Windows – Find your ‘Uptime’

KB ID 0000552 

Problem

There are lots of reasons you might want to know your PC/Servers uptime, to make sure a client has rebooted a server (like you asked them to), or to see if a server has had a BSOD and rebooted overnight, etc.

Check Uptime with Task Manager

You can get your uptime from the Task Manager’s “Performance” tab.

To launch Task Manger

Start > Run > Taskmgr.exe {enter}. or Press CTRL+SHIFT+ESC, or Right click the Task bar > Select Task Manager.  > Options

 

Use PowerShell to find Server Boot time

From Powershell Use the following syntax;

[box]

[Management.ManagementDateTimeConverter]::ToDateTime((Get-WmiObject Win32_OperatingSystem).LastBootUpTime)

[/box]

Use PowerShell to find Uptime

From Powershell Use the following syntax;

[box]

(Get-Date) - [Management.ManagementDateTimeConverter]::ToDateTime((Get-WmiObject Win32_OperatingSystem).LastBootUpTime)

[/box]

Option 3 – Use Systeminfo to find Uptime

From command line execute the Systeminfo | find /I “boot” command;

 

Option 3 -Use Net Statistics to find Uptime

You can get uptime information by either querying the workstation service, or the server service, issue either, the following command;

[box]

net statistics workstation

[/box]

Or the following command;

[box]

net statistics server

[/box]

Option 4 – Use Uptime.exe to find Uptime

Download uptime and put a copy in your “System32” Directory, you can then use the uptime command.

Option 5 – Use WMI (Windows Management Instrumentation) to find Uptime

Issue the following command;

[box]

wmic os get lastbootuptime

[/box]

As you can see the result is not pretty, it is presented in UTC format.

20120109081112.925800+000 = Year 2010, Month 01, Day 09, Time 08:11:12

Option 6 – Check the Event Log to find Uptime

Launch the Event Viewer (eventvr.msc) > Windows Logs > System Log > Find > Search for Event ID 6005, (Note: This event gets logged each time the server boots, as the event log service starts). Event ID 6006 will be labeled as “The event log service was stopped.” This is synonymous with system shutdown.

 

Note: Event 6013 is periodically logged this shows the machines uptime at that point.

Note:  In the event of an abnormal shutdown look for Event ID 6009 indicates the processor information detected during boot time. Event ID 6008 will let you know that the system started after it was not shut down properly.

Option 1 – Use Uptime.exe to get a Remote Machines Uptime

Already mentioned above download uptime and extract it to your system32 directory. Then to get a remote machines uptime, use the following command;

[box]

uptime {Name of Remote PC}

[/box]

Use Powershell to get a Remote Machines Uptime

Use the following syntax;

[box]

[Management.ManagementDateTimeConverter]::ToDateTime((Get-WmiObject Win32_OperatingSystem -ComputerName RemoteMachine).LastBootUpTime)

[/box]

Related Articles, References, Credits, or External Links

NA

Event ID 8213

KB ID 0000142 

Problem

Event ID 8213

System Attendant Service failed to create session for virtual machine <servername>. The error number is 0xc007052e. 

Admin password on the Administrative group (In Exchange) needs changing to the correct domain admin password.

NOTE only happens if you have an Active Directory Connector installed.

Solution

1. Start > All Programs > Microsoft Exchange > Exchange System Manager.

2. Administrative Groups > First Administrative Group*

3. Right click on First Administrative Group* folder >Properties.

4. Your going to see an Exchange Service Account (Administrator usually)

5. Click MODIFY.

6. Type in the admin password and verify.

7. Click OK > OK, close System Manager.

8. Restart Exchange services.

*Note your Exchange or may have a different group named depending on how it was set up.

Related Articles, References, Credits, or External Links

NA

Event ID 5719

KB ID 0000712 

Problem

You see the following error in your event log (seen here in the system log on a domain controller).

Log Name: System
Source: NETLOGON
Date: 15/11/2012 06:00:35
Event ID: 5719
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Servername.Domain-Name.com
Description:
This computer was not able to set up a secure session with a domain controller in domain (domain-name) due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

Solution

Note: In this case the domain it could not contact was NOT my live domain name it was a different domain name. If your error is referencing your live domain name then you have a different problem.

Cause: In my case the problem was being caused because I had a domain trust to a domain that was no longer contactable, (one of my colleagues has set it up in the past to do some testing). So I simply needed to remove the trust.

Warning: In this case that trust is no longer required – Check!

1. On a domain controller > Windows Key+R > domain.msc {enter}

2. Right click the domain name > Properties > Trusts > Select the problem domain > Remove > Yes > OK.

 

Related Articles, References, Credits, or External Links

NA

Event ID 53 – ‘The public key does not meet the minimum size required by the specified certificate template’

KB ID 0000967 

Problem

I’ve been doing a lot of PKI work over the last few days, testing device enrollment and NDES etc, and came across this problem being logged on my issuing/subordinate CA server;

Log Name: Application
Source: Microsoft-Windows-CertificationAuthority
Event ID: 53
Task Category: None
Level: Warning
Keywords:
User: SYSTEM
Description:
Active Directory Certificate Services denied request 35 because The public key does not meet the minimum size required by the specified certificate template. 0x80094811 (-2146875375 CERTSRV_E_KEY_LENGTH). The request was for SERIALNUMBER=4279256517 + OID.1.2.840.113549.1.9.2="sprugal.testbench.local ". Additional information: Denied by Policy Module Resubmitted by TESTBENCHAdministrator

Solution

In addition on the server itself in the Certification Authority Management console, under failed requests, it was showing the same error;

By default the certificate that NDES / MSCEP used as a template for your network devices is called ‘IPSec (Offline request)’ I’ve cloned that and made my own called NDESTemplate, but if you take a look on the Cryptography tab you can see that the minimum key size is set to 1024.

The network devices that are attempting to enroll with my server must have a key-length that is shorter, how can you tell? Well my devices are all Cisco ones (Routers and Firewalls). The Cisco ASA will tell you what key length is uses, but there is no command in router IOS to let me know. However if you use Putty and open an SSH session to the device it will tell you.

In the example below, the key length on this device is 2048 so that should be fine;

But this one is only 768 bits long! This device would generate the sort of errors I’m seeing on my Windows server.

So how do you fix the problem on the device, if you have not got your trustpoint setup then simply issue the following commands;

[box]

R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#crypto key zeroize rsa
% All RSA keys will be removed.
% All router certs issued using these keys will also be removed.
Do you really want to remove these keys? [yes/no]: yes
R1(config)#
*Jul 11 14:26:50.619: %SSH-5-DISABLED: SSH 1.99 has been disabled
R1(config)#

[/box]

If you have setup a trustpoint, simply remove the trustpoint and it removes all the keys

[box]

R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#no crypto pki trustpoint PNL-TRUSTPOINT
NOTE YOUR TRUSTPOINT WILL HAVE A DIFFERENT NAME!!

% Removing an enrolled trustpoint will destroy all certificates
received from the related Certificate Authority.

Are you sure you want to do this? [yes/no]: yes
% Be sure to ask the CA administrator to revoke your certificates.

No enrollment sessions are currently active.

R1(config)#

[/box]

Related Articles, References, Credits, or External Links

NA

Event ID 13

KB ID 0000520 

Problem

Seen every few hours in the application log:

Source: AutoEnrollment Description: Automatic certificate enrollment for the local system failed to enroll for one Domain Controller certificate (0x80070005). Access is denied.

Solution

1. Go to your domain controller > Open Active Directory users and computers > Locate the CERTSVC_DCOM_ACCESS group.

2. Add in the “Domain Controllers” group.

3. On your Certification Authority Server > drop to command line and issue the following three commands.

[box]

certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
net stop certsvc
net start certsvc 

[/box]

Related Articles, References, Credits, or External Links

NA

Event ID 6 and 13

KB ID 0000473 

Problem

Event ID 6

Source: Microsoft-Windows-CertificateServicesClient-AutoEnrollment

Description:

Automatic certificate enrollment for local system failed (0x800706ba) The RPC server is unavailable.

 

Event ID 13

Source: Microsoft-Windows-CertificateServicesClient-CertEnroll

Description:

Certificate enrollment for Local system failed to enroll for a DomainController certificate with request ID N/A from {hostname}{name of CA}(The RPC server is unavailable. 0x800706ba (WIN32: 1722)).

 

Solution

Note: The pertinent information in the Event ID 13 above is 0x800706ba there are Other causes of this Event ID make sure yours is the same.

In my case I had an Exchange server that was using a certificate that had been “self signed”. And the Root CA that signed the certificate had been ungracefully removed from the domain. Take a note of the Root CA name from the Event ID error shown arrowed).

1. Launch Active Directory Sites and Services” > Select the top level object > View > Show Services Node.

2. Expand Services > Public Key Services > AIA > Delete the “Problem CA”.

3. Then select “Enrollment Services” > Delete the “Problem CA”.

If you have a New CA (in this example you would have seen it in step 2), then DO NOT perform the next two steps!!!

4. Providing you DONT have a CA now, select “Certificate Templates” and delete them all.

5. Providing you DONT have a CA now, select “Public Key Services” and delete the NTAuthCertificates item.

6. To tidy up, (On the server logging the error) run the following command:

[box] certutil -dcinfo deleteBad [/box]

7. Finally on the server logging the error run the following command to update the policies:

[box] gpupdate /force [/box]

Related Articles, References, Credits, or External Links

NA

Event ID 63

KB ID 0000363 

Problem

Activation context generation failed for “C:Program Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll”.Error in manifest or policy file “C:Program Files (x86)Common FilesAdobe AIRVersions1.0Adobe AIR.dll” on line 3. The value “MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR” of attribute “version” in element “assemblyIdentity” is invalid.

The version of Abode Air that you are running is out of date! Remove and download a new one. In my case it was the version that installed with Adobe CS4.

Solution

1. Click Start > In the search/run box type appwiz.cpl {enter}.

2. Locate Adobe Air > Un-install

3. You may get a warning to say some applications need Adobe Air to run don’t panic just un-install it.

4. Once its been safely removed go here and download the latest version > then install.

Related Articles, References, Credits, or External Links

NA

Lync 2010 – ‘The address book is preparing to synchronize. Search results might not be current’

KB ID 0000529 

Problem

Saw this on a brand new installation on my test bench, I left it overnight and the problem still did not resolve.

Solution

1. On the Lync 2010 Server launch the “Lync Server Management Shell” and execute the following command:

[box]Update-CsAddressBook[/box]

2. Go and have a cup of coffee, then come back and check in the event logs, you should see, Event 21005 (Sync has Started), 21010 (Sync has completed), 21056 (Details of the sync), and 21004 (Time of next sync).

3. If that does not rectify the problem you can (On a PC showing this error) Start > Run Regedit {enter} > Navigate to:

[box]HKLMSoftwarePoliciesMicrosoftCommunicator[/box]

Create or edit a the DWORD GalDownloadInitialDelay and set its value to 0

4. Close the Lync Client and delete the GalContacts.db and GalContacts.db.idx files form that PC. you will find those file in the following locations

Windows XP: %userprofile%Local SettingsApplication DataMicrosoftCommunicatorsip_<the_username@the_domain>

Windows Vista/7: %userprofile%AppDataLocalMicrosoftCommunicatorsip_<the_username@the_domain>

4. Restart Lync.

Related Articles, References, Credits, or External Links

Install and Configure Microsoft Lync 2010

Exchange 2007 & 2010 – Setup and Deploy Outlook Anywhere

KB ID 0000519 

Problem

What used to be a fiddly job, is now very simple to do, setting up Outlook Anywhere (formally known at RPC over HTTP) takes about 10 minutes.

What is Outlook Anywhere?

This is a system that lets you connect Microsoft Outlook to to your Exchange server over the web, this means you can connect to to your email, calendaring and tasks etc, without the need for a VPN connection.

Solution

Outlook Anywhere with Exchange 2007 (Exchange 2010 Skip to Step1)

If you plan to deploy Outlook Anywhere with Exchange 2007 there is an additional step you need to carry out before you start. From server manager > Feature > Add Features > Add in the ‘RPC over HTTP Proxy’ feature before you start. (Note: you DONT need to do this if you are running SBS 2008).

Step 1 Configure Exchange

1. First we need to turn it on: from within the Exchange Management, expand Server configuration > Client Access > Select the server in the central pane > Select “Enable Outlook anywhere” in the action pane.

2. Enter the publicly addressable name of your Exchange server, for this example I’m using NTLM authentication > Enable.

Note: The external host name is the address that you would type into a browser to contact the Exchange server i.e. for Outlook Web Access http://mail.domaina.com/owa. This would mean the public name is mail.domaina.com. This name must be the Common Name (CN) on the Exchange server’s digital certificate.

Exchange 2010 – Working with Certificates

3. Take heed of the information, nothing’s going to work for 15 minutes (Even Exchange is telling you to apply the cup of coffee rule) > Go and have a hot milky beverage.

4. Look at the timestamps and the clocks, this one took 14 minutes (for once the dialog had it spot on!) You should see Event ID 3007, 3003, 3004,(all these are normal) and finally,

5. Event ID 3006 > Outlook Anywhere is up and running on the server. (Note: you will NOT see this on an Exchange 2007 Server, see the second screenshot).

Note: To Access from Outside your network the public name of the Exchange server (in this case mail.domain.com), needs TCP port 443 (HTTPS) open to it, or “Port Forwarded” to the Exchange server.

Note2: To work internally make sure that mail.domaina.com resolves to the INTERNAL IP address of the Exchange server.

6. You may also want to execute the following command. Particularly if you use SBS, which has a habit of setting remote.publicdomain.com as the default outside name.

[box] Set-WebServicesVirtualDirectory –Identity ‘EXCHANGE-MAILEWS (Default Web Site)’ –ExternalUrl https://mail.domain.co.uk/ews/exchange.asmx[/box]  

Step 2 Configure Outlook for Outlook Anywhere

1. In this example I’m using Outlook 2010 and the mail profile/account has NOT been setup, if you already have an account edit it, select “More Settings” and jump to number 4.

Note: To support Outlook Anywhere you need a minimum of Outlook 2003 SP2

2. If you are setting up your Outlook client internally, the autodiscover service should fill in the details for you.

3. If it auto configures the settings for you, tick the box to manually configure server settings.

4. More Settings.

5. Connection Tab > Tick “Connect to Microsoft Exchange Server using HTTP” > Click “Exchange Proxy Settings”.

6. Put on the URL (Public name of Exchange – see step 1 number 2) > I’m using NTLM authentication you may be using basic, if you don’t know, check with your IT department, or try each one.

7. Security Tab > Ensure “Encrypt data between Microsoft Outlook and Microsoft Exchange” is selected.

8. Restart Outlook – you may be asked for your username and password again this is normal.

 

Related Articles, References, Credits, or External Links

Original article written: 04/10/11

Exchange 2010 – Working with Certificates

Buy Your Exchange Certificates Here!

Event ID 3154 ‘Active Manager Failed To Mount Database’

KB ID 0000867 

Problem

Seen on an Exchange server, in my case I got one for the mailbox database, immediately followed by one for the public folder database.

Active Manager failed to mount database MailStore 01 on server {Server-name}. Error: An Active Manager operation failed with a transient error. Please retry the operation. Error: Database action failed with transient error. Error: A transient error occurred during a database operation. Error: MapiExceptionNetworkError: Unable to make admin interface connection to server. (hr=0x80040115, ec=-2147221227).

Solution

1. On the affected server > Windows Key+R > ncpa.cpl {Enter}.

2. You should be presented with the network card for this server . right click >Properties.

3. ENSURE that IPv6 IS selected and has NOT been untucked.

Related Articles, References, Credits, or External Links

NA