If you intend to shutdown, or restart a remote computer using PowerShell, you may see the following error message;
PS C:\> Restart-Computer “Computer-name“ Restart-Computer : This command cannot be run on target computer(‘Computer-name’) due to following error: The system shutdown cannot be initiated because there are other users logged on to the computer. At line:1 char:1 + REstart-Computer “Computer-name“ + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Computer-name:String) [Restart-Computer], InvalidOperationException + FullyQualifiedErrorId : RestartComputerFailed, Microsoft.PowerShell.Commands.RestartComputerCommand
Solution
You need to add the -Force flag to the command like so;
Related Articles, References, Credits, or External Links
I was setting up a Cisco ASA this week and needed to enable the ability for users to reset their domain passwords when they are about to expire. To actually test that, I needed a test user that had their password either about to expire, or actually expired. As I dint want to wait 42 days, or setup a password policy just for one user, I needed to find a ‘quick and dirty’ fix for one user.
Solution
You need to open Active Directory Users and Computers, and you need to have ‘Advanced options’ enabled. Locate your user and open their properties > Attribute Editor > Attributes > pwdLastSet.
If you want to set it to expired, then set its value to Zero.
It should change to <never>, which is not strictly true, it actually changes to 12:00AM January 1st 1601.
Note: If you set its value to -1 and apply the change it resets the attribute to the current day and time (you may need to close and reopen the property dialog to see the change).
Related Articles, References, Credits, or External Links
Seen when an Exchange server attempts to build the Offline Address book but encounters an error.
Source: MSExchangeSA
Event ID: 9327
Task Category: (13)
Level: Warning
Keywords: Classic
User: N/A
Description:
OALGen skipped some entries in the offline address list 'Global Address List'. To see which entries are affected, event logging for the OAL Generator must be set to at least medium.
This is just an instruction to enable logging so that you can see the REAL error.
Solution
Option 1 Enable Logging via the Exchange Management Shell
1. Launch the Exchange Management Shell and check the current logging level it will probably be set to “Lowest” Issue the following command:
[box]Get-EventLogLevel[/box]
Then scroll down to “MSExchangeSAOAL Generator” and check its status.
2. To turn the logging Level Right up issue the following command:
Option 2 Enable Logging via the Exchange Management Console
1. Launch the Exchange Management Console > Server Configuration > Right click the offending server > Manage Diagnostic Logging Properties > Expand MSExchangeSA > Select OAL Generation > Tick Expert > Configure > Finish.
Then rebuild the Offline address Book
1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.
2. Select “Yes” when prompted.
3. Wait a few minutes the re-check the server application log, you will see this error again but there should be a more descriptive error near it to let you know what is failing.
Related Articles, References, Credits, or External Links
Seen when an Exchange server attempts to build the Offline Address book but encounters an error.
Source: MSExchangeSA Event ID: 9323 Task Category: (13) Level: Warning Keywords: Classic Description: Entry ‘{Username}’ has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for ‘Global Address List’.
Solution
1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.
If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.
2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.
3. I didn’t need to renew this certificate, so I simply removed it.
Then rebuild the Offline address Book
1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.
2. Select “Yes” when prompted.
3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.
Related Articles, References, Credits, or External Links
Seen when an Exchange server attempts to build the Offline Address book but encounters an error.
Source: MSExchangeSA
Event ID: 9323
Task Category: (13)
Level: Warning
Keywords: Classic
Description:
Entry '{Username}' has invalid or expired e-mail certificates. These certificates will not be included in the offline address list for 'Global Address List'.
Solution
1. Go to a domain controller, Launch “Active Directory Users and Computers”, Select View and enable “Advanced Features”. Locate the username reported in the error (In this example it’s the administrator), On the properties for that user locate the “Published Certificates” tab.
If you can’t see the published certificates tab you are probably on the Exchange Server and NOT on a domain controller.
2. You will see that this user has a certificate which you can see by pressing the view certificate button, In this case we can see that the certificate has expired.
3. I didn’t need to renew this certificate, so I simply removed it.
Then rebuild the Offline address Book
1. Launch the Exchange Management Console > Organization Configuration > Offline address book Tab > Right click “Default Offline address Book” > Update.
2. Select “Yes” when prompted.
3. Wait a few minutes the re-check the server application log, to make sure it now completes without error.
Related Articles, References, Credits, or External Links
I had a virtual machine crash on me, while I was doing some work on it As I was unable to shut it down gracefully, I attempted to ‘Power Off’. It progressed to 95% and stopped there.
Expecting it to ‘time out’, I carried on with some other work and kept an eye on it. 30 minutes later there was still no progress.
2. Connect to the ESX host via SSH, and logon as root. Execute the following command to see all the running VMs on this host, and list their world ID numbers.
[box]
esxcli vm process list[/box]
3. Once you have the World ID of the problem VM, you can attempt to power it off with the following command;
[box]
Syntax
esxcli vm process kill --type {soft,hard,force} --world-id {ID Number}Example
esxcli vm process kill –type hard –world-id 1397444
You will get all the processes, and they are preceded by two columns of numbers, the first column contains the individual PID’s. The second column is the PID for the parent process, this is the one you need.
2. Armed with your PID, you need to terminate that parent process with the following command;
I use Media Center a lot, and the one thing that bugs me is, every time I add a new film or TV series etc, I have to restart Media Center, restart services, or reboot the entire media PC before I can see them in the list.
After some searching it appears that Media Center uses the same repository/database of media that Windows Media Player uses. There is a convoluted method of stopping services, deleting files and restarting everything that will fix the problem.
However that is a pain, as when I’ve fired up Media Center it’s because I want to watch a film, or listen to some tunes, not start manually messing about with services and deleting cached copies of stuff.
So I wrote a script to do it all for me, and seeing as I couldn’t find one anywhere else, I tarted it up a bit, and made it easy to install. You can launch it from an icon on your desktop, it will stop Media Center, flush the cache, then restart Media Center for you.
Solution
1. First download this zip file and extract the contents to your desktop.
2. From within the ‘Refresh Media Library’ folder double click the install.bat file (this will copy the needed files to your “Program Files” folder and drop the shortcut on your desktop).
3. Whenever you want to update the Media Center Library simply run the script form the shortcut on your desktop.
4. After it’s completed it will launch Media Center for you. Once installed you can safely delete the ‘Refresh Media Library’ folder.
Related Articles, References, Credits, or External Links
You might ask why? But I needed to do this the other day for some screen shots, and if I had to work out how to do it then someone else will want to use Aero on Windows Server 2008. Besides I’ve seem people running this OS on their Laptops etc, so if it were me, I’d rather look at Aero than the standard windows “Theme”.
Solution
Minimum Requirements for Aero
CPU = 1 GHz or Higher RAM = 1 GB or better Graphics Card = 128MB or better Graphics Card = DirectX 9 & Pixel shader 2.0 with 32 bits per pixel
Rule of thumb
Single monitor up to 1280×1024 = 64MB Graphics Memory Single monitor up to 1600×1200 = 128MB Graphics Memory</br? Single monitor up to 2560×1600 = 256MB Graphics Memory
(Updated 01/12/12). I had a user that needed his Remote Desktop Services (Terminal Services) users, to get an Aero themed desktop, so his RemoteApp applications would run with the correct icons. In this case the easiest solution is to setup a LOCAL policy on the Remote Desktop Services server to force this.
1. On the server, Windows Key+R > gpedit.msc {enter} > When the policy editor opens > Navigate to;
[box]User Configuration > Administrative Templates > Control Panel > Personalization > Force a Specific Visual Style file or force Windows Classic[/box]
Enable the policy > Set the ‘Path to Visual Style’ to;
Server 2012/2008 R2 unlike their predecessors, comes with the multiple remote desktop session restriction enabled. If you are only connecting to a server for remote administration purposes that can get a bit annoying, especially if you have a generic administrative account that multiple techs are using, and you keep kicking each other off the server.
Just as with earlier versions of Windows server you CAN have two RDP sessions at any one time, the restriction is one logon for one account. Thankfully you can disable the restriction and there are a number of ways to do so.
Solution
Server 2008 R2 Option 1: Enable Multiple RDP sessions from TSCONFIG
Note: tsconfig.msc does not work on Windows Server 2012
1. On the server, click Start and in the search/run box type tsconfig.msc{enter}. Locate “Restrict each user to a single session” Right click > Properties.
2. Remove the tick from “Restrict each user to a single session” > Apply > OK.
Server 2012 and 2008 R2 Option 2: Enable Multiple RDP sessions via the registry
1. Start > in the search/run box type regedit {enter} > Navigate to:
[box] HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server [/box]
Locate the fSingleSessionPerUser value > Set it to 0 (Multiple sessions allowed), or 1 (Multiple sessions NOT allowed).
Server 2012 and 2008 R2 Option 3: Enable Multiple RDP sessions via Local Policy
1. Start > in the search/run box type gpedit.msc {enter}.
I’m surprised that when you make a server a Terminal Services Server / Remote Desktop Services Server, that this does not get applied from an administrative template anyway, but it does not.
Why would you want to do this? Well users are used to hitting Start > Shutdown, when they are finished working, which is fine, unless they are in a terminal session with 500 other users and they’ve just issued a shutdown command to the server!
Solution
The simplest way to do this is run gpedit.msc on the server itself and remove shutdown through local group policy, but a far more elegant solution is create a domain group policy for the TS Server(s).
1. On a domain controller, launch the “Group Policy Management Console”. Create a policy, and link it to the OU that contains the Terminal Servers, you want to enforce the policy on, (Or edit an existing policy linked toy them).
2. Now remove the shutdown is a USER policy, and this is a COMPUTER policy we are writing, so it wont work unless we turn on “Loopback processing”. Navigate to Computer Configuration > Administrative Templates > System > Group Policy > User Group Policy loopback processing. (Note: On 2016 It will be called, ‘Configure user Group Policy loopback processing mode’.)
3. In most cases you will already have user policies applied to your users, if so you will want to “Merge” this with them rather than replace them > Apply > OK.
4. Now to remove the Shutdown command. Navigate to User Configuration > Administrative Templates > Start Menu and Taskbar > Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate Commands.
5. Enable > Apply > OK.
6. Then either reboot the TS Server(s), wait a couple of hours or run “gpupdate /force” on them.
Related Articles, References, Credits, or External Links