Cached Credential

Hi everyone !

Today I wanted to share another tip. It’s something I see a lot in help desk call, and sometimes it make call a lot longer to not know that one.

It’s for the managed credential in the Windows Account’s store.

You could be renaming an account on a Domain Controller, or it can be a pass through user set for authentication, but changing it can break thing.

The tip is just to never forget to go there and delete the cached credential that give you problem;

enter image description here

enter image description here

You can see my answer there, and it’s something useful to know 🙂

Blocked Windows Update on restart

Hi everyone

Today I wanted to share a small tip that can help if your server is stuck on reboot with a Windows patch that don’t want to terminate.

Please use with precaution the tip to not loose data or break the OS.

In my case it was useful on a Windows Server 2019, as it was stuck for 3 hours and more, and the CBS log was growing indefinitely.

You can use ps exec, but we have tasklist that support a remote computer.

To use that way;

tasklist /s remote_computer with the username and password. /u domain\username /p password

tasklist /s remote_computer /u domain\username /p password

After the command we got a list with all PID.

To stop the Windows Update, in my case I had to close Windows Installer service.

The command is the same, except we give to it the PID, or we could use the /im parameter to target the executable image name. (/f force the closure)

taskkill /s remote_computer /u domain\username /p password /pid PID /f

Command reference

YK22 bug ! Exchange 2016, 2019

Hi everyone

Happy new year 2022! And I wanted to share that if you have the latest patch installed in your Exchange you might have run into a YK22 bug !

The Microsoft Filtering Service got hit by a bug in it’s patch system.

To resolve in the short term please run;

Set-MalwareFilteringServer -BypassFiltering $True -identity <server name>

Or;

Disable-AntimalwareScanning.ps1 -forcerestart from the script folder.

The bug is explained there; https://old.reddit.com/r/sysadmin/comments/rt91z6/exchange_2019_antimalware_bad_update/ but it’s a variable error from the year 2021 to 2022 that make a long overflow vs an unsigned long that would had been ok.

Thanks everyone for reading, and good year !! 🙂

Update; it’s now fixed;