Backtrack:  
 
showing posts tagged with 'windows'
edited by on September 9th 2015, at 11:43
RSAT for...Fully supported server OSDownload
Windows 102012 R2 and belowDownload
Windows 8.1 2012 R2 and belowDownload
Windows 8 2012 and below Download
Windows 7 SP12008 R2Download

A newer RSAT version is always backwards compatible with older server OS versions. For example, all Windows versions from 2012 R2 and below are fully supported by RSAT for Windows 10.

Older RSAT versions can manage newer server OS versions, but only features that are also present in older OS versions can be managed properly. For example, RSAT for Windows 7 partially supports 2012 R2: features that are present on 2008 R2 can be managed, but features unique to 2012 or 2012 R2 cannot).

edited by on September 8th 2015, at 11:20
When installing a lot of Windows updates, or a few very large updates (such as a service pack or KB2919355), the updates may fail and the system may revert the changes. If that happens, check the Windows Update history (Windows Update → View update history), and view the details of the failed updates.



If the error code is 0x800F0922, verify whether there's still enough free disk space available on the system drive (C:-drive). If the volume is almost full, there may be enough to download updates, but not enough to actually install them. Aside of the downloaded packages, the unpacking and installation of updates, additional space is needed for system restore points and the old versions  ...
edited by on September 8th 2015, at 09:44
If Windows Update mysteriously fails to install updates, it may become necessary to completely clear the Windows Update cache. This resets the state of updates, removes downloaded files and requires Windows Update to completely re-analyze your system to figure out what updates are required.

The procedure is non-invasive and can be performed on workstations and servers alike and without downtime.

Open an elevated command prompt.

Stop the Windows Update service: net stop wuauserv



Remove the SoftwareDistribution folder, containing the complete cache and downloads: From the command prompt: cd /d %windir%rd /s SoftwareDistribution

Or, remove the folder through Windows Explorer.

Start the   ...
edited by on September 4th 2015, at 13:57

The Microsoft File Checksum Integrity Verifier (fciv.exe) is a command line tool you can use to calculate MD5 and SHA1 hashes for files.

http://www.microsoft.com/download/details.aspx?id=11533

It is a suitable alternative to linux's md5sum, and eliminates the need for third party tools or Cygwin.

edited by on September 2nd 2015, at 10:02
Older versions of the Cisco AnyConnect VPN client seems to remove the Connections tab from Internet Options, whenever a VPN connection is made. The tab is restored upon a graceful disconnect of the connection. But sometimes, if the user abruptly closes the connection (e.g. the computer shuts down incorrectly), in which case, the Connections tab is not restored and stays hidden forever. Users are then no longer to go to Internet Options to adjust e.g. proxy settings.

AnyConnect creates a registry key to hide the Connections tab on a connect, and removes it on a disconnect:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel] "ConnectionsTab"=dword:00000  ...
edited by on August 31st 2015, at 12:10
To reclaim space in virtual environments and thin provisioned storage facilities, SDelete from SysInternals is probably the most used tool on Windows to clear out unused space of a volume, allowing the SAN to release these data blocks back to the storage pool.

But while SDelete is robust, it has a few (minor) limitations:

It cannot handle mount points, only logical drives (i.e. volumes mounted on a logical drive letter).

It is rather slow on very large file systems.

I found an alternative online in the form of a Powershell script at this thread, written by David Tan, who in turn based it on a script found here.

The script creates an empty ("zeroed") 1 GB file and copies that f  ...
edited by on August 31st 2015, at 11:45
Powershell can also handle queries through WMI, allowing you retrieve all kinds of system information from local and remote systems running Windows. This also includes information about volumes, logical drives and shares.

For this to work on remote systems, you need to have Remote Management enabled. Starting from Server 2012, this is already enabled by default.

The commands use the Get-WmiObject cmdlet to retrieve the information. If no computer name is specified, the information will be retrieved from the system running the cmdlet. In order to connect to a remote system, run the cmdlet while specifying the computer name of the remote host with the -ComputerName parameter.

For example, t  ...
edited by on August 24th 2015, at 16:20
Occasionally (usually once a year), you may have to renew your SSL certificate of your Active Directory Federation Services server, used for your Office 365 Single Sign-On setup. In past versions, this was done quite easily through IIS. However, since 2012 R2 (a.k.a. ADFS 3.0), ADFS no longer uses IIS and it gets a little bit more complicated.

Outlined in this short article are the steps you need to do in order to renew or replace your SSL certificate on a Windows 2012 R2 server, running ADFS 3.0.

First, renew or request a new SSL certificate through your Certificate Authority (such as GoDaddy, Enom, etc.). How to do this depends greatly on the CA. As ADFS on 2012 R2 no longer uses IIS, yo  ...
edited by on August 24th 2015, at 16:09
Certain Certificate Authority providers, such as GoDaddy allow you to renew an SSL certificate using the same CSR and private key. This greatly simplifies the procedure to renew a certificate, but this can also complicate things if you don't have your private key readily available.

On a server running ADFS 3.0 for instance, you do not have IIS available to allow an easy SSL certificate renewal (or even a request). Or perhaps, you lost the current private key, or it is located somewhere where it's not easily accessible.

Luckily, there's a fairly easy way to extract the private key from the previous SSL certificate on your Windows server. By using the Windows Certificate store functionality   ...
edited by on July 17th 2015, at 14:01
When you create a Windows Server 2012 failover cluster, the following event may be logged in the System log:

Event ID 1222 (Microsoft-Windows-FailoverClustering)
The computer object associated with cluster network name resource could not be updated.Unable to protect the Virtual Computer Object (VCO) from accidental deletion.

When a failover cluster or a cluster role is created, a computer account (a so-called Cluster Name Object (CNO)) is created in Active Directory. Since Server 2012, these objects are flagged to prevent accidental deletion. If the main cluster resource (also a computer account) does not have the required permissions on the OU containing the CNOs (by default, this is the   ...
edited by on July 9th 2015, at 09:31

Based on recommendations and best practices from Microsoft, and information I found here, I compiled a FSMO placement scenario for 2 domain controllers:

DC1DC2
PDC Emulator
RID Master
Infrastructure Master
Schema Master
Domain Naming Master
Global Catalog

Also, if your domain is top-level in the AD forest, configure DC1 to sync with external time sources.

edited by on July 8th 2015, at 16:55

To safely remove a node from a Windows 2003 Fail-Over Cluster, follow these steps:

  1. First, using Cluster Administrator, move all roles to the other nodes in the cluster.
    There should be no more roles, including the quorum running on the node.
  2. In Cluster Administrator, right-click the node and click Stop Cluster Service. (Skip this step if it is the last node of the cluster.)
  3. Still in Cluster Administrator, right-click the node and click Evict node. This will remove the node from the cluster.
  4. Optionally, you can now remove the Fail-Over cluster components from the server.
edited by on July 3rd 2015, at 15:46
Active Directory uses Kerberos for authentication, which relies strongly on having the date and time of day running synchronously across the entire network and all devices in it. By default, each server and client joined in the AD, including domain controllers, will follow the domain hierarchy to sync its time. Domain controllers are set to automatically determine whether they can be used as a (reliable) time source. If a DC has considered itself as a time source, it will accept requests from clients and provide them with the its own current time.

Domain controllers at the top of the forest (top-level DCs) don't have another server above them to sync against, so they can either opt to sync   ...
edited by on July 2nd 2015, at 13:29
Contacting a domain controller in Active Directory is done through DNS lookup. Several DNS SRV records are used to find domain controllers in a site. If multiple domain controllers are present in the same site, the client will arbitrarily select one, based on the contents of those records.

By default, the selection is random, and all DCs have an equal change of being picked. The inherit properties of SRV-records allow for this behaviour to be influenced, by changing the weight and priority of those records. This enables fine-tuning and configuration of which DC to favour or even exclude. By default, all SRV records (thus, all DCs) have their weight and priority set to 0.

The weight defines  ...
edited by on June 29th 2015, at 13:00
Microsoft's recommendations for customizing the default start screen for new users are known to be somewhat over-complicated and perhaps difficult to implement. They involve editing the reference image, using unattend.xml, or some other elaborate procedure. There's also the posibility of using a group policy to provide users with a customized start screen, but while this is relatively easy to implement, it does not allow the user to change the layout afterwards.

Fortunately, there's a far easier method, involving two Powershell cmdlets that provide us with a very easy way to provide new users with a default customized start screen, but still allow the users to make changes to it. This metho  ...
edited by on June 26th 2015, at 12:01
When attempting to trigger an AD replication from one DC to another using Active Directory Sites and Services or repadmin.exe, you may get the following error:

AD Replication error 8452:
"The naming context is in the process of being removed or is not replicated from the specified server."

The most common cause for this error is that you tried to replicate between DCs for which no DS replication connection exist. The replication attempt will therefore fail. As a workaround, try replicating to the target DC from another source DC. Or, create a new replication connection between the target and source DCs.

Open Active Directory Sites and Services.

In the tree to the left, locate t  ...
edited by on June 26th 2015, at 11:25

Active Directory (AD) integrated DNS zones are not replicated by the DNS server, but replicates through the Active Directory replication mechanism, and uses the same settings for AD replication.

You can trigger replication through Active Directory Sites and Services, or with repadmin.exe on command prompt:

repadmin.exe /replicate target_dc source_dc DC=DomainDnsZones,DC=domain,DC=com

Replace parameters accordingly:

  • target_dc is the DC to replicate to
  • source_dc is the DC to replicate from
  • Edit the naming context so it includes your FQDN: e.g. contoso.co.ukDC=contoso,DC=co,DC=uk
edited by on June 25th 2015, at 09:07

During start up or log on, once in a while, you'll see a message just saying Please wait. To turn this message into a more useful message, you can enable verbose messages through a policy setting (local or GP):

Either through gpedit.msc, or, if you're in a domain, through a GPO, navigate to Computer ConfigurationAdministrative TemplatesSystem. Look for the setting Display highly detailed status messages and set it to Enabled. Reboot to apply the change.

edited by on June 24th 2015, at 13:07
With dcpromo.exe now being deprecrated on 2012 and 2012 R2, it is no longer obvious which method to use to demote a domain controller. Although you could resort to Powershell to get it done, there's also a way to demote using Server Manager, albeit not a very clear one.

The trick is to attempt to remove the Active Directory Domain Services role from the server, using Server Manager. When you do remove this, you will be prompted to demote the domain controller before the role can be removed, along with a link to actually perform this task.

Start Server Manager. In the upper right corner, click Manage, then click Remove Roles and Features.

Continue in the wizard that appears, making sure th  ...
edited by on June 22nd 2015, at 10:29
The HP Network Config Utility provides advanced network configuration tasks for HP servers. It allows to set up NIC teaming, VLAN and more.

Uninstalling this software (e.g. after a P2V) is not possible through Control Panel (Add/Remove Programs) because it's not in the list like other HP software components. The only way to uninstall HP Network Config Utility is through an NIC's properties:

Open the network properties for any Ethernet NIC (doesn't matter which one).

In the This connection uses the following items: box (where you also set up IPv4/v6 settings), you'll see the HP Network Configuration Utilty.

Select (click) it, then click the Uninstall button. At the following prompt, click  ...
showing posts tagged with 'windows'