Posted on

Microsoft RDP and Terminal Services info

Random session disconnects in Windows 11 22H2:

https://learn.microsoft.com/en-us/answers/questions/1021754/windows-11-remote-desktop-frequent-disconnects

Configure “Use only TCP” in Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Configure “Turn Off UDP On Client” in Computer Configuration > Administration Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection Client

Query and reset RDP session on remote PC:

Query:
qwinsta /server:IP/servername
Reset:
rwinsta SESSIONID /server:IP/servername

Configure RDP shadowing in Windows 10/11:

https://winitpro.ru/index.php/2018/07/11/rdp-shadow-k-rabochemu-stolu-polzovatelya-windows-10/

Expired certificate warning while connecting to Windows machine using RDP:

Looks like latest Windows 2022 and 11 updates broke certificate reissuing mechanisms. It can be seen as expired certificate warning when connecting with RDP to windows machine.
According to this manual: https://docs.rackspace.com/docs/rdp-connection-failures-expired-self-signed-certificate the problem is with the “f686” file/ It shoud be replaced with the new one by Remode Desktop Services when needed, but somewhy it is not being replaced.
With help of this manual  https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753525(v=ws.10)?redirectedfrom=MSDN I created Powershell script that can be placed in domain Group Policy and started at next reboot or this script can be manually run by admin on the machine that needs this fix:

Fix-Expired-RDP-Certificate.ps1:
net stop "TermService" /y
takeown /F "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686*"
icacls "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686*" /grant administrators:F /t
Get-ChildItem "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys" | foreach{ Rename-Item $_.FullName -NewName ($_.FullName + "-old")}
net start "TermService" /y

I prefer to keep old files and not delete them, but here is a tested broken f686* remove command just in case:
Remove-Item -Path "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686*" -Force

Enable saving passwords in RDP Web App:

“In .rdp file remove string workspace id:s:

and enjoy a perfectly working RemoteApp with password saving.”
https://social.technet.microsoft.com/Forums/ru-RU/6bce67f0-b7e6-4c79-9cbc-f1f14425b5b7/-remoteapps?forum=WS8ru

Windows RDP tuning:

Enabling WRSM in Windows Server 2012 R2 to manage resouses used by each user:
https://www.vioreliftode.com/index.php/windows-system-resource-manager-and-windows-server-2012-r2/

Enabling multiconnection in windows 7, 8.1, 10:
https://github.com/stascorp/rdpwrap
https://winitpro.ru/index.php/2015/09/02/neskolko-rdp-sessij-v-windows-10/

PDF printer supported via RDP:

https://www.bullzip.com/products/pdf/info.php

RDWeb error error CS0016: Could not write to output file ‘c:\Windows\Microsoft.NET\Framework64\’

error CS0016: Could not write to output file ‘c:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

Grant local IIS_Users group r/w access to temp dir.

Posted on

Firefox

Restore previous session after closing Firefox windows and leaving another window open:
– close Firefox and/or don’t open if you just find that you’re in trouble
– go to %AppData%\Mozilla\Firefox\Profiles\YOUR-PROFILE
– find sessionstore.jsonlz4 and rename if to sessionstore.jsonlz4-old
– go to %AppData%\Mozilla\Firefox\Profiles\YOUR-PROFILE\
– copy all files from there to some temporary directoy
– copy one of those files to %AppData%\Mozilla\Firefox\Profiles\YOUR-PROFILE
– rename that copied file to sessionstore.jsonlz4
– try to open Firefox and see if your tabs are restored
– if not or not all, try another file

There is a good tool to recover information from the .jsonlz4:
https://github.com/avih/dejsonlz4

Posted on

HP Hardware & Software Info

HP ssacli commands in ESXi:

https://itbru.ru/index.php/2019/09/04/hp-ssacli-commands/
https://be-virtual.net/hpe-storage-controller-management-ssacli/
https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-a00018717en_us
https://kb.gtkc.net/hp-smart-array-cli-commands/
https://wiki.froberg.org/en/hpe-storage-controller-management-ssacli

Invoke SSACLI command from remote server: esxcli –server=”servername or IP” –user=”username” –password=”root password” ssacli cmd -q “controller all show status”

Continue reading “HP Hardware & Software Info”

Posted on

MS SQL info

Remove maintenance plan and its jobs:

https://social.msdn.microsoft.com/Forums/en-US/d836371a-4dc9-40d1-b6b7-df25c6b51211/cannot-delete-a-maintenance-plan?forum=sqltools
https://dba.stackexchange.com/questions/121877/sql-server-cannot-drop-idle-job

#Show all maintenance plans IDs:
select s.name,s.id as [plan_id] from msdb.dbo.sysmaintplan_plans as s
SELECT name, id FROM msdb.dbo.sysmaintplan_plans

#Remove plan, its logs and subplans, selected by ID:
exec msdb.dbo.sp_maintplan_delete_plan @plan_id=N'{PLAN_ID_OF_MAINT_PLAN}’

DELETE FROM msdb.dbo.sysmaintplan_log WHERE plan_id = ”
DELETE FROM msdb.dbo.sysmaintplan_subplans WHERE plan_id = ”
DELETE FROM msdb.dbo.sysmaintplan_plans WHERE id = ”

#Now you can delete the jobs from Management Studio.

SQL SERVER – Unable to Start SQL Server Service or Connect After Incorrectly Setting Max Server Memory to a Low Value:

https://blog.sqlauthority.com/2019/09/26/sql-server-unable-to-start-sql-server-service-or-connect-after-incorrectly-setting-max-server-memory-to-a-low-value/

If you meet this in SQLAGENT.OUT log:

SQLServer Error: 229, The EXECUTE permission was denied on the object 'sp_sqlagent_update_agent_xps'

2018-04-08 19:39:48 – ? [100] Microsoft SQLServerAgent version 12.0.2000.8 (X64 unicode retail build) : Process ID 4440
2018-04-08 19:39:48 – ? [495] The SQL Server Agent startup service account is XXX.
2018-04-08 19:39:48 – ? [393] Waiting for SQL Server to recover database ‘msdb’…
2018-04-08 19:39:48 – ! [298] SQLServer Error: 229, The EXECUTE permission was denied on the object ‘sp_sqlagent_update_agent_xps’, database ‘msdb’, schema ‘dbo’. [SQLSTATE 42000] (DisableAgentXPs)
2018-04-08 19:39:48 – ! [000] The EXECUTE permission was denied on the object ‘sp_sqlagent_update_agent_xps’, database ‘msdb’, schema ‘dbo’. [SQLSTATE 42000] (Error 229)
2018-04-08 19:39:48 – ! [298] SQLServer Error: 229, The EXECUTE permission was denied on the object ‘sp_sqlagent_update_agent_xps’, database ‘msdb’, schema ‘dbo’. [SQLSTATE 42000] (DisableAgentXPs)
2018-04-08 19:39:48 – ! [000] The EXECUTE permission was denied on the object ‘sp_sqlagent_update_agent_xps’, database ‘msdb’, schema ‘dbo’. [SQLSTATE 42000] (Error 229)
2018-04-08 19:39:48 – ? [098] SQLServerAgent terminated (normally)

Then check SQL service is started from user with appropriate rights. Next step is to check security permissions of database(s) inside SQL Manager and on physical drive are adequate.

SQL Backups troubleshoot:

Trouble #1:
https://support.microsoft.com/ru-ru/help/955763/the-sql-server-agent-service-does-not-start-after-you-upgrade-from-sql-server-2008-express-or-from-sql-server-2008-express-with-advanced-services-to-sql-server-2008-developer,-to-sql-server-2008-enterprise,-or-to-sql-server-2008-standard

Trouble #2:
https://msdn.microsoft.com/ru-ru/library/ms178127.aspx

Trouble#3:
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/124bbce8-fed9-49ad-9703-7e4cace1e81d/databases-with-simple-recovery-will-be-excluded-sql-server-2008?forum=sqltools

SQL server high availability:

https://winitpro.ru/index.php/2020/02/03/nastrojka-always-on-mssql-server/
https://winitpro.ru/index.php/2020/02/13/nastrojka-replikacii-v-sql-server/

Posted on

Windows Server Active Directory and Domain controller info

Windows Server 2012 Active Directory/Domain controller migration

https://megapuper.ru/index.php?title=%D0%9C%D0%B8%D0%B3%D1%80%D0%B0%D1%86%D0%B8%D1%8F_%D0%BA%D0%BE%D0%BD%D1%82%D1%80%D0%BE%D0%BB%D0%BB%D0%B5%D1%80%D0%B0_%D0%B4%D0%BE%D0%BC%D0%B5%D0%BD%D0%B0_Windows_Server_2012_Active_Directory

Before AD role seting up: Windows Internal Database, reboot
Remote Registry must be started at the time of adding AD role.

IPv6 is essential to be enabled on main network interface.

If on the second AD controller you get an error “Unable to add role, server needs to be restarted” you must install Windows Internal Databese feature, reboot server, addin GPO Logon As Service: NETWORK SERVICE, NT SERVICE\ALL SERVICES и NT SERVICE\MSSQL$MICROSOFT##WID, configure Remote Regitry service automatic startup (disable it after you finish with AD role), run gpupdate on both servers, reboot, check rights in GPO, and only after all this add second server with AD role.

Console commands:
https://community.spiceworks.com/topic/1495956-trransferring-fsmo-roles#entry-5601702

The GUI interface for the FSMO roles is spread all over the place. I always use NTDSUTIL to do this.

Open a command prompt on a Domain Controller
Enter “ntdsutil” and the following commands:

roles
connections
connect to server dc1 - put the target DC server's name here
quit
transfer infrastructure master
transfer naming master
transfer pdc
transfer rid master
transfer schema master
quit
quit

After each transfer you will see a list of the FSMO roles and where they are currently stored. Also, ntdsutil has the ability to seize the FSMO roles to a new domain controller. Instead of “transfer …” you use “seize …” for the roles. Use transfer first and seize only as a last resort.

If new group policies DC do not ally on the computers in domain after you move AD role to the new server, check DNS records connected to old DC server removed or changed to the new server’s IP and name.

Sometimes it can work better in Powershell. It used to for me because using ntdsutil once I got error with transferring Schema Master role:
https://petri.com/seizing_fsmo_roles/
Move-ADDirectoryServerOperationMasterRole -Identity "DC3" -OperationMasterRole PDCEmulator -Force
Move-ADDirectoryServerOperationMasterRole -Identity "DC3" -OperationMasterRole RIDMaster -Force
Move-ADDirectoryServerOperationMasterRole -Identity "DC3" -OperationMasterRole InfrastructureMaster -Force
Move-ADDirectoryServerOperationMasterRole -Identity "DC3" -OperationMasterRole SchemaMaster -Force
Move-ADDirectoryServerOperationMasterRole -Identity "DC3" -OperationMasterRole DomainNamingMaster -Force

Removal:
https://winitpro.ru/index.php/2022/01/13/udalenie-kontrollera-domena-active-directory/

DFS Replication errors:

Authoritative restore for DFSR replication:
https://www.rmtechteam.com/blog/dfs-replication-dfsr-fix/
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/forest-recovery-guide/ad-forest-recovery-authoritative-recovery-sysvol

Perform a non-authoritative synchronization of DFSR-replicated sysvol replication:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/force-authoritative-non-authoritative-synchronization

How to fix Error 0xc00002e2 after rebooting Windows Domain Controller:

It happens when you restore old controller’s backup due, as I suppose, to a outdated DC database.
https://support.hostway.com/hc/en-us/articles/360001126259-How-to-fix-Error-0xc00002e2-after-rebooting-Windows-Domain-Controller

Reboot the server into Directory Services Restore Mode by pressing F8 before the OS begins loading. You will be required to use the local Administrator account password.

In Directory Services Restore Mode, you can check if there is a problem with the database by running the following commands:
ntdsutil.exe
activate instance ntds
files

If there is a problem with the Active Directory database NTDS.DIT, you will see an error like the following:
Could not initialize the Jet engine: Jet Error -501. Failed to open DIT for AD DS/LDS instance NTDS. Error -2147418113

To resolve this issue, rename all of the .log files located in C:\Windows\NTDS\ to .log.old, so the logs can be recreated after reboot.

This should fixed the database after the server is rebooted once more. If you continue to get the error, you can access again Directory Services Restore Mode and run the following command:
esentutl /p "c:\windows\ntds\ntds.dit"

Reboot the server and the issue should be solved.

Troubleshoot missing SYSVOL and Netlogon shares:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/troubleshoot-missing-sysvol-and-netlogon-shares

Correct removal of DC:

https://winitpro.ru/index.php/2022/01/13/udalenie-kontrollera-domena-active-directory/

Checking DC health with Dcdiag:

https://winitpro.ru/index.php/2021/04/14/proverka-sostoyaniya-kontrollerov-domena-active-directory-i-replikacii/

An Active Directory Domain Controller Could Not Be Contacted:

An Active Directory Domain Controller Could Not Be Contacted

Group Policy Apply Troubleshooting:

https://winitpro.ru/index.php/2019/03/18/primenenie-gpo-spravka-admina/
https://serverfault.com/a/516427

Test file share connectivity and permissions
Test command at workstation:
nslookup %USERDNSDOMAIN%
net view %USERDNSDOMAIN%
cd \\%USERDNSDOMAIN%\SYSVOL\%USERDNSDOMAIN%\
and check file permissions in folders: Policies and scripts

Check other ports’ connectivity
open and check port at domain infrastructure
Instructions here: Active Directory Firewall Ports – Let’s Try To Make This Simple

Delete local registry keys:
reg delete HKLM\SOFTWARE\Policies /f
reg delete HKCU\Software\Policies /f

Delete local folder:
RD /S /Q %windir%\System32\GroupPolicy

Never use passwords in GP:

https://adsecurity.org/?p=2288

Posted on

Windows troubleshooting

The Print Spooler service terminated unexpectedly:

net stop spooler
del %systemroot%\system32\spool\printers\*.shd
del %systemroot%\system32\spool\printers\*.spl
net start spooler
https://it.ros-kit.ru/help/computers/kak-ochistit-ochered-pechati/

Fix DHCP service cannot start: error 5: Access Denied:

https://www.wintips.org/how-to-fix-dhcp-service-cannot-start-access-is-denied/

Windows Update Error 0x80070422 while installing standalone update .msi:

– windows update service not running. Start it manually before installing .msi.

Windows 10 20H1 update error 0x8007001f MIGRATE_DATA:

Stop Windows Update
Remove c:\windows\SoftwareDistribution\Downloads
Remove c:\Windows_BT
Check HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. If the value in ProfilesDirectory is not set as default %SystemDrive%\Users, set it like this temporary, update Windows, and change back as it was before update.
Reboot.
https://superuser.com/questions/1602404/win10-upgrade-to-version-20h2-failed-how-to-determine-the-cause

Install Windows 11 on unsupporterd hardware:

Fresh install with boot from original ISO:
After getting error about unsupported hardware press Shift + F10, then type “regedit” in CMD window
Go to HKEY_LOCAL_MACHINE\SYSTEM\Setup
Create key “LabConfig”
Create DWORD BypassTPMCheck, BypassSecureBootCheck, BypassRAMCheck, BypassCPUCheck with “1” in each
Close regedit and CMD
Go back in setup window and continue the installation.
https://adminwin.ru/oshibka-this-pc-doesnvt-meet-the-minimum-system-requirements-to-install-this-version-of-windows/

Updating existing installation to Windows 11:
Extract install.wim from Windows 11 ISO
Open Windows 10 .ISO equal to Windows 11 .ISO you’ve decided to install with any CD image editor like UltraISO. Replace ./Sources/install.wim with install.wim from Windows 11 .ISO. Save with decided name.

Domain controller Kerberos login/password errors

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/domain-controller-not-functioning-correctly

If you experience this symptoms:
– your secondary DC can’t resolve DNS names
– you see “Audit Failure” event ID 4625 with the name of your secondary DC in event viewer on your promary Domain Controller

Check that you have right Kerberos realm on the secondary DC in HKEY_LOCAL_MACHINE\SECURITY\Policy\PolPrDmN
Aquire Kerberos password change from Primary DC:
netdom resetpwd /server: /userd:domain\administrator /password:

“Cannot connect to the DRIVELETTER$ admin share to verify if folder YOURDECIDEDSHAREDFOLDER exists on computer COMPUTERNAME” error while configuring NFS share:

https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/problems-administrative-shares-missing
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters
If the AutoShareServer and AutoShareWks DWORD values in the LanmanServer\Parameters subkey are configured with a value data of 0, change that value to 1.

Error 0x800ccc14 in Outlook 2021 while creating new user profile:

https://answers.microsoft.com/ru-ru/windows/forum/all/после/fe32ecfd-2d08-43ae-91f9-401bda3ee803
If you’ve installed CryptoPRO before creating user profile in Outlook you’ll get this error. Remove the CryproPRO shit and create a profile without errors.

Posted on

Fix ubuntu apt-get and release upgrade errors

Fix fetching updates:

When you get “Unable to fetch some archives, maybe run apt-get update or try with –fix-missing?” error do this:

cd /etc/apt
mv sources.list sources.list.old
lsb_release -a
sudo cat sources.list.old |grep RELEASECODENAME |grep -v "#" |sed 's|us.archive.|old-releases.|g' >> sources.list

(del and retype >> in console if error occures)

 

https://www.tech-notes.net/issues-wit-apt-ubuntu-12-04/

https://stackoverflow.com/questions/38743951/unable-to-fetch-some-archives-maybe-run-apt-get-update-or-try-with-fix-missin

https://askubuntu.com/questions/91815/how-to-install-software-or-upgrade-from-an-old-unsupported-release/91821#91821

 

Resume a release upgrade:
https://askubuntu.com/questions/346678/how-do-i-resume-a-release-upgrade