Month: October 2019

Microsoft Q&A Launch !

| yagmoth555

Hi everyone

Good news from Microsoft today, Microsoft Q&A is launched and will soon replace the Technet Forum. The direct link is there.

mqanda

Good new users would be able to link to their old Technet profile in Q1 of 2020 🙂

For over 10 years the MSDN and TechNet Forums played a key part in enabling our customers to unblock their business scenarios by offering a platform where technical questions could be answered by Microsoft and the community . As time progressed, and technology evolved, the needs of the community grew beyond what the existing solution could provide. We started on a journey to identify a new, robust solution which would support our need to evolve the user experience.

We’re excited to share an important milestone in the journey, introducing the preview release of Microsoft Q&A – the place to get answers to all your technical questions on Microsoft products and services.

Just wanted to share it as it’s a good news, as the old forum was starting to show it’s ages.

Thanks everyone, and happy hunt in the news forum 🙂

Advertisement

Windows Server 2019 OEM Activation problem (VM)

| yagmoth555

Hi everyone

Today I wanted to share a small tip if you got some problems with your Windows Server 2019 OEM Activation if you have OEM media.

I used the latest Dell OEM installation media in my case. When the virtual machine booted I used to get an activation error even if my key was valid.

Capture2

Running a slmgr /ato returned me that error;

Error: 0x8007041D on a computer running Microsoft windows non-core edition, run ‘slui.exe 0x2a 0x8007041D ‘ to display the error text

At that point, even if I used my OEM media, I think it’s possibly a manufacturer problem with the media kit as in each of my cases I used to had a pre-installed version of ESX, and I selected to had the OEM OS.

To pass the activation the tip I got was simple, to use these customs settings inside the VM .vmx or parameters;

Capture

smbios.addHostVendor = TRUE

SMBIOS.reflectHost = TRUE

SMBIOS.noOEMStrings = TRUE

 

With those setting my virtual machine activated correctly 🙂

 

Microsoft Exchange Information Store Error – EventID 5003 | EventID 3154 – Time error

| yagmoth555

Hi everyone

On Microsoft Exchange you might fall into a strange bug if a time error happen between your DC and your server.

The error start by showing that error;

Event ID 5003, MSEchangeIS

Impossible d’initialiser le service de bande de d’information car les horloges de l’ordinateur client et du serveur sn déréglées. Le problème être dû à un changement d’heure sur l’ordinateur client ou le serveur, et un redémarrage peut être nécessaire. Vérifiez que votre domaine est configuré correctement et qu’il est actuellement en ligne.

That error may appear too;

EventID 3154, MSExchangeRepl

Active Manager n’a pas pu monter la base de données XXXXXXXX sur le serveur YYYYYYYY. Erreur: Une opération Active Manager a échoué avec une erreur provisoire. Recommencez l’opération. Erreur: Échec de l’action de base de données avec une erreur passagère. Erreur: Une erreur passagère s’est produite pendant une opération de base de données. Erreur: MapiExceptionNetworkError: Unable to make admin interface connection to server (hres:0x80040115, ec=-214221227)

To recover those erreurs you must do a net time command to sync the time with your active directory server.

net time \\DC-Server /set /y

After the net time don’t forget to restart the Microsoft Exchange Active Directory Topology service;

Voila, the error will be a past memory !

Thanks !

Windows 10 – Update Stay at Download Waiting

| yagmoth555

Hi everyone

Today I wanted to share a small tip if your Windows 10 updates stay stuck at waiting download. Like shown there;

Capture

If that happen please validate your current build to be sure it’s up to date, as often that error happen if one upgrade is waiting, but the update block the upgrade to run.

As such please go there to manually get the latest build; (www.microsoft.com/fr-ca/software-download/windows10)

Capture4

Click to download it, and please run it.

Capture3

Follow that wizard;

Capture2

Now after the manual upgrade the next time you will run into Windows Update the waiting download will be fixed.

 

Thanks everyone

Windows Server 2019 Domain Controller – Ready for production ! (KB4516077)

| yagmoth555

Hi everyone

Today I wanted to share a new, the KB4516077 is out and a *lot* of fix for the 2019 is in, for the ADDC’s roles.

 

  • Addresses an issue that causes File Explorer to report the number or the size of files and folders incorrectly when they use long paths.
  • Addresses an issue that causes unnecessary restart requests on servers.
  • Addresses an issue with diagnostic data processing during the Windows Out of Box Experience (OOBE) sequence.
  • Addresses an issue that prevents a web browser from connecting securely to Windows Server. This occurs when using a client authentication certificate, such as a SHA512-based certificate, and the web browser does not support a signature algorithm that matches the certificate.
  • Addresses an issue that may cause the Local Security Authority Subsystem Service (LSASS) to stop working with an “0xc0000005” error.
  • Addresses an issue that prevents the BitLocker recovery key from being successfully backed up to Azure Active Directory.
  • Addresses an issue that leads to excessive memory utilization in Microsoft Defender Advanced Threat Protection (ATP).
  • Addresses a possible compatibility issue when Microsoft Defender Advanced Threat Protection (ATP) accesses case-sensitive Server Message Block (SMB) shares.
  • Improves the detection accuracy of Microsoft Defender ATP Threat & Vulnerability Management.
  • Addresses an issue that gives a Windows Hello for Business user two certificates for authentication during certificate renewal instead of one certificate.
  • Addresses an issue that causes the lsass.exe service to stop working, which causes the system to shut down. This occurs when migrating Data Protection API (DPAPI) credentials using dpapimig.exe with the –domain option.
  • Addresses an issue that may cause Direct Access servers to use a large amount of non-paged pool memory (pooltag: NDnd).
  • Addresses an issue that prevents you from running the Active Directory Diagnostics Data Collector Set from the Performance Monitor for Domain Controllers. This causes the Data Collector Set name to appear empty. Running the Active Directory Diagnostics Data Collector Set returns the error, “The system cannot find the file specified.” Event ID 1023 is logged with the source as Perflib and the following messages:
    • “Windows cannot load the extensible counter DLL “C:\Windows\system32\ntdsperf.dll.”
    • “The specified module could not be found.”
  • Addresses an issue in which the product description of Windows Server 2019 was incorrect when queried using slmgr /dlv.
  • Addresses an issue that may cause authentication to fail for certificate-based authentication when the certificate authentication includes a cname as part of the pre-authentication request.
  • Addresses a Lightweight Directory Access Protocol (LDAP) runtime issue for Domain Controller Locator-style LDAP requests. The error is, “Error retrieving RootDSE attributes, data 8, v4563.”
  • Addresses an issue that causes LDAP queries that contain LDAP_MATCHING_RULE_IN_CHAIN (memberof:1.2.840.113556.1.4.1941) to intermittently fail on Windows Server 2019 domain controllers. However, these queries do not fail on domain controllers running previous versions of Windows Server.
  • Addresses an issue that causes group membership changes in Active Directory groups to fail. This occurs if the Lightweight Directory Access Protocol (LDAP) client uses the Security Identifier (SID) Distinguished Name (DN) syntax after installing previous versions of NTDSAI.DLL. In this scenario, an issue with the LdapPermissiveModify (LDAP_SERVER_PERMISSIVE_MODIFY_OID) control causes Active Directory to incorrectly return a “SUCCESS” status even though the group membership change did not occur.
  • Addresses an issue in which the Set-AdfsSslCertificate script is successful. However, it throws an exception during resource cleanup because the target server-side endpoint is no longer there.
  • Addresses an issue that may cause a Hyper-V virtual machine and a Hyper-V host to lose network connectivity because of an inconsistency in the media access control (MAC) address learning process. As a result, the Hyper-V virtual switch drops packets.

As you can see the number of improvement is huge.

I would quote a Microsoft’s employee;

quote

Thanks everyone

 

0365 – Exchange Online X-Sender Spam Problem

| yagmoth555

Hi everyone !

Today I wanted to share a strange problem I found in 0365. It seem really easy to bypass the antispam filter with the x-Sender property if you know how.

An example of a spam that went-tru.

This email was not tagged as spam, and the sender and the receiver thought they were in the same compagny. Both contoso.com email alias are hosted in 0365. You can see the x-sender there that it was not the case..

X-Originating-IP: 192.3.186.164
User-Agent: Workspace Webmail 6.9.59
Message-ID: <……@email23.godaddy.com>
From: Jacky <jacky@contoso.com>
X-Sender: cchj712@adm1ncare.com
Reply-To: Jacky <joshua.braga@aol.com>
To: <Mich@contoso.com>

To note the SPF record was setup correctly and was strict, but strangely 0365 check the SPF record of the x-sender, not the sender property ..

The SPF check was tricked that way;

Authentication-Results: spf=none (sender IP is 68.178.252.172) smtp.mailfrom=adm1ncare.com; contoso.com; dkim=none (message not signed) header.d=none;contoso.com; dmarc=none action=none header.from=contoso.com.com;compauth=fail reason=601
Received-SPF: None (protection.outlook.com: adm1ncare.com does not designate permitted sender hosts)

As you can see  the SPF check was done on the x-sender email address, adm1ncare.com, not the contoso.com

To resolve the issue I had to a antispam strategy and to make it stricter.

That way into your 0365 admin portal;

You create a antispam strategy, name it;

Capture0

You then apply it to your accounts;

Capture

Click to create the strategy.

Capture1

 

Thanks everyone, a small tip it’s, but come handy if you receive spam/phishering email a lot, as it’s not a default option ticked.

Active-Directory – Invoke-InternalEnsureADDSComponentInstallState not recognized – DCPromo

| yagmoth555

Hi everyone

Today I wanted to share a error I stumbled into this week.

It’s after adding the ADDS’s roles, in the dcpromo wizard, A Invoke-InternalEnsureADDSComponentInstallState is not recognized.

Sans titre

It happened to me on a Windows Server 2019.

The error was resolved by;

– Removing the dotnet feature

– Restarting

– Removing the ADDS role

-Re adding the ADDS role

– Re-running the wizard.

Kinda an easy fix, but not many people stumbled into that bug as I found almost no ressource that talk about it.

Enjoy the tip ! Thanks everyone

 

Edit : I had a comment that the step can break the ServerManager and other tools. I can share the link the user gave as it’s good information, more for 2016. https://superuser.com/questions/1183705/install-net-framework-4-or-4-6-in-windows-server-2016

I confirm in my test ServerManager still work and I didnt seen anything broke, but it’s in 2019 I did it.