Homeslice - Just Like a Boss

DCOM FUD Caused by KB5004442 Applies to Windows domain controllers that are setup as "Certification Authority" that are being used from domain connected workstations to perform user self enrollment to generate certificates for PIV smart cards.  PIV smart cards are used to authenticate and logon. While setting up a DCOM application such as certificate enrollment services between workstations and servers, all running modern operating systems such as Windows Server 2022 and Windows 10, you start to see DCOM failures.  And you see error 10036 in the system log. 10036 "The server-side authentication level policy does not allow the user %1\%2 SID (%3) from address %4 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application." (%1 – domain, %2 – user name, %3 – User SID, %4 – Client IP Address) This is a real error message from the test environment. The server-side authentication level policy...

 WMIC says "Invalid Global Switch" Why does it say that when you use the /NODE switch?  It's because WMIC really wants the full IP address of the remote computer, not the name. Here's an example of it: This is the right way to do it, to prevent "Invalid Global Switch" The WMIC Cookbook In these examples, we will write all output to a file called a.out. First one will be written, others will be appended. # --------- CUT HERE ----------------------- # A powershell script by Uncle Joe # To append to the file, use /APPEND instead of /OUTPUT $username="talladega\lets_go_brandon" $password="Nascar22" # Get Computer Name wmic /NODE:192.168.0.143 /OUTPUT:a.out /USER:${username} /PASSWORD:${password} computersystem get model,manufacturer,name,username # Disk Check wmic /NODE:192.168.0.143 /APPEND:a.out  /USER:${username} /PASSWORD:${password}   logicaldisk list full # CPU Check: wmic /NODE:192.168.0.143 /APPEND:a.out  /USER:${username} /PASSWORD...

How to fix this "No suitable default server credential exists on this system" The Fix The fix was done by Dell Server support using Powershell command  New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "ims.local" -FriendlyName "MySiteCertIMS" -NotAfter (Get-Date).AddYears(10) Then finding the newly created certificate using MMC under Console Root, Certificates (Local Computer), personal, certificates and copying to Trusted Root Certification Authorities, Certificates.

Windows Internal Database Fails to Start or Fails to Install from Server Manager Greetings, y'all.  Recently, I started building a WSUS server on Windows Server 2012 R2. While trying to install Windows Internal Database from the Server Manager , it fails to install, yet leaves the services.msc control panel with a non-starting service called " Windows Internal Database ." It refuses to start, that's why the installer refuses to finish.  I was using "Add Roles and Features" to add this service.  Curiously enough, after a reboot, the service will be removed. But, If you try to start the service before the reboot, you will see this message dialog. Service Fails to Start How to Fix It In your group policy for your AD domain, make sure that "NT SERVICE\ALL SERVICES" and "everyone" is granted rights for.  Adding "Everyone" is foolish and dangerous thing to do.  Just to be safe, add a separate group policy object just for t...

How to Check Domain Controller Roles and Change them in a Dual DC Setup - Active Directory - Seize the Roles Using NetDom using the netdom command in a command prompt or dos prompt window to display the assignment of roles.  Herre we have roles split between ADS-01 and DC1 servers.  The text in  red/yellow  is what YOU type in to make it happen. C:\Users\Administrator.HOMESLICE>  netdom query fsmo Schema master               ADS-01.homeslice.local Domain naming master        ADS-01. homeslice .local PDC                         DC1. homeslice .local RID pool manager            DC1. homeslice .local Infrastructure master       DC1. homeslice .local The command completed successfully. Using ntdsutil Using ntdsutil to transfer the schema master and naming master. For t...

How to Install a SSL Certificate into Remote Desktop / Terminal Server This little tech tidbit is for those who like to use terminal servers or remote desktop to logon to their servers.  I will explain how to install a trusted certificate into terminal services. The first thing you need to do is the get a SSL certificate as a Standard PEM. You can get free SSL from SSLForFree.com , you should download the certificate and then use SSL Shopper's conversion tool to convert it to PFX/PKCS#12 form.   My advice is to use GlobalSign's AlphaSSL Standard Certificate, which will give you an X509 and a PKCS7.  As for generating a private key, see this How To Guide blog article. Step 0: Use certlm.msc to request a new certificate.  Right Click on Personal->Certificates, and then choose "All Tasks" -> "Advanced Operations" -> "Create Custom Request" thru the pop up menus.  In the Certificate Enrollment's Custom Request, you are going to choos...

My Cheat Sheet for Installing a Terminal Services License Server Note: This applies to Windows Server 2012 and Server 2012R2.  Before you do this, install a few Server Roles: Remote Desktop Services ( 2 of 6 Installed)     Remote Desktop Licensing     Remote Desktop Session Host Then use the Licescing Wizard to add your licenses in the "Remote Desktop Licensing Manager". Add your CALS and your what not, and Activate your server.  Use a Campus Agreement to activate some fake CALS, almost any 7 digit number starting with 6 will work. Configuring the License Server on a RD Session Hosts After the RDS License Server is activated and running, you can reconfigure RD Session Host to obtain licenses from this server. You can select the license type and specify the name of the license server using PowerShell or GPO. To select the license type to be used, run this command: $obj = gwmi -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceS...

Windows Time Sync Commands Net Stop W32Time W32tm /config /syncfromflags:manual /manualpeerlist:"time.nist.gov" W32tm /config /reliable:yes Net Start W32Time W32tm /config /update w32tm /resync Strip Chart Test w32tm /stripchart /computer:"time-nw.nist.gov" /samples:5 /dataonly An Example C:\Users\Administrator>w32tm /stripchart /computer:"pool.ntp.org" /samples:5 /dataonly Tracking pool.ntp.org [50.116.52.97:123]. Collecting 5 samples. The current time is 11/18/2019 11:29:41 PM. 23:29:41, +00.2785488s 23:29:43, +00.2738542s 23:29:45, +00.2741342s 23:29:47, +00.2751842s 23:29:49, +00.2732097s Useful Links https://tf.nist.gov/tf-cgi/servers.cgi https://serverfault.com/questions/704219/how-do-i-confirm-what-my-pdc-is-using-for-its-time-source-and-how-do-i-setup-an Or you could use:   pool.ntp.org or  time.nrc.ca or  clock.psu.edu or  rolex.peachnet.edu

Group Policy Replication Errors - How to Fix All of a sudden one of your workstations seems to not be able to update its own group policy objects. It appears that the workstation has failed the trust relationship. For Example C:\Users\Biff> gpupdate /force Updating Policy... User Policy update has completed successfully. Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\homeslice.net\SysVol\homeslice.net\Policies\{2B44EB00-32DD-42E3-8C83-9B6C6CA6D 6D6}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following: a) Name Resolution/Network Connectivity to the current domain controller. b) File Replication Service Latency (a file created on another domain controller  has not replicated to the current dom...