How To Remove The Root Hints from Windows DNS

I ran into a problem while I was locking down a Windows DNS server where I would remove the root hints, but they would keep coming back. I first thought it was because of the "root hints" updates that Microsoft releases every so often. In reality, it was because the root entries were listed in the %windir%\system32\dns\cache.dns file. If you comment out those root hints with a semicolon (including the lines that start with a period (.)), then remove the root hints from your DNS server properties in the DNS Manager MMC snap-in. They should stay away. An example of the cache.dns file after it's been commented out is below.

Faulting application gpresult.exe, version 5.2.3790.3959, faulting module gpresult.exe, version 5.2.3790.3959, fault address 0x000000000001323c.

There is a problem with gpresult on 64 bit servers that can cause it to crash with the following errors.

Event Type:        Error
Event Source:    Application Error
Event Category:                (100)
Event ID:              1000
Date:                     4/11/2013
Time:                     3:01:51 PM
User:                     N/A
Computer:          SERVER
Description:
Faulting application gpresult.exe, version 5.2.3790.3959, faulting module gpresult.exe, version 5.2.3790.3959, fault address 0x000000000001323c.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74   Applicat
0008: 69 6f 6e 20 46 61 69 6c   ion Fail
0010: 75 72 65 20 20 67 70 72   ure  gpr
0018: 65 73 75 6c 74 2e 65 78   esult.ex
0020: 65 20 35 2e 32 2e 33 37   e 5.2.37
0028: 39 30 2e 33 39 35 39 20   90.3959 
0030: 69 6e 20 67 70 72 65 73   in gpres
0038: 75 6c 74 2e 65 78 65 20   ult.exe 
0040: 35 2e 32 2e 33 37 39 30   5.2.3790
0048: 2e 33 39 35 39 20 61 74   .3959 at
0050: 20 6f 66 66 73 65 74 20    offset 
0058: 30 30 30 30 30 30 30 30   00000000
0060: 30 30 30 31 33 32 33 63   0001323c

How to Disable Credential Caching in ADFS

If you have session problems in ADFS, you may need to disable Local Security Authority (LSA) credential caching on the AD FS server temporarily. This can affect any application that uses claims based authentication including SharePoint, CRM, Office 365, etc. To do this, you need to:

404 Error for Isolated Users in Dynamics CRM

I had an issue recently where one user was getting a 404 error when trying to log into CRM. While troubleshooting this issues I tried everything I could think of, including disabling Local Security Authority (LSA) credential caching on the ADFS server, recreating the user's Active Directory account, disabled/re-enabled her CRM account, purged her kerberos tickets, deleted her cookies, killed her ADFS sessions, rebooted servers, reset passwords, checked her security roles, etc. After trying every perceivable resolution, this is what I had to do to fix the issue.