Latest Entries »

Troubleshooting HTTP.SYS – How delete old SSL cert?

Symptom: On internal ADFS server the new SSL certificate has been replaced using the set-adfssslcertificate cmdlet, but the get-adfssslcertificate still display the old thumbprint and @myolddomain.com

 This error cause error on Azure AD health connect

Solution:

There is not special ADFS cmdlet to remove this old thumbprint. The solution is to use NETSH HTTP to manage HTTP.SYS web server.

Reference: netsh commands for HTTP: https://msdn.microsoft.com/fr-fr/library/windows/desktop/cc307236(v=vs.85).aspx

Netsh http show sslcert                               ; to list all SSL bindings

In our case, we want to remove all bindings associated to adfslab.myolddomain.com:443

Solution:

In general the command is : Netsh http delete sslcert ipport=w.x.y.z:443

In our case :

Netsh http delete sslcert hostnameport=adfslab.myolddomain.com:443

Netsh http delete sslcert hostnameport=adfslab.myolddomain.com:49443

Check with get-adfssslcertificate cmdlet

 

Hi,

This article will explain how to repair the windows update and its components.

During certain circumstances; windows update can be frozen on Windows OS and downloads can be blocked;

I tested for you this procedure, because I experienced this problem just after installation of Windows 10 1511 in a computer. To solve my problem I followed successfully this procedure:

https://support.microsoft.com/en-us/kb/971058

note: I found this script here to reset windows update: https://gallery.technet.microsoft.com/scriptcenter/Reset-Windows-Update-Agent-d824badc

Note:

a) Eventvwr: system log, source: windowsupdateclient

b) To get the windows update log: use this powershell cmdlet: get-windowsupdatelog

PS C:\Windows\system32> get-windowsupdatelog

Converting C:\Windows\logs\WindowsUpdate into C:\Users\jdalbera\Desktop\WindowsUpdate.log …
    Directory: C:\Users\jdalbera\AppData\Local\Temp\WindowsUpdateLog

 

SQL performance counters are missing

SQL Performance Counters are Missing

How to retrieve the computer name based on the IP?

this mechanism is called “reverse lookup”. In general it works if your DNS server contain “reverse zones” and reverse records.

In that case, the following commands works fine:

ping -a <IP>

nslookup -a <IP>

But if your internal DNS Server, does not contain reverse zone. You must request records from your DNS server directly.

To achieve that, you can use nslookup or powershell to get an answer from a DNS server:

a) using nslookup

nslookup

server <enter remote DNS>

<type the IP>

 

b) using Powershell

#
# Get DNS records (computer FQDN) based on list of IPs (input)
#
# Created    :     10/01/2012
# Updated    :    21/03/2013
#
# Authors    : jdalbera – gbs-its-wid-nce
# Comments    : This script query the current DNS to retrieve list of FQDN corresponding
# to list of IPs (reverse records)
# It writes the results to a text file
#
cls
Write-Host “”
Write-Host “——————————————————-”
Write-Host ” Get DNS records from list of IPs ”
Write-Host “——————————————————-”
Write-Host “”

## VARIABLES
$date = Get-Date -Format ddMMyyyy
$log = “.\logs\Get-DNSrecordFromIPs-$date.txt”
#$listofIPs = Get-Content .\IPList.txt
$listofIPs = “10.64.23.23”,”10.65.10.12″,”10.66.10.11″
#Lets create a blank array for the resolved names
$ResultList = @()

## MAIN
Write-host “”
Write-host “————————————————————————————————”
Write-host “”
$startscript = Get-Date

# Lets resolve each of these addresses
foreach ($ip in $listofIPs)
{
$result = $null
$currentEAP = $ErrorActionPreference
$ErrorActionPreference = “silentlycontinue”

#Use the DNS Static .Net class for the reverse lookup
# details on this method found here: http://msdn.microsoft.com/en-us/library/ms143997.aspx
$result = [System.Net.Dns]::gethostentry($ip)
$ErrorActionPreference = $currentEAP
If ($Result) {
$Resultlist += [string]$Result.HostName
}
Else {
$Resultlist += “$IP – No HostNameFound”
}
}
# To output the results to a text file
$resultlist | Out-File $log

Write-host “——————-”
Write-host “– End of Script –”
Write-host “——————-”
Write-host “”
$stopscript = Get-Date
Write-host “Has started at” $startscript -BackgroundColor Gray -ForegroundColor Black
Write-host “Had finished at” $stopscript -BackgroundColor Gray -ForegroundColor Black
Write-host “TIME SPENT:” (New-TimeSpan -Start $startscript -End $stopscript).hours “Hours” (New-TimeSpan -Start $startscript -End $stopscript).minutes “Minutes” (New-TimeSpan -Start $startscript -End $stopscript).seconds “Seconds” -BackgroundColor Green -ForegroundColor Black
Write-host “”
Write-host “”

http://www8.hp.com/h20195/v2/GetPDF.aspx/4AA5-5841ENW.pdf

Security update MS15-011 & MS15-014 installed which hardens the UNC paths for SYSVOL & NETLOGON & the following registry keys being pushed using group policy:

  • RequirePrivacy=1
  • RequireMutualAuthentication=1
  • RequireIntegrity=1

Other related article: https://blogs.technet.microsoft.com/askds/2016/06/22/deploying-group-policy-security-update-ms16-072-kb3163622/

Prerequisites:
The modifications are limited using the Azure management portal, you must use the Powershell module for Azure AD:
Manage Azure AD with Powershell: https://msdn.microsoft.com/en-us/library/azure/jj151815.aspx

First, install the Azure AD powershell cmdlets on a server. It requires the installation of Microsoft Online Services sign-in assistant.

Usage:
To check the version:
(get-item C:\Windows\System32\WindowsPowerShell\v1.0\Modules\MSOnline\Microsoft.Online.Administration.Automation.PSModule.dll).VersionInfo.FileVersion

To connect to Azure AD:
$msolcred = get-credential                    ; enter the global admin account
connect-msolservice -credential $msolcred

To remove a user: remove-msoluser

To remove a old synchronization user: remove-msoluser
a)    Get-msoluser  ; to display all users
b)    Select the userprincipalname to remove: Sync_SERVERADSYNC_7783219a5965@amadeusGAD.onmicrosoft.com
c)    Then remove the account:

d)    Get-msoluser   again to control if the user has been deleted

To search a user,
Get-msoluser ; to display all users

To remove a group: remove-msolgroup

But it works using the group’s objectid

To display all groups:
Get-msolgroup –all  ; to list all groups
Get-msolgroup –maxresults  10 ; to list the first 10 groups

To list the number of users and groups:

(Get-msoluser –all).count   ; for all users
And for groups:

To display only the users with license enabled:
Get-msoluser –userprincipalname <account> | ft displayname,licenses

get-msoluser | where {$_.islicensed -like “true”}

To list users with no licenses:
Get-msoluser –userprincipalname user1@mydomain.com | select userprincipalname,islicensed,usagelocation | ft –autosize

For all users:
Get-msoluser | where {$_.isLicensed –like “false”} | ft -autosize

Get-msoluser | where {$_.isLicensed –like “false”} | select userprincipalname,isLicensed,usagelocation | ft -autosize

To list all the users with license enabled:
Get-msoluser | where {$_.isLicensed –like “true”} | select userprincipalname,isLicensed,usagelocation | ft -autosize

To list the SKU available: get-msolaccountsku | ft -autosize

To assign a license to a user:
A)    First you must assign a usage location
get-msoluser -userprincipalname user2@mydomain.com | set-msoluser -usagelocation FR

B)    You can assign a License
Set-MsolUserLicense -UserPrincipalName user2@mydomain.com -AddLicenses “contoso:EMS”

To set a usagelocation FR to all users with no licenses:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | set-msoluser -usagelocation FR
And display the result:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | ft -autosize

Now assign the contoso:EMS license to all users without license not yet enabled:
Get-msoluser | where {$_.isLicensed -like “false”} | select userprincipalname,isLicensed,usagelocation | set-msoluserlicense -addlicenses “contoso:EMS”
And display the result: Get-msoluser | select userprincipalname,isLicensed,usagelocation | ft -autosize

To search a user based on his userprincipalname:
Get-msoluser –all | where {$_.userprincipalname –like “user1@mydomain.com”} | select userprincipalname,islicensed,usagelocation

During the hard exercise to recruit an IT Pros, you are obliged to ask questions, here are links to some Q&A:

http://www.techiebird.com/sendmail.html

https://www.brentozar.com/archive/2009/07/top-10-interview-questions-for-windows-sysadmins/

http://www.01world.in/p/windows.html

http://resources.intenseschool.com/top-interview-questions-for-system-administrators-microsoft/

https://www.toptal.com/sql/interview-questions

https://dwbi.org/database/sql/72-top-20-sql-interview-questions-with-answers

http://www.indiabix.com/technical/sql-server-common-questions/

https://www.linux.com/blog/10-job-interview-questions-linux-system-administrators

http://computernetworkingnotes.com/rhce-interview-questions/linux-interview-questions-for-experienced.html

 

 

To change the Office 2010/2013 installed with a MAK key to the corporate KMS office key, the following commands will be needed and can be scripted:

Reference: http://technet.microsoft.com/en-us/library/ee624355.aspx#section2-3

Reference for Office 2016: http://theitbros.com/ms-office-2016-activation-with-kms/

For Office 2010: Run the following ospp.vbs from this folder c:\program files (x86)\Microsoft Office\Office14

For Office 2013: Run the following ospp.vbs from this folder c:\program files (x86)\Microsoft Office\Office15

For Office 2016: Run the following ospp.vbs from this folder c:\program files (x86)\Microsoft Office\Office16

Here are the needed steps in the script.

0. cscript ospp.vbs     ; to display the list of ospp.vbs options

1. cscript ospp.vbs /inpkey:<kms product key>

The required KMS Office 2013 GVLK key you get here: https://technet.microsoft.com/en-us/library/dn385360.aspx

The required KMS Office 2016 GVLK key you get here: https://technet.microsoft.com/en-us/library/dn385360.aspx

2. cscript ospp.vbs /sethst:<kms.dns.name>

This is needed if you want set your kms server name manually

3.  cscript ospp.vbs /act

This step activates you Office Installation.

Ref: https://blogs.technet.microsoft.com/matthts/2012/10/13/windows-server-sockets-logical-processors-symmetric-multi-threading/

With the release of each version of Windows Server, the maxima for supported number of sockets and logical processors have increased.

Whatever the numbers for the older OS releases, the best scalable platform for virtualization is Windows Server 2012 (and of course Hyper-V Server 2012), far exceeding VMware 5.1 and others.
Let’s start by defining common terminology.

Terminology

Logical Processor: A thread of execution on a physical processing unit which can be a core or a thread on a symmetric multi-threaded (SMT) system.

Virtual Processor: A virtualized instance of a logical processor exposed to virtual machines.

Socket: What a physical processor plugs into.

Follow

Get every new post delivered to your Inbox.

Join 37 other followers