windows-server-2008-r2 interview questions

Top windows-server-2008-r2 frequently asked interview questions

Suppressing the "reason" for shutdown on Windows Server

How can I suppress giving a reason for shutdown on a Windows Server host?

Specifically, on 2008 R2, but all versions back to 2003 and up to 2012 would be appreciated.

Source: (StackOverflow)

View Shutdown Event Tracker logs under Windows Server 2008 R2

I'm trying to view the Shutdown Event Tracker logs in the Event Viewer, on windows server 2008 r8, but I can't find the messages that I supplied when previously restart the server.

Where in the Event Viewer can I see these logs?

Source: (StackOverflow)


What's the difference between Windows Server 2008, 2008 SP2 and 2008 R2?

What are the major differences between Windows Server 2008, 2008 SP2 and 2008 R2?

Are the code bases for these OSes different?

If I'm developing applications for any one of these three, should I be worried that it might not work on the other two?

Source: (StackOverflow)

Should I install Windows Management Framework 3.0?

I'm posting this as a BIG CAVEAT to everyone. I know it's not a standard Q&A, but I think this is something every Windows admin should know. There is a very real risk of falling into Big Troubles.

Microsoft has recently released Windows Management Framework 3.0 for Windows Server 2008 and Windows Server 2008 R2 systems, which includes some nice things native to Windows Server 2012 (like PowerShell 3.0) and lots of improvements to WMI, WinRM and other management technologies.

Windows Update is advertising it as an optional update.

Should I install it on my servers?

Update: Microsoft has removed the update from Windows Update after major compatibility issues with various products (including the ones being discussed here) have been reported by multiple users.

Source: (StackOverflow)

Process runs slower as a scheduled task than it does interactively

I have a scheduled task which is very CPU- and IO-intensive, and takes about four hours to run (building source code, if you're curious). The task is a Powershell script which spawns various sub-processes to do its work. When I run the same process interactively from a Powershell prompt, as the same user account, it runs in about two and a half hours. The task is running on Windows Server 2008 R2.

What I want to know is why it takes so much longer to run as a scheduled task - more than an hour longer. One thing I noticed is that the task scheduler runs at Below-Normal priority, so when my task starts, it inherits the same lowered priority. However, I've updated the script to set the Powershell process priority back to Normal, and it still takes just as long.

Anybody have an idea what could be different between the two scenarios? I've ruled out differences in processor and IO load - this task is the only thing the system is used for, so there's nothing else running that could be competing for resources.

Source: (StackOverflow)

How to enable TLS 1.1, 1.2 in IIS 7.5

We want to support web browsers utilizing TLS 1.1 and 1.2, which has been apparently implemented by Microsoft, but is turned off by default.

So I went searching on Google and discovered some pages everyone seems to be following:



However! It doesn't appear to be working for me. I have set both DWORD vaules for DisabledByDefault and Enabled for TLS 1.1 and 1.2. I can confirm my client is attempting to communicate with TLS 1.2, but the server only responds with 1.0. I've restarted IIS, but it didn't change the situation.

Microsoft points out: "WARNING: The DisabledByDefault value in the registry keys under the Protocols key does not take precedence over the grbitEnabledProtocols value that is defined in the SCHANNEL_CRED structure that contains the data for an Schannel credential."

Well, that's very vague to me. I can't find anywhere where SCHANNEL_CRED is defined or set, all I can determine that it's a structure defined in a Microsoft library. That's my only guess for why this isn't work, yet I can't find enough information on it to determine if it is the true problem.

Source: (StackOverflow)

Domain Controller thinks its on a Public Network

We have a Server 2008 R2 Primary Domain Controller that seems to have amnesia when it comes to working out what kind of network it is on. The (only) network connection is identified at startup as a 'Public Network'.

Yet, if I disable and then re-enable the connection, it happily figures out that it is actually part of a domain network.

Is this because AD Domain Services is not started when the network location is initially worked out?

This issue causes some headaches with Windows Firewall Rules (which I am more than aware can be solved in other ways) so I am mostly just curious to see if anyone knows why this happens.

Source: (StackOverflow)

What are the implications of enabling the Recycle Bin feature in Active Directory?

An admin accidentally deleted the wrong OU and it removed several account and computer objects. The recycle bin optional feature was not enabled. We used adrestore from sysinternals to get the accounts back.

To ensure this process is easier the next time we wanted to enable the Recycle Bin optional feature which is easily done as per guides and TechNet using Enable-ADOptionalFeature via PowerShell.

In both PowerShell and the above link the following is mentioned.

In this release of Windows Server 2008 R2, the process of enabling Active Directory Recycle Bin is irreversible. After you enable Active Directory Recycle Bin in your environment, it cannot be disabled.

In theory I would always want to leave it enabled but I have hesitated until I understand the implication of what is about to happen. I have a single domain forest if it matters.

What is the implication of enabled this feature? This must relate to why it is not enabled by default.

Source: (StackOverflow)

Phones on some switches cannot complete DHCP process


I have a Windows DHCP server (Server 2008 R2) handing out addresses for several scopes. One of those scopes is for some Mitel IP Phones. The phones are configured to use dhcp option 125 to get configuration information. When a phone starts up, it doesn't know what vlan to use, and so it just gets the default (untagged) vlan of whatever port it's connected to. The dhcp server gives it a response that includes option 125 information, and the phone is able to read what vlan it should use from this response. The phone then releases its original address and requests a new dhcp lease using the correct vlan tag. The phones also usually have computers connected to a pass-through port. The packets from the computers are never tagged, and so the PCs will stay on the original (untagged) vlan for the port. This has worked for us for years.

Problem and Symptoms

Somewhere in the last several weeks, something changed, and I'm not sure what. The phones will continue to work as long as they do not restart, meaning dhcp renew requests must be processed correctly. Phones connected to certain switches can even a survive a restart. Phones connected to other switches, however, will fail to complete the process when they reboot. All of our phones are using PoE that is backed up by a UPS, so it's been a long time since any have restarted. This means I have no idea when the problem first appeared. What I do know is that one phone failed when it restarted yesterday, and in troubleshooting it today we reset that switch closet. Now none of the phones on that switch are working (thankfully it's still a small number). I also know that things were working near the end of the January, when we moved a phone for an injured user to a temporary workspace on the ground floor.

As I watch a phone boot up, I can see it successfully get the first address. It then successfully reads the option 125 information, sets the correct vlan tag, and releases the original IP lease. It is even able to receive and accept an offer on the correct vlan from the server. However, that's where things stop. The phone has a message on the screen that says, "DHCP: Offer 2 ACC", but the Windows DHCP server has not recorded the lease and the phone never moves on. I can only guess that the DHCP REQUEST packet never reaches the Windows server, and so the phone is waiting for the final ACK from Windows that it's okay to continue.


I was finally able to get a phone working again. To do it, I had to first disconnect the computer. Then I set the phone's switch port to be untagged on the phone vlan, with no membership on the PC vlan. The phone will now reboot correctly. At this point, I can put the switch port configuration back where it should be, and as long as no one tries to call that number as I'm resetting the port, the phone never misses a beat. Then I can reconnect the computer. Obviously, that's not an ideal process, though since phones reboot so rarely I will be able to use it to get people working again until I can find the root cause. Offices are closed now for the week, and so this issue will actually be allowed to sit over the weekend (I don't have keys for individual offices where the phones are).

This phone I fixed is the service phone in the server room, connected directly to our core switch. It is possible the problem is an issue with routing or processing tags on the core switch, such that the workaround will not be effective on the remote offices where packets are first passed through (tagged by) other switches, but I'll be very surprised if that happens, given that I know it must be processing dhcp renewals and actual phone conversations correctly.

A twist is that leaving the port tagged on the PC vlan means that phone instead fails with the message "DHCP: Offer 1 ACC". I need to remove that vlan entirely for this to succeed.

Note: I have now confirmed that the work-around is effective in remote buildings. This leads me to suspect that my devices are somehow not assigned to the correct vlan. That fact that I experienced the problem on my core switch, and that it happened in several places on the network at about the same time, indicates that the core switch may be the problem. With nothing specific to look at, I'm scheduling a maintenance window near the end of the week to reboot the switch. I may also update the firmware.


Our core switch is an HP 5406zl. This switch handles inter-vlan routing. The Windows DHCP server is connected directly to the switch. Endpoint switches are connected to the core switch via fiber SFPs, and these ports are tagged for all vlans on both ends. The core switch configures each vlan with an ip helper-address setting that points it to our DHCP server, and a dhcp relay-option 82 replace line so that the dhcp server will know what scope to use. These configurations, and the port configurations on the endpoint switches, have not changed in at least 16 months. We have had other switch and phone resets in that time.

Most of our endpoint switches are HP 2530 series. These switches seem to work correctly (phones on 3 different 2530's have restarted correctly today). It's older switches that have problems. We have one old 3Com 4200 and one 4210 that will not work. The service phone connected directly to the core switch mentioned earlier also would not work.


At this point my best guess is that a Windows update on the dhcp server changed the behavior, but I can't see how. Or possibly the core switch is not handling that REQUEST packet correctly, but I'm sure that nothing changed there, and it doesn't explain why only certain endpoint switches are effected. How can I resolve this issue?


Here is a dhcp log excerpt from a failed phone:

10,03/06/15,12:40:40,Assign,,,08000F197844,,3189088995,0,,, 11,03/06/15,12:40:40,Renew,,,08000F197844,,3189088995,0,,, 12,03/06/15,12:40:41,Release,,,08000F197844,,3189088995,0,,, 15,03/06/15,12:40:45,NACK,,,08000F197844,,0,6,,, 15,03/06/15,12:40:45,NACK,,,08000F197844,,0,6,,,

The 10.x.x.x addresses are the PC vlan (that choice pre-dates me at this place). Phones should get that kind of address at first, so that's expected. However, after the release message I also expect to find an offer for an address in the 192.168.16.x range, because I can see on the phone that an offer was accepted (unless I'm misinterpreting "ACC"). It's interesting that I never see the server try to issue an address like that, even though the phone thinks it received one.

I considered the idea there's a rogue dhcp server on the network (it hands out an address before the Windows server, but without the dhcp options needed by the phone to continue), but that doesn't explain why the phones work if and only if I completely remove any path to the PC vlan. I'll test for it anyway in the morning by connecting my laptop to a port set for the phone vlan, but if anyone else has a better explanation in the meantime, I'd love to hear it.

Here's a copy of the switch config:


Source: (StackOverflow)

"Unable to open the Server service performance object."

I have a group of servers which all show these symptoms. Every 2-7 days twice in a row, the following error shows up in the Application event log:

Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

The first four bytes are 34 00 00 C0. Event ID is 2004.

Googling for this always leads to this document on the Microsoft site:


However, it claims that to resolve the issue one has to "Restart the Server service".

The "Server" service is always running and to my knowledge has never ever not worked on any of those servers.

Any ideas?

Source: (StackOverflow)

Is there any reason why TLS 1.1 and 1.2 are disabled on Windows Server 2008 R2?

Windows Server 2008 R2 seems to support TLS 1.1 and 1.2 but they are disabled by default.

Why are they disabled by default?

Do they have any drawbacks?

Source: (StackOverflow)

How do I rename a task in Task Scheduled on Windows Server 2008 R2

I have some tasks in the Task Scheduler on Windows 2008 R2. I created them as the admin and I'm logged in as the admin. I have no easy way to rename the tasks. The only way I can is to export the task config to a XML file and re-import to a new task, change the name there, then delete the old task. Is there an easier way?

Source: (StackOverflow)

Clear the Recycle Bin For All Users in Windows Server 2008 R2

What is the proper way to clear the recycle bin for all users in Windows Server 2008 R2?

Source: (StackOverflow)

Disable CPU Scaling in Windows Server 2008 R2

How do you disable CPU power management scaling in Windows Server 2008 R2?

After setting the Control Panel, Power Management plan to performance and then rebooting -- CPUID's Cpu-Z still shows the clock speed being scaled.

alt text

Source: (StackOverflow)

Send ctrl-alt-del to nested RDP session

Is there a way to send the ctrl-alt-del command to an RDP session (W2K8 R2) inside another RDP session (W2K8 R2) without the fist session catching it?

ctrl+alt+end and ctrl+alt+shift+end do not reach the 2nd level session.

Edit: Top-level environment is Windows 7 Ent.

Source: (StackOverflow)