Category Archive: Windows

Sep 01

Updating Windows 7 SP1 with the Convenience Rollup and having Windows and Microsoft Update actually still work after

I am not sure how many of you have tried adding the Convenience Rollup (KB3125574) to a Windows 7 SP1 image from a stock SP1 ISO, but I’ve just had the experience of trying to take an SP1 WIM without any updates to fully patched, including the rollup, as part of a deployment.

I am not amused.

While there may be multiple ways to achieve this, I tried a few approaches and ended up settling on this particular approach which was repeatable (paths below are the ones I used – obviously substitute for your own).

1. Mount the WIM:
dism /mount-wim /wimfile:D:\temp\source\sources\install.wim /index:1 /MountDir:D:\temp\mount

2. Inject the April 2015 servicing stack update (KB3020369):
dism /image:D:\temp\mount /add-package /packagepath:”D:\Temp\Updates\WIM_Integrate\Updates\AMD64-all-windows6.1-kb3020369-x64_5393066469758e619f21731fc31ff2d109595445.msu”

3. Dismount and commit the WIM:
dism /unmount-wim /mountdir:D:\temp\mount /commit

4. Re-mount the WIM:
dism /mount-wim /wimfile:D:\temp\source\sources\install.wim /index:1 /MountDir:D:\temp\mount

Permanent link to this article: http://www.cluberti.com/blog/2016/09/01/updating-windows-7-sp1-with-the-convenience-rollup-and-having-windows-and-microsoft-update-actually-still-work-after/

Nov 17

Windows 10 upgrades and the taskbar

I apologize for the horrible picture, but I couldn’t take a snapshot during the upgrade from my physical box.  Guess the Windows folks don’t bother testing the upgrade process with the taskbar in a non-standard location, eh?

 

Nothing to worry about, as the upgrade went fine.  Was a little odd to see, though.

Permanent link to this article: http://www.cluberti.com/blog/2015/11/17/windows-10-upgrades-and-the-taskbar/

Sep 26

PowerShell Profile

This is basically the profile posts from http://www.snowland.se (which is written as different posts by Rikard Rönnkvist) and simply put together in a single profile script which I use on all of my Windows boxes:

Permanent link to this article: http://www.cluberti.com/blog/2015/09/26/powershell-profile/

Jan 20

Network Connections dialog empty / teaming “Host Unmanageable” – fix

I’ve run into this with increasing frequency in my Server 2012R2 clusters, and it ended up being WMI corruption. IPConfig would show correct IP addressing (and even the teamed NICs created with Windows teaming), and ping would work; however, the network connections dialog box (ncpa.cpl) was completely empty, Server Manager said teaming was disabled, launching the teaming administration page (lbfoadmin.exe) would show “Host Unmanageable” as the status, and attempting to make any connection to any other machine other than ping would result in failure (for example, \\server\share would fail immediately with the host being unavailable).

Here are the steps I needed to use to get the machines up and running again (and I’ve restored from failed backups on a few to test and retest these steps, and in this particular order which did seem to matter, to validate):

 

Permanent link to this article: http://www.cluberti.com/blog/2015/01/20/network-connections-dialog-empty-teaming-host-unmanageable-fix/

Jan 12

Make WMI more robust to large volumes of queries

Ever had a machine where WMI stopped working properly and needed to be rebuilt?  Was it running something that does high volumes of WMI calls (like System Center agents, or Tivoli, or HP OpenView (to name a few regular problem children – I’m sure you can think of more)?

Here’s a PS script I run to increase memory per WMI process (and globally across the machine) available to WMI, as well as modifying it in the boot order (if you rely on RSOP, WMI’s default configuration means it’s possible it won’t be completely loaded properly when Group Policy runs, and can cause RSOP issues, amongst other things).

$oWMI=get-wmiobject -Namespace root -Class __ProviderHostQuotaConfiguration
$oWMI.MemoryPerHost=768*1024*1024
$oWMI.MemoryAllHosts=2048*1024*1024
$oWMI.put()

Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Winmgmt -Name 'Group' -Value 'COM Infrastructure'
winmgmt /standalonehost

 

Permanent link to this article: http://www.cluberti.com/blog/2015/01/12/make-wmi-more-robust-to-large-volumes-of-queries/

Dec 15

“Disabling” IPv6 – breaking down the DisabledComponents registry value

I’ve gotten an elevated number of requests recently on “how do I disable IPv6” or “what’s the best way to configure IPv6 in my environment”. I’m not entirely certain of why I’ve gotten so many recently, and I’m not sure if it’s a coincidence or if there’s more to it. However, what I’ve found is that most IT departments I’ve come across over the years simply go and set IPv6 to completely disabled via setting the disabledcomponents registry value to 0xffffffff. While this does indeed disable IPv6 entirely, I have to warn everyone I come across with this set that Microsoft doesn’t test this setting at all, and support for resolving issues with this set have usually resorted to setting disabledcomponents back to 0x0 and retesting, where things magically work, and that’s the extent of what is done for obvious reasons. This can (and sometimes does) also break functionality in Windows, and the one that most customers eventually run across is DirectAccess (with Remote Assistance in second).

Permanent link to this article: http://www.cluberti.com/blog/2014/12/15/disabling-ipv6-breaking-down-the-disabledcomponents-registry-value/

Jul 18

VSS “System Writer” missing? No CryptSvc or CAPI errors? No problem!

I had a set of Windows 2008R2 servers today that were having trouble backing up the system state via Windows Server Backup – they would fail with the error “System writer is not found in the backup”. I scoured the ‘net and talked to colleagues, and all of the resolutions I could find involved re-registering components, re-securing things in the Cryptography Service (prompted by CAPI or CryptSvc errors in the event log), setting ownership on WinSXS folders, etc. I did not have any such errors in my logs to indicate a permissions issue – in fact, I saw no errors at all (usually good – not so much when something is broken!). However, every time I ran “vssadmin list writers”, indeed the system writer was missing.

After taking a procmon, I noticed that the last thing that was searched were some setupapi.ev* files in \Windows\Inf:

Permanent link to this article: http://www.cluberti.com/blog/2014/07/18/vss-system-writer-missing-no-cryptsvc-or-capi-errors-no-problem/

May 26

Getting Kerberos token size with PowerShell

Recently, I had the unpleasant requirement to validate Kerberos token size for a network where users were experiencing random issues hitting certain sites and databases. Today I validated it was token size, but not until after I found Jacob Ludriks’ excellent PowerShell script to do so. I was about to write one myself when I stumbled across this gem, which came in immensely useful in helping a good colleague in a bad situation.

Without further ado, here’s the link to the script:
http://jacob.ludriks.com/getting-kerberos-token-size-with-powershell/

In the event this script ends up getting taken down, here’s the content – please visit Jacob’s site if you find this useful. He’s got some other PowerShell goodies over there too that you might like.

Permanent link to this article: http://www.cluberti.com/blog/2014/05/26/getting-kerberos-token-size-with-powershell/

Feb 17

KB2871690, Hyper-V, Server 2012, and Gen2 VMs

If you’re finding this post, it’s possible (or maybe even likely) that you’ve tried to install KB2871690 onto a Generation 2 Windows Server 2012 virtual machine on a Hyper-V host, and the installation failed. For those of you that haven’t run into this issue yet, you will if you attempt to install this particular update on a Windows Server 2012 (or Windows 8.0) Gen2 VM. It’s very frustrating to have a few hundred VMs patch, reboot, and fail to install a particular update and restart again… and then have the update offered again, and go through the cycle yet again because the admin installing updates was unaware this update wasn’t going to work, the update wasn’t pulled from WSUS or SCCM, etc. It happens.

Permanent link to this article: http://www.cluberti.com/blog/2014/02/17/kb2871690-hyper-v-server-2012-and-gen2-vms/

Feb 12

Enable RDP, firewall exceptions, and NLA settings via PowerShell and WMI (aka “the right way”)

I’ve come across quite a few folks over the years that enable RDP by setting the registry values to do so manually, and enabling firewall rules the same way (or disabling the firewall service itself, which is not supported by Microsoft, so don’t). While neither of these things are “the right way” to do it (I found this out from dealing with Microsoft support on this, and apparently doing it manually via the registry can cause issues), the right way isn’t really called out as such very well that I can find either.

I’ve created a very simple PowerShell script (I put it in my MDT and SCCM task sequences when deploying machines as one of the first things done after the OS is deployed) that enables RDP for the Administrators group, opens the right port on the firewall, and can also be used to set it to NLA only if $NLAEnable = 1. Credit where credit is due, the script below was based on a script that does this same thing here. Thanks Robin!

Permanent link to this article: http://www.cluberti.com/blog/2014/02/12/enable-rdp-firewall-exceptions-and-nla-settings-via-powershell-and-wmi-aka-the-right-way/

Older posts «

Bad Behavior has blocked 396 access attempts in the last 7 days.