Category Archives: Microsoft

Fix: Missing Sysvol and Netlogon after domain controller promotion

Many cases I found an issue with the newly promoted domain controller is missing the SYSVOL and NETLOGON shares. Most of the cases it would also be a new domain controller for a new forest. In most cases, you would need to update the flag as below.

Open Regedit
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
Set SysVolReady from 0 to 1
Close Regedit

This will create the SYSVOL share. If the NETLOGON share is not created you would need to create the folder scripts in C:\Windows\SYSVOL\domain\. When this is done, restart the NETLOGON service.

This is the easy part. In some cases, although the NETLOGON and SYSVOL shares are working, no group policies or scripts are being replicated using the DFS or DFRS.

We can verify the replication by running the following command.

For /f %i IN ('dsquery server -o rdn') do @echo %i && @wmic /node:"%i" /namespace:\\root\microsoftdfs path dfsrreplicatedfolderinfo WHERE replicatedfoldername='SYSVOL share' get replicationgroupname,replicatedfoldername,state

The states should translate as below

0 = Uninitialized
1 = Initialized
2 = Initial Sync
3 = Auto Recovery
4 = Normal
5 = In Error

In my case, I have noticed that the newly promoted server was showing 2 and the main domain controller was showing “No Instance(s) Available” which is quite strange.

Here you would need to look into the original Active Directory server for any problems and you would see a warning on the DFS Replication under Applications with Event ID 2213 as below.

It says that the DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled.

What we need to do here is from the event viewer take note of the volumeGUID and run the below command and replacing GUID-NUMBER with your GUID.

wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="GUID-NUMBER" call ResumeReplication

This will restart the replication and recreate the database. This can be seen with an event with ID 2214 saying The DFS Replication service successfully recovered from an unexpected shutdown on volume C:.This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. No user action is required.

If you run the command to see the state of the replication you will see that the servers are all showing state 4 as below and the both Sysvol and Netlogon will be replicated.

(47362)

Fix: SharePoint error Cannot generate SSPI context for SQL Server

When having a SharePoint setup you might get the following error in your event viewer.

Event ID 5586 – Unknown SQL Exception 0 occurred. Additional error information from SQL Server is included below. The target principal name is incorrect.  Cannot generate SSPI context.

The main culprit could be the lack of an SPN record. To do this, log into your SQL server as a domain administrator. Launch a command prompt as Administrator and type the following.

setspn -L Domain\UserName

Note: Replace Domain\UserName with the SharePoint user you are using for the services. If you are getting the ‘Cannot generate SSPI context’ you should not see an entry for the SQL server in the command we just executed i.e. you SharePoint farm service user.  Run the command below to add the SPN record for the SQL server

setspn -A MSSQLSvc/SQLServerName.Domain.com:1433 Domain\UserName

Note: Replace SQLServerName.Domain.com with the full FQDN name of your SQL Server. If you are using SQL AlwaysOn Availability or cluster, please enter the full FQDN of the SQL listener. Also change the Domain\Username with the SharePoint service user.

Once executed, run the first command we executed and make sure that you have the SQL SPN record for the username.

This should fix the Event ID 5586

(7159)

Fix: Blank page when loading ECP on Exchange 2013

On Exchange 2013 you might encounter a blank page after the login page of the Exchange ECP portal. The Login page will load without issues but when you login successfully, an empty blank page loads.

This could be due to the Default Website and Exchange Back End website do not have the same certificate. Sometimes this happens when you either change the certificate or renew it.

To solve this, open the Internet Information Services (IIS) Manager
Expand Sites
Right click on Default Website and click on Edit Bindings

From the list click on the https with the port 443 cnad click the edit button and confirm that you have the new cerficate selected and take note of it.

Right click on Exchange Back End site and click on Edit Bindings

From the list click on the https with the port 444 and click the edit button. Here make sure that you have the same certificate assigned and click close. In my case the certificate assigned was empty as the certificate was deleted.

Run IISReset from the command prompt as Admin

The ECP will now load.

(1013)

How To: Enable Remote Desktop Services RDP remotely

To enable Remote Desktop Services (RDP) you might need to either use Group Policies or by physical access on the computer or server. Remotely you would need to use command line with PSTools which can be downloaded here.

Once downloaded and extracted type in the below

psexec.exe \\ reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f

psexec.exe \\ netsh firewall set service RemoteDesktop enable

(297)

How To: Create local users or admins remotely

You might encounter the need to create a local user, add it to the local admins remotely. Being if the user cannot log in or the local admin is lost.

For the purpose you need to use PSTools which can be downloaded from here.

Once downloaded open a command prompt as Administrator from the server or a machine logged in with a domain administrator and type

PSEXEC \\computername NET USER localadmin <pass> /add

PSEXEC \\computername NET LOCALGROUP Administrators localadmin /ADD

localadmin being the username you wish to use and the <pass> is the user’s password.

(6585)

Fix: Cannot find server certificate with thumbprint while restoring SQL database

When restoring a database you might get the below error.

System.Data.SqlClient.SQLError: Cannot find server certificate with thumbprint

This is because the database was encrypted with Transparent Data Encryption (TDE) and you will not be able to restore it until you get the Certificate, the Private key and the password from the supplier of the database.

After you collect the required items above, open a new SQL query as the server admin on the database master.

First we need to create the master cerificate on the server by using

USE master
GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<MyComplexPassword>'
GO

Now that the master certificate has been installed you will need to install the certificate provided by the owner of the database

CREATE CERTIFICATE MyServerCert
FROM FILE = 'C:\TDECert\Cert.cer'
WITH PRIVATE KEY (FILE = 'C:\TDECert\key.pvk',
DECRYPTION BY PASSWORD = '<PasswordProvidedByTheSupplier>');

Once this is done and executed you will be allowed to restore the database.

(27893)

Fix: The term ‘Get-MsolUser’ is not recognized as the name of a cmdlet

When connecting to your Office 365 services, you might get the below error saying for any Msol cmdlet like new-msoluser, connect-msolservices and other.

The term 'Get-MsolUser' is not recognized as the name of a cmdlet

To fix this, download and install the Microsoft Online Services Sign-In Assistant for IT Professionals RTW which can be downloaded from this link.

After the installation you can check the installation of the assistant from your control panel. After that open a PowerShell window As Administrator and type.

Install-Module MSOnline -Force

Once done, enter the below

Connect-MsolService

Sign in with your global admin account and presto!

(6958)

FIX: WINDOWS 10 HOME TO PRO UPGRADE ERROR 0X803FA067

I came across an upgrade issue when I was upgrading Windows 10 Home to Windows 10 Pro using the Change Product Key feature. I first entered the default Windows 10 key from Microsoft VK7JG-NPHTM-C97JM-9MPGT-3V66T to convert the Windows 10 Home to Windows 10 Pro and when I clicked the start button to start the upgrade, I get the error saying that the the installation does not have a valid digital license with the error code Unable to upgrade your edition (0x803fa067).

The solution is very simple

– Boot the computer
– Open the activation screen
– Change the Product Key to VK7JG-NPHTM-C97JM-9MPGT-3V66T
– Disable internet connectivity by disabling network card
– Click start for the upgrade

(1588)

FIX: RDP ERROR THE FUNCTION REQUESTED IS NOT SUPPORTED

When trying to connect to a server or machine via Remote Desktop Connection you will get the below error which is strange as one would normally connect without any issues.

“Remote Desktop Connection
An authentication error has occurred.
The function requested is not supported
Remote computer: XXX.XXX.XXX.XXX”

After some research I found that this is due to a Windows Update patch which was released recently that is CVE-2018-0886 for RDP. So if the workstation was updated and the server was not yet.

There are two options for this.

Patch the server with the CVE-2018-0886 (Recommended)

Update the policy on the local computer (Not recommended but in case of emergency)

On the computer open Group Policy
Go to Computer Configuration > Administrative Templates > System > Credentials Delegation
Change Encryption Oracle to Remedition to Enabled
Change Protection Level to Vulnerable

Open MSTSC and you will be able to connect to the server.

(2756)

Review: Kernel for OST to PST

Today I am reviewing Kernel for OST to PST application which in my Opinion, it should be renamed to OST to anything as apart from recovering from corrupted OST files and converting them to PST, you can export to practically anything including Office 365, Google Apps/Gmail, Live/Outlook/Hotmail, Lotus Domino and others. Bearing in mind the fact that there is a good number of businesses going to cloud, it’s a must to have such feature.

Conversion is pretty straight forward, all you need is to select either an OST file with the option to bulk input the file selection. The rest is done with the application. The first pass will just open the file and the other passes on the file will try to recover deleted or corrupted messages, which if you have a healthy file can skip easily. The conversion is pretty fast and reliable keeping in mind it can run on any platform being Windows 7/ 8/ 10 to server editions as well.

You can export to either PST, DBX or MBOX apart from saving to MSG, EML, PDF and other common extensions. The best part of the application was the ability to save directly to email servers such as Office 365, Lotus Domino, various Exchange server versions, Yahoo, Gmail and other. All in one console and with a user friendly interface. This really saves a lot of time as using the conventional way, you would need to use Outlook, export using Outlook to PST. This of course does not recover from corrupted OST so it’s a show stopper. Adding to this then if you want to import to Exchange, you would need to transfer all the exported PSTs to a central location and use the NewMailboxImportRequest keeping in mind that you have Exchange 2010 upwards and this must be done one by one. As stated above with Kernel for OST to PST you will can easily do this with a bulk job and you can also directly import to Exchange of any version or any cloud service of your choice. Adding to this, the application also scans the OST file for deleted and recoverable items from corruption.

From my experience I have gone through a number of problem-solving with regards to Exchange, but one time I was called in to assist with a corrupted EDB file and broken down Exchange server. Rebuilding the Exchange server was an easy task but re-importing the data was going to be an issue. With Kernel for OST to PST, I was able to copy all OST files from the computers to a central location and I was able to convert the OST files and import them directly to Exchange using Kernel for OST to PST. This incident had 20 mailboxes, but the software has saved me a lot of time and costs which would ended up in more downtime and recovery time for the client.

The software is easy to use and the export features are straight forward with minimal administration effort. It saved me a lot of time and stress and it is recommended for such operations. Pricing varies depending on what features you would need. The Personal license costs $99 with the option to go for Home license which give you the ability to install on various computers respectively costing $199. These two version will give you the ability to convert OST files to PST. If you want to upload OST files directly to Exchange and cloud, you would need to purchase the Corporate license for $299 and if you want all features including conversion of multiple OST files in bulk you need to purchase the Technician version which costs $399. More information on the website of Kernel For OST to PST.

(806)