Windows Server 2016 – Random Reboot Issue

August 28, 2018

We encounter 1 Windows server 2016 that suffers from a RANDOM REBOOT issue…

image

Very annoying if it happens during the working hours.

SOLUTION :

Open the Group Policy Editor : GPEdit.msc

image

Go to Administrative Templates \ Windows Components \ Windows Update \ Configure Automatic Updates 

Enable : 3 Auto Download and Notify for Install

Check the setting using  Powershell :

get-ChildItem  HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

 

image

You can run it in Powershell : sconfig

image

To check the windows update config

You can run it as well as a cmdline : sconfig

image

Run GPUPDATE using admin credentials …

image

Enjoy!

Advertisements

Windows Server 2016 – Memory Leak Event ID 11 Error

August 28, 2018

Encountering Event ID 11 Memory Leak in MMC ?

image

This can be safely ignore according to Microsoft

See here for more details

image

Enjoy!


Windows Server 2016 – VSSAdmin Event ID 7001 Error

August 27, 2018

Event ID 7001 relating to VSSAdmin unable to create Shadow Copy

image

Solution :

Go to task manager and check the job configurations GUID.

If you find the similar compared to the Event Viewer details. You can delete them.

Reason :

This might happen after convert a Physical machine to a VM.

Success !


Windows – WBADMIN RESTORE using the correct version IDENTIFIER

August 23, 2018

When you are going to do a restore using the WBADMIN command line.  It might be hard to find the correct backup set and location ?

These are steps that will help you to get what you need.

1. Run the command wbadmin get versions

image

Check you backup time and VERSION IDENTIFIER.

As you can see the backup time is NOT equal to the identifier date and time …

Backup ran at 7 PM and the identifier says 11:00

image

You can also see the date & time in the folder name

image

So in order to getting the correct backup data to restore you need to take the WBADMIN IDENTIFIER details.


Windows 10 – CredSSP encryption oracle remediation Error using RPP

August 23, 2018

You may get an error like this when connecting to a remote server using RDP on a Windows 10.

Especially after W10 has received the latest updates ?

image

Solution :

Update the servers with the latest Windows updates …

See KB4103712

But if this is not feasible, you can apply this workaround temporarily…

See here

Open the Local Group Policy Editor gpedit.msc

Go to Computer Configuration –> Administrative Templates –> System –> Credential Delegation

Enable the Encryption Oracle Remediation Policy

image

Set to Vulnerable

image

If you cannot use gpedit.msc (Ex. Windows Home Edition), you can make the same change by using the registry, as follows:

Open a Command Prompt window as Administrator.

Run the following command to add a registry value:

REG ADD HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters\ /v AllowEncryptionOracle /t REG_DWORD /d 2

Success !


Windows 2016 – Sync Host OneSyncSvc Service PARAMETER is incorrect

August 10, 2018

Let’s say you want to disable the Sync Host Service on our server…

You will get this Error :The Parameter is Incorrect

And it will not let you disable it Sad smile

image

SOLUTION :

First open servives.msc and look for 1 or more Sync Host_xxxx Services in the list. And stop all the services.

image

Next open Regedit  and go to :

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OneSyncSvc

There might be multiple in the list…

image

Change the Start value from 2 to 4 (Disabled)

Open the services again an refresh F5.

image

The status has changed to Disabled Smile

image

Enjoy !


Windows 2016 – LSA (LsaSrv) Event ID 6038

August 10, 2018

What does this Warning event ID 6038 mean when you see this on a Doman Controller ?

image

image

It means as it says you have clients connecting using the WEAKER NTLM authentication method…

By default, Windows server does not report where NTLM requests are coming from, so auditing needs to be enabled.

If you want the address this issue read this guys post on how to …

https://nathanlevandowski.wordpress.com/2017/05/28/event-id-6038-auditing-ntlm-usage/