Local Administrator Password Solution (LAPS) - Cannot Reset Password

Description:

You have properly setup Local Administrator Password Solution (LAPS) in your Domain Environment.

• Admpwd.dll is being deployed and register at client computer
• Group Policy to manage password is configured and linked to the proper OU
• Permission to read and reset password is properly setup at the OU

However when you try to reset the local admin password for one of the computer, the new password never get generated automatically.

Resolution:

Please check the time configuration on where you reset the password. Does the machine time sync properly with the Domain Controller? If not, please fix it, restart the machine, and try to reset the password again.

Please also check the following registry at the machine:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Value Name: Type

Value Data: NT5DS

Azure AD Connect - AD DS Connector Account

If we want to know the specifics of the service account for the Active Directory connector(s). 

Use the following two lines of Windows PowerShell:

Import-Module "C:\Program Files\Microsoft Azure Active Directory Connect\AdSyncConfig\AdSyncConfig.psm1"

Get-ADSyncADConnectorAccount

Network Policy Server (NPS) - Event Logs not appear

Description:

You have setup NPS in your environment and it seems to work properly. However when you check the event viewer at Custom Views\Server Roles\Network Policy and Access Services, you only saw very minimum event.

Resolution:

Run the following at elevated command prompt on the NPS Server

auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable

PowerShell Script to Find Last Logon Date Information from Computer with Windows 7 Operating System

Description:

You need to get a list of all Windows 7 computer with Last Logon Date information in your domain.

Resolution:

Run the following PowerShell command:

Get-ADComputer -Filter * -Properties OperatingSystem, LastLogonDate | where {$_.OperatingSystem -match "Windows 7 Professional"} | select Name, OperatingSystem, LastLogonDate | sort LastLogonDate –unique | Export-Csv c:\workcomputers.csv

Error when Upgrading Azure AD Connect version

Description:

When you upgrade Azure AD Connect from a previous version, you might encountered the following error: "Upgrade cannot proceed because the Azure Active Directory connector (b891884f-051e-4a83-95af-2544101c9083) is missing.

Resolution:

Make sure the PowerShell Execution Policy is set to unrestricted. You can check by running the following command at PowerShell:

Get-ExecutionPolicy

To change the execution Policy to unrestricted, run the following PowerShell command:

Set-ExecutionPolicy Unrestricted

Type Y when asked.

Re-Run the upgrade process again.

PowerShell command - GetWmiObject

> To get the remote computer name from IP Address:
Get-WmiObject Win32_ComputerSystem -ComputerName remotecomputerIPaddress | Select Name
> To get the computer description from a machine remotely:
Get-WmiObject Win32_OperatingSystem -ComputerName remotecomputernameorIPaddress | Select Description
> To get the currently logged on user from a machine remotely:
Get-WmiObject Win32_ComputerSystem -ComputerName remotecomputernameorIPaddress | Select UserName

Blue Screen after modifying Windows registry - Recovery

Description
You changed certain value on your Windows machine's registry (HKLM). After a restart, the machine cannot start properly again. Windows never reached the normal logon page.
You want to revert the changes back to previous condition.


Resolution
Use a CD/DVD/ISO to boot to the Recovery Environment. Follow the wizard until you can open the command prompt. At the command prompt, type regedit.
In the registry editor, highlight HKEY_LOCAL_MACHINE, and then go to File and select Load Hive. Select the file from other drives. It could be in E:\(or F:\)Windows\System32\Config, and will be called just SOFTWARE or SYSTEM. Type any name when the wizard prompt for the hive name.
Go to the registry location where you performed the last changes. Revert the value back to previous working condition.
To unload  the Hive, Highlight that hive name under HKEY_LOCAL_MACHINE, and go to File and select Unload Hive.
Restart the machine normally.




 

Repadmin Error 1722

Description
You are doing daily check of Active Directory replication on your Admin's machine using repadmin /replsum command.
You saw there are error 1722 at the bottom of the result.
You have checked that all the necessary port for Active Directory are open. You also verify using PortQry tool.
You try to perform WMI query from Admin's machine to the suspected DC but failed.
You logon to the suspected DC and all incoming replication are ok.


Resolution
Run the WMI query and monitor the network. Most probably there are some RPC traffic being dropped somewhere in the network. On Windows 2008 and above, please check for traffic running on RPC dynamic port (49152 - 65535).

Cannot Install Windows 2008 R2 Service Pack 1

Description

You are experiencing an error or problem when installing Windows 2008 R2 Service Pack 1. It says "Installation was not successful", error code 0x800f0826.

 

You have followed  the steps in https://support.microsoft.com/en-us/kb/2575082.
SYSTEM and Administrators already have Full Permission on usbstor.inf and usbstor.pnf files.
You have also follow http://windows.microsoft.com/en-ID/windows7/troubleshoot-problems-installing-service-pack to download and run the latest System Update Readiness Tool.
Other than those, you have also try to run sfc /scannow command but no error found.

At c:/windows/inf/Setupapi.dev.log you found a couple of errors similar to:
inf:      Opened INF: 'C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_neutral_b9280780a8000d4b\compositebus.inf' ([strings])
sto:      {Update Device: ROOT\COMPOSITEBUS\0000}
sto:           Updating installed driver version:
sto:                Driver Version Last     = 6/21/2006,6.1.7600.16385
sto:                Driver Version New      = 6/21/2006,6.1.7601.17514
!!!  sto:           Failed to update driver date. Error = 0x00000005
sto:      {Update Device: exit(0x00000005)}
sto: {Update Device Drivers: exit(0x00000005)} 12:07:37.106
!!!  sto: Failed to update devices for all driver updates. Error = 0x00000005

  inf:      Opened INF: 'C:\Windows\System32\DriverStore\FileRepository\umbus.inf_amd64_neutral_2d4257afa2e35253\umbus.inf' ([strings])
     sto:      {Update Device: ROOT\UMBUS\0000}
     sto:           Updating installed driver version:
     sto:                Driver Version Last     = 6/21/2006,6.1.7600.16385
     sto:                Driver Version New      = 6/21/2006,6.1.7601.17514
!!!  sto:           Failed to update driver date. Error = 0x00000005

Resolution

There's a missing permission on the registry that related to the drivers.

1. Download psexec.exe (http://technet.microsoft.com/en-us/sysinternals/bb897553)
2. Execute the following command from an elevated command prompt – ‘psexec /i /s cmd’
3. When a new command prompt opens execute regedit
4. Navigate to HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\COMPOSITEBUS\0000\PROPERTIES\
5. Verify that ‘System’ has ‘full control’ of each subkey. If not force inheritance from the ‘PROPERTIES’ key.
6. Test the install of SP1.

 

Group Policy are not applying properly - event id 1054

Description:

You have a group policy setting that you want to deploy during computer startup. However it seems that the policy is not applying properly. Running gpresult command from the client machine shows no error. Running gpresult wizard from GPMC for the problematic machine shows GPO Core processing error preventing some policies from applying successfully. Running gpupdate /force will correct the situation and the settings will be applied successfully. 
At event viewer of the problematic computer, you found event id 1054, “Windows cannot obtain the domain controller name for the computer network. (The specified domain either does not exist or exist or could not be contacted). Group Policy processing aborted.”

Resolutions:

Please follow Microsoft's Knowledge Base Article KB840669 http://support.microsoft.com/kb/840669

As Per KB 840669, create a new DWord value on registry on:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: GpNetworkStartTimeoutPolicyValue
Value: 120

Restart the client computer. Settings can be applied successfully.

Red X or Cross on Network Connection Icon - Windows 2008 R2

Description:

You found there's a Red X or Cross on Network Connection Icon.
Found some services stopped and cannot be started with access denied error.

Resolutions:

Ø  Check and add the registry permissions on the following key: 

•Regarding the BFE service, we have given “NT Service\BFE” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control 

•Regarding the NLA service, we have given “NT Service\NLASvc” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NLASvc:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control

•Regarding the DPS service, we have given “NT Service\DPS” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control

Also it was necessary to give the same permissions to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\WDI\Config

• Regarding the Windows Firewall service, we have given “NT Service\mpssvc” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control

Also it was necessary to give the same permissions to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess

•Regarding the DHCP Client service, we have given Local Service account full control permissions on:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCP

•Regarding the Distributed Transaction Coordinator, we have given “NT Service\MSDTC” account the following allow permissions on HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC:

Query Value

Set Value

Create Subkey

Enumerate Subkeys

Notify

Read Control

Also it was necessary to add Network Service account with “read, write, read & execute”  permissions to the file C:\WINDOWS\system32\MSDtc\MSDTC.LOG

> All of the services can be started after adding the security permission. Restart the computer to make sure.

Note:
If the issue happens again ,you may want to check for the group policy, or local policy, or application that modified the security permission on those above registry.

Windows PowerShell Syntax

> To list all the PowerShell commands available for group policy module:

Get-Command -module GroupPolicy

or

Get-Command *-GP*
 

> To list all the PowerShell commands available for active directory module:

Get-Command -module activedirectory

or

Get-Command *-AD*

 

> For more detail information about certain PowerShell commands:
 

Get-Help (commandname) -detailed

Get-Help (commandname) - examples

Get-Help (commandname) -full

or

Get-help (commandname) -online

 

MBSA Cabinet File Download Location

If you want to manually download the cabinet file for Microsoft Baseline Security Analyzer (MBSA) v2.2, here's the url:

http://go.microsoft.com/fwlink/?LinkId=76054

The name of the file is WSUSSCN2.CAB