Remote Registry: No Location Found

KB ID 0001379

Problem

When attempting to connect to a remote machines registry;

Error
The program cannot open the required dialog box because no locations can be found. Close this message and try again.

Solution

The ultimate cause of this problem is, that the machine you are on cannot see Active Directory, either because there are no domain controllers are online, or  its DNS settings are incorrect.

Related Articles, References, Credits, or External Links

NA

PowerShell: Prompt Has Changed To Two Greater Than Signs

KB ID 0001380

Problem

What does this mean? Well it means you’ve either got something wrong, or missed something out, and PowerShell is not sat waiting for more input. Which is fine but in most cases you simply need to fix your syntax and sort again so how do you ‘escape’ back to the normal PowerShell prompt?

Solution

As you can see, (below) typing quit or exist does not help.

You need to press CTRL+C.

Related Articles, References, Credits, or External Links

NA

Cisco ASA: Updating and Copying files from USB

KB ID 0001377

Problem

Cisco ASA firewalls have had USB sockets on them for a while, but a dig into the documentation only yielded, ‘for use in future releases’. Well they are working now!

Note: Firewall shown is a 5516-X (running version 9.8(1))

Solution

Your drive needs to be formatted as FAT (not NTFS), I’m going to update/install some AnyConnect client software, but there’s nothing to stop you uploading a new IOS or ASDM images.

Your drive will get mounted as ‘Drive1’ (unless you have a secondary flash drive onboard already).

[box]

PetesASA(config)# show disk1
--#--  --length--  -----date/time------  path
  394  20130794    Sep 13 2017 10:52:40  anyconnect-linux64-4.5.01044-webdeploy-k9.pkg
  395  4096        Dec 05 2017 09:40:28  ._anyconnect-linux64-4.5.01044-webdeploy-k9.pkg
  396  22997589    Sep 13 2017 10:53:14  anyconnect-macos-4.5.01044-webdeploy-k9.pkg
  397  4096        Dec 05 2017 09:40:36  ._anyconnect-macos-4.5.01044-webdeploy-k9.pkg
  398  35122744    Sep 13 2017 10:54:12  anyconnect-win-4.5.01044-webdeploy-k9.pkg
  399  4096        Dec 05 2017 09:40:46  ._anyconnect-win-4.5.01044-webdeploy-k9.pkg

2004582400 bytes total (1926103040 bytes free)
PeteASA(config)#

[/box]

Note: I have seen drives not get recognised like so;

[box]

Petes-ASA# Extra storage device is not supported.

Petes-ASA# show disk1

--#--  --length--  -----date/time------  path

No files in directory 

[/box]

If that happens to you, you will need to reload the ASA (assuming the drive is formatted correctly) before it will be recognised.

You can then copy the files to the main flash (disk0:).

[box]

PeteASA(config)# copy disk1:/anyconnect-linux64-4.5.01044-webdeploy-k9.pkg disk0:

Source filename [anyconnect-linux64-4.5.01044-webdeploy-k9.pkg]? {Enter}

Destination filename [anyconnect-linux64-4.5.01044-webdeploy-k9.pkg]?{Enter}

Copy in progress...CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
INFO: No digital signature found
20130794 bytes copied in 1.560 secs (20130794 bytes/sec)
PetesASA(config)#

[/box]

To prove the file is in the main ‘flash’.

[box]

PetesASA(config)# show flash
--#--  --length--  -----date/time------  path
   96  104489760   Sep 13 2017 14:11:34  asa981-lfbff-k8.SPA
   97  26916068    Sep 13 2017 14:11:54  asdm-781.bin
   98  33          Dec 05 2017 02:29:03  .boot_string
   11  4096        Sep 13 2017 14:15:24  log
   13  500         Dec 05 2017 01:59:00  log/asa-appagent.log
   21  4096        Sep 13 2017 14:16:16  crypto_archive
   22  4096        Sep 13 2017 14:16:18  coredumpinfo
   23  59          Sep 13 2017 14:16:18  coredumpinfo/coredump.cfg
   99  41848832    Nov 15 2017 07:01:54  asasfr-5500x-boot-6.2.2-3.img
  408  20130794    Dec 05 2017 02:44:59  anyconnect-linux64-4.5.01044-webdeploy-k9.pkg

7365472256 bytes total (3948736512 bytes free)

[/box]

Related Articles, References, Credits, or External Links

NA

Exchange Mailbox Moves: ‘FailedOther’ Stops at 95%

KB ID 0001376

Problem

If you don’t see this happen at least once in a migration I would be surprised!

  • StatusDetail: FailedOther
  • PercentComplete: 95%

 

Solution

 You can remove the move request and start it again, with both a BadItemLimit and AcceptLargeDataLoss flag, (these might seem scary, but I’ve migrated many thousands of mailboxes, and never seen a problem.)

But the mailbox is massive and it had been moving for hours! OK, we can change the parameters, and resume the move as well!

[box]

Option 1 (Remove and Restart the Move)

Remove-MoveRequest -Identity user-name

New-MoveRequest -Identity “user-name” -TargetDatabase “target-mailbox-database” -BatchName “user-name” -BadItemLimit “200” -AcceptLargeDataLoss

Option 2 (Resume Existing Mailbox Move)

Get-MoveRequest | ?{$_.DisplayName -eq “user-name“} | Set-MoveRequest -BadItemLimit 200 -AcceptLargeDataLoss

Get-MoveRequest | ?{$_.DisplayName -eq “user-name“} | Resume-MoveRequest

[/box]

The move should now restart/resume.

Related Articles, References, Credits, or External Links

NA

The Remote Computer Requires Network Level Authentication (NLA)

KB ID 0001375

Problem

Seen when attempting to connect to a remote machine via Remote Desktop;

The remote computer that you are trying to connect to requires network level authentication (NLA), but your windows domain controller cannot be contacted to perform NLA. If you are an administrator on the remote computer, you can disable NLA by using the options on the remote tab of the System properties dialog box.

Also See: Windows RDP: ‘An authentication error has occurred’

Solution

Well the clue is in the error massage, RDP is enabled but it requires NLA authentication. e.g. This box has been selected.

Now, if you want NLA that’s fine, make sure your RDP client has been updated, and you, and the target, are domain authenticated, and can see a domain controller. But what if that computer is on a remote site, and you need to get on it? Or it’s in the server room downstairs and you’re lazy like me!

Well the simplest way to get on is to use a LOCAL account on that machine, (if you know the username and password for a LOCAL account,) like so;

WARNING/DISCLAIMER

This article was written at a time when clients may not have had up to date RDP clients that supported NLA, that’s no longer the case (If you are in a sole Windows environment, and you are updating your clients). Simply disabling NLA is NOT a solution. I’m really getting tired of people posting comments saying ‘This is a bad article’ and ‘I don’t understand’. Well how about you have 500 linux based thin clients that use RDP software that does not support NLA? Before posting a criticism please take some time to work in, and support a few different environments guys. And appreciate that you are here because you couldn’t fix it yourself, so you clicked on the link to come here, to read information that I’m providing for free, in my own time, to help you out.

Disable NLA Remotely (via Registry) 

Read above disclaimer before proceeding

The drawback of this method is it usually requires a reboot (which we can do remotely, but if it’s a production server that will mean some downtime).

Open Regedit > File > Connect Network Registry > Search for and select your target machine > OK.

Navigate to;

[box]HKLM  > SYSTEM > CurrentControlSet > Control  >Terminal Server > WinStations > RDP-Tcp[/box]

Locate the following two values, and set them to 0 (zero)

  • SecurityLayer
  • UserAuthentication

Give it a try now, but I found I needed to reboot the target first, using the ‘restart-computer’ PowerShell Commandlet.

Disable NLA Remotely (via PowerShell)

Read above disclaimer before proceeding

I prefer this method as it works instantly, and can be reversed just as quick! Open an administrative PowerShell command window. Execute the following two commands;

[box]

$TargetMachine = “Target-Machine-Name

(Get-WmiObject -class “Win32_TSGeneralSetting” -Namespace root\cimv2\terminalservices -ComputerName $TargetMachine -Filter “TerminalName=’RDP-tcp'”).SetUserAuthenticationRequired(0)

[/box]

Disable NLA Remote Desktop Requirement Through Group Policy

Read above disclaimer before proceeding

If you want to ‘blanket disable’ NLA then group policy is the way to go;

[box]Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security[/box]

Locate the ‘Require user authentication for remote connections by using Network Level Authentication’ and set it to disabled.

Then Force a Domain Group Policy Refresh,

Related Articles, References, Credits, or External Links

NA

PowerShell: Restart Fails ‘Other Users Logged On’

KB ID 0001374

Problem

If you intend to shutdown, or restart a remote computer using PowerShell, you may see the following error message;

PS C:\> Restart-Computer “Computer-name
Restart-Computer : This command cannot be run on target computer(‘Computer-name’) due to following error: The system shutdown cannot be initiated because there are other users logged on to the computer.
At line:1 char:1
+ REstart-Computer “Computer-name
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (Computer-name:String) [Restart-Computer], InvalidOperationException
+ FullyQualifiedErrorId : RestartComputerFailed, Microsoft.PowerShell.Commands.RestartComputerCommand

Solution

You need to add the -Force flag to the command like so;

Related Articles, References, Credits, or External Links

NA