Sunday, June 28, 2015

The processing of Group Policy failed: One way to fix it

Group Policy Replication Errors - How to Fix

All of a sudden one of your workstations seems to not be able to update its own group policy objects. It appears that the workstation has failed the trust relationship.

For Example

C:\Users\Biff>gpupdate /force
Updating Policy...

User Policy update has completed successfully.
Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\\SysVol\\Policies\{2B44EB00-32DD-42E3-8C83-9B6C6CA6D
6D6}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
 has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.

How to Fix

To fix:  on the domain controllers of your windows domain, perform these steps:
1) Check network connectivity to all domain controllers, turn off IPV6 if neccessary, perform nslookup of each DC and make sure each can be found by their IPV4 addresses
2) Check time settings of each DC, if running a virtualilzed environment, make sure all VM hosts are connected to NTP and are able to reach

repadmin /syncall
to perform a syncronization...

repadmin /replsummary

... output from repadmin /replsummary
Destination DSA     largest delta    fails/total %%   error
 PDC1                       :22s    0 /  12    0
 BDC1                01h:41m:12s    9 /  16   56  (2148074274) The target principal name is incorrect.
 BDC2                01h:53m:53s    9 /  16   56  (2148074274) The target principal name is incorrect.
 VMS-DC1           58d.02h:35m:57s    9 /   9  100  (5) Access is denied.

If you see the following message "The target principal name is incorrect." Then you may need to reset your machine passwords on your domain controllers.  First step is to disable and turn off KDC.
On the domain controller, disable the Kerberos Key Distribution Center service (KDC).
the reboot, after rebooting, use the netdom command to reset the password, then renable to KDC, then reboot.

netdom resetpwd /server:server_name /userd:domain_name\administrator /passwordd:administrator_password

for example: ( for a DC called DC1 on a domain called homeslice, where the Administrator password was Sn00pD0g&Cat  You will need to quote your password in double quotes, if you have non alpha in it.
on a cmd.exe dos prompt:

netdom resetpwd /server:DC1 /userd:homeslice\administrator /passwordd:"Sn00pD0g&Cat"
output looks like: 

The machine account password for the local machine has been successfully reset.
The command completed successfully.

Thursday, June 25, 2015

My tcpdump cookbook - favourite examples

Use the tcpdump command on linux to monitor network traffic. Here are some of my favourite recipies for tcpdump success.  My little cookbook shows typical TCPDump tasks.

0) Monitor Web Traffic

1) Monitor web service traffic on an apache server. given that your server has an eth0 network port. If your web client device is at, this following command will monitor all traffic from that device that enter eth0 on port 80.

tcpdump -i eth0 -vvv tcp port 80 and src

Options:  -vvv       Verbose dump of network headers
                -i           network interface selector
                -A         Display all cleartext packet details. (optional)

1)Dump SIP Traffic from eth0

Example: Troubleshooting SIP network traffic on an Asterisk server, dump udp port 5060

sudo tcpdump -i eth0 -vvv udp port 5060 and dst 68.4.XX.YY

Example: Dump SIP traffic to a file, then print the file out
tcpdump -i eth0 -vvv udp port 5060 and dst 68.4.XX.YY -w dump.pcap
tcpdump -xx -n -r dump.pcap | more

2)Dump and Print UDP port 29110

## capture packets
sudo dumpcap -i eth2 -w dumper.pcap -f "udp port 29110"
sudo tcpdump -xx -n -r dumper.pcap  | more

3)Printing Captured Packets

use the -A option to print the ascii text transaction in the dump.cap file
tcpdump -A -n -r dump.pcap | more

4)Dump UDP by source address

tcpdump -vvv -i eth0 udp and src 68.4.XX.XX

Tuesday, June 16, 2015

Suddenly it happens ... OWA error Rights management operation failed it says...

Suddenly it happens, you start seeing this message in your exchange 2010 OWA

When they try to open an e-mail with outlook web acces. They get the following error message Rights management operation failed.

OWA error Rights management operation failed

Ouch! What to do?

Open exchange powershell
 First step is to figure out that IRM is enabled in your exchange 2010
Next step is to figure out what your identity is: in this case the full identit is EXCHANGE2010\owa (Default Web Site)
Final step is to turn off the doggone IRM!
 Using the identity located in step 2.
1. Log on to the exchange server and open (as Administrator) the Exchange Management Shell (EMS)
2. Run "Get-OWAVirtualDirectory | FL" and search for IRM; you'll probably see that it's enabled.
3. Run "Set-OWAVirtualDirectory -IRMEnabled $false"
or you could provide the name of the identity using the -Identity "<identity goes here>"
for example:
[PS] C:\Windows\system32>Set-OWAVirtualDirectory -IRMEnabled $false -Identity "EX2010\owa (Default Web Site)"
[PS] C:\Windows\system32>

4. visit owa (Default Web Site) in your IE
Now reset IIS and try OWA again.