Tab for the Win…dows

Posted on by Glenn

Just a quick tidbit on Windows Explorer in this post. I was working on renaming several files in Windows Explorer when I hit the Tab key. To my surprise, the rename for the current file was completed and Explorer switched to renaming the next file in the list. I hit Tab again and it switched to the next file. Pressing Shift+Tab will move backwards up the list.

Another quick tip, a slow double-click on a filename in Windows Explorer will allow a file rename.

Below is a gif for demonstration. On a side note, if a picture is worth a thousand words, what a gif worth?

Thanks for stopping by. If you have anything to add, drop a comment below. Have a great day.

Is remotewebaccess.com dead?

Posted on by Glenn

Good morning. I have been seeing a rash of issues with Essentials failing to connect with the list of domain services lately. At first I believed this to just be a temporary outage, but after the service appearing to be down for a couple of weeks this did not seem to be the case. Was Microsoft ceasing support of remotewebaccess.com and just not telling anyone? It would not be the first time I have seen a feature dropped from Essentials. However, In a recent meeting with one of my colleagues I discovered this is not the issue. Below is the error you will see if your server configuration has not been updated.

An error occurred while setting up your domain name
The domain name was not set up for your server. Wait a few minutes and run the wizard again.
The list of domain services available for your server cannot be found. Make sure your server is connected to the Internet. If this problem continues, wait a few minutes, and then try again.

The error doesn’t really tell you much. Based on the description it would seem that your server is not able to connect to the remotewebaccess.com server. This could be a DNS problem or maybe the server is actually down. It turns out the failure to connect is due to Microsoft forcing the use of TLS (Transport Layer Security) 1.2. By default, it is not turned on for .NET applications. You would think Microsoft would release a patch to turn this on in Essentials, but that remains to be seen if they will.

So how do you fix this issue. The fix is pretty easy, just a few registry entries and a reboot. One thing to note. I have tested this fix on Windows 2016 Essentials and it works. I also tested in Windows 2012 R2 Essentials and it does work if the server has the latest Windows updates. Your mileage may vary.

  1. Open notepad
  2. Copy and paste the following text into notepad:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
    “SystemDefaultTlsVersions”=dword:00000001
    “SchUseStrongCrypto”=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
    “SystemDefaultTlsVersions”=dword:00000001
    “SchUseStrongCrypto”=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727]
    “SystemDefaultTlsVersions”=dword:00000001
    “SchUseStrongCrypto”=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
    “SystemDefaultTlsVersions”=dword:00000001
    “SchUseStrongCrypto”=dword:00000001

  3. Save the file as TLS12.reg, changing the “Save as type” to All files.
  4. Go to the location the file was saved and run it. Click Yes twice and then OK.
  5. Reboot the server.

If you have anything to add, drop a comment below. Have a great day.

Fun with certificates

Posted on by Glenn

Good morning. I have had a few requests for an article on how to work with certificates, specifically the SSL variety. In this article we are going to walk through the whole process, from the CSR (Certificate Signing Request) to exporting a certificate. The process need not be a mystery any longer. So let’s get started.

The first step is to create the CSR. There are a couple ways to do this. In this article we will use IIS (Internet Information Services) to create the request. If you do not want to use IIS or do not have it installed, there is a very good article on using certreq.exe here.

  1. Launch IIS. Right-click the Windows icon in the bottom left corner and choose the run option. Type inetmgr and press enter.
  2. Click the name of the server on the left and then double-click Server Certificates in the middle section.

  3. Choose the option to “Create Certificate Request” from the actions pane on the right. This will launch the CSR wizard.

  4. Fill out the certificate information. The common name is the domain name that the certificate will be used for. You will want to change it and the other fields to match your needs. Once completed, click Next.
  5. By default the bit length is set to 1024 bytes. Change this to 2048 and click Next.

  6. Give it a filename and click Finish.

Now that the CSR is created it will need to be submitted to the 3rd party CA (Certificate Authority) of choice. Once that process is completed and a certificate file provided, the last step can be completed.

The last step is to complete the certificate request. You will want to launch IIS and go to Server Certificates as explained above. Then proceed with detailed steps below.

  1. Choose the option to “Complete Certificate Request” from the actions pane on the right. This will launch the Complete Certificate Request dialog.

  2. Provide the path to the certificate file received from the 3rd party CA, give it a friendly name and click OK.

At this point the certificate is installed and ready to use. If you want to know more about how certificates work be on the lookout for an upcoming post that goes into more detail. I will update this post with a direct link when that article is created.

I hope you have found this post useful. If you have anything you want to add or think I missed something, please use the comments section below. If you made it this far, thanks for reading.

Why you shouldn’t remove .NET in Windows Server

Posted on by Glenn

Good afternoon.
The rumors of my demise have been greatly exaggerated. It is time for another interesting issue. I have seen this issue a few times now, but this last time I was finally able to put my finger on the cause and correct it. The issue in this case occurs when the .NET Framework 4.7 Features are removed from Server Manager. See the picture below.

There is a whole slew of issues that will come up by removing .NET. One of which is that Server Manager and PowerShell no longer function. See below for a couple of errors that can be encountered.

The code execution cannot proceed because mscoree.dll was not found. Reinstalling the program may fix this problem.
The code execution cannot proceed because mscoree.dll was not found.
MMC could not create the snap-in. CLSID: FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}
MMC could not create the snap-in. CLSID: FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}

So this should be easy to fix. Just fire up Server Manager… Well that would be great if it worked. No problem, I know a fancy PowerShell command. Shoot, that doesn’t work either. Don’t fret though. There is a tool that has been with Windows since 2008 and still works to add or remove a feature. The tool is dism. Here are the steps to get .NET and PowerShell put back.

  1. Right-click the Start button and choose the Run option.
  2. Type cmd and press enter.
  3. Run the command: dism /online /enable-feature /featurename:NetFx4ServerFeatures /ALL and press return.
  4. Type PowerShell and press enter.
  5. Run the command: Install-WindowsFeature PowerShellRoot,PowerShell,PowerShell-ISE.
  6. Restart the server.

After running through the above the server should function normally again. I tested this process in Windows Server 2019, but should also work in Windows Server 2016 also.

I hope you found this article informative. If you have anything to add please feel free to leave a comment below.

What’s changed in Windows Essentials 2019

Posted on by Glenn

Good afternoon. Longtime readers of this blog likely figured out that I work quite a bit with Essentials. I wanted to take a few minutes to go over the changes good and bad and my views on why we see are seeing them. I have heard a lot of grumbling over the removal of some features. This article will attempt to take a more unbiased review of the situation. Just a couple disclaimers first though. I do not work for Microsoft and my views here are my own.

Let’s tackle the elephant in the room first. The removal of the essentials experience. This includes the dashboard, connector software, remote web access and client PC backup. Based on my interactions, most people I talk to see this in a negative light. I tend to view this as business as usual.
I say this as I have been supporting Microsoft small business products for about 15 years now. I started out supporting SBS 2003. I watched that product mature into SBS 2008 and then peak with SBS 2011. Unfortunately due to the all interactions between the different software packages, SharePoint, Exchange, Active Directory, etc… it meant that putting out SBS 2014 was not going to happen. This is why I believe Microsoft decided to re-badge Windows Home Server as Windows Server Essentials edition. The product was changed some, but when first released was about 98% the same. Windows Server Essentials then matured into Essentials 2012, then 2012 R2 and finally peaked with 2016. While Essentials has been great in the past, the number of issues has been steadily creeping up. There are two that I believe contributed to the demise of Essentials. The first is the client PC backup feature. This feature, while great for a few workstations, does not scale well. The second problem though is likely a bigger part of why the Essentials experience was removed. Within the last few years the client connector software has become more troublesome to maintain. This seems likely due to the change in how updates are packaged for Windows 10. I have seen many workstations that required a reinstall of the connector software after an update. It’s not all bad though. I have seen quite a few Essentials environments that have been working great. These environments tend to run Windows 7 for the workstations, and have fewer than 10 workstations and/or users.

So were the building problems the only reason that the essentials experience was removed? I don’t think so. There is a lot of grumbling that Microsoft has removed the essentials experience to drive more customers to their hosted services. While there is likely some truth to this, I don’t believe it is the primary reason. It is more likely that the segment of the market that the essentials experience serves has shrunk to the point it is no longer profitable to continue development and support of the product. If it were, then Microsoft would devote more resources to the problems with the essentials experience.

So I like to consider myself an optimist and look at the bright side. There is definitely a silver lining here if you look closely. Through testing of Windows Server 2019 Essentials edition I have found several positive points. The first is the removal quite a few of the restrictions placed on previous Essentials editions. It is no longer a hard requirement to have an Active Directory domain in place. The licensing compliance checks will pass without problems if the server is left in a workgroup. This is a huge win for a lot of small businesses as it brings down the IT cost of maintaining and setting up a server. The server can simply be managed as a workstation would be. Another positive is that CALs (Client Access Licenses) are still included with the Essentials edition. While the 25 user limit is still in place, all 25 users are licensed without additional cost. Finally the cost of Essentials edition has remained largely unchanged. For less than half the cost Standard edition you get a server class OS with 95% of the features and very few restrictions*.

I hope you have found this informative. If you have an opinion on the subject or have another viewpoint please feel free to comment below.

*Remote Desktop Services and Data Deduplication have been removed from Windows Server 2019 Essentials edition. This is not really a change from 2016 Essentials edition as Remote Desktop Services, while there, did not function properly.

The bootfile is too small to support persistent snapshots

Posted on by Glenn

Good afternoon. It has been too long since I last posted. Today I found a solution to a problem I have seen several times and I wanted to share it.

I had a customer that was experiencing backup issues with a new load of Windows. When trying to backup the server in Windows Serer Backup the backup would always fail with the error “Windows Backup failed to create the shared protection point on the …”. An important point to note is the error would always occur during the VSS snapshot phase of the backup.

Below is the resulting Application event log with the key event highlighted.

At this point it is probably helpful to get a high level overview of how Windows Server Backup and VSS work. When Windows Server Backup starts a backup one of the first steps is to call VSS to take a snapshot. When the backup destination is local disk, the request is for both the backup destination and the backup source. This is so that Windows Server Backup can compare the blocks in both to perform an incremental backup. This means that a failure to snap the source or destination can cause the backup to fail.

I have seen this issue a handful of times and the consensus was the backup drive was causing the problem. While this can be the case, today I learned how to pinpoint which volume is actually causing this error with the event log. The key to determining this is the volume GUID ( Globally Unique Identifier) specified in the description of the event. This is the volume that cannot be snapped by VSS and is causing the backup to fail.

So how do you take the GUID and get the drive letter? This is the easiest part. Simply open an admin cmd window and run the command “mountvol”. At the end of the output all volumes with GUIDs and drive letters will be listed. In our case it was the D:\ drive that contained user data. We ran a test backup excluding the D:\ drive and it completed with no errors.

How do I fix the volume, so it will backup? Obviously we will not want to exclude a volume from the backup. There are two methods to repair this issue. First a chkdsk /f can be run to attempt and repair the volume. If that fails though, then you are likely looking at a bit of work to recreate the volume. Here is the process:

  1. Backup the data with robocopy or another file level backup utility. For robocopy an example command: robocopy <source> <destination> /MIR /XJ /W:5 /R:3 /LOG+:c:\robolog.txt
  2. Run diskpart and “clean” the disk. To do this run diskpart at an admin cmd, select the problem disk, then run the clean command.
  3. Recreate the volume
  4. Restore the data with robocopy or whatever file level backup utility used previously.

I hope you have found this post informative. If you have another way to solve this problem I would love to hear about it in the comments.

Windowsupdate.log is filled with GUIDs

Posted on by Glenn

Good afternoon. I found an interesting solution I wanted to share. I needed to collect the Windowsupdate.log file on a Windows 2016 server today. To do this I needed to run the PowerShell command Get-WindowsUpdateLog. The file is no longer continuously created as with previous Windows versions. This is all well and good, if the command worked 100% of the time. There have been some instances though where I ran that command and just get a file filled with GUIDs. See the example below.

1600/12/31 18:00:00.0000000 824 1056 Unknown( 10): GUID=638e22b1-a858-3f40-8a43-af2c2ff651a4 (No Format Information found).
1600/12/31 18:00:00.0000000 824 1056 Unknown( 11): GUID=bce7cceb-de62-3b09-7f4f-c69b1344a134 (No Format Information found).
1600/12/31 18:00:00.0000000 824 1056 Unknown( 11): GUID=638e22b1-a858-3f40-8a43-af2c2ff651a4 (No Format Information found).
1600/12/31 18:00:00.0000000 824 1056 Unknown( 50): GUID=6ffec797-f4d0-3bda-288a-dbf55dc91e0b (No Format Information found).
1600/12/31 18:00:00.0000000 824 1056 Unknown( 12): GUID=00497b4f-20f7-3ec8-96ab-8a593aa9824d (No Format Information found).

I have always wondered why this happened. I finally discovered the answer today. When I ran the PowerShell command I kept getting a popup about website security. I checked the box to not ask again and clicked OK. I then received a file full of nothing useful. I had a hunch that the command needed to grab information from the Internet to decode the GUIDs. Perhaps IE ESC (Internet Explorer Enhanced Security) was causing an issue with that process. I disabled IE ESC and re-ran Get-WindowsUpdateLog. Sure enough the file was created correctly.

So now you know. If you get a Windowsupdate.log file full of GUIDs there are two items to check. Verify the server has Internet connectivity and that IE ESC is turned off.

I hope you found this article informative. If you have anything to suggest or add to the content, please leave it in the comments below.

User profile corruption for Windows service accounts

Posted on by Glenn

Good morning. It has been a while since I posted, so I figured it was time for another article. I ran across an interesting issue this morning that I figured I would share. I had a customer that had recently experienced some file system corruption on the C: drive. Luckily chkdsk was able to correct the issue, but there was an issue that cropped up after running it. My customer was seeing an error in the Windows system log coming up frequently. The error was a 7005 with a source of Server Control Manager. The description was his concern though.
“The LoadUserProfile call failed with the following error:
The configuration registry database is corrupt.”

I did some research on this error and it is caused by a corrupt user profile. I figured it was probably a service user account as we had several services starting within seconds of each occurrence. Through a process of elimination I discovered that starting any service using the Network Service as the logon service caused the error.

So now I knew which account was causing the error, but how do you recreate the user profile for the Network Service user? I first checked the c:\users folder and the profile is not there. It is also not in the user profiles list in the system properties. I checked the registry as it has a list of all users with profile locations.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Bingo!

The Network Service profile is located in C:\Windows\ServiceProfiles\NetworkService. I renamed the profile in the registry (S-1-5-20) to S-1-5-20.old and the NetworkService folder to NetworkService.old.

I then started a service that used the Network Service account, and success. The registry key was recreated, as was the folder, and we received no errors in the event log.

On a side note the above process will also work for the Local Service account. Just rename the appropriate registry key and folder.

I hope you found this article informative. If you have anything to add or would like to suggest an edit, please do so in the comments below.

Problems installing RDS CALs on a 2019 license server

Posted on by Glenn

Good morning.  I had an interesting issue this morning I figured I would share.  I had a customer that was having a tough time installing his RDS CALs.  At both activate.microsoft.com and in the install license wizard we were receiving the error “Invalid license code” and “The serial number is not valid.” respectively.  I assumed this was due to a bad license code, as I have seen that a couple of times in the past.  After emailing Microsoft, I was able to confirm the license code was good. 

The serial number is not valid.

After going back to my customer, I found out that the license server was running Windows 2019.  Normally this should not be a problem as you can install down-level CALs.  For instance, it is possible to install 2012 RDS CALs on a 2016 license server.  It appears that may no longer be the case with 2019 or this may be a bug.  Time will tell.  In the end we fixed the problem by installing licensing on the Windows 2016 server.  The CALs then installed without issue.

If this changes in the future I will update this blog post.  I hope you found this blog post useful.  If you have any corrections or anything to add, please do so in the comments below.

Windows Server Essentials Configuration Troubleshooter

Posted on by Glenn

Good morning,
It has been a little while since I last posted, so I figured it was time to share a little gem.  My team had a case that had us scratching our heads.  I had previously seen the error, but the solution that worked several times before did not work.  In case you are curious here is the error we were seeing:
web server settings error

(There is an error in your Web server settings)

we opted to engage Microsoft support.  The support engineer had a trick up his sleeve and was able to resolve the issue quickly.  After doing some preliminary checking, he ran the configuration troubleshooter.  The tool pointed at a path issue with the RemoteAppPool application pool in IIS.  After fixing the path the errors were resolved.

I tried out this tool and it works great at verifying settings are correct.  The tool can be used to test IIS settings, the certificate authority, Essentials services, and whether ports for Essentials are open.  I am definitely adding this to my tool belt as it will significantly speed up troubleshooting.  You can find the tool here.  Below is a screenshot.  I just ignored the error as it did not seem to impact functionality.

Windows ESS Config Troubleshooter

I hope you found this post useful.  What is your favorite troubleshooting tool for Essentials?  Put the answer in the comments section below.