Networking via PowerShell

by Ed Sparks

PowerShell is clearly the way forward at Microsoft, particularly as more workloads are moved to the Azure cloud.  Learning the language of POSH, as it's colloquially become known, is definitely one of the best investments in time an administrator can make.  It always amazes me how powerful and consistent this language is compared to the multitude of obscure and non-standard tools of the past.

A great example is replacements for our old friends ping, tracert, ipconfig and the like.

There's a great article on Technet that describes some of the more useful and common ones.

Go forth and Get-NetIPConfiguration today!

WinX: The case of the missing Windows 8 right-click Admin Menu

by Ed Sparks

Windows 8.x features a very useful right-click context menu that offers quick access to many common administrative tasks. While this was initially a concession Microsoft made for the ridiculous misguided removal of the Start Menu, after using this for a short period of time it quickly becomes obvious how much better this is than the random collection of places these shortcuts existed in the past UIs.

Periodically, however, Windows will lose track of these shortcuts and right clicking the Start Button will result in...nothing.  Most often this issue presents itself due to an apparent bug in Sysprep, or with Roaming Profiles between different versions of Windows.

This...becomes...

What few people know is that this menu (known internally as "Win+X") is actually created on the fly from a list of shortcuts stored in the file system.

WInX

WInX

Not only can this menu therefore be customized by modifying shortcuts in these folders, but it also leads to our solution to fix the mysteriously non-working menu.

Resolution

  1. Log in as the administrative user experiencing the "no right click admin menu" issue
  2. Open File Explorer, and in the address bar type 

    C:\Users\Default\AppData\Local\Microsoft\Windows\
     
  3. This will open a local application data folder of the Default user profile, containing a WinX folder.  Right-click to Copy this folder
  4. Again, in the address bar of File Explorer, delete the contents and type

    %localappdata% (including the % signs)
     
  5. This will open the current (broken) user's local application data folders
  6. Navigate below here to Microsoft\Windows\
  7. Paste in the WinX folder previously copied into this location
  8. Log out and back in as the user, and the context menu should work correctly

Fixing Windows 10 Build 10041 Not Showing in Windows Update

by Ed Sparks

After a long 55 days Microsoft has finally released a major update to the Technical Preview of Windows 10.  In typical fashion they rambled on about how they're changing their build process, and going to release the product this summer, and how wonderful everything was going to be now as we users would be getting builds fast and furiously.

Then reality set in, and for a vast swath of users the much awaited build was nowhere to be found on Windows Update.  Refreshing Windows Update like a mad man had no effect.  It's not lost on everyone how Microsoft can't even seem to get downloading Windows right these days.  <face palm>

A busy thread has quickly emerged on the Microsoft Answers site, and for the majority of troublesome systems, the fix appears to boil down to a few items:

  • Make sure you are using drivers from your system vendor.  The most troublesome items seem to be Intel HD Graphics and Networking.  If you're using Microsoft's or Intel's published non-hardware-specific drivers, often this is causing systems to get locked in a Windows Update loop trying to download and install bad drivers over and over.  This blocks the next build from coming down, as it appears to want a pristine Windows Update status before starting.  So, go uninstall any drivers and re-install the versions from your hardware maker's site.  I'm looking at you Lenovo and HP owners.  
     
  • THEN, once you've checked, updated and rebooted...
    Download this hotfix from the Microsoft Update Catalog.  Make sure you put on your rose colored glasses and go back to 1998 first though.  You need to do this from Internet Explorer and install an Active-X Control.  Then add the 32 or 64 bit hotfix to your "basket".  Then download the basket.  Then right click on the downloaded file and Run As Administrator.  You know, because they couldn't just publish a link to this.
     
  • Alternatively, check/update the registry as follows:
Open regedit.exe
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsSelfHost\Applicability
BranchName, REG_SZ, fbl_impressive
ThresholdOptedin, REG_DWORD, 1
ThresholdRiskLevel, REG_SZ, low

Delete all other values

Once complete go to Settings App - Update & recovery - Windows Update
Tap or click Check for updates

  • Other users are reporting that disabling Windows Defender then rebooting sometimes fixes
     
  • Still others are going to the Settings App - Update & Recovery - Windows Update - Advanced Options and toggling to the Slow Ring (under Choose How Preview Builds are Installed) then reboot, then toggle back to the Fast Ring, then Tap or click Check for update

Good luck and happy testing!

Fix Event 513 CAPI2 Errors During Windows Backup

by Ed Sparks

Update: March 2016.
Commenters have noted this same fix appears to work correctly on Windows 10 as well

A semi-common error seen on various Windows 8.1 and 2012/R2 systems is the following during the start of system backups that use VSS (i.e. most backups).  This often causes the backup process to hang for a long period of time, or fail.

Application Event Log:
Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Much digging through forums has found what appears to be the cause.

During backup a VSS process running under NETWORK_SERVICE account calls cryptcatsvc!CSystemWriter::AddLegacyDriverFiles(), which enumerates all the drivers records in Service Control Manager database and tries opening each one of them. , The function fails on MSLLDP record with "Access Denied" error.

Turned out it fails because MSLLDP driver's security permissions do not allow NETWORK_SERVICE to access the driver record.

What causes this to have incorrect permissions in the first place is unclear, but a fairly simple fix exists.  We've tested this on several systems without issue, but your mileage may vary.

It can be fixed by correcting the Security Description on the MSLLDP service, using the built-in command line utility SC.exe

Open an Administrative Command Prompt (NOT PowerShell) and execute the following.  This must all be one long command without carriage returns

sc sdset MSLLDP D:(D;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BG)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SY)(A;;CCDCLCSWRPDTLOCRSDRCWDWO;;;BA)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;SO)(A;;LCRPWP;;;S-1-5-80-3141615172-2057878085-1754447212-2405740020-3916490453)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

You should receive a successful result of

[SC] SetServiceObjectSecurity SUCCESS

If so, the problem is resolved, and there's no reboot required.  The next backup should complete successfully.

Offline Files Service Crashing/Unavailable

by Ed Sparks

A common scenario that bites many a company that extensively uses Windows imaging for deployments, is that Offline Files completely melts down after a newly imaged system is setup.

This will show up in the event logs as the Offline Files service being unable to start, Folder Redirection breaking etc.  The first sign is usually a system event log error like

Windows could not start the Offline Files service.
Error 3: The system cannot find the path specified.

The best resolution is to make sure the reference system (where you took the image from) always has Offline Files disabled before the image is taken, in addition to Sysprep being run.

However, if you've already taken an and applied an image and have a broken system, then thankfully the fix is simple.  Just set a registry key to reset ("Format") the Offline Files ("Client side cache") database.  On Windows 7 and 8, this can be easily done by running the following from an Administrative command line:

REG ADD "HKLM\System\CurrentControlSet\Services\CSC\Parameters" /v FormatDatabase /t REG_DWORD /d 1 /f

Reboot the computer, and the Offline Files database will be reset and recreated.  Offline Files should start normally, and things like Folder Redirection and the like will follow.

 

Offline Files, Folder Redirection and DFS are some of the most complex to configure Microsoft technologies with an enormous amount of gotchas and hotfixes.  It's one of our most frequently requested support items from customers.   We've developed a great deal of expertise and best practices around these and will be posting an article soon detailing our findings.

In the meantime, why not contact us to help today!

Connecting or Ending another RDP session in Windows 2012

by Ed Sparks

As part of the complete re-architecture of the Remote Desktop Services Roles in Windows Server 2012, Microsoft moved the cheese in a serious way.

While there is much that is great about the new design, and we applaud their decision to more holistically approach all of the disparate remote connectivity and VDI options provided by the OS, the UI is an incomplete, slow and confusing mess.

One of the biggest problems was that they severely hampered the built-in Administrative RDP connections that have existed since Windows 2003, and got rid of all of the old TS/RDP Management Tools.  Even more painfully, they turfed everyone's old friend RDP Session Shadowing.  Thankfully this has made a return in Windows Server 2012 R2, but the management and UI haven't improved much.

Going, going, gone!

Going, going, gone!

As a result of all of this, it became difficult to do the simplest of tasks.  One of the most common that many admins used the Remote Desktop Services Manager utility for was connecting to another session, or ending a hung or disconnected session.  Alas, no RDS Manager for you dear 2012 User.  Too simple!

What to do?  Task Manager.  Seriously.

While this functionality has existed for quite some time, it is (by my quick survey of admins) unknown and rarely used.  It is, however, surprisingly functional.

Simply bring up Task Manager, click More Details to switch to the "Actually Useful" mode, and then click the Users Tab.  All current sessions will be displayed, along with a list of their processes.  Right click on any session to connect to or end the session.

Simple, but non-obvious.

EAP! Event logs are full of DLL path validation errors

by Ed Sparks

Once again, Tier 1 PC vendors are failing to send out products with proper drivers and clean, smoothly operating OS builds.  

It's shocking that in this era of Ultrabooks and tablets - all aimed at a premium market and with premium prices to match - vendors still send out systems littered with terrible bloatware, outdated drivers, and long lists of outstanding OS updates waiting.  Often even the OS is full version-behind or more behind current.

We're particularly looking at you Dell!

The latest cases we're seeing are from current Dell and Lenovo systems with Haswell ("4th Generation Intel Core") chipsets and Intel WiFi onboard.  On these systems, the System Event Logs are littered with entries similar to this:

The description for Event ID 2002 from source Microsoft-Windows-EapHost cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.
The following information was included with the event: 
Eap method DLL path
25
9
0
0
The handle is invalid

As is also often the case the Corporate tech support sites were of no use, and the available driver updates from the vendor did nothing to clear the events or resolve the root cause.

Our own investigation found the issue appears to be some Cisco-specific EAP registry keys are being added, without proper driver or backing software.

The solution? Fire up our old friend RegEdit and look under the following registry path:

HKLM\System\CurentControlSet\Services\Eaphost\Methods\311

There will be several entries referencing paths for Cisco drivers or DLLs that don't exist. Remove any of these type of keys.

No reboot is necessary, and the errors go away immediately.

We've also found this resolves some Cisco and other third-party IPSec VPN issues as well.