Repadmin Error 1722

Description
You are doing daily check of Active Directory replication on your Admin's machine using repadmin /replsum command.
You saw there are error 1722 at the bottom of the result.
You have checked that all the necessary port for Active Directory are open. You also verify using PortQry tool.
You try to perform WMI query from Admin's machine to the suspected DC but failed.
You logon to the suspected DC and all incoming replication are ok.


Resolution
Run the WMI query and monitor the network. Most probably there are some RPC traffic being dropped somewhere in the network. On Windows 2008 and above, please check for traffic running on RPC dynamic port (49152 - 65535).

Red X or Cross on Network Connection Icon - Windows 2008 R2

Description:

You found there's a Red X or Cross on Network Connection Icon.
Found some services stopped and cannot be started with access denied error.

Resolutions:

Ø  Check and add the registry permissions on the following key: 

•Regarding the BFE service, we have given “NT Service\BFE” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control 

•Regarding the NLA service, we have given “NT Service\NLASvc” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NLASvc:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control

•Regarding the DPS service, we have given “NT Service\DPS” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control

Also it was necessary to give the same permissions to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\Config

• Regarding the Windows Firewall service, we have given “NT Service\mpssvc” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control

Also it was necessary to give the same permissions to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

•Regarding the DHCP Client service, we have given Local Service account full control permissions on:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP

•Regarding the Distributed Transaction Coordinator, we have given “NT Service\MSDTC” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control

Also it was necessary to add Network Service account with “read, write, read & execute”  permissions to the file C:\WINDOWS\system32\MSDtc\MSDTC.LOG

> All of the services can be started after adding the security permission. Restart the computer to make sure.

Note:
If the issue happens again ,you may want to check for the group policy, or local policy, or application that modified the security permission on those above registry.

Cannot start IPSEC service error. The system cannot find the file specified.

Description:
Suddenly you cannot logon to the domain from a server. You cannot ping it, even though the network card is connected to the network and functioning normally. You can ping to self from the server. No firewall blocks the connection. When looking through event viewer, you notice 2 errors were log; Event ID 7023 and Event ID 4292 (IPSec driver has entered Block mode). Both are related to IPSEC. You check the IPSEC services and found that you cannot start it. There’s “The system cannot find the file specified” error.

Resolution:
The problem occurs when there’s corrupted file in the policy store. The file may become corrupted if an interruption occurs when the policy being written to the disk. To solve it, please go to HKEY_LOKAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local. Delete this subkey (if exist). After that, rebuild the new local policies store. To do that, click Start > Run > type regsvr32 polstore.dll. Try starting the IPSEC services again. All issue should work well now.

How to disable Windows Scalable Networking Pack Components

Description
Scalable Networking Pack (SNP) is enabled by default as part of installing Windows Server 2003 Service Pack 2. SNP can be used, under specific circumstances, to improve network performance. Most environments, however, do not have SNP capable network adapters/drivers. This can result in unexpected network problem which is why it is recommended to disable SNP unless a server can benefit from it. For Domain Controller, it is recommended to disable this feature.

Resolution
To disable SNP, modify certain this registry values:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value: EnableTCPChimney
Value: EnableRSS
Value: EnableTCPA
Data: 0 or 1
Each component can be individually enabled or disabled. Set the value to "0" to disable it.

Exchange SMTP Internet Connector frequently down

Description:
You have Exchange 2003 Front-End server configure to route emails to third party appliance smart host. One day the Exchange Internet connector frequently converted to down state causing mail queue when sending to external address. No issue when the connector is configures to use DNS instead of smart host to dispatch email. You have check for possible Antivirus or SMTP Protocol issue using Winroute and Regtrace but everything looks ok.
On the Netmon trace result, you can see that Exchange didn’t receive ACK for certain packet from the smart host and it terminates the connection after some times.

Resolution:
Make sure that the network speed and duplex setting at the smart host is the same with the connection setting at core switch. Running manual setup might be required to eliminate the issue.