1

I have 2 Windows Server 2016 servers. Recently when I login with my Domain Administrator account and run an installer I get the 2503 and 2502 errors. I have to run a command prompt as an administrator to launch the installer and the program installs.

The error I get is 

ShellExecuteEx failed; code 8235
A referral was returned from the server.

I have had this problem on a Windows 10 machine but did a reset to it and the problem went away. I can't do that on these domain controllers.

To get anything done I have to use the command line as an admnistrator trick. I can't even use the Control panel to uninstall a program through programs and features without making a special shortcut for it. Any idea how I can fix this?

JukEboX
  • 835
  • 4
  • 19
  • 53

1 Answers1

2

Found an issue with a Group Policy setting which was set to enabled.

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Settings\User Account Control: Only elevate executables that are signed and validated

Set this to disabled and ran the installer again and ran without 2503 or 2502 errors.

JukEboX
  • 835
  • 4
  • 19
  • 53
  • I don't think I would have disabled that setting if I could avoid it. That seems like a way to make a server that is more vulnerable to certain kinds of attacks. – Zoredache Oct 17 '19 at 20:04
  • @zoredache Try but for a system that is offline this setting becomes a problem over time when it can't reach out to validate signed software. – JukEboX Oct 17 '19 at 22:54
  • 1
    @Zoredache, the default setting is Disabled. It's probably OK unless you have unusually high security needs. – Harry Johnston Oct 17 '19 at 23:31