I know this has been done to death, but as this is my Blog, and the original idea for it was for me to put all the odds and sods of knowledge in one location so I did not have to remember every little command, I am doing it again.
Hyper-V on Server 2008 and 2008 R2 has a known issue with time slipping slipping slipping into the future (sorry Steve Miller Band moment there) when using a Hyper-V based Primary Domain Controller (PDC). The first part of this is an east step, you turn OFF “Time Synchronisation” for the PDC, or whichever server takes care of your time syncing on the network (although I do it for all servers) on the Hyper-V host, this is done by selecting the Virtual Machine in the Hyper Visor, opening its properties, selecting integration services and unchecking “Time Synchronisation” as shown in the image below
Secondly to that, on the PDC you should set a known reliable time source, I normally select one from http://pool.ntp.org.
To add this sever and set it to your PDC time server open an Administrative Command Prompt and enter the following commands
net stop w32time
w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update
net start w32time
Where PEERS is the selected time server or time server pool.
This should update itself instantly, and keep itself updated
After the rebuild of a AD Domain Controller I was wondering why I could not longer get response from WPAD, when it hit me like a ton of bricks….. Global DNS Blacklist, this is a “feature” in some Microsoft products, and in this case specifically Server 2008 R2 that blocks the query of specific DNS names (isatap and wpad by default, although you can add and remove names to the list), apparently for security so that the address cannot be used to gain unauthorized access to the system through spoofing, all well and good, and I am all for added security but a number of browsers require it for automatic proxy detection, hence we have to disable it.
Thankfully that is easy enough through an ADMINISTRATIVE command prompt using the following commands
If you want to check that the DNS blocklist is enabeld, type; dnscmd /info /enableglobalqueryblocklist if it displays 1, its enabled, if 0 its disabled nice and simple, but wait what if you want to see the contents of the blocklist, again simple through an administrative command prompt (lets assume from now on in this article that all command prompts are administrative shall we) simply type; dnscmd /info /globalqueryblocklist this will make the blocklist print out onto your screen
Now how to disable it, easy simply input the following commands
dnscmd /config /globalqueryblocklist (Optional, this clears the blocklist that way if something happens and it is re-activated it is empty)
dnscmd /config /enableglobalqueryblocklist 0
The second command there is the one that does the actual disabling, conversely if you want to enable it you should type dnscmd /config /enableglobalqueryblocklist 1. As an asside, if you want to ADD an item to the blocklist this is done by typing the following:dnscmd /config /globalqueryblocklist name where name is the item you want to add to the blocklist.
Also dont forget to ensure that the mimetype for the file is defined as “application/x-ns-proxy-autoconfig”
After a WSUS Rebuild, I started noticing that Machines, although associating with WSUS were showing up that they had not yet reported to the server, upon investigating this it was discovered that the clients were erroring and displaying error code 800B0001. The machine in question hosting WSUS is a 64 Bit Server 2008 R2 machine, with these details in hand I go off looking for a solution.