An authentication error has occurred the local security authority cannot be contacted

Recently we setup a new Terminal server Windows Server 2012 R2 for a client, as a practice we always provide temporary passwords to user and when they login for the first time it prompts them to reset the password. Everything went well from Terminal server configuration to Licensing. However when the users started to login they got a strange error “An authentication error has occurred””The local security authority cannot be contacted” We were troubleshooting the error and realised that if we clear ” Reset pwd at Next login” from users property in Active Directory Users and computers, basically to not force them to reset the password then they are able to login just fine. So we did implement that as a temporary solution but for sure kept looking for the real reason. After some research I figured that Windows 2012 has another level of protection enabled by default when we enable remote desktop, which is Network Level Authentication (NLA). Few words about  Network Level Authentication Network Level Authentication is an authentication method that can be used to enhance RD Session Host server security by requiring that the user be authenticated to the RD Session Host server before a session is created. Network Level Authentication completes user authentication before you establish a remote desktop connection and the logon screen appears. This is a more secure authentication method that can help protect the remote computer from malicious users and malicious software.  Network Level Authentication (NLA) Requirement The client computer must be using an operating system, such as Windows 7, Windows Vista, or Windows XP with Service Pack 3, that supports the Credential Security Support Provider (CredSSP) protocol. More About NLA Here...

Setup Office 365 Email on Outlook 2010/2013

Setup Office 365 Email on Outlook 2010/2013 This Article provides the step by step instruction to Setup Office 365 Email on Outlook 2010/2013. If you are using Outlook for the first time on this PC, Launch Outlook and go to step: 5, else Launch Control Panel. (Start – Control Panel) Under Control Panel: In category view: Click on User Accounts and Family Safety, then double click on Mail In Icon view: Double click on Mail Icon. Click on Show Profiles… button   Click Add button, Type a name for your new email profile, and click on OK   Now, you may have a pre-filled form with your email address or may be asked to fill-in your Name, Email Address, and your Email Password. Enter all the details as provided by your Administrator, and click on Next.   Imp: If you are using Outlook 2013, continue with step 7, else simply click on Finish. Once the check is complete and you are ready to finish, check the box for Change Account Settings, and click on Next.   On this screen, ensure that you move the slider to the extreme right. This will ensure that Outlook will download all the emails from the server. Also ensure that the checkbox “Use Cached Exchange Mode” is also checked. Click on Finish.   Now, you’ll be back to the Mail window. Change the default Profile “Always use this Profile” to the one you have just created, and click on Apply, and then OK.     Launch Outlook. (If already open, close and launch it again). You may be prompted for username and password again. Enter your complete...

Unable to install Windows Update

Issue: Unable to install Windows Update. Environment: Windows 7 x64 Resolution: Windows Update can fail due to multiple reason. In this particular scenario, we noticed that the core services required to run Windows Update were missing. The missing services were BITS & Windows updates. Both the services are required to run the updates. Without these services, you’ll be Unable to install Windows Update. Note: Please backup the Registry before you make any changes. To know more on how to back up the registry, click here. Steps to fix the Windows Update problem: Once you have validated that the two services are missing. Download the following registry keys: BITS Registry Key Windows Updates Registry Key Reboot the PC. Now, you should be able to check for the windows updates successfully and install them. ————————————————————————————————————————— For your reference, I’ve provided an abstract for these services from Wikipedia. For further information about the service, kindly continue to the Wikipedia link shared below. Background Intelligent Transfer Service (BITS): Background Intelligent Transfer Service (BITS) is a component of Microsoft WindowsXP and later operating systems that facilitates prioritized, throttled, and asynchronous transfer of files between machines using idle network bandwidth. It is most commonly used by recent versions of Windows Update, Microsoft Update, Windows Server Update Services, and Systems Management Server to deliver software updates to clients, Microsoft‘s anti-virus scanner Microsoft Security Essentials (later merged to and renamed to Windows Defender) to fetch signature updates, and is also used by Microsoft’s instant messaging products to transfer files. BITS is exposed through Component Object Model (COM), making it possible to use with virtually any programming language....

Mapping Network Drive via Group Policy Preferences

Objective: Mapping Network Drive via Group Policy Preferences – Troubleshooting Problem: We ran into a strange issue today, We had approx. 10 drives mapped using Group Policy preferences out of them on some of the users only 5-6 drives were getting mapped and not the other.  In addition to that we were seeing some drives with the same drive letter as our’s mapped drives but they were going to some different locations. In this article, we are primarily going to explain what we did to fix the issue but also going to describe trouble shooting GPP  Our Environment It consisted of 2 windows 2008 R2 DC’s and multiple windows 7 clients and a windows 2008R 2 Terminal server. Troubleshooting: Logged in with use on TS as well as his how PC, same network drive got mapped everywhere but  the drive we wanted was missing Validated the AD replication is working good between DC’s Validated File replication between domain controllers is fine Took RSOP on the PC as well as TS, found the policy for map drive is being applied successfully. Under RSOP , I could see the settings for GPP, so decided to enable userenv log (from XP) called as Gpsvc.log in Windows 7 using the following procedure Logon to the Windows 7 Computer as local administrator Save the below few lines as .reg file and execute it on the Windows 7 computer. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Diagnostics] “GPSvcDebugLevel”=dword:00030002 PS: You will need to create Diagnostics key, if not there by default. For more details step-by-step instructions, click here. Now time to restart your Windows 7 PC to make changes come into...