Leave Domain: “A general network error occurred’

KB ID 0001738

Problem

After a recent lab on the test bench, I ended up with a 2008  x32 standard server. It took me a while to get this setup and running, so I wanted to keep it (or turn it into a VMware template should I ever need  another). But first I needed to ‘remove it’ from  the domain it was in. However, when attempting to do so this happened;

Computer Name /Domain Changes

The following error occurred validating the name “Host-Name”
A general network error occurred

That stinks of DNS? But the machine could resolve DNS, ping the domain name, was authenticated to the domain, and could ping itself by netbios name and FQDN?

Leave Domain (via Command Line)

With modern servers and clients we can simply ‘force’ a machine out of the domain with some PowerShell. In an old machine like this (2008 ran Powershell version 1 natively) those commands are not open to us. So to solve the problem I had to go a little more ‘old school’

Remember – You will need to either know the local administrator password, or a local account with administrative access before you drop it out of the domain, (or post reboot you wont be able to login!)

Open an administrative command window, and execute the following command;

[box]

netdom remove %computername% /domain:{your-domain-name} /force

[/box]

This will remove the machine from the domain, and drop it in a workgroup that that has the same name as the domain (in this  case TESTBENCH).

Related Articles, References, Credits, or External Links

NA

Windows File Server Migration (Maintain Share & NTFS Permissions)

KB ID 0001201

Problem

When attempting a File Server Migration why isn’t this better publicised? Did you know Microsoft have a set of Migration tools, and one of them is for file servers? Now traditionally I’d use RoboCopy or XCopy to migrate files and folders, and for ‘User Profiles’ I would normally back them up, and restore them to the new server. This is because the file permissions on ‘correctly deployed’ user profiles mean you can’t open them.

How about a tool, that migrates all the files, folders and profiles while maintaining all the NTFS permissions, AND Share permissions!

Windows File Server Migration Tools

Source Server Pre-requisites

  • Server 2003: .Net 2.0 (With SP1), and PowerShell 2.0, and 25MB free drive space.
  • Server 2008: PowerShell and 25Mb free drive space.
  • Server 2008 R2 and Newer: 25Mb free drive space.
  • All: UDP port 7000 needs to be open, from source to the destination server.

File Server Migration Server 2008 to Server 2019

File Server Migration from Server 2003!

  • Source Server: Windows Server 2003 Standard x64 (x86 supported as well)
  • Destination Server: Windows 2012 R2 Data Center 2012 

Source Server: Here you can see my user profiles, I’ll do the migration with them, as usually they are the most ‘challenging’.

You need to create a shared folder on the Source Server, I’ve just granted everyone full control, (this is just for the migration tools).

 

Destination  Server: Open a PowerShell windows and install the tools with the following command;

[box]

Install-WindowsFeature Migration –ComputerName {computer-name}

[/box]

Open an administrative command window > Now you need to deploy the migrations tools to the share on the destination server, to do that use the following command;

[box]

cd C:\Windows\System32\ServerMigrationTools

SmigDeploy.exe /package /architecture amd64 /os WS03 /path \\{Destination-Server}\{folder-name}

[/box]

Note: For x86 (32 bit) source servers use x86 instead of amd64. WS03 (Windows Server 2003), WS08 (Windows Server 2008), WS08R2 (Windows Server 2008 R2), and WS12 (Windows Server 2012).

Source Server: Open the folder you created earlier and within it you will find another folder that has the tools in. Open an administrative command window and change to this directory > then execute the following command;

[box]

.\smigdeploy

[/box]

Another PowerShell window will open, leave it open, and return to the destination server.

Destination Server: Here I’ve created a folder that I’m going to migrate into.

Destination Server: Open a PowerShell window and issue the following two commands;

[box]

add-pssnapin microsoft.windows.servermanager.migration

Receive-SmigServerData

[/box]

You will be asked to provide a password, (use what you want, but remember it, you will need it in a minute).

You now have a five minute window to get the migration running, or you will need to re-issie the last command again. 

Source Server: Return to your open PowerShell Window, and issue the following command;

[box]

Send-SmigServerData -ComputerName {destination-computer-name} -SourcePath {path-to-source-folder} -DestinationPath {path-to-destination-folder} -include all -recurse

[/box]

Supply the password, then go and put your feet up.

Destination Server: You can watch progress here.

Profiles migrated! And permissions intact.

Don’t forget to change the path to the user profile, on the user(s) user object(s) in Active Directory.

If you have a lot you can do them in bulk by multi-selecting the users.

 

Related Articles, References, Credits, or External Links

XCOPY – Insufficient Memory

Migrating – Folders and Share Permissions

Running Dropbox On Windows Server

KB ID 0001489

Problem

If you are here, you have probably already found out that Dropbox is not supported on Windows Server platforms. You can install it and set it up happily but it stops working and needs to be relaunched all the time (manually).

I love dropbox! So much I actually pay for it! I run it on my management server and its handy for copying file up into my test network, so I can appreciate how annoying it is having to restart it all the time. So to fix the problem we have to use a piece of software that’s over 15 years old! 

Running Dropbox as a Service on Windows Server

First you have to stop dropbox running.

Then download srvany and extract the executable to the Dropbox install directory (C:\Program Files (x86)\Dropbox). Note: This file is form the old Server 2003 resource kit.

From an elevated command prompt run the following command;

[box]sc create Dropbox binPath= “C:\Program Files (x86)\Dropbox\srvany.exe” DisplayName= “Dropbox Service”[/box]

Run services.msc > locate the dropbox Service  > And set its ‘LogOn’ to the account you were logged in with, when you installed the Dropbox software.

Change the startup type to Automatic, (Don’t start the service yet!) > OK.

Execute the following three commands;

[box]

New-Item -Path HKLM:\SYSTEM\CurrentControlSet\Services\Dropbox\Parameters

New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\Dropbox\Parameters -Name Application -PropertyType String -Value “C:\Program Files (x86)\Dropbox\Client\Dropbox.exe”

Start-Service Dropbox

[/box]

Update:

You also need to execute the following from an ‘Administrative command window’, (or Dropbox will stop synchronising after a few hours).

[box]

SETX /M QT_OPENGL software

[/box]

Related Articles, References, Credits, or External Links

Special Thanks to Frédéric for the SETX command to fix the timeout.

Windows – Find your ‘Uptime’

KB ID 0000552 

Problem

There are lots of reasons you might want to know your PC/Servers uptime, to make sure a client has rebooted a server (like you asked them to), or to see if a server has had a BSOD and rebooted overnight, etc.

Check Uptime with Task Manager

You can get your uptime from the Task Manager’s “Performance” tab.

To launch Task Manger

Start > Run > Taskmgr.exe {enter}. or Press CTRL+SHIFT+ESC, or Right click the Task bar > Select Task Manager.  > Options

 

Use PowerShell to find Server Boot time

From Powershell Use the following syntax;

[box]

[Management.ManagementDateTimeConverter]::ToDateTime((Get-WmiObject Win32_OperatingSystem).LastBootUpTime)

[/box]

Use PowerShell to find Uptime

From Powershell Use the following syntax;

[box]

(Get-Date) - [Management.ManagementDateTimeConverter]::ToDateTime((Get-WmiObject Win32_OperatingSystem).LastBootUpTime)

[/box]

Option 3 – Use Systeminfo to find Uptime

From command line execute the Systeminfo | find /I “boot” command;

 

Option 3 -Use Net Statistics to find Uptime

You can get uptime information by either querying the workstation service, or the server service, issue either, the following command;

[box]

net statistics workstation

[/box]

Or the following command;

[box]

net statistics server

[/box]

Option 4 – Use Uptime.exe to find Uptime

Download uptime and put a copy in your “System32” Directory, you can then use the uptime command.

Option 5 – Use WMI (Windows Management Instrumentation) to find Uptime

Issue the following command;

[box]

wmic os get lastbootuptime

[/box]

As you can see the result is not pretty, it is presented in UTC format.

20120109081112.925800+000 = Year 2010, Month 01, Day 09, Time 08:11:12

Option 6 – Check the Event Log to find Uptime

Launch the Event Viewer (eventvr.msc) > Windows Logs > System Log > Find > Search for Event ID 6005, (Note: This event gets logged each time the server boots, as the event log service starts). Event ID 6006 will be labeled as “The event log service was stopped.” This is synonymous with system shutdown.

 

Note: Event 6013 is periodically logged this shows the machines uptime at that point.

Note:  In the event of an abnormal shutdown look for Event ID 6009 indicates the processor information detected during boot time. Event ID 6008 will let you know that the system started after it was not shut down properly.

Option 1 – Use Uptime.exe to get a Remote Machines Uptime

Already mentioned above download uptime and extract it to your system32 directory. Then to get a remote machines uptime, use the following command;

[box]

uptime {Name of Remote PC}

[/box]

Use Powershell to get a Remote Machines Uptime

Use the following syntax;

[box]

[Management.ManagementDateTimeConverter]::ToDateTime((Get-WmiObject Win32_OperatingSystem -ComputerName RemoteMachine).LastBootUpTime)

[/box]

Related Articles, References, Credits, or External Links

NA

Moving Certificate Services To Another Server

KB ID 0001473

Problem

If you are retiring a CA Server, or there’s a problem with the server and you want to move Microsoft Certificate Services to another server, the procedure is pretty straight forward.

BE AWARE: We are moving the CA Server Name , NOT the Server Name (FQDN), the two things are NOT the same, (you might have called them the same thing!) But a Certificate Authority has a name of its own, and that’s what we are going to move.

So the new server doesn’t have to have the same name? No, it can do if you really want, but that’s an added layer of complication I can’t see the point of?

In the video below, I’m migrating from Server 2008 R2 to Server 2019, and I’m also moving CRLs and OSCP responders. In the screenshots below I’m moving from Server 2016 to Server 2016, but the process is pretty much identical all the way back to Server 2003.

Can I migrate from Server 2008 (NON R2) to 2016 (or newer): Yes, but not directly, you need to upgrade to Server 2012 R2 first. If you don’t, the database wont mount and you will get this error.

Solution

On the ‘Source‘ server, open the Certificate Services management console > Right click the CA NAME > All Tasks > Back up CA.

The backup wizard will open, Next > Tick BOTH options > Select a Backup Location > Next > Set a password (you will need this to set the new CA up!) > Next > Finish.

Now we need to take a backup of the Registry key that holds the information for this CA server. Run ‘regedit’ > Navigate to;

[box]HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Services > CertSvc > Configuration > {CA-NAME}[/box]

Export a copy of this key, (save it in the same folder that you backed up to earlier).

Now we need to uninstall CA Services from this server. Server Manager > Manage > Remove Roles and Services > Next.

REMOVE all the CA role services  > Complete the Wizard, then launch the wizard again and select ‘Active Directory Certificate Services’ > At the pop-up select ‘Remove Features’ > Next.

Next > Next > Next > Close.

Setup Certificate Services on the Target/New Server

Server Manager > Add Roles and Features > Next.

Next > Select ‘Active Directory Certificate Services’ > Add Features > Next.

For now let’s just stick with the Certification Authority > Add the other role services later* > Next.

*Note: I’ve written about all these role services before, just use the search function, (above), if you are unsure what they all do.

Next > Close.

Warning > Configure Active Directory Certificate Services > Next.

Next > Enterprise CA (Unless it’s an offline non domain joined CA) > Root CA (unless it’s a subordinate CA!) > Next.

> Select ‘Use existing private key‘ > Select ‘Select a Certificate and use its associated private key‘ > Next > Import > Browse > In your backup folder locate the certificate (it will have a .p7b extension.) > Enter the password > OK > Select the Cert > Next.

Next > Next > Configure >  Close.

Stop Certificate Services;

[box]net stop certsvc[/box]

If your new server has a different hostname/FQDN open the registry file you exported above with Notepad, locate and change the CAServerName entry to the name of the NEW server.

Right click the registry backup > Merge > Yes > OK.

Launch the Certificate Services management console > Right Click the CA NAME > All Tasks > Restore CA.

The restore wizard will start > Next > Browse to the folder with your backup in > Next > Enter the password you used (above) > Next > Finish.

You will be prompted to start the Certificate Services service > Yes.

What About Certificate Templates? Do I need to Move Them?

No! Certificate templates are actually stored in Active Directory, NOT in/on the actual Certificate Services server, (that’s why sometimes they take a while to appear after you create them!) You can see them here;

Related Articles, References, Credits, or External Links

Digital Certificates Explained

Certificate Services – Migrate from SHA1 to SHA2 (SHA256)

VMware Converter ‘Unable to Connect to the Network Share’

KB ID 0001583

Problem

I don’t think, Ive ever run the VMware Standalone Converter, without at least one error message or popup complaining about something! Today I was trying to convert a clients old Windows Server 2003 document management server, when trying to deploy the agent this happened;

Unable to connect to the network share ‘{Sever-name-or-IP} \ADMIN$’.

Solution

It’s a pretty descriptive error, can you map a drive to this machine and open a network share manually? Is the ‘server service’ running? In my case the problem was easily diagnosed;

As I wasn’t about to start enabling SMBv1 on the clients Windows 2019 server! So I simply installed the VMware Standalone converter on one of their existing 2008 members servers instead, and ran it from there.

Related Articles, References, Credits, or External Links

SMB1 Is Dead? (Unfortunately Not Yet)

VMware Converter – Unable to Deploy Agent

Manually ‘Installing’ Microsoft Integration Services Drivers

KB ID 0001512

Problem

If your OS is 2008R2 or newer then you wont need to do this as the drivers are already included. But what if you have a machine that you want to put the drivers in before you virtualise or migrate it. Well if you mount the ISO and run it this happens;

Unsupported Guest Environment
The Hyper-V integration services can only be installed inside of a virtual machine running Hyper-V

Bah! You are not the boss of me! I want the drivers in here because I’m about to virtualise it!

Solution

Mount the Integrations Services ISO on the machine (or open it with 7Zip and treat it like a zip file)

If you have Hyper-V 2016 or newer and cant find the iso, Microsoft handily don’t include any more, because it’s a massive 29Mb is size? (Yeah I don’t understand either?) Here’s a copy. Go to the x86 or amd64 directory depending on whether you are x32 or x64 bit. locate the Windows{Version}-HyperVIntegrationServices-{processor-version}.cab  that matches your machine and copy it to your desktop. Then open it, select all the files.

Download Microsoft Integration Services Disk

Extract the file to a folder.

Open an administrative command prompt, then change directory to the folder you extracted all the files into. Run the following command;

[box]for /f %i in (‘dir /b /s *.inf’) do pnputil.exe -i -a %i[/box]

It will run though and install all the drivers, you may get some warnings that some of the drivers are unsafe or unsigned. Just say install them anyway.

Note: If you are on Server 2003, then there are a bunch of KB updates on the CD that you will also need to install.

Related Articles, References, Credits, or External Links

NA

How to Tell if Windows is 32 or 64 bit

KB ID 0000153

Problem

If you want to know what version (x64 or x86) of Windows you are running, then this is the simplest way to find out.

Solution

Under accessories run system information;

Under System Type: If it says x86 then it’s 32 bit.

However if it says x64 then it’s 64 bit.

Windows XP and Server 2003

1. Click Start > Run > sysdm.cpl {enter} > General Tab.

Windows XP x32 (x86) and Windows XP x64

Windows Server 2003 x32 (x86) and Windows Server 2003 x64

Windows Vista / Windows 7 / Server 2008

1. Start > Control Panel > System.

Windows Vista and Windows 7

Windows Server 2008

 

Related Articles, References, Credits, or External Links

NA

Windows – Lost / Forgotten Password?

KB ID 0000755

Problem

There are many reasons why you might want to do this, someone has managed to change a user password and that person is not available, you might simply have forgotten it. Or you might have been given a machine, or bought one from ebay that has come without a password. Also there have been a few times when a user has looked me in the eye and said “I’m typing my password in, but it’s not working”, I have never seen a password change on it’s own, so I will just put that down to the evil password gremlins.

The procedure will also work on the Windows local administrators password, just bear in mind that his account is disabled by default, (after Windows 8). This procedure will not work if the machine in question has had its hard drive encrypted using BitLocker.

You can use this procedure to blank, (or reset) a Domain Controllers DSRM (Directory Services Restore Mode) password.

You can avoid this procedure if you have access to another account on this machine that has administrative access. If you can log on as an administrator, then you can change the password of other local accounts on the affected machine without the need to do this.

Solution

How to Burn the ISO Disc Image

1. Download the Password Reset CD Image.

2. Download ImgBurn and install, Launch the program, if it does not look like this you need to select View >EX-Mode-Picker. Select the ‘Write image file to disc’ option.

2. The file you downloaded is a zip file that contains the disk image, you will need to extract the image from the zip file (i.e. drag it to your desktop). From within ImgBurn launch the browse option and navigate to the disk image you have just extracted > Open.

3. Select the burn to disc icon (Note: This will be greyed out, until there is a blank CD in the drive). The image is very small, it will not take long to burn.

Carry Out a Windows 8 Password Reset.

This procedure uses the boot CD you have just created, for it to work you need to make sure the machine will attempt to boot to its CD/DVD Drive before it boots to its hard drive. (Or it will simply boot into Windows again). This change in ‘Boot Order’ is carried out in the machines BIOS, how you enter this varies depending on machine vendor, when you first turn on the machine watch for a message that looks like Press {key} to enter Setup. Typically Esc, Del, F1, F2, or F9. When in the BIOS locate the boot order and move the CD/DVD Drive to the top of the list.

1. Boot your machine from your freshly burned CD, when you see this screen simply press {Enter} to boot.

2. Depending on how many disks/partitions you have it will discover them and assign a number to each one, here I only have 1 so I will type ‘1 {Enter}’.

Note: You may see a small 300Mb partition, ignore that. You may also see your machines recovery partition if it has one, if that’s the case you may have to carry out some trial and error to get the right one.

3. The system is set to look for the default registry location C:WindowsSystem32Config so simply press {Enter}. If it fails at this point you selected the wrong drive/partition.

4. We want password reset so select option 1.

5. We will be editing user data and passwords, so again select option 1.

6. You will be presented with a list of the user objects that it can locate, here I want to reset the password for the ‘PeteLong’ user object so simply type in the username you want to edit.

Note: As mentioned you can see here the administrator account is disabled, if you want to work with that account, you will need to unlock and enable it on the next screen before you blank or change the password.

7. You can choose option 2 and type in a new password, but I’m going the blank the password, then change it when I get back into the machine by selecting option 1.

8. To step back you need to enter an exclamation mark.

9. Enter a ‘q’ to quit.

10. To write the changes you have made enter a ‘y’.

11. As long as you are happy, and have no other accounts that need changing, enter ‘n’.

12. Now remove the boot CD, and press Ctrl+Alt+Delete to reboot the machine.

13. As the user object we are dealing with was the last one that has logged on, it will select that account as soon as the computer boots, and now it has a blank password it will automatically log on.

14. To change the password, press Ctrl+I > Change PC settings.

15. Users > Create a password.

16. Type and confirm your new password, and enter a password hint > Next.

17. Log off the account and test the new password.

 

Related Articles, References, Credits, or External Links

NA

Dcpromo Error: No Other Active Directory Controllers?

KB ID 0001453

Problem

I was trying to demote a domain controller yesterday morning, it was a 2008 R2 Domain controller, (in fact it was SBS 2011). I’d already added a nice new Server 2016 Domain Controller to the domain, and transferred all the FSMO roles, so I was surprised when I tried to gracefully demote the old DC and got this;

You did not indicate that this Active Directory domain controller is the last domain controller for the domain {domain-name}. However, no other Active Directory domain controllers for that domain can be contacted.

Do you want to proceed anyway?

If you click Yes, any Active Directory Domain Services changes that have been made on this domain controller will be lost.

Well, that’s a scary error, and pretty much made me cancel the demotion right away.

Solution

Well I could ping the other domain controller, by name and by IP address, and it was listed in ‘Sites and Services’, and I could replicate Active Directory? (Very Strange). It was not until I ran dcdiag that I saw some warnings about ‘sysvol replication‘. that steered my in the right direction.

On the ‘outgoing’ Domain Controller, run regedit, then navigate to the following location;

[box]HKEY LOCAL MACHINE > SYSTEM > CurrentControlSet > services > Netlogon > Parameters[/box]

Locate the SysvolReady value, (it’s probably set to 0 (Zero)).

Change it to 1 (one) then click OK, (this sort of ‘kicks windows up the backside’, and re-shares Sysvol with the correct permissions). Then after you have changed it, change it back to ZERO. You don’t need to restart any services, just change it, then change it back. Repeat the process on your other domain controllers. Have a coffee, then attempt to demote your Domain Controller again.

Related Articles, References, Credits, or External Links

NA