by lunarg on March 13th 2024, at 14:19
You can use the CertReq command line tool to request SAN SSL certificates. This can be useful where you have an internal (web)server which also needs to be available using another (alternate) DNS name.

First create a template file you can use, specifying the required parameters. Save it with a name, e.g. request.inf and save it to a temporary (work) folder (or simply your desktop):

;----------------- request.inf -----------------[Version]Signature="$Windows NT$"[NewRequest]Subject = ", OU=Some OU, O=Organization, L=City, S=State, C=US";Subject = ""KeySpec = 1KeyLength = 2048; Can be 2048, 4096, 8192, or 16384.; Larger   ...
by lunarg on February 15th 2024, at 10:59
There is a known issue with SentinelOne Agent installed on a domain controller, which causes backups in Veeam for those machines to fail. The following error is displayed:

Processing SERVER Error: VSSControl: -805306334 Backup job failed. Cannot create a shadow copy of the volumes containing writer's data. Cannot prepare the [NTDS] data to a subsequent restore operation. Cannot process NTDS data. Updating BCD failed. Cannot execute [SetIntegerElement] method of [\\SERVER\root\wmi:BcdObject.Id="{cd12ab87-1a23-12f3-ba7c-dc9876b01357}",StoreFilePath=""]. COM error: Code: 0xd0000022

This is caused by the boot protection feature of SentinelOne. One possible   ...
by lunarg on October 20th 2023, at 11:56
By default, audit of success and failure is enabled on Network Policy Server. This will log authentication attempts in the Security event log (filter on event IDs 6272 and 6273). If for some reason, it is not enabled, you can manually enable it via command-line (or Powershell).To view the current audit policy settings, run:

auditpol /get /subcategory:"Network Policy Server"

If it says No auditing, you can enable it by running:

auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

Note that a group policy can override this behaviour. Settings in GPO are located here: Computer Configuration → Policies → Windows Settings → Secu  ...
by lunarg on August 8th 2023, at 14:43
There's a known issue when attempting to configure a network adapter to set a static IP address through SConfig on a freshly installed Windows Server 2022 Core. Upon attempting to configure the IP address, it will fail with the following error message:

Setting NIC to static IP...

Failed to release DHCP lease.

Result code: 83
Method name: ReleaseDHCPLease

You can manually work around the issue by configuring the IP address using Powershell directly:

First, list all network adapters present to find the correct one:Get-NetAdapter

You can reference by Name (InterfaceAlias) or by ifIndex (InterfaceIndex).

Next, remove any existing (APIPA) addresses:Remove-NetIPAddress -InterfaceAlias  ...
edited by lunarg on July 13th 2023, at 10:28
There are several ways of booting a Windows system into Safe Mode. But if you're no longer able to boot into the system to turn on Safe Mode, and the system doesn't automatically boot into safe mode, you're usually only left with a single option: using a Windows Installer USB or DVD/ISO to enable Safe Mode.

To accomodate this, you'll need a bootable USB-key, DVD or ISO image (if you're running a VM).

Start up the system, booting from the bootable media. Because you already have Windows installed, you will need to hit Enter in time to boot from the bootable media.

When Windows Setup has started and the button "Install now" appears, click on the Repair your computer link at the bo  ...
by lunarg on June 29th 2023, at 13:13
To troubleshoot issues with DNS dynamic updates (e.g., certain Active Directory-joined Windows servers not properly registering their hostnames in DNS), there's an easy way to troubleshoot via the DNS Server's audit log, where DNS updates are logged. To properly filter the log for certain IP addresses or hostnames, you'll need to use custom XML filters to properly filter on the contents of the log entries because of the way the events are logged and standard filters don't provide the proper filtering.

The audit log can be found in the Event Viewer at Applications and Services logs → Microsoft → Windows → DNS-Server → Audit. Once the log is open, click on Action → Fi  ...
by lunarg on June 7th 2023, at 11:06
In VMware Horizon View VDI, when using floating pools with instant clones, you may run across a problem where VMs get the "Already Used" status after users log off. The VM remains unavailable for further use and does not get deleted or refreshed.

The reason for this usually is that some process is blocking the refresh/delete operation, causing the VM to remain unusable and powered on to allow a system administrator to investigate the issue. If this is not desired (e.g., the reason for the blockage is known but cannot be resolved immediately), there is a policy which can be set to allow for automatic clean up of these "dirty" VMs.

The attribute is called pae-DirtyVmPolic  ...
by lunarg on May 4th 2023, at 11:22
In an organization you may not want to get prompts to try out the new Outlook Preview versions. Luckily, there's a way to turn this off, either through GPO or through a registry key, which can be distributed to your users.

If you're using the latest Administrative Templates for Office, you can find the setting under User Configuration\Policies\Administrative Templates\Microsoft Outlook 2016\Outlook Options\Other, where you can enable the Disable Preview Place setting.

Alternatively, add the following DWORD-value:

Key: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General

DWORD-value: DisablePreviewPlace, set its value to 1.

Note that the above only disables the user p  ...
« July 2024»
« Most people tend to avoid true conflict. Ironically this breeds more conflict. »