DFS / Remote Registry Service disabled

-

hello,

have 2 fileserver (windows 2012 r2) running in microsoft failover cluster.
on both dfs installed.

have following problem on 1 of these maschines.  
after reboot dfs service did not start, because depends on remote registry service.

have set startup typ of remote registry service automatic , started service.
after reboot startup type of remote registry service change disabled,
prevents start of dfs service.

can again , again, after reboot remote registry service disabled.

have idea disabling remote registry service ?

kind regards
matthias

after solid week of troubleshooting microsoft support on severity case regarding disabling startup of remote registry service, believe have culprit. upon enabling registry auditing on several servers on key "\registry\machine\system\controlset001\services\remoteregistry", contains settings remote registry service, found this:

a registry value modified.

subject:
    security id:        system
    account name:        server name$
    account domain:        salem
    logon id:        0x3e7

object:
    object name:        \registry\machine\system\controlset001\services\remoteregistry
    object value name:    start
    handle id:        0x46c
    operation type:        existing registry value modified

process information:
    process id:        0x1b50
    process name:        c:\program files (x86)\trend micro\officescan client\tsc64.exe

change information:
    old value type:        reg_dword
    old value:        2
    new value type:        reg_dword
    new value:        4

trend office scan changing service disabled!

i had call trend support today , explained situation. confirmed damage cleanup process changing service disabled because it’s default setting way , remote registry poses security risk having enabled. advised tech service needed enabled allow dfs namespace service run. pointed me c:\program files (x86)\trend micro\officescan\pccsrv\admin\tsc.ini on office scan server , had me change remoteregistry = 1 remoteregistry = 0 . tell damage cleanup engine not touch service. once saved file, saw trend pop message on various servers stating settings being updated.



Windows Server  >  Server Core



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more