Log back into your VM and launch “Group Policy Manager” and enable “Allow users to connect remotely by using Remote Desktop Services” as a policy for all computers in this network (Provide Screenshot).
Question: What kind of screenshot should be provided? Is it Group Policy Manager screenshot?
I am looking for a screenshot showing the “Allow users to connect remotely by using Remote Desktop Services” property and that you have allowed all Domain Users to connect to Remote Desktop Services via the Default Policy on the Domain controller.
Anybody figure out the trick for step 7? As Pat predicted, I am hung up trying to figure out where this setting is – and my google searches aren’t really helping. Thanks.
Step 7 is the trickiest part of the assignment.. Basically, you will will be editing the group policy for anyone on your domain, so the setting must be made in the Default Domain Policy under the forest you already created.
The steps are not the most intuitive since it is an advanced operation, but I was able to find the following via google search that may point you in the right direction:
Pat – thanks for the article, and I had spoken with Mel, too, who I think pointed me in the right direction (you can judge that by the rest of this comment).
Wenlin: try this – in the windows search, type in “edit policy” and one of the results should be “Local Group Policy Editor.” From there, under COMPUTER CONFIGURATION, click ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > REMOTE DESKTOP SERVICES > REMOTE DESKTOP SESSION HOST > CONNECTIONS.
You should be able to click the “Edit Policy Settings,” and then the second one down is the one we think we need for this challenge. Hope that helps – and thanks to Mel Miro, too.
You are definitely on the right track. However, we want to apply this setting to our Default Domain Policy, not just to this server itself. There is a difference between “Local Security Policy” and “Group Policy”.
I plan on covering this tonight in class, so everyone can be clear on how to apply group policies.
HELPPPPP…………………….I’m on the verge of finishing my Tech 3 challenge and when creating the last VM I can’t even create the last one because Azure is stating, ” This subscription is at capacity for Total Regional Cores on this location. This subscriptions is using all 10 Total Regional Cores available”.
That error message means that you have gone over you subscription allowance. My guess is you selected the incorrect Virtual Machine type. If you select VM’s with too many resources (i.e. cpu, ram, storage) you will quickly exceed your student license. Be sure to select the proper VM size (i.e. Basic A2, Basic A1 etc…) as indicated in each assignment.
In addition, if your stop the VM the resources will be added back into your account if you are hitting the limit. Resources are only used from VM’s actively running.
I seemed to hit a snag on Challenge 3 – Step 8. I am unable to run the NSLOOKUP effectively. It states that the DNS server times out after 2 seconds and won’t show any results. I tried turning off the firewall on the DC-1 VM and that seemed to remove the timing out temporarily, however, it still says server is unknown. Another note, is that when I go to ipconfig/all my DNS server is not listed as 10.0.0.10 or the backup address at 255.255.255.0. Have any of you guys come across this problem.
So I was able to solve this problem. I was thrown of by not understanding what NSLOOKUP is suppose to do. The purpose of this command is to identify the IP address of computer by entering in the name computer. Therefore by doing NSLOOKUP *computername*, it shows the computer’s IP address.
Good job working through this Paul. Yes, nslookup can be given various parameters such as the computer name to show the full domain name for the computer.
In terms of the DNS server not showing up in your ipconfig be sure you set the DNS properly from the portal. The DNS should be assigned to the ip address of your Domain Controller for each computer in your domain.
“Active Directory Domain Services Configuration Wizard” need select the deployment operation, which one should I choose? (1) Add a domain controller to an existing domain; (2) Add a new domain to an existing forest; (3) Add a new forest. What’s more, the specify the domain information for this operation should enter tuf123456.local? is it right?
Anyone else having trouble with Tech Challenge No. 4 – the second step? I build the RAID drive, titled it E on the FS1 Server, however, it has been formatting for almost 24 hours is only at 12% – any suggestions? I googled it, and saw some people saying it takes about 30 hours to complete. but I am way past that at the current rate this is moving.
I typically choose “Quick Format” when adding disks just to speed things up. Formatting large drives can take a long time otherwise. However, it seems like something may have gone wrong in your config. I would suggest you delete the disks and add them again.
Pat: I will try that. Just to be clear, I added all four drives at once when creating the potential RAID drive, not one at a time – does that make the difference? Thanks,
I was trying to run the Secure Download Manager (SDM) on my PC to download the Windows Server 2012 R2, but the SDM showed that
“Assert Failure.
Expression: [mscorlib recursive resource lookup but]
Description: infinite recursion during resource lookup within mscorlib. This may be a bug in mscorlib, or potentially in certain extensibility points such as assembly resolve events or Cultureinfo names. Resource name: Arg_NullReferenceException”
How can I fix this, or can I directly download the Windows Server 2012 R2 Database without using the SDM? So appreciate if anyone can answer that.
Just to clarify: Are you completing these assignments in MS Azure? You should not need to use SDM to complete these specific assignments since the Windows OS is provided through Azure directly.
Since I was not able to download the “Windows Server 2012 R2 Database” to my PC, so I borrowed my friends’ Mac to finish the previews assignments. Do you mean the Tech Challenge 2, 3, and 4 can be solved directly through the Azure on the website and no need to download the windows server 2012 R2 right?
Fangzhou, for Tech Challenges 2,3 and 4 you will be using Azure to create the VM’s. Within Azure you select the Windows OS to use, so there is no need to download anything.
How the do this step Add “Domain Users” to the “Remote Desktop Users” group on TUA12345-WS1 in tech-challenge 3? where is the remote desktop users group?
I switched between a few computers in the MIS lab and some of them has this error while some don’t. The troublesome part is that my personal computers have this error which makes it difficult to do work on my own computer.
Good find. Basically, that error means for any number of reasons your PC cannot connect to the remote server (VM). This could mean 1) You PC is not connected to the internet 2) Your connection is being blocked by a firewall either on your side or the VM’s side 3) The VM is shutdown/crashed/not connected to the internet.
I need help. I am unable to log into my ws1 and ws2 VM. I receive this error whenever I try to log into those 2 VM.
“To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you’re in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.”
I wasn’t sure which IP address from DC1 to use for the DNS server IP address (public or private). I tried both and received the same error.
In the Allow log on through Remote Desktop Services policy in group policy of DC1, I have Remote Desktop User and Domain Users added as instructed by the link below but still the same error.
This error basically means that your Domain Controller has implemented a policy on all nodes connected to the domain that only domain users can login to the server via remote desktop.
Remember in class when we talked about logging into a server with the following:
tud34834-ws1\tud34834 (Logs directly into the local server – not via the domain)
and
tud34834.local\tud34834 (Logs into the server utilizing the domain).
When you configure who can/cannot login via remote desktop in the domain controller you must be sure to allow all domain users, otherwise it is possible to lock yourself out of some servers.
I created VM for challenge 1 and it worked fine up to last time I signed in to my Azure account 2 days ago. However, when I log back in today VM is not being listed in the portal and it appears to be gone…..
I did some research online, there are two common reasons why VMs are deleted.
1.VM is created under a trial subscription and the trial quotas are reached
2. User performed capture operation on a VM
I don’t think any of this reason apply to my my case, I was wondering if there is possible way to get the VM back, or the only option is to create a new VM??
I just read the email professor sent out earlier today.. I think my subscription limit might be over the allowance.
When I try to repeat challenge one, it asks me to get an Azure subscription.
Please be sure to shut down all of your VM’s to ensure you free up your resources and be sure to login under the account you originally used to setup Azure.
So I was able to identify what was wrong with the script and went ahead and uploaded the next script into the group policy. However, when I went to log in as a user I still wasn’t able to access the drives. What I was able to identify was that if I copied the script into the command prompt, the script successfully mapped the drives and I was able to access them. Therefore, I believe I incorrectly inputted the script within group policy. Would anyone be able to described how they inputted the script into the group policy?
Make sure when you entered in the script into the logon script on group policy that you browse the script instead of manually pasting in the one on the tech 4 word doc. Also, I discovered when disabling the user configure logon script that you must type 0 as well so that it fully disables the logon scrip and connects the drives properly. I hope that helps 🙂
I found that when disabling the user configure login script that you must actually type 0 within the comment text for it to fully work. I know it was listed in the tech challenge however, for some reason I just disabled it the first round without typing the 0, so once I finally checked my work, I noticed I missed that step and it actually showed the share drive. I knew my script was correct because I typed it into the command prompt just wasn’t sure why it wasn’t showing up and the little 0 caused it to be visible,
How were you able to browse to the script location? Based on the Save As location on the notepad, it is under Network>Tufxxxxx>netlogon. However, I don’t have the folder Tufxxxxx in my Network folder. The only one I see there is tsclient.
Good job working through these issues. Be sure to document your steps as I use this to give credit even if you don’t get it all working.
In terms of mapping the script, ensure that you browse to the script when assigning it to the local policy, and that the script is saved somewhere accessible by all users/computers in the domain.
I need some help with Tech Challenge 4. I already shared the specific folders to all the required groups but I am unable to see the shared folders when I log into the other user accounts. I think I may have done the sharing folder process wrongly. Could anyone verify if how I shared my folders correct? if not, could anyone direct me to the right way of sharing folders.
What I did:
1. Open Computer Management.
2. Clicked System Tools > Shared Folders > Shares.
3. Right click Shares> New Share
4. In the wizard, I select the specific folder, then I select customize permissions, entered the specific group and finish.
Hi Yang, that process seems ok to me. If you enter \\FileShareServerName into windows explorer it will bring up all shares on that server that the user has access to (You will need to enter your actual server name above).
I am still unable to see the shared folders on the other user accounts. I suspect that I may have the scripts wrong, Other classmates who got the script right are able to have the script work on the command prompt. However, when I use my script on the command prompt, I received this error:
‘-‘ is not recognized as the internal or external command, operable program or batch file.
I have already fixed the “Pa” from the code. Is there any other line that needs to be fixed in that script besides that?
I figured it out, I wasn’t pasting the script on command prompt properly. I was using Ctrl+V instead of right-click + paste.
I am now facing an issue where after pasting the script in command prompt, I can see the Company Shared file but the the specific department file while I’m logging in as the department user.
The error that shows under the specific script line is:
System error 53 has occurred.
The network path was not found.
I suspect that I may not have shared the file properly so I’m going to try re-sharing the file. But it’s odd that it worked for “Company Shared” and not the others because the method I used to share all the folders were the same.
Wenlin Zhou says
Log back into your VM and launch “Group Policy Manager” and enable “Allow users to connect remotely by using Remote Desktop Services” as a policy for all computers in this network (Provide Screenshot).
Question: What kind of screenshot should be provided? Is it Group Policy Manager screenshot?
Patrick J. Wasson says
Hi Wenlin,
I am looking for a screenshot showing the “Allow users to connect remotely by using Remote Desktop Services” property and that you have allowed all Domain Users to connect to Remote Desktop Services via the Default Policy on the Domain controller.
Hope this helps!
Pat
David Eves says
Anybody figure out the trick for step 7? As Pat predicted, I am hung up trying to figure out where this setting is – and my google searches aren’t really helping. Thanks.
Wenlin Zhou says
I agree with you. I searched google, and the results did not help me solve this step 7.
Patrick J. Wasson says
Step 7 is the trickiest part of the assignment.. Basically, you will will be editing the group policy for anyone on your domain, so the setting must be made in the Default Domain Policy under the forest you already created.
The steps are not the most intuitive since it is an advanced operation, but I was able to find the following via google search that may point you in the right direction:
https://technet.microsoft.com/en-us/library/dn135243(v=ws.10).aspx
Hope this helps!
Pat
David Eves says
Pat – thanks for the article, and I had spoken with Mel, too, who I think pointed me in the right direction (you can judge that by the rest of this comment).
Wenlin: try this – in the windows search, type in “edit policy” and one of the results should be “Local Group Policy Editor.” From there, under COMPUTER CONFIGURATION, click ADMINISTRATIVE TEMPLATES > WINDOWS COMPONENTS > REMOTE DESKTOP SERVICES > REMOTE DESKTOP SESSION HOST > CONNECTIONS.
You should be able to click the “Edit Policy Settings,” and then the second one down is the one we think we need for this challenge. Hope that helps – and thanks to Mel Miro, too.
Patrick J. Wasson says
Hi David,
You are definitely on the right track. However, we want to apply this setting to our Default Domain Policy, not just to this server itself. There is a difference between “Local Security Policy” and “Group Policy”.
I plan on covering this tonight in class, so everyone can be clear on how to apply group policies.
Pat
Patrick J. Wasson says
Take a look at this link for the difference between configuring a stand alone server vs a server on a domain:
https://technet.microsoft.com/en-us/library/dn135243%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Magaly Perez says
HELPPPPP…………………….I’m on the verge of finishing my Tech 3 challenge and when creating the last VM I can’t even create the last one because Azure is stating, ” This subscription is at capacity for Total Regional Cores on this location. This subscriptions is using all 10 Total Regional Cores available”.
Magaly Perez says
I figured it out, just need to change the location setting from EAST US, to EAST US 2
Patrick J. Wasson says
Hi Magaly,
Good find on the workaround.
That error message means that you have gone over you subscription allowance. My guess is you selected the incorrect Virtual Machine type. If you select VM’s with too many resources (i.e. cpu, ram, storage) you will quickly exceed your student license. Be sure to select the proper VM size (i.e. Basic A2, Basic A1 etc…) as indicated in each assignment.
In addition, if your stop the VM the resources will be added back into your account if you are hitting the limit. Resources are only used from VM’s actively running.
Hope this helps!
Pat
Paul Linkchorst says
Hi Everyone,
I seemed to hit a snag on Challenge 3 – Step 8. I am unable to run the NSLOOKUP effectively. It states that the DNS server times out after 2 seconds and won’t show any results. I tried turning off the firewall on the DC-1 VM and that seemed to remove the timing out temporarily, however, it still says server is unknown. Another note, is that when I go to ipconfig/all my DNS server is not listed as 10.0.0.10 or the backup address at 255.255.255.0. Have any of you guys come across this problem.
Thanks,
Paul
Paul Linkchorst says
So I was able to solve this problem. I was thrown of by not understanding what NSLOOKUP is suppose to do. The purpose of this command is to identify the IP address of computer by entering in the name computer. Therefore by doing NSLOOKUP *computername*, it shows the computer’s IP address.
Patrick J. Wasson says
Good job working through this Paul. Yes, nslookup can be given various parameters such as the computer name to show the full domain name for the computer.
In terms of the DNS server not showing up in your ipconfig be sure you set the DNS properly from the portal. The DNS should be assigned to the ip address of your Domain Controller for each computer in your domain.
Pat
Wenlin Zhou says
“Active Directory Domain Services Configuration Wizard” need select the deployment operation, which one should I choose? (1) Add a domain controller to an existing domain; (2) Add a new domain to an existing forest; (3) Add a new forest. What’s more, the specify the domain information for this operation should enter tuf123456.local? is it right?
Wenlin Zhou says
I solved this issue, choose the third one.
Patrick J. Wasson says
Yes, you will be creating a new forest in your AD deployment,
David Eves says
Anyone else having trouble with Tech Challenge No. 4 – the second step? I build the RAID drive, titled it E on the FS1 Server, however, it has been formatting for almost 24 hours is only at 12% – any suggestions? I googled it, and saw some people saying it takes about 30 hours to complete. but I am way past that at the current rate this is moving.
Patrick J. Wasson says
Hi David,
I typically choose “Quick Format” when adding disks just to speed things up. Formatting large drives can take a long time otherwise. However, it seems like something may have gone wrong in your config. I would suggest you delete the disks and add them again.
Pat
David Eves says
Pat: I will try that. Just to be clear, I added all four drives at once when creating the potential RAID drive, not one at a time – does that make the difference? Thanks,
Patrick J. Wasson says
David, that should be fine. I wouldn’t think that would make a difference.
Fangzhou Hou says
I was trying to run the Secure Download Manager (SDM) on my PC to download the Windows Server 2012 R2, but the SDM showed that
“Assert Failure.
Expression: [mscorlib recursive resource lookup but]
Description: infinite recursion during resource lookup within mscorlib. This may be a bug in mscorlib, or potentially in certain extensibility points such as assembly resolve events or Cultureinfo names. Resource name: Arg_NullReferenceException”
How can I fix this, or can I directly download the Windows Server 2012 R2 Database without using the SDM? So appreciate if anyone can answer that.
Patrick J. Wasson says
Hi Fangzhou,
Just to clarify: Are you completing these assignments in MS Azure? You should not need to use SDM to complete these specific assignments since the Windows OS is provided through Azure directly.
Pat
Fangzhou Hou says
Hi Patrick,
Since I was not able to download the “Windows Server 2012 R2 Database” to my PC, so I borrowed my friends’ Mac to finish the previews assignments. Do you mean the Tech Challenge 2, 3, and 4 can be solved directly through the Azure on the website and no need to download the windows server 2012 R2 right?
Fangzhou Hou says
Thanks Patrick, I just figured it out, Windows OS can directly run the connection file,
Patrick J. Wasson says
Fangzhou, for Tech Challenges 2,3 and 4 you will be using Azure to create the VM’s. Within Azure you select the Windows OS to use, so there is no need to download anything.
Wenlin Zhou says
How the do this step Add “Domain Users” to the “Remote Desktop Users” group on TUA12345-WS1 in tech-challenge 3? where is the remote desktop users group?
Patrick J. Wasson says
Hi Wenlin,
Take a look in Admin Tools->Computer Mgt.
Pat
Yang Li Kang says
Does anyone have issues with opening up their VM? I occasionally get this error:
https://social.technet.microsoft.com/Forums/getfile/311035
I switched between a few computers in the MIS lab and some of them has this error while some don’t. The troublesome part is that my personal computers have this error which makes it difficult to do work on my own computer.
Yang Li Kang says
I am able to connect to my VM in my personal computer after disabling my firewall.
Patrick J. Wasson says
Hi Yang,
Good find. Basically, that error means for any number of reasons your PC cannot connect to the remote server (VM). This could mean 1) You PC is not connected to the internet 2) Your connection is being blocked by a firewall either on your side or the VM’s side 3) The VM is shutdown/crashed/not connected to the internet.
Good work troubleshooting.
Pat
Yang Li Kang says
I need help. I am unable to log into my ws1 and ws2 VM. I receive this error whenever I try to log into those 2 VM.
“To sign in remotely, you need the right to sign in through Remote Desktop Services. By default members of the Administrators group have this right. If the group you’re in does not have the right, or if the right has been removed from the Administrators group, you need to be granted the right manually.”
I wasn’t sure which IP address from DC1 to use for the DNS server IP address (public or private). I tried both and received the same error.
In the Allow log on through Remote Desktop Services policy in group policy of DC1, I have Remote Desktop User and Domain Users added as instructed by the link below but still the same error.
http://woshub.com/allow-non-administrators-rdp-access-to-domain-controller/
Patrick J. Wasson says
Hi Yang,
This error basically means that your Domain Controller has implemented a policy on all nodes connected to the domain that only domain users can login to the server via remote desktop.
Remember in class when we talked about logging into a server with the following:
tud34834-ws1\tud34834 (Logs directly into the local server – not via the domain)
and
tud34834.local\tud34834 (Logs into the server utilizing the domain).
When you configure who can/cannot login via remote desktop in the domain controller you must be sure to allow all domain users, otherwise it is possible to lock yourself out of some servers.
Pat
Wen Ting Lu says
I created VM for challenge 1 and it worked fine up to last time I signed in to my Azure account 2 days ago. However, when I log back in today VM is not being listed in the portal and it appears to be gone…..
I did some research online, there are two common reasons why VMs are deleted.
1.VM is created under a trial subscription and the trial quotas are reached
2. User performed capture operation on a VM
I don’t think any of this reason apply to my my case, I was wondering if there is possible way to get the VM back, or the only option is to create a new VM??
Source: https://blogs.msdn.microsoft.com/narahari/2012/10/17/windows-azure-virtual-machine-disappeared-or-gone-how-do-i-recover/
Wen Ting Lu says
I just read the email professor sent out earlier today.. I think my subscription limit might be over the allowance.
When I try to repeat challenge one, it asks me to get an Azure subscription.
Patrick J. Wasson says
Hi Wen Ting,
Please be sure to shut down all of your VM’s to ensure you free up your resources and be sure to login under the account you originally used to setup Azure.
Also, be sure you are connecting to: https://portal.azure.com
If you are still getting an error can you please send me a screenshot?
Thanks,
Pat
Paul Linkchorst says
Hey Everyone,
So I was able to identify what was wrong with the script and went ahead and uploaded the next script into the group policy. However, when I went to log in as a user I still wasn’t able to access the drives. What I was able to identify was that if I copied the script into the command prompt, the script successfully mapped the drives and I was able to access them. Therefore, I believe I incorrectly inputted the script within group policy. Would anyone be able to described how they inputted the script into the group policy?
Thanks,
Paul
Magaly Perez says
Hey Paul,
Make sure when you entered in the script into the logon script on group policy that you browse the script instead of manually pasting in the one on the tech 4 word doc. Also, I discovered when disabling the user configure logon script that you must type 0 as well so that it fully disables the logon scrip and connects the drives properly. I hope that helps 🙂
Patrick J. Wasson says
Thanks for the comment Magaly. Can you please elaborate a bit on what you found with “disabling the user configure logon script”?
Magaly Perez says
I found that when disabling the user configure login script that you must actually type 0 within the comment text for it to fully work. I know it was listed in the tech challenge however, for some reason I just disabled it the first round without typing the 0, so once I finally checked my work, I noticed I missed that step and it actually showed the share drive. I knew my script was correct because I typed it into the command prompt just wasn’t sure why it wasn’t showing up and the little 0 caused it to be visible,
Yang Li Kang says
How were you able to browse to the script location? Based on the Save As location on the notepad, it is under Network>Tufxxxxx>netlogon. However, I don’t have the folder Tufxxxxx in my Network folder. The only one I see there is tsclient.
Patrick J. Wasson says
Hi Yang,
If you enter \\TUFxxxxx\netlogon you should be able to access the folder…
Pat
Patrick J. Wasson says
Hi Paul,
Good job working through these issues. Be sure to document your steps as I use this to give credit even if you don’t get it all working.
In terms of mapping the script, ensure that you browse to the script when assigning it to the local policy, and that the script is saved somewhere accessible by all users/computers in the domain.
Keep at it!
Pat
Yang Li Kang says
I need some help with Tech Challenge 4. I already shared the specific folders to all the required groups but I am unable to see the shared folders when I log into the other user accounts. I think I may have done the sharing folder process wrongly. Could anyone verify if how I shared my folders correct? if not, could anyone direct me to the right way of sharing folders.
What I did:
1. Open Computer Management.
2. Clicked System Tools > Shared Folders > Shares.
3. Right click Shares> New Share
4. In the wizard, I select the specific folder, then I select customize permissions, entered the specific group and finish.
Patrick J. Wasson says
Hi Yang, that process seems ok to me. If you enter \\FileShareServerName into windows explorer it will bring up all shares on that server that the user has access to (You will need to enter your actual server name above).
Hope this helps!
Pat
Magaly Perez says
Hint to anyone struggling with Lab 4, please make sure to re-check the script Pat gave to us for errors ****** aka persistent lol
Patrick J. Wasson says
Good eye Magaly! I was hoping someone would discover this and inform the class!!
Yang Li Kang says
I am still unable to see the shared folders on the other user accounts. I suspect that I may have the scripts wrong, Other classmates who got the script right are able to have the script work on the command prompt. However, when I use my script on the command prompt, I received this error:
‘-‘ is not recognized as the internal or external command, operable program or batch file.
I have already fixed the “Pa” from the code. Is there any other line that needs to be fixed in that script besides that?
Patrick J. Wasson says
Hi Yang, can you send us a screenshot of your error?
Yang Li Kang says
I figured it out, I wasn’t pasting the script on command prompt properly. I was using Ctrl+V instead of right-click + paste.
I am now facing an issue where after pasting the script in command prompt, I can see the Company Shared file but the the specific department file while I’m logging in as the department user.
The error that shows under the specific script line is:
System error 53 has occurred.
The network path was not found.
I suspect that I may not have shared the file properly so I’m going to try re-sharing the file. But it’s odd that it worked for “Company Shared” and not the others because the method I used to share all the folders were the same.
Yang Li Kang says
but NOT the specific department folder*
Patrick J. Wasson says
That error likely means you did not properly share folder or the user that is trying access the folder does not have appropriate access.
Yang Li Kang says
It worked! Apparently, all I needed to do is the good ol’ restarting the PC.