showing posts tagged with 'windows'
by lunarg on September 8th 2015, at 09:44
If Windows Update mysteriously fails to install updates, it may become necessary to completely clear the Windows Update cache. This resets the state of updates, removes downloaded files and requires Windows Update to completely re-analyze your system to figure out what updates are required.

The procedure is non-invasive and can be performed on workstations and servers alike and without downtime.

Open an elevated command prompt.

Stop the Windows Update service: net stop wuauserv

Remove the SoftwareDistribution folder, containing the complete cache and downloads: From the command prompt: cd /d %windir%rd /s SoftwareDistribution

Or, remove the folder through Windows Explorer.

Start the   ...
by lunarg on September 4th 2015, at 13:57

The Microsoft File Checksum Integrity Verifier (fciv.exe) is a command line tool you can use to calculate MD5 and SHA1 hashes for files.

It is a suitable alternative to linux's md5sum, and eliminates the need for third party tools or Cygwin.

by lunarg on September 2nd 2015, at 10:02
Older versions of the Cisco AnyConnect VPN client seems to remove the Connections tab from Internet Options, whenever a VPN connection is made. The tab is restored upon a graceful disconnect of the connection. But sometimes, if the user abruptly closes the connection (e.g. the computer shuts down incorrectly), in which case, the Connections tab is not restored and stays hidden forever. Users are then no longer to go to Internet Options to adjust e.g. proxy settings.

AnyConnect creates a registry key to hide the Connections tab on a connect, and removes it on a disconnect:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel] "ConnectionsTab"=dword:00000  ...
by lunarg on August 31st 2015, at 12:10
To reclaim space in virtual environments and thin provisioned storage facilities, SDelete from SysInternals is probably the most used tool on Windows to clear out unused space of a volume, allowing the SAN to release these data blocks back to the storage pool.

But while SDelete is robust, it has a few (minor) limitations:

It cannot handle mount points, only logical drives (i.e. volumes mounted on a logical drive letter).

It is rather slow on very large file systems.

I found an alternative online in the form of a Powershell script at this thread, written by David Tan, who in turn based it on a script found here.

The script creates an empty ("zeroed") 1 GB file and copies that f  ...
by lunarg on August 31st 2015, at 11:45
Powershell can also handle queries through WMI, allowing you retrieve all kinds of system information from local and remote systems running Windows. This also includes information about volumes, logical drives and shares.

For this to work on remote systems, you need to have Remote Management enabled. Starting from Server 2012, this is already enabled by default.

The commands use the Get-WmiObject cmdlet to retrieve the information. If no computer name is specified, the information will be retrieved from the system running the cmdlet. In order to connect to a remote system, run the cmdlet while specifying the computer name of the remote host with the -ComputerName parameter.

For example, t  ...
by lunarg on August 24th 2015, at 16:20
Occasionally (usually once a year), you may have to renew your SSL certificate of your Active Directory Federation Services server, used for your Office 365 Single Sign-On setup. In past versions, this was done quite easily through IIS. However, since 2012 R2 (a.k.a. ADFS 3.0), ADFS no longer uses IIS and it gets a little bit more complicated.

Outlined in this short article are the steps you need to do in order to renew or replace your SSL certificate on a Windows 2012 R2 server, running ADFS 3.0.

First, renew or request a new SSL certificate through your Certificate Authority (such as GoDaddy, Enom, etc.). How to do this depends greatly on the CA. As ADFS on 2012 R2 no longer uses IIS, yo  ...
by lunarg on August 24th 2015, at 16:09
Certain Certificate Authority providers, such as GoDaddy allow you to renew an SSL certificate using the same CSR and private key. This greatly simplifies the procedure to renew a certificate, but this can also complicate things if you don't have your private key readily available.

On a server running ADFS 3.0 for instance, you do not have IIS available to allow an easy SSL certificate renewal (or even a request). Or perhaps, you lost the current private key, or it is located somewhere where it's not easily accessible.

Luckily, there's a fairly easy way to extract the private key from the previous SSL certificate on your Windows server. By using the Windows Certificate store functionality   ...
by lunarg on July 17th 2015, at 14:01
When you create a Windows Server 2012 failover cluster, the following event may be logged in the System log:

Event ID 1222 (Microsoft-Windows-FailoverClustering)
The computer object associated with cluster network name resource could not be updated.Unable to protect the Virtual Computer Object (VCO) from accidental deletion.

When a failover cluster or a cluster role is created, a computer account (a so-called Cluster Name Object (CNO)) is created in Active Directory. Since Server 2012, these objects are flagged to prevent accidental deletion. If the main cluster resource (also a computer account) does not have the required permissions on the OU containing the CNOs (by default, this is the   ...
by lunarg on July 9th 2015, at 09:31

Based on recommendations and best practices from Microsoft, and information I found here, I compiled a FSMO placement scenario for 2 domain controllers:

PDC Emulator
RID Master
Infrastructure Master
Schema Master
Domain Naming Master
Global Catalog

Also, if your domain is top-level in the AD forest, configure DC1 to sync with external time sources.

by lunarg on July 8th 2015, at 16:55

To safely remove a node from a Windows 2003 Fail-Over Cluster, follow these steps:

  1. First, using Cluster Administrator, move all roles to the other nodes in the cluster.
    There should be no more roles, including the quorum running on the node.
  2. In Cluster Administrator, right-click the node and click Stop Cluster Service. (Skip this step if it is the last node of the cluster.)
  3. Still in Cluster Administrator, right-click the node and click Evict node. This will remove the node from the cluster.
  4. Optionally, you can now remove the Fail-Over cluster components from the server.
by lunarg on July 3rd 2015, at 15:46
Active Directory uses Kerberos for authentication, which relies strongly on having the date and time of day running synchronously across the entire network and all devices in it. By default, each server and client joined in the AD, including domain controllers, will follow the domain hierarchy to sync its time. Domain controllers are set to automatically determine whether they can be used as a (reliable) time source. If a DC has considered itself as a time source, it will accept requests from clients and provide them with the its own current time.

Domain controllers at the top of the forest (top-level DCs) don't have another server above them to sync against, so they can either opt to sync   ...
by lunarg on July 2nd 2015, at 13:29
Contacting a domain controller in Active Directory is done through DNS lookup. Several DNS SRV records are used to find domain controllers in a site. If multiple domain controllers are present in the same site, the client will arbitrarily select one, based on the contents of those records.

By default, the selection is random, and all DCs have an equal change of being picked. The inherit properties of SRV-records allow for this behaviour to be influenced, by changing the weight and priority of those records. This enables fine-tuning and configuration of which DC to favour or even exclude. By default, all SRV records (thus, all DCs) have their weight and priority set to 0.

The weight defines  ...
by lunarg on June 29th 2015, at 13:00
Microsoft's recommendations for customizing the default start screen for new users are known to be somewhat over-complicated and perhaps difficult to implement. They involve editing the reference image, using unattend.xml, or some other elaborate procedure. There's also the posibility of using a group policy to provide users with a customized start screen, but while this is relatively easy to implement, it does not allow the user to change the layout afterwards.

Fortunately, there's a far easier method, involving two Powershell cmdlets that provide us with a very easy way to provide new users with a default customized start screen, but still allow the users to make changes to it. This metho  ...
by lunarg on June 26th 2015, at 12:01
When attempting to trigger an AD replication from one DC to another using Active Directory Sites and Services or repadmin.exe, you may get the following error:

AD Replication error 8452:
"The naming context is in the process of being removed or is not replicated from the specified server."

The most common cause for this error is that you tried to replicate between DCs for which no DS replication connection exist. The replication attempt will therefore fail. As a workaround, try replicating to the target DC from another source DC. Or, create a new replication connection between the target and source DCs.

Open Active Directory Sites and Services.

In the tree to the left, locate t  ...
by lunarg on June 26th 2015, at 11:25

Active Directory (AD) integrated DNS zones are not replicated by the DNS server, but replicates through the Active Directory replication mechanism, and uses the same settings for AD replication.

You can trigger replication through Active Directory Sites and Services, or with repadmin.exe on command prompt:

repadmin.exe /replicate target_dc source_dc DC=DomainDnsZones,DC=domain,DC=com

Replace parameters accordingly:

  • target_dc is the DC to replicate to
  • source_dc is the DC to replicate from
  • Edit the naming context so it includes your FQDN: e.g.,DC=co,DC=uk
by lunarg on June 25th 2015, at 09:07

During start up or log on, once in a while, you'll see a message just saying Please wait. To turn this message into a more useful message, you can enable verbose messages through a policy setting (local or GP):

Either through gpedit.msc, or, if you're in a domain, through a GPO, navigate to Computer ConfigurationAdministrative TemplatesSystem. Look for the setting Display highly detailed status messages and set it to Enabled. Reboot to apply the change.

by lunarg on June 24th 2015, at 13:07
With dcpromo.exe now being deprecrated on 2012 and 2012 R2, it is no longer obvious which method to use to demote a domain controller. Although you could resort to Powershell to get it done, there's also a way to demote using Server Manager, albeit not a very clear one.

The trick is to attempt to remove the Active Directory Domain Services role from the server, using Server Manager. When you do remove this, you will be prompted to demote the domain controller before the role can be removed, along with a link to actually perform this task.

Start Server Manager. In the upper right corner, click Manage, then click Remove Roles and Features.

Continue in the wizard that appears, making sure th  ...
by lunarg on June 22nd 2015, at 10:29
The HP Network Config Utility provides advanced network configuration tasks for HP servers. It allows to set up NIC teaming, VLAN and more.

Uninstalling this software (e.g. after a P2V) is not possible through Control Panel (Add/Remove Programs) because it's not in the list like other HP software components. The only way to uninstall HP Network Config Utility is through an NIC's properties:

Open the network properties for any Ethernet NIC (doesn't matter which one).

In the This connection uses the following items: box (where you also set up IPv4/v6 settings), you'll see the HP Network Configuration Utilty.

Select (click) it, then click the Uninstall button. At the following prompt, click  ...
by lunarg on June 19th 2015, at 09:40
This article contains a list of download links for the offline/standalone installers for .NET Framework. Each major version is listed, along with the OSes supported by that version.

To install, open the main download for the desired version, select your language, download the main file and run the installer.

For releases that have separate language packs: first download and install the main file. After the installation, click the download link for the language pack, select the preferred language, then download and install that file. You can install more than one language pack on a MUI system.

Version Download links OS requirements .NET Framework 4.6 RC   ...
by lunarg on June 17th 2015, at 14:33
Angry IP Scanner is a very fast, lightweight IP scanner. It has been around for a long time already, and used by many IT professionals to help accomplish tasks. Although version 3 of the program is available for some time now, I still like to use the old version (version 2), simply because it works on every system without the need for Java (version 3 requires Java, unfortunately).

Version 3 comes with an installer available as a download. Version 2 does not, and although it has the built-in ability to create shortcuts if the user chooses to, I rather prefer a proper installer, with proper uninstallation support, in short: the Windows-way. As no such installer exists, I decided to create my   ...
showing posts tagged with 'windows'