify Setup Type page, specify either Enterprise or Standalone, to match the source CA, and click Next.

On the Specify CA Type page, specify either Root CA or Subordinate CA, to match the source CA, and click Next.

On the Set Up Private Key page, select Use existing private key and Select a certificate and use its associated private key.

In the Certificates list, click the imported CA certificate, and then click Next.

On the Configure Certificate Database page, specify the locations for the CA database and log files.

On the Confirm Installation Selections page, review the messages, and then click Install.

certutil.exe -f -restoredb <CA Database Backup Directory>

Before importing the registry settings from the source CA to the target CA, create a backup of the default target CA registry configuration by using the procedure Exporting Registry Configuration. Be sure to perform these steps on the target CA and to name the registry file a name such as “DefaultRegCfgBackup.reg” to avoid confusion.

net stop certsvc and press ENTER.
reg import <Registry Settings Backup.reg>

http://technet.microsoft.com/en-us/library/cc816644%28WS.10%29.aspx