Homeslice - Just Like a Boss

DCOM FUD Caused by KB5004442 Applies to Windows domain controllers that are setup as "Certification Authority" that are being used from domain connected workstations to perform user self enrollment to generate certificates for PIV smart cards.  PIV smart cards are used to authenticate and logon. While setting up a DCOM application such as certificate enrollment services between workstations and servers, all running modern operating systems such as Windows Server 2022 and Windows 10, you start to see DCOM failures.  And you see error 10036 in the system log. 10036 "The server-side authentication level policy does not allow the user %1\%2 SID (%3) from address %4 to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application." (%1 – domain, %2 – user name, %3 – User SID, %4 – Client IP Address) This is a real error message from the test environment. The server-side authentication level policy

 WMIC says "Invalid Global Switch" Why does it say that when you use the /NODE switch?  It's because WMIC really wants the full IP address of the remote computer, not the name. Here's an example of it: This is the right way to do it, to prevent "Invalid Global Switch" The WMIC Cookbook In these examples, we will write all output to a file called a.out. First one will be written, others will be appended. # --------- CUT HERE ----------------------- # A powershell script by Uncle Joe # To append to the file, use /APPEND instead of /OUTPUT $username="talladega\lets_go_brandon" $password="Nascar22" # Get Computer Name wmic /NODE:192.168.0.143 /OUTPUT:a.out /USER:${username} /PASSWORD:${password} computersystem get model,manufacturer,name,username # Disk Check wmic /NODE:192.168.0.143 /APPEND:a.out  /USER:${username} /PASSWORD:${password}   logicaldisk list full # CPU Check: wmic /NODE:192.168.0.143 /APPEND:a.out  /USER:${username} /PASSWORD

How to fix this "No suitable default server credential exists on this system" The Fix The fix was done by Dell Server support using Powershell command  New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -DnsName "ims.local" -FriendlyName "MySiteCertIMS" -NotAfter (Get-Date).AddYears(10) Then finding the newly created certificate using MMC under Console Root, Certificates (Local Computer), personal, certificates and copying to Trusted Root Certification Authorities, Certificates.