Posts

Showing posts from 2015

Troubleshooting Frequent Account lockout

Image
Most of the users account will get locked from locally desktops and Mobile devices or idle sessions left on Server / workstation, We need to start Account lookout troubleshooting from below order. Client side troubleshootingMobile devicesServer side  troubleshootingClient side Perform the below steps on client side (Local desktop / Laptop)
Clear Temporary FilesDelete Cookies ->Temp Files -> History -> Saved passwords -> Forms from all the Browsers.Start — > Run –> Temp –> Delete all temp files.Start –> Run –> Prefetch –> Delete all Prefetch files.Remove Mapped drives from my computer.  My Computer –> Right click on Shared drive –> click on DisconnectIf Adobe reader is installed, backend it will be trying to check for latest update, Delete the Adobe updater file from below path. Delete the AdobeUpdater.dll file in the folder C:\Program Files\Adobe\Reader version \ReaderRemove stored passwords from Control PanelStart –> Run –> Type Control UserPas…

Unable to connect to Wireless profile being pushed using GPO

Image
Today , some laptop users started reporting as they are unable to connect to ‘Wireless profile’ after SCEP installation has taken place. I found, most of the laptop users were having this issue. I immediately uninstalled SCEP but that didn’t help , tried removing Wi-Fi profiles under the path ‘C:\ProgramData\Microsoft\Wlansvc\Profiles\Interfaces\Interface’ but that didn’t help too.
Error- When checking event viewer, the only error that showed up is as follows 5 times in a row.          “Error skipping EAP method DLL path name validation failed. Error: typeId=25, authorId=0,vendorId=0,vendorType=0”, This error indicates a registry or missing corrupt file issue.
EAPHost is a Microsoft Windows Networking component that provides an Extensible Authentication Protocol (EAP) infrastructure for the authentication of following protocols such as802.1XandPoint-to-Point(PPP).
Cause - Symantec didn’t uninstall properly caused this issue.
Resolution – After checking the Group Policy  ‘Wireless Network…

Half of clients report: MP has rejected registration request due to failure in client certificate - SCCM 2012 R2

Image
Reference - http://windowsitpro.com/security/q-there-easy-way-automatically-re-enroll-certificate-holders-received-certificate-old-ca-ne
https://social.technet.microsoft.com/Forums/en-US/8d98726d-4f8f-4866-a91a-724c4ffbfdd1/mp-has-rejected-registration-request-due-to-failure-in-client-certificate
Recently we moved our Certification Authority to Windows Server 2012 , subsequently migrating hashing algorithm from sha1 to sha2. After some days we started witnessing above issue on SMS_MP_Control_Manager componet. Even though we had replaced the New Root CA cert on sccm site settings.

Error:- MP has rejected registration request due to failure in client certificate

Solution :- All ConfigMgr certificates and machine certificates on clients were supposed to re-enrolled.
 To force all holders of a particular certificate to automatically enroll for a replacement certificate issued by a CA , used the Reenroll all Certificate Holders feature of the Certificate Templates MMC snap-in. All you need to d…

How to Enable Multiple Concurrent User in Remote Desktop Windows 7

MP has rejected registration request due to failure in client certificate

Image
Issue:-We have System Center Configuration Manager 2012 R2 deployed on Windows Server 2008R2 host. Recently we have moved our Certification Authority to Windows Server 2012 , renewed Root CA Certificate and intermediate Certificates also migrated Hashing algorithm from 'sha1' to 'sha2'  . New Root CA and intermediate CA also present on client machines and on SCCM. However, i have discovered these errors on MP: MP has rejected registration request due to failure in client certificate (Subject Name: ) chain validation. If this is a valid client,  Even though Newly imaged machines are getting SCCM client installed but won't see all the client cycle under 'Actions tab' and also  'client certificate shows "None".  The operating system reported error 2148204809: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.  Solution:- Register new Certificate of Root CA under SCCM2012 (Administration -…

The task sequence cannot be run because the program files cannot be located

Image
When starting deployment on Site servers deployment fails with the following error: Failed to run Task sequence. The task sequence cannot be run because the program files for ******** cannot be located on a distribution point. For more Information, contact your System Administrator or Helpdesk Operator.
Check following steps to troubleshoot the issue:
-Check if boundary groups are connected to site servers and boundaries are set
-Redistribute and Validate the ConfigMgr client package on multiple site servers (multiple times)
-Check if VLAN communication is working on security, firewall and access control list



The following errors are seen in SMSTS.log
-Content location request for PR100003:3 failed. (Code 0x80040102)
-Failed to resolve PackageID=<?>
-Failed to resolve selected task sequence dependencies. Code(0x80040102)
-ThreadToResolveandExecuteTaskSequence failed. Code(0x80040102)

Reference :
http://henkhoogendoorn.blogspot.in/2015/04/the-task-sequence-cannot-be-run-because.html
http://v…

How to Issue A certificate in Certificate Authority server?

Image
How to Issue A certificate in Certificate Authority server? 1) Start MMC Tool Click Start -> Run -> Entry MMC and click 'OK'
2) Click File -> Add/Remove SnapIn...
3) Add Certificate Authority Select 'Certificates Authority' in left panel and click 'Add' to move to right panel , Then Click 'OK'
4) Click Next
5) Issue The Certificate A. Expand 'Certification Authority' Node;
B. Expend 'DBM-CA'
C, Click 'Pending Requests'
B. In right panel, Right click Request ID -> Issue.
6) Done Now you can Install certificate from http://*.*.*.*/certsrv

RPC Server Unavailable trying to connect to CA

Issue - Unable to connect to a CA using certificate authority console.
Description  - Recently, we build up a new Standalone CA. We wanted to delegate  'cert issuing' task to Help desk Team but whenever we were trying to connect to this CA console using desktop CA console, we were encountering below error. Along with above issue, neither of us were able to connect to any of the services like connecting to C drive, remote registry etc. 
Error - RPC Server Unavailable error 0x6a (WIN32: 1722)
Tried - 1. Tried disabling 'windows firewall', didn't work             2.  Tried starting remote procedure call locator service, did not work.             3.  Sometimes event 13 with "Server RPC is unavailable" means “access is denied”. A possible cause of this issue is that one of the following objects is not added to the Built-in\Users group:
·         NT AUTHORITY\Authenticated Users ·         NT AUTHORITY\INTERACTIVE ·         Domain Users
 In addition, verified that the DC…

Event Log Notification via PowerShell and Task Scheduler

How to Enable Notifications for Pending Certificate Requests

Clients Unable to update - "Cached cookie has expired or new PID is available"

Issue  -  Recently we started witnessing  that one of the site clients (specifically servers) were unable to install updates. the Client is unable to communicate to the WSUS Server. nothing shows in software Center. It gives soap, cookie, and sync errors. We're currently using SCCM 2012 R2

Error -  windowsupdate.log:
2011-10-27 00:11:06:391  808 9b8 PT WARNING: Cached cookie has expired or new PID is i
2011-10-27 00:11:06:391  808 9b8 PT Initializing simple targeting cookie, clientId = , target group = 000-IB Produkcija, DNS name =
2011-10-27 00:11:06:391  808 9b8 PT   Server URL = http://wsus-zga/SimpleAuthWebService/SimpleAuth.asmx
2011-10-27 00:11:06:485  808 9b8 PT WARNING: GetAuthorizationCookie failure, error = 0x8024400E, soap client error = 7, soap error code = 400, HTTP status code = 200
2011-10-27 00:11:06:485  808 9b8 PT WARNING: SOAP Fault: 0x000190
2011-10-27 00:11:06:485  808 9b8 PT WARNING:     faultstring:Fault occurred
2011-10-27 00:11:06:485  808 9b8 PT WARNING:  …

There is not enough usable free space on specified disk(s) to extend the volume.

We can run the following command to update disk information, it has the same function with the Rescan Disks in Disk Management:
1. Open Command Prompt under administrator. 2. Type: diskpart 3. At the DISKPART prompt, type: rescan

Reference: https://social.technet.microsoft.com/Forums/windows/en-US/f2dc07fc-3231-4ef5-8f9a-913b9b74a1a1/command-to-rescan-disks-in-disk-management-for-batch-file?forum=w7itprogeneral

How to extend the volume using command line.

Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Windows\system32> diskmgmt.msc
PS C:\Windows\system32> diskpart

Microsoft DiskPart version 6.1.7601
Copyright (C) 1999-2008 Microsoft Corporation.
On computer: IN15INTMS001

DISKPART> list disk

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online           50 GB  1024 KB

DISKPART> select disk 0

Disk 0 is now the selected disk.

DISKPART> extend

There is no volume selected.
Please select a volume and try again.

DISKPART> extend disk 0

There is no volume selected.
Please select a volume and try again.

DISKPART> list partition

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            100 MB  1024 KB
  Partition 2    Primary             49 GB   101 MB

DISKPART> select partition 2

Partition 2 is now the selected partition.

DISKP…

Runnig batch or vb scripts in SCCM 2012

Image