Difference between Virtual and Physical Machine

May 11, 2017

Sometimes you need to know whether you connect to a Virtual or Physical Machine.

In order to know how you are going to manage the Backup strategy for these machines.

SOLUTION :

Easy by using the ‘SystemInfo’ command.

image

See the System Model Label …

Or use the GUI Version command : ‘msinfo32’

image

More options posted in this thread here.

Enjoy !


Installing VPN Service failed Event ID 7041 on Windows 2016

May 3, 2017

Installing the VPN service using the Add Roles and Features on a Windows 2016 Server failed Sad smile all the time …

In the Event Viewer we could see these events :

image

Event ID 7041 :

The MSSQL$MICROSOFT##WID service was unable to log on as NT SERVICE\MSSQL$MICROSOFT##WID with the currently configured password due to the following error:
Logon failure: the user has not been granted the requested logon type at this computer.
 
Service: MSSQL$MICROSOFT##WID
Domain and account: NT SERVICE\MSSQL$MICROSOFT##WID
 
This service account does not have the required user right “Log on as a service.”
 

So the configuration manager could not install the local Windows Database, because lack of credentials to run as a service.

So basically it boils down to get the GPO adapted with the correct credential settings.

Solutions :

1. To edit this setting, open Group Policy Management and edit the Default Domain Policy (Or other policies if they are applied like in my case)

Navigate to Computer Configuration, Policies, Windows Settings, Security Settings, Local Policies, User Rights Assignments. 

Edit Log on as a service and add the following groups:

IIS_WPG
NETWORK
NETWORK SERVICE
SERVICE
NT SERVICE\ALL SERVICES

2. See here KB 2832204 :

  • Assign the Log on as a service user right to
  • NT SERVICE\ALL SERVICES in the GPO that defines the
  • user right.

Next Run gpupdate /force

image

Next REBOOT the server …

After this the Feature was installed successfully Smile

image

And you are ready to Configure the VPN Access.

Do not use the Server Management Dashboard

image

image

But use the manual configuration method instead.

image

3. Configuration :

Configuration of simple VPN Follow these Steps :

image

image

image

image

image

Also check the Firewall settings

image

image

Enjoy!


WebMatrix on IIS8 on Windows 2016

May 2, 2017

How to install Webmatrix on IIS8 using Windows Server 2016

 

1. You do not need to install anything relating to Webmatrix !

2. Install the IIS Server Role

image

Create a virtual folder and copy all the files / database and web.config in there.

image

PS :  You can’t run .cshtml in the root folder !

Because it has a forbidden handler settings for .cshtml extensions

image

Result will look like this :

image

 

3. Configure the IIS server for ASP.NET Razor

Optionally you can set the CLR 4.0 as 32 Bit integrated mode.

image

Select the Handler Mappings, next Advanced Settings and change the Application Pool from :

Default Application Pool to .NET v4.5

image

 

You don’t need to set ISAPI filters !!

image

And the Mapping handlers are already installed for .cshtml as well Smile

image

You are ready to test you webpage…

PS :  don’t forget to give READ / WRITE access to the Database folder location ! Winking smile

Success !!


AD – List applied Security Policies

April 27, 2017

Sometimes you need to get a clear view on which Security Policy is applied to a Users or other AD Object.

There are 2 Tools you can use :

1. Resultant set of Policies Snap-In

Run rsop.msc

clip_image002[4]

clip_image002[6]

clip_image006

clip_image002[8]

So as you can see on this AD User Object there are 3 GPO’s applied.

Which is important to know for Debugging Security Issues.

2. Command line version :

Run gpresult /Scope User /v

image

Enjoy !


Windows 2016 – DHCP server Name wrong

April 27, 2017

After migrating the DHCP server from one to the other I got a strange Server Name appearing in the DHCP Management Console ?

image

It just showed an IP address instead of the Server Name ?Confused smile

SOLUTION :

1. Close the DHCP Management snap-in

2. Go the Networks Adapters

image

Disable any Adapter you are not using !

image

Open the DHCP snap-in again, and you will see the problem is fixed.

You can enable the Adapter afterwards again no problem this settings will remain…

Enjoy!


Windows Server 2016 – prompts for a restart when adding Roles and Features

April 6, 2017

I wanted to install RAS VPN to the server but it failed all the time ?

 

image

Every time it asked to restart and ended up in the same circle….

“The operation cannot be completed, because the server that you specified requires a restart.”

image

Restarting the server provides no solution.

 

SOLUTION :

The solution is to grant the ‘log on as a service’ right to some addition built in accounts.

Start the Group Policy Management Console Open the Default Domain Controllers Policy or your specific server management policy.

Open the Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Local Policies –> User Rights Assignment branch

And then double click the ‘Log on as a service’ setting. Add the IIS_WPG, NETWORK, NETWORK SERVICE, and SERVICE accounts (via the Browse option).

Once these settings have been applied the server needs to update to the current Group Policy version. On the server command line you can type

 

gpupdate /force

 

image

If this does not work best check the events :

For some services you will see these errors

image

So you need add one extra … to the GPO : Solution here

NT SERVICE\ALL SERVICES

Once updated the installation should progress smoothly.

Enjoy !


Windows Task Scheduler Fails With Error Code 2147943785

April 5, 2017

This is usually due to a permissions issue.

It’s due to the user that is running the scheduled task not having the Log On As Batch Job assignment.

To fix it, have your Network Administrator go to Start Menu > Administrative Tools > Local Security Policy > Local Policies > User Rights Assignment > Log On As Batch Job as seen below:

image

 

If you are on a domain controller you need to do this on the GROUP POLICY

image

Don’t forget to update the policy using GPUPDATE /Force

image

 

But if this still does not work Sad smile

SOLUTION :

Make sure you use the SYSTEM Account to schedule the job.

image

Enjoy !