Windows – Remote Desktop Error ‘An authentication error has occurred. The Local Security Authority cannot be contacted’

KB ID 0000826

Problem

Update May 2018: This is Following ArticleIs Probably What You Are Looking For;

Windows RDP: ‘An authentication error has occurred’

 

 

I saw this while attempting to create a remote desktop connection to a Windows 2012 Server. (Though connecting to Windows 8 will be the same).

I’d only just set this server up, and knew I’d enabled RDP, and I was attempting to connect as the domain administrator, so at first I was a little perplexed.

Solution

If you have direct/local access to the machine you are trying to connect to.

1. Press Windows Key+R > In the run box type sysdm.cpl {enter} > Remote.

2. Remove the tick from “Allow connections only form computers running Remote Desktop with Network Level Authentication (recommended)”.

3. Try again.

If you do not have direct/local access to the machine you are trying to connect to.

1. On YOUR Machine > Windows Key+R > type regedit {Enter} > File > Connect Network Registry > Type in the details for the machine you are trying to connect to > OK.

2. Navigate to;

[box]
{remote-machine-name} > HKEY_LOCAL_MACHINE > SYSTEM > CurrentControlSet > Control > Terminal Server > WinStations > RDP-Tcp[/box]

Locate the UserAuthentication value and change it to 1 (one) > OK > Exit the registry editor.

3. Try again.

Disable RDP Network Level Authentication via Group Policy

If the destination server is in a remote data centre or remote location, and you cannot access the System Properties, you can turn this option off with group policy, and wait a couple of hours.

1. On a DC > Start > Group Policy Management > Either create a new group policy object and link it to the OU containing the problem machine, or edit and existing one. (Here on my test network I’m going to edit the default domain policy – WARNING this will disable this feature on all machines in a production environment!

2. Navigate to;

[box]Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security[/box]

3. Locate the ‘Require user authentication for remote connections by using Network Level Authentication’ policy.

4. Set the policy to Disabled > Apply > OK > Close the Group Policy Management Editor.

5. How long before the Group Policy will affect the target machine? Group policies are processed when a machine starts up, after this they are processed again, (only if they have changed), the time period varies (so all clients do not update at the same time). The interval is 90 minutes, with a random offset off 30 minutes. So the maximum time it can possibly take is 2 hours (120 minutes). Note: this is the default setting, it can be manually changed up to (45 Days) 64,800 minutes, (though why would you do such a thing?)

Windows – Forcing Domain Group Policy

Related Articles, References, Credits, or External Links

NA

Exchange 2003 – Defragmenting Your Database with Eseutil

KB ID 0000814 

Problem

I don’t have many clients left that still have Exchange 2003, so this will probably be the last time I have to do this (famous last words).

Exchange databases NEVER get smaller, if you delete information out of them, it simply creates white space, that Exchange will reuse, (so they will steadily grow in size). Before you carry out this procedure, get your users to clear down their mailbox’s. Also delete/purge any unused mailboxes, this will make your defrag more efficient.

Solution

In my case the server the database was on was short on drive space. Remember you need 110% of the size of the database free space to carry out this procedure (so a 50GB database needs 110GB of free space to defragment). I did this with an external USB Drive.

Note: Moving large databases to USB media can take a while, at USB 2 Speed (48MBps (480Mbps)) took about 45 minutes to copy the database files to it.

1. You don’t need to to do this but, locate where the log files for this database are being stored, because in a minute we are going to take a copy (just in case). Right click the storage group the database is in > Properties > General > Transaction log location.

2. Now for the database itself, right click the Mailbox Store (or public folder database if that’s the one you are going to defrag) > Properties > Database > Exchange databases.

3. On my external drive I’ve created two folders, one holds the original untouched database files and the logs, the other (EDB_Files) holds a copy of the priv1.edb and priv1.stm files for the mailbox database that I’m going to defragment.

4. Eseutil.exe lives in the Exchange program folder in the bin directory, change to that directory;

[box]
cd “c:Program FilesExchsrvrbin”
[/box]

Now if we simply run eseutil on the database, it will create a temporary database on the C: drive, which I don’t want (remember we are tight for drive space). So I will specify where the temp database will be, and start the defragmentation.

[box]

eseutil /d {Path to the Database} /t {Path to the temp Database}

e.g.

eseutil /d H:EDB_Filespriv1.edb /t H:EDB_FilesTempDB.edb

[/box]

How long will eseutil take? That’s a horrible question to answer, it depends on the CPU/memory of the server, and the size of the database itself. in this case it was a 70GB Database, on an HP G4 Series server, it took 11 hours and 6 minutes (approx).

5. When done it should say it has completed successfully.

6. You can now delete the original EDB and STM files from the Exchange Server.

7. Then copy and paste your defragmented versions back into the original folder.

8. You can now mount the mail store(s).

9. Finally make sure you get a full backup of the Exchange database, (with some Exchange aware backup software).

Related Articles, References, Credits, or External Links

ESEUTIL error – “Unable to find the callback library jcb.dll”

Install and Configure an HP UPS Network Module

KB ID 0000813

Problem

I installed one of these a couple of weeks ago, and there’s some good documentation with the module itself so installing it into the UPS and giving it an IP address was easy, getting the right client software to talk to it was a pain.

Solution

Configure the Network Module

1. Physically install the module in the UPS, it’s fixed with two screws and you can install it with the UPS powered on.

2. It takes a while for the card to boot, pop in the console cable that came with it (into the Settings/AUX socket – see above). Fire up PuTTy and connect via serial.

Note: Standard Serial Settings,

Bits per second—9600
Data bits—8
Parity—None
Stop bits—1
Flow control—None

3. The default password is ‘admin’

4. Use the menus presented to change the IP details, you MUST restart the module when you are finished or the IP address WONT change.

5. Once its rebooted (again this takes a while) you can login with a web browser, (username admin password admin).

Configure the Client Machines.

1. Download HP Power Protector, (Note: there is no client and administrator software any more, this software will do BOTH. The network module has the administration software built in).

2. Install the software on your machine, and login (again username admin password admin).

3. Select client > Save.

4. Select the Device Discovery tab. The software usually detects the network module on its own quite quickly, if it does not you can use the options on right to do a scan.

Ports Required for HP UPS Network Module

If you are connecting through a firewall (or you machine has a software firewall), make sure the following six ports are open.

TCP 5000
TCP 5001
TCP and UDP 4680
TCP and UDP 4679

5. When it’s fully detected, select the network module and select ‘Configure power source’, supply the login credentials for the network module, and the load segment the machine is plugged into (see below) > Save.

6. Back in the web console of the network module > Open ‘Notified Applications’ and in about 5-10 minutes your server should appear.

Related Articles, References, Credits, or External Links

NA

 

Cisco ASA – Find Out VPN Tunnel Uptime

KB ID 0000863 

Problem

I needed to get the Uptime/Duration of a particular VPN tunnel this week. It was for a client with multiple VPN tunnels that was having problems with just one.

Solution

Option 1 via Command Line

1. Connect to to the firewall > Go to enable mode and use the following command, replace 123.123.123.123 with the IP of your VPN endpoint.

[box]

PetesASA>
PetesASA> enable
Password: ********
PetesASA# show vpn-sessiondb l2l filter name 123.123.123.123 | incl Duration
Duration : 0h:08m:26s <<<<<<<
PetesASA#

[/box]

If you want a LOT MORE information use the following command;

[box]

PetesASA# show vpn-sessiondb detail l2l filter name 123.123.123.123

Session Type: LAN-to-LAN Detailed

Connection : 123.123.123.123
Index : 312 IP Addr : 123.123.123.123
Protocol : IKEv1 IPsec
Encryption : IKEv1: (1)3DES IPsec: (1)3DES
Hashing : IKEv1: (1)SHA1 IPsec: (1)SHA1
Bytes Tx : 18999 Bytes Rx : 26267
Login Time : 14:20:36 UTC Mon Sep 30 2013
Duration : 0h:32m:55s <<<<<<<
IKEv1 Tunnels: 1
IPsec Tunnels: 1

IKEv1:
Tunnel ID : 312.1
UDP Src Port : 500 UDP Dst Port : 500
IKE Neg Mode : Main Auth Mode : preSharedKeys
Encryption : 3DES Hashing : SHA1
Rekey Int (T): 86400 Seconds Rekey Left(T): 84425 Seconds
D/H Group : 2
Filter Name :
IPv6 Filter :

IPsec:
Tunnel ID : 312.2
Local Addr : 10.254.254.0/255.255.255.0/0/0
Remote Addr : 172.16.254.0/255.255.255.0/0/0
Encryption : 3DES Hashing : SHA1
Encapsulation: Tunnel PFS Group : 2
Rekey Int (T): 28800 Seconds Rekey Left(T): 26825 Seconds
Rekey Int (D): 4608000 K-Bytes Rekey Left(D): 4607975 K-Bytes
Idle Time Out: 30 Minutes Idle TO Left : 26 Minutes
Bytes Tx : 18999 Bytes Rx : 26267
Pkts Tx : 94 Pkts Rx : 114

NAC:
Reval Int (T): 0 Seconds Reval Left(T): 0 Seconds
SQ Int (T) : 0 Seconds EoU Age(T) : 2000 Seconds
Hold Left (T): 0 Seconds Posture Token:
Redirect URL :

PetesASA#

 

[/box]

Option 2 Via the ASDM

1. Connect to the ASDM > Monitoring > VPN > Sessions > Select the one you are interested in > Logon time Duration.

Related Articles, References, Credits, or External Links

NA