I had 4 servers - Windows 2012r2 not updated since 2017, but most of updates were from 2014. During many tries to update using company WSUS, with multiple removal of "SoftwareDistribution" folder, reset of wuau client (command line), using different tools but agents still were not reporting to WSUS server. On one of the servers after switch to Windows Update (from Internet) it was possible to start update this one, but it wasn't possible on other three of them.
I know that:
(this means nothing - like communication is stopped) IdleTmr WU operation (CLegacyEventUploader::HandleEvents, operation # 44976) stopped; does use network; is at background priority
(this means nothing - like I don't know if your network is metered) WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037
(this is not working, other tools also) Reset Windows Update Agent
Different older (like this) and newer blogs
but finally I found: windows8.1-kb3138615-x64_981203a167dece3569cee8e87b03d180869bc1ea (or KB3138615) it helped me - after installation server connected to WSUS and finally I saw 165 updates to install
wtorek, 24 grudnia 2019
środa, 20 listopada 2019
defaultAccount - Windows 2016
The DefaultAccount, also known as the Default System Managed Account (DSMA), is a built-in account introduced in Windows 10 version 1607 and Windows Server 2016. The DSMA is a well-known user account type. It is a user neutral account that can be used to run processes that are either multi-user aware or user-agnostic. The DSMA is disabled by default on the desktop SKUs (full windows SKUs) and WS 2016 with the Desktop. (from Technet)
If the domain was created with domain controllers that run Windows Server 2016, the DefaultAccount will exist on all domain controllers in the domain. If the domain was created with domain controllers that run an earlier version of Windows Server, the DefaultAccount will be created after the PDC Emulator role is transferred to a domain controller that runs Windows Server 2016. The DefaultAccount will then be replicated to all other domain controllers in the domain.
If the domain was created with domain controllers that run Windows Server 2016, the DefaultAccount will exist on all domain controllers in the domain. If the domain was created with domain controllers that run an earlier version of Windows Server, the DefaultAccount will be created after the PDC Emulator role is transferred to a domain controller that runs Windows Server 2016. The DefaultAccount will then be replicated to all other domain controllers in the domain.
piątek, 18 października 2019
prevent domain controller dns registration srv records
Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
REG_MULTI_SZ value: DnsAvoidRegisterRecords
Enter: Ldap LdapAtSite Pdc Gc GcAtSite GcIpAddress DcByGuid Kdc KdcAtSite Dc DcAtSite Rfc1510Kdc Rfc1510KdcAtSite GenericGc GenericGcAtSite Rfc1510UdpKdc Rfc1510Kpwd Rfc1510UdpKpwd
Enter: Ldap LdapAtSite Pdc Gc GcAtSite GcIpAddress DcByGuid Kdc KdcAtSite Dc DcAtSite Rfc1510Kdc Rfc1510KdcAtSite GenericGc GenericGcAtSite Rfc1510UdpKdc Rfc1510Kpwd Rfc1510UdpKpwd
Domain Controllers
LdapIpAddress A
Ldap SRV _ldap._tcp.
DcByGuid SRV _ldap._tcp..domains._msdcs.
Kdc SRV _kerberos._tcp.dc._msdcs.
Dc SRV _ldap._tcp.dc._msdcs.
Rfc1510Kdc SRV _kerberos._tcp.
Rfc1510UdpKdc SRV _kerberos._udp.
Rfc1510Kpwd SRV _kpasswd._tcp.
Rfc1510UdpKpwd SRV _kpasswd._udp.
Global Catalog
Gc SRV _ldap._tcp.gc._msdcs.
GcIpAddress A gc._msdcs.
GenericGc SRV _gc._tcp.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/76bc11f0-8bc2-4d6c-a643-328f479aae1b
REG_MULTI_SZ value: DnsAvoidRegisterRecords
Enter: Ldap LdapAtSite Pdc Gc GcAtSite GcIpAddress DcByGuid Kdc KdcAtSite Dc DcAtSite Rfc1510Kdc Rfc1510KdcAtSite GenericGc GenericGcAtSite Rfc1510UdpKdc Rfc1510Kpwd Rfc1510UdpKpwd
Enter: Ldap LdapAtSite Pdc Gc GcAtSite GcIpAddress DcByGuid Kdc KdcAtSite Dc DcAtSite Rfc1510Kdc Rfc1510KdcAtSite GenericGc GenericGcAtSite Rfc1510UdpKdc Rfc1510Kpwd Rfc1510UdpKpwd
Domain Controllers
LdapIpAddress A
Ldap SRV _ldap._tcp.
DcByGuid SRV _ldap._tcp..domains._msdcs.
Kdc SRV _kerberos._tcp.dc._msdcs.
Dc SRV _ldap._tcp.dc._msdcs.
Rfc1510Kdc SRV _kerberos._tcp.
Rfc1510UdpKdc SRV _kerberos._udp.
Rfc1510Kpwd SRV _kpasswd._tcp.
Rfc1510UdpKpwd SRV _kpasswd._udp.
Global Catalog
Gc SRV _ldap._tcp.gc._msdcs.
GcIpAddress A gc._msdcs.
GenericGc SRV _gc._tcp.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/76bc11f0-8bc2-4d6c-a643-328f479aae1b
poniedziałek, 12 sierpnia 2019
DSRM - Directory Services Restore Mode - Windows 2008 R2
1. Verify if have DSRM password. If not - can You change it?
2. (to change password run ntdsutil, set DSRM password, reset password on server null)
3. add dsrmode to start: bcdedit /set safeboot dsrepair
4. restart server (gui or shutdown -t 0 -r)
5. logon on account "administrator" with DSRM password
6. do the restore, with wbadmin is at follows:
- wbadmin get versions -backuptarget:d:
- wbadmin start systemstaterecovery -version:12/08/2019-16:05 -backuptarget:d:
7. remove dsrmode from start by bcdedit /deletevalue safeboot
8. restart server (should be the only option after restore)
2. (to change password run ntdsutil, set DSRM password, reset password on server null)
3. add dsrmode to start: bcdedit /set safeboot dsrepair
4. restart server (gui or shutdown -t 0 -r)
5. logon on account "administrator" with DSRM password
6. do the restore, with wbadmin is at follows:
- wbadmin get versions -backuptarget:d:
- wbadmin start systemstaterecovery -version:12/08/2019-16:05 -backuptarget:d:
7. remove dsrmode from start by bcdedit /deletevalue safeboot
8. restart server (should be the only option after restore)
poniedziałek, 29 lipca 2019
Service Principal Names - most common services
| spn | service or services | comment |
|---|---|---|
| HOST | ||
| HTTP | application or web service on IIS | HTTP is for https also |
| https | ||
| MSOlapDisco.3 | Browser service | https://docs.microsoft.com/en-us/sql/analysis-services/instances/spn-registration-for-an-analysis-services-instance?view=sql-server-2017 |
| MSOlapSvc.3 | OLAP service | https://docs.microsoft.com/en-us/sql/analysis-services/instances/spn-registration-for-an-analysis-services-instance?view=sql-server-2017 |
| MSSQLSvc | MSSQL Service - instance | https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/register-a-service-principal-name-for-kerberos-connections?view=sql-server-2017, |
| RestrictedKrbHost | ||
| tapinego | RRAS? | |
| TERMsrv | ||
| WSMan | ||
Setspn -s msolapsvc.3/
CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=x
Attrib: sPNMappings
host=alerter,appmgmt,csvc,clipsrv,browser,dhcp,dnscache,replicator,eventlog,eventsystem,policyagent,oakley,dmserver,dns,msvc,fax,msiserver,ias,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstorage,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclogon,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,www,http,w3svc,iisadmin
wtorek, 23 lipca 2019
Windows 10 can't access Windows 2008 share - SMB1 is missing?
Yes, in Windows 10 from 1709 is missing, but... I had Windows 2008 Server with SMB2 disabled. So:
HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
Smb2, DWORD, 1 - enabled, 0 - disabled
Restart required.
HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
Smb2, DWORD, 1 - enabled, 0 - disabled
Restart required.
środa, 24 kwietnia 2019
An error occurred while enumerating through a collection: Collection was modified; enumeration operation may not execute...
Below code will generate above error:
It should looks like below code - collection of keys must be copied to fresh new collection.
$someHashTable = @{}
$someHashTable.Add("key1", "value1")
$someHashTable.Add("key2", "value2")
$someHashTable.Keys | %{ $someHashTable[$_] = "newValue" }
It should looks like below code - collection of keys must be copied to fresh new collection.
$someHashTable = @{}
$someHashTable.Add("key1", "value1")
$someHashTable.Add("key2", "value2")
$keys = @(); $someHashTable.Keys | %{ $keys += $_ }
$keys | %{ $someHashTable[$_] = "newValue" }
poniedziałek, 22 kwietnia 2019
dynamic arrays in poweshell
By default arrays in Powershell are not dynamic, so the only way to deal with it is to use:
c:\>[System.Collections.ArrayList]$DynamicArray = @()
c:\>$DynamicArray.IsFixedSize
False
c:\>$DynamicArray.Add("june")
c:\>$DynamicArray.Add("june")
c:\>$DynamicArray
june
june
c:\>$DynamicArray.Remove("june")
c:\>$DynamicArray
june
c:\>
We can pass this list to update membership in a group in Active Directory. c:\>$DynamicArray = "january", "february", "march" c:\>$DynamicArray += "april" c:\>$DynamicArray += "april" c:\>$DynamicArray january february march april april c:\>So we can do it this way also.
czwartek, 11 kwietnia 2019
operatingSystem and operatingSystemVersion in my environment
Tidying time - what I've got in my current environment?
10.0 (14393) Windows Server 2016 Standard 6.3 (9600) Windows Server 2012 R2 Datacenter 6.3 (9600) Windows Server 2012 R2 Standard 6.2 (9200) Windows Server 2012 Datacenter 6.2 (9200) Windows Server 2012 Enterprise 6.2 (9200) Windows Server 2012 Standard 6.1 (7601) Windows Server 2008 R2 Enterprise Service Pack 1 6.1 (7600) Windows Server 2008 R2 Datacenter 6.1 (7600) Windows Server 2008 R2 Enterprise 6.1 (7600) Windows Server 2008 R2 Standard 6.0 (6003) Windows Server® 2008 Standard Service Pack 2 6.0 (6002) Windows Server 2008 Enterprise Service Pack 2 6.0 (6002) Windows Server 2008 Standard Service Pack 2 6.0 (6002) Windows Server® 2008 Standard Service Pack 2 6.0 (6002) Windows Server® 2008 Standard without Hyper-V Service Pack 2 6.0 (6001) Windows Server® 2008 Enterprise Service Pack 1 6.0 (6001) Windows Server® 2008 Standard Serivce Pack 1 5.2 (3790) Windows Server 2003 Service Pack 2 5.2 (3790) Windows Server 2003 Service Pack 1 5.2 (3790) Windows Server 2003 5.0 (2195) Windows 2000 Server Service Pack 4 5.0 (2195) Windows 2000 Server Service Pack 2 5.0 (2195) Windows 2000 Server Service Pack 1 10.0 (17763) Windows 10 Enterprise LTSC 10.0 (17763) Windows 10 Enterprise 10.0 (17763) Windows 10 Pro 10.0 (17134) Windows 10 Enterprise 10.0 (16299) Windows 10 Enterprise 10.0 (16299) Windows 10 Pro 10.0 (15063) Windows 10 Enterprise 10.0 (14393) Windows 10 Enterprise 2016 LTSB 10.0 (14393) Windows 10 Enterprise 10.0 (10586) Windows 10 Enterprise 10.0 (10240) Windows 10 Enterprise 10.0 (9926) Windows 10 Enterprise Technical Preview 6.3 (9600) Windows 8.1 Enterprise 6.3 (9600) Windows 8.1 Pro 6.2 (9200) Windows 8 Enterprise 6.2 (9200) Windows 8 Pro 6.2 (8400) windows 8 Release Preview 6.2 (8250) Windows 8 Consumer Preview 6.2 (8102) Windows Developer Preview 6.2 (6001) Windows Vista™ Ultimate Service Pack 1 6.1 (7601) Windows Embedded Standard Service Pack 1 6.1 (7601) Windows 7 Ultimate Service Pack 1 6.1 (7601) Windows 7 Enterprise Service Pack 1 6.1 (7601) Windows 7 Professional N Service Pack 1 6.1 (7601) Windows Workstation Service Pack 1 6.1 (7600) Windows 7 Ultimate Evaluation 6.1 (7600) Windows 7 Ultimate 6.1 (7600) Windows 7 Enterprise 6.1 (7201) Windows 7 Ultimate 6.1 (7100) Windows 7 Ultimate 6.0 (6002) Windows Vista™ Business Service Pack 2 6.0 (6001) Windows Vista™ Enterprise Service Pack 1 6.0 (6001) Windows Vista™ Business Service Pack 1 6.0 (6000) Windows Vista™ Ultimate 6.0 (6000) Windows Vista™ Enterprise 6.0 (6000) Windows Vista™ Business 6.0 (5600) Windows Vista™ Ultimate 6.0 (5381) Windows Vista™ Ultimate 6.0 (5365) Windows Vista™ Ultimate Service Pack 1 6.0 (5365) Windows Vista™ Ultimate 5.1 (2600) Windows XP Professional Service Pack 3 5.1 (2600) Windows XP Professional Service Pack 2 5.1 (2600) Windows XP Professional Service Pack 1 5.0 (2195) Windows 2000 Professional Service Pack 4 5.0 (2195) Windows 2000 Professional Service Pack 3 5.0 (2195) Windows 2000 Professional Service Pack 2 5.0 (2195) Windows 2000 Professional Service Pack 1 5.0 (2195) Windows 2000 Professional 4.0 Windows NT 10.14.3 Mac OS X 10.8 (6) Mac OS X 10.6.8 (Build 10K549) Mac OS X 11 SLES Likewise Open unknown.unknown.unknown 2.6.18.8-ADEVM Linux CertifyDC 4.5.0-339:N:CDC 2.6.18-308.el5PAE Linux CertyfiyDC 4.6.0-124:N:CDC 6.0 Red Hat Enterprise Linux Server CertifyDC 4.5.0-357:N:CDC 6.0 Linux CertifyDC 4.6.0-113:N:CDC 6.0 Linux CertifyDC 4.5.0-339:N:CDC 5.8 (Final) CentOS 2.2.0.470.. Cisco Identity Services Engine unknown unknown Likewise Open 6.2.0 unknown unknown Likewise Open 6.0.53010 unknown unknown Likewise Identity 5.3.0I don't understand, really - what kind of smart decision was source of stupid characters in names of operating systems like (TM) and (C)? It's a kind of joke.
czwartek, 21 marca 2019
MsLbfoProvider 8 - Failing NBL send on TeamNic...
Windows 2012R2 - errors in the above event log - MsLbfoProvider - I found KB3137691 - maybe it will be helpful?
poniedziałek, 25 lutego 2019
Error 1219 on server
I saw error 1219 and message like "Multiple connections to a server or shared resource by the same user, using more than one user name, are not allowed. Disconnect all previous connections to the server or shared resource and try again." on one of application servers with strange access to resources. To avoid restart of the whole server I restarted workstation service.
But (update) it wasn't enough - so - I created entries in the hosts file - and currently it is working perfectly.
But (update) it wasn't enough - so - I created entries in the hosts file - and currently it is working perfectly.
poniedziałek, 18 lutego 2019
DNS performance on Windows
Just to remember: I've got experience with heavy loaded domain controller with queries rate above 40k per second (yes, 40 thousand per second). The main problem on this virtual domain controller it was high cpu0 utilization and low load on other cpu. As I can remember - it was VMWare vm with 16 cores (virtual cores on operating system). What should be done in this case to improve performance? Upgrade of virtual hardware and network subsystem.
czwartek, 31 stycznia 2019
how to enforce password change from Powershell?
At first I was thinking about how to set pwdLastSet to some old value? It is possible by:
$userObj = get-ADUser -Properties pwdLastSet
$userObj.pwdLastSet = 0
set-ADUser -instance $userObj
$userObj.pwdLastSet = -1
set-ADUser -instance $userObj
but it can set two possible values - never (0) and now (-1) - other values are invalid. When I tried to do it by:
$dt = Get-Date
$dt = $dt.AddDays(-70)
$userObj.pwdLastSet = $dt.ToFileTimeUTC()
set-ADUser -instance $userObj
Every time it was finished with error - the same is from Active Directory Users and Computers and from ADSIEdit. It is possible only from SYSTEM level.
For me - the only possible way how to do it is by preparation special kind of granullar password policy and connecting it with selected users.
$userObj = get-ADUser
$userObj.pwdLastSet = 0
set-ADUser -instance $userObj
$userObj.pwdLastSet = -1
set-ADUser -instance $userObj
but it can set two possible values - never (0) and now (-1) - other values are invalid. When I tried to do it by:
$dt = Get-Date
$dt = $dt.AddDays(-70)
$userObj.pwdLastSet = $dt.ToFileTimeUTC()
set-ADUser -instance $userObj
Every time it was finished with error - the same is from Active Directory Users and Computers and from ADSIEdit. It is possible only from SYSTEM level.
For me - the only possible way how to do it is by preparation special kind of granullar password policy and connecting it with selected users.
poniedziałek, 14 stycznia 2019
shared process lanmanserver stuck?
Windows 2008 Server and lanmanserver stuck. No errors, no warnings - just only stucked process. Process kill by:
taskkill /f /pid [pid]
is not working because I can't specify subprocess - I can kill all the subprocesses. I decided to config lanmanserver with its own process by:
sc config lanmanserver type= own
after restart it is much better - process is not stucked and it is working.
taskkill /f /pid [pid]
is not working because I can't specify subprocess - I can kill all the subprocesses. I decided to config lanmanserver with its own process by:
sc config lanmanserver type= own
after restart it is much better - process is not stucked and it is working.
Subskrybuj:
Posty (Atom)