Category Archives: Microsoft

Fix: Cannot install July updates KB5004298 and KB5004285

You may have an issue with installing the KB5004298 and KB5004285 on your system. At first, the updates would install successfully, but when you reboot you will get an error saying “Failure configuring Windows Updates. Reverting Changes”

There will not be any error on your Windows machine, only a generic message that the update failed with the error message Code 800F0922 in the Windows Update History.

The error is due to an Acrobat Flash removal issue and the update will fail since it couldn’t find the folders. To resolve the issue, you need to create the following folders with the same case.

C:\Windows\System32\Macromed\Flash
C:\Windows\SysWOW64\Macromed\Flash

Once the above empty folders are created, simply re-run the updates and after a restart, they will be successful. Voila!

 

(515)

Fix: Missing Sysvol and Netlogon after domain controller promotion

Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a new domain controller for a new forest. In most cases, you would need to update the flag as below.

Open Regedit
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Set SysVolReady from 0 to 1
Close Regedit

This will create the SYSVOL share. If the NETLOGON share is not created you would need to create the folder scripts in C:\Windows\SYSVOL\domain\. When this is done, restart the NETLOGON service.

This is the easy part. In some cases, although the NETLOGON and SYSVOL shares are working, no group policies or scripts are being replicated using the DFS or DFRS.

We can verify the replication by running the following command.

For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

The states should translate as below

0 = Uninitialized
1 = Initialized
2 = Initial Sync
3 = Auto Recovery
4 = Normal
5 = In Error

In my case, I have noticed that the newly promoted server was showing 2 and the main domain controller was showing “No Instance(s) Available” which is quite strange.

Here you would need to look into the original Active Directory server for any problems and you would see a warning on the DFS Replication under Applications with Event ID 2213 as below.

It says that the DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled.

What we need to do here is from the event viewer take note of the volumeGUID and run the below command and replacing GUID-NUMBER with your GUID.

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="GUID-NUMBER" call ResumeReplication

This will restart the replication and recreate the database. This can be seen with an event with ID 2214 saying The DFS Replication service successfully recovered from an unexpected shutdown on volume C:.This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. No user action is required.

If you run the command to see the state of the replication you will see that the servers are all showing state 4 as below and the both Sysvol and Netlogon will be replicated.

(27879)

Fix: SharePoint error Cannot generate SSPI context for SQL Server

When having a SharePoint setup you might get the following error in your event viewer.

Event ID 5586 – Unknown SQL Exception 0 occurred. Additional error information from SQL Server is included below. The target principal name is incorrect.  Cannot generate SSPI context.

The main culprit could be the lack of an SPN record. To do this, log into your SQL server as a domain administrator. Launch a command prompt as Administrator and type the following.

setspn -L Domain\UserName

Note: Replace Domain\UserName with the SharePoint user you are using for the services. If you are getting the ‘Cannot generate SSPI context’ you should not see an entry for the SQL server in the command we just executed i.e. you SharePoint farm service user.  Run the command below to add the SPN record for the SQL server

setspn -A MSSQLSvc/SQLServerName.Domain.com:1433 Domain\UserName

Note: Replace SQLServerName.Domain.com with the full FQDN name of your SQL Server. If you are using SQL AlwaysOn Availability or cluster, please enter the full FQDN of the SQL listener. Also change the Domain\Username with the SharePoint service user.

Once executed, run the first command we executed and make sure that you have the SQL SPN record for the username.

This should fix the Event ID 5586

(4846)

Fix: Blank page when loading ECP on Exchange 2013

On Exchange 2013 you might encounter a blank page after the login page of the Exchange ECP portal. The Login page will load without issues but when you login successfully, an empty blank page loads.

This could be due to the Default Website and Exchange Back End website do not have the same certificate. Sometimes this happens when you either change the certificate or renew it.

To solve this, open the Internet Information Services (IIS) Manager
Expand Sites
Right click on Default Website and click on Edit Bindings

From the list click on the https with the port 443 cnad click the edit button and confirm that you have the new cerficate selected and take note of it.

Right click on Exchange Back End site and click on Edit Bindings

From the list click on the https with the port 444 and click the edit button. Here make sure that you have the same certificate assigned and click close. In my case the certificate assigned was empty as the certificate was deleted.

Run IISReset from the command prompt as Admin

The ECP will now load.

(903)

How To: Enable Remote Desktop Services RDP remotely

To enable Remote Desktop Services (RDP) you might need to either use Group Policies or by physical access on the computer or server. Remotely you would need to use command line with PSTools which can be downloaded here.

Once downloaded and extracted type in the below

psexec.exe \\ reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f

psexec.exe \\ netsh firewall set service RemoteDesktop enable

(248)

How To: Create local users or admins remotely

You might encounter the need to create a local user, add it to the local admins remotely. Being if the user cannot log in or the local admin is lost.

For the purpose you need to use PSTools which can be downloaded from here.

Once downloaded open a command prompt as Administrator from the server or a machine logged in with a domain administrator and type

PSEXEC \\computername NET USER localadmin <pass> /add

PSEXEC \\computername NET LOCALGROUP Administrators localadmin /ADD

localadmin being the username you wish to use and the <pass> is the user’s password.

(4094)

Fix: Cannot find server certificate with thumbprint while restoring SQL database

When restoring a database you might get the below error.

System.Data.SqlClient.SQLError: Cannot find server certificate with thumbprint

This is because the database was encrypted with Transparent Data Encryption (TDE) and you will not be able to restore it until you get the Certificate, the Private key and the password from the supplier of the database.

After you collect the required items above, open a new SQL query as the server admin on the database master.

First we need to create the master cerificate on the server by using

USE master
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<MyComplexPassword>'
GO

Now that the master certificate has been installed you will need to install the certificate provided by the owner of the database

CREATE CERTIFICATE MyServerCert
FROM FILE = 'C:\TDECert\Cert.cer'
WITH PRIVATE KEY (FILE = 'C:\TDECert\key.pvk',
DECRYPTION BY PASSWORD = '<PasswordProvidedByTheSupplier>');

Once this is done and executed you will be allowed to restore the database.

(11507)

Fix: The term ‘Get-MsolUser’ is not recognized as the name of a cmdlet

When connecting to your Office 365 services, you might get the below error saying for any Msol cmdlet like new-msoluser, connect-msolservices and other.

The term 'Get-MsolUser' is not recognized as the name of a cmdlet

To fix this, download and install the Microsoft Online Services Sign-In Assistant for IT Professionals RTW which can be downloaded from this link.

After the installation you can check the installation of the assistant from your control panel. After that open a PowerShell window As Administrator and type.

Install-Module MSOnline -Force

Once done, enter the below

Connect-MsolService

Sign in with your global admin account and presto!

(6619)

FIX: WINDOWS 10 HOME TO PRO UPGRADE ERROR 0X803FA067

I came across an upgrade issue when I was upgrading Windows 10 Home to Windows 10 Pro using the Change Product Key feature. I first entered the default Windows 10 key from Microsoft VK7JG-NPHTM-C97JM-9MPGT-3V66T to convert the Windows 10 Home to Windows 10 Pro and when I clicked the start button to start the upgrade, I get the error saying that the the installation does not have a valid digital license with the error code Unable to upgrade your edition (0x803fa067).

The solution is very simple

– Boot the computer
– Open the activation screen
– Change the Product Key to VK7JG-NPHTM-C97JM-9MPGT-3V66T
– Disable internet connectivity by disabling network card
– Click start for the upgrade

(1541)

FIX: RDP ERROR THE FUNCTION REQUESTED IS NOT SUPPORTED

When trying to connect to a server or machine via Remote Desktop Connection you will get the below error which is strange as one would normally connect without any issues.

“Remote Desktop Connection
An authentication error has occurred.
The function requested is not supported
Remote computer: XXX.XXX.XXX.XXX”

After some research I found that this is due to a Windows Update patch which was released recently that is CVE-2018-0886 for RDP. So if the workstation was updated and the server was not yet.

There are two options for this.

Patch the server with the CVE-2018-0886 (Recommended)

Update the policy on the local computer (Not recommended but in case of emergency)

On the computer open Group Policy
Go to Computer Configuration > Administrative Templates > System > Credentials Delegation
Change Encryption Oracle to Remedition to Enabled
Change Protection Level to Vulnerable

Open MSTSC and you will be able to connect to the server.

(2662)