Category Archives: Windows Server 2012

Saving Windows Disk Space | Windows System Cleanup

Although nowadays HDD space is a cheap commodity there is always a Windows C:\ running somewhere with a partition that is busting at the seams and ready to explode. I’ve seen it too many times…

As there are a number of common culprits for these space eating monsters I’m going to post the fixes here in one sweet spot, the “Windows System Cleanup” post.

Windows “Hiberfil.sys”

Hibernate mode uses the hiberfil.sys file to store the current state (memory) of the PC on the hard drive and the file is used when Windows is turned back on.
Always a cause of taking up C:\ the easiest option is to switch it off. Use the following command line to disable:

Enter "powercfg.exe -h off"

Pagefile.sys is a windows system file used as a swap file and was designed to improve performance. Windows uses it as memory location in case the application you’re running ends up needing more RAM than you actually have. This file is stored on the C:\ root but can take up space. Best option is to move it or reduce it (Reducing isn’t really a recommended option)

Right click on ‘PC’.
Left click on ‘Properties’.
Left click on ‘Advanced system configuration’.
If needed, left click on ‘OK’.
Select ‘Advanced options’ tab.
Left click on ‘Configuration’ inside ‘Throughput’.
Select ‘Advanced options’ tab.
Left click on ‘Change’ inside ‘Virtual memory’.
Edit your preferences.
Close all the opened windows by accepting.

Windows “Search” Folder

?

Windows “WINSXS” Folder

Reference this post: Saving Windows Disk Space | Reducing Size of WINSXS folder | Server 2008 R2

Windows Shadow Copies

Shadow copies take up space in C:\System Volume Information (Hidden Folder) They can be reduced or completely deleted using VSSAdmin

Shows Shadow Copy Versions:

vssadmin list shadowstorage

Deletes all Shadow Copies:

vssadmin delete shadows /all

BranchCache “PeerDistRepub” folder

BranchCache is basically a cached version of updates from Microsoft. Folder can be flushed/cleared using netsh
Check Cache

netsh branchcache show status all

Flush Cache

netsh branchcache flush

Uninstall BranchCache Feature (PowerShell)

Uninstall-WindowsFeature Branchcache

Adding DNS Alias | Replacing File Server

When replacing a file server with new server and new name you probably want to keep the old name and add a redirect. Originally, I thought this was a simple “change the DNS IP” and job done but there’s a little bit more to it than just that!

1) Locate OLDSERVER entry in DNS and delete it.

2) If the OLDSERVER server AD object still exists, you need to delete it. Failing to remove the old computer object will result in this error:

Unable to add NEWSERVER.
as an alternate name for the computer.
The error is: Cannot create a file when that file already exists.
The command failed to complete successfully.

3) Run this command to add the server alias:

netdom computername NEWSERVER /add:OLDSERVER

Note: if you have subdomains in use (sub.domain.com) then you need to specifically define this overwise the object will add “oldserver.domain.com” rather than “oldserver.sub.domain.com”

4) Register the machine in DNS

IPConfig /RegisterDNS

5) Run this command to check the aliases are shown on the machine

netdom computername NEWSERVER /enum

6) Final check to show what SPF entries have been created:

setspn -l NEWSERVER

Ref: https://support.microsoft.com/en-gb/help/3181029/smb-file-server-share-access-is-unsuccessful-through-dns-cname-alias

Netdom: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc835082(v=ws.10)

Original Post: https://blogs.technet.microsoft.com/askpfeplat/2017/06/19/using-computer-name-aliases-in-place-of-dns-cname-records/

Windows | DHCP PowerShell Options (Cheatsheet)

Managing DHCP on DHCP server:

Add-WindowsFeature -Name DHCP –IncludeManagementTools

Managing DHCP on remote host:

Add-WindowsFeature RSAT-DHCP

Powershell DHCP Module:

Import-Module DhcpServer

Get all DHCP servers in AD

Get-DhcpServerInDC

Get DHCP scope configuration

Get-DhcpServerv4Scope –ComputerName <DHCPServerName>

Get DHCP reservations on scope:

Get-DhcpServerv4Reservation -ComputerName <DHCPServerName> -ScopeId <ScopeID>

Import/Export DHCP Scopes

netsh dhcp server export C:\temp\DHCP.txt all

netsh dhcp server import C:\temp\DHCP.txt all

Note: The temp folder needs to be created

Check DHCP Replication Failover Status

Get-DhcpServerv4Failover -ComputerName <DHCPServerName>

Reference:
https://technet.microsoft.com/en-us/library/jj590708(v=wps.630).aspx

Windows | Remote Management “Could not start Virtual Disk Service (VDS)”

To avoid this error when you remotely managing another servers virtual disks (From “Server Management” you need to follow some steps

Disk Management could not start Virtual Disk Service (VDS) on SERVER-NAME. This can happen if the remote computer does not support VDS, or if a connection cannot be established because it was blocked by Windows Firewall.

For additional information about diagnosing and correcting this problem, see Troubleshooting Disk Management in Disk Management Help.

Windows_Server_Manager_VDS_1

Step1:

Check Virtual Disk Service is started on BOTH the local and remote system

Windows_Server_Manager_VDS_2

Powershell:

Start-Service -Name "vds"

CMD:

net start vds

Step2:

Add firewall exceptions on BOTH the local and remote system. VOILA! WORKING WITHOUT ANY ERRORS 🙂

Windows_Server_Manager_VDS_3

netsh advfirewall firewall set rule group="Remote Volume Management" new enable=yes

Step3:

Use “Server Manager” to connect remotely and access the disk management properties on the remote machine.

no images were found

Migrate Folder Shares | PowerShell

Basic objective, we’ve got a ton of shares which we need to move to a new server. The data has already been replicated but we need to re-share.
There are methods of doing this by exporting the registry but being a little scared of messing up the current shares and requiring a reboot I decided to do this manually…

Export list of shares on source server:

get-WmiObject -class Win32_Share -computer servername.fqdn.com | Export-Csv -Path "C:\Shares.csv"

Create shares on destination server:

Powershell:

Need the powershell command here

CMD Net Share

net share "ShareName"="D:\Path\FolderName" /grant:everyone,FULL

Reference:
https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/export-csv?view=powershell-6
https://gallery.technet.microsoft.com/scriptcenter/Creates-New-Share-with-fb22d905
http://www.tomsitpro.com/articles/use-fileshare-powershell-cmdlets-server-2016,2-1053.html

SQL Firewall Rules | PowerShell

Add Windows Firewall exclusions for Microsoft SQL using PowerShell

Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
#Enabling SQL Server Ports
New-NetFirewallRule -DisplayName “SQL Server” -Direction Inbound –Protocol TCP –LocalPort 1433 -Action allow
New-NetFirewallRule -DisplayName “SQL Admin Connection” -Direction Inbound –Protocol TCP –LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName “SQL Database Management” -Direction Inbound –Protocol UDP –LocalPort 1434 -Action allow
New-NetFirewallRule -DisplayName “SQL Service Broker” -Direction Inbound –Protocol TCP –LocalPort 4022 -Action allow
New-NetFirewallRule -DisplayName “SQL Debugger/RPC” -Direction Inbound –Protocol TCP –LocalPort 135 -Action allow
#Enabling SQL Analysis Ports
New-NetFirewallRule -DisplayName “SQL Analysis Services” -Direction Inbound –Protocol TCP –LocalPort 2383 -Action allow
New-NetFirewallRule -DisplayName “SQL Browser” -Direction Inbound –Protocol TCP –LocalPort 2382 -Action allow
#Enabling Misc. Applications
New-NetFirewallRule -DisplayName “HTTP” -Direction Inbound –Protocol TCP –LocalPort 80 -Action allow
New-NetFirewallRule -DisplayName “SSL” -Direction Inbound –Protocol TCP –LocalPort 443 -Action allow
New-NetFirewallRule -DisplayName “SQL Server Browse Button Service” -Direction Inbound –Protocol UDP –LocalPort 1433 -Action allow
#Enable Windows Firewall
Set-NetFirewallProfile -DefaultInboundAction Block -DefaultOutboundAction Allow -NotifyOnListen True -AllowUnicastResponseToMulticast True

DFS | DFSR Removal of Staging Directory

After removing DFS shares on a server there may be some leftover files in the “DFSR” cache, this is a hidden location within the “System Volume Information”. This can be a tricky one to delete but can be completed using some CLI.

Take Ownership of folder

icacls "e:\system volume information" /grant Administrator:F

DFSR_Removal01

Remove Directory (Silent & whole directory tree)

rd "e:\system volume information\dfsr" /s /q

DFSR_Removal02

Windows 7/10 | Remotely logoff user (Instantly)

Useful in the event of having to log someone off remotely. (i.e. if a users AD account has been disabled and you want to prevent them from using the system urgently)

You must have local administrator access to complete this. This process will logoff the user instantly.

Run CMD (As Administrator)
Obtain the session ID:

quser /server:COMPUTERNAMEHERE

Logoff session ID:

logoff ID /server:COMPUTERNAMEHERE

Example

cmd_quser_logoff

Creating AD Trust Relationship

Ports required for trust relationship:

389 (TCP and UDP) – Directory, Replication, User and Computer Authentication, Group Policy, Trusts – LDAP
636 (TCP) – Directory, Replication, User and Computer Authentication, Group Policy, Trusts – LDAP SSL
3268 (TCP) – Directory, Replication, User and Computer Authentication, Group Policy, Trusts – LDAP GC
3269 (TCP) – Directory, Replication, User and Computer Authentication, Group Policy, Trusts – LDAP GC SSL
88 (TCP and UDP) – User and Computer Authentication, Forest Level Trusts – Kerberos
53 (TCP and UDP) – User and Computer Authentication, Name Resolution, Trusts – DNS
445 (TCP and UDP) – Replication, User and Computer Authentication, Group Policy, Trusts – SMB,CIFS,SMB2, DFSN, LSARPC, NbtSS, NetLogonR, SamR, SrvSvc

Reference:

https://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx
https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

DFS | Site Links, Server Target Prioritization & Reference Info

DFS Setup and Configuration Notes

I like DFS, the main issue I found is setting it up, tailoring it to your needs, debugging and configuring which can be a bit troublesome. I’ve spent a while trying to implement and tweak it for a large scale network (17 x Sites using DFS-N & DFS-R) I’ve list a number of articles/URLs which have proven useful on my DFS internet travels…

Continue reading →

Windows Server | DNS Scavenging Explained

Nice post I stumbled upon regarding DNS scavenging and how it actually works.

How DNS Aging and Scavenging Actually Work

“Best Practice Analyzer” shows this should be enabled (But I’ve not seen any posts as to why this isn’t enabled by default)

DNS server should have scavenging enabled

Windows Time Commands | Cheatsheet

Check time service is running (Local & Remote):

sc query w32time

sc \\HOSTNAME query w32time

Displays all local time information (Local & Remote):

w32tm /query /configuration

w32tm /query /configuration /computer:HOSTNAME

Display Windows Time service status (Local & Remote):

w32tm /query /status

w32tm /query /status /computer:HOSTNAME

Display Windows Time service source (Will return one line: local CMOS vs Server) (Local & Remote):

w32tm /query /source

w32tm /query /source /computer:HOSTNAME

Display a list of peers and their status:

w32tm /query /peers

Displays current time (local source)

Time /T

Resync local computer time against time server: (run on all servers, except time server)

w32tm /resync /rediscover

Force local computer time to update against domain server (Local & Remote):

w32tm /config /syncfromflags:domhier /update
w32tm /resync /rediscover w32tm /resync

w32tm /config /syncfromflags:domhier /update /computer:HOSTNAME
w32tm /resync /rediscover w32tm /resync

Start time server via CLI (Local & Remote)

net start w32time

SC \\HOSTNAME net start w32time

Restore Windows Time Service (if it has been broken)

net stop W32Time
w32tm /unregister
w32tm /register
net start W32Time
sc query W32Time

Set Time Update NTP source

@echo off
net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist: 0.uk.pool.ntp.org
w32tm /config /reliable:yes
net start w32time
w32tm /query /peers
PAUSE

Event Viewer Error Message:

Event Type: Error

Event Source: W32Time

Event Category: None
Event ID: 12

Description: Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.

To resolve the eventID 12:

w32tm /register

Reference:

DNS | Modify DNS entry CMD

Add/Remove a DNS record without the GUI

Add

dnscmd [ServerName] /recordadd [ZoneName] [NodeName] RRType&gt; &lt;RRData]

dnscmd UK-WDC01 /RecordAdd edwardsd.local UK-ESX01 A 192.168.1.5

Delete

dnscmd &lt;ServerName&gt; /recorddelete &lt;ZoneName&gt; &lt;NodeName&gt; &lt;RRType&gt; &lt;RRData&gt;[/f]

dnscmd UK-WDC01 /recorddelete edwardsd.local UK-ESX01 A 192.168.1.5

Reference: DNSCMD Examples

Windows Commands | Powershell

A few random PowerShell commands in Windows to help complete tasks:

Create New AD User:

New-ADUser -SamAccountName U1 -Name "User 1" -AccountPassword (ConvertToSecureString -AsPlainText "p@ssw0rd" -Force) -Enabled $true -Path 'OU=Test,DC=FABRIKAM,DC=COM'

Displays if “Desktop Experience” is installed:

Get-WindowsFeature *Desktop*

Installs “Desktop Experience” Feature:

Add-WindowsFeature Desktop-Experience

Remove Windows Patches

wusa /uninstall /kb:2952664

Clear all log entries
Although previous logs in event viewer can be helpful for diagnostics, I find old errors sometime cloud the current issues. In order to quickly clear all evertvwr logs entries you can use the following powershell command

wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}

Bypass code Execution

Usually if you get this error “PowerShell says “execution of scripts is disabled on this system.” the quick option is to bypass the execution policy:

Set-ExecutionPolicy Unrestricted

HP Proliant Microserver (Gen8) | Windows Server 2012 R2 Storage Drivers

My configuration of the HP Microserver G1810T uses all 4 x HDD disk bays (2 x RAID1) with 1 x HDD (2.5″) attached to the secondary SATA connector on the motherboard.
This 5th disk for the OS was configured under the controller options to use RAID0.

When installing Windows Server 2012 R2 for the first time you will need to specify the B120i controller drivers for Windows to be able to see the disk.
The driver can be downloaded from the HP Microserver webpage and is listed under the “Driver – Storage” section.

The ILO made it easy for me to install Windows remotely from my desktop and attaching virtual media (ISO) and folders. Continue reading →

Enable ICMP (Ping) & WMI | CMD Line

1 Reply

Without enabling ICMP ping requests will not get a reply from the server.

Enable ICMP using “netsh firewall” (Old Method):

netsh firewall set icmpsetting 8

Enable ICMP using “netsh advfirewall” (New Method):

netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow

Enable WMI using “netsh advfirewall” (New Method):

netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes

Unable to Access DFS Share | Windows 7 Mapped Drives

Mapped network drive to DFS share is not allowing access.

“This operation is supported only when you are connected to the server”

If you try to remap the drive with different credentials the following error appears:

The network folder specified is currently mapped using a different username and password.

To connect using a different user name and password, first disconnect any existing mappings to this network share.

Looking in the EventVWR the following is logged:

EventID1004: Path \Server\DFS transitioned to slow link with latency = 115 and bandwidth = 13265936

Rebooting doesn’t fix the issue
Remapping doesn’t fix the issue.
Entering the direct server UNC path allows full access (as it should)
Applied regedit to force Auto Reconnect to the server but still didn’t fix the issue.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetCache]
"SilentForcedAutoReconnect"=dword:00000001

Fix:

In the end the really simple workaround was to “Disable Offline File Sync” and reboot the system. All working again!

“Control Panel -> Sync Centre -> Manage offline files -> Disable Offline Files”

Reference:

http://blogs.technet.com/b/askds/archive/2011/12/14/slow-link-with-windows-7-and-dfs-namespaces.aspx
https://www.conetrix.com/Blog/post/Fixing-Problem-With-Windows-7-Shared-Files-and-Mapped-Drives-Unavailable-Over-VPN.aspx

Windows Backup | Adding Multiple External HDDs

Windows Backup can be configured to use multiple external hard drives as the target. This way you can setup a hard drive rotation system i.e. Mon: USB_HDD1, Tue: USB_HDD2, Wed: USB_HDD1

Ideally both HDDS (or more) need to be connected at the same time when you configure the backup from the GUI. If you do not have both HDDS connected this can be accomplished using the WBADMIN command line tool.

Locate the HDD identifier using “get disk” and add it to the job using “-addtarget”.

wbadmin get disks

WBADMIN ENABLE BACKUP -addtarget:{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}

Reference:

http://goo.gl/zjBiEQ

PSEXEC | Remove File Share Remotely

Sometime it takes time to go and speak to a user, then stop what they are doing so you can make a change or tweak on their PC/Laptop so I like to do this in the background remotely without their knowledge (Hey! I’m an Admin that’s what I do)

PSEXEC has become a good friend for doing this!
I usually dump the “psexec” exe in the c:\Windows\System32 folder so I don’t have to change CMD paths. (Remember you need to run CMD as the user with access to the remote system for this to work)

Remove Share Remotely:

psexec \\PCNAME net share &lt;SHARENAME&gt; /delete

Map Drive Remotely:

psexec \\PCNAME net use S: \\SERVER\SHARE

WSUS | Saving Windows Disk Space | Scheduled “Server Cleanup Wizard”

This script will automatically run the “WSUS Server Cleanup Wizard”
This can be added to a scheduled task.

Continue reading →