Items related to Windows in general
One of my hosted lab environments ran into series of issues, and after unplanned maintenance there were multiple problems to resolve. The below error with a faulting ntdll.dll module was something I recall seeing many years ago with a Microsoft Operations Manager (MOM) deployment where the MOM agent simply would not start. On every single attempt to start the service it would crash with the erro… Read the rest “Faulting Module Name NTdll.dll”
Unfortunately issues can arise when third-party tools are used to modify TLS settings on a Windows Server. While these utilities are often intended to simplify the process of hardening or tuning protocols, they can introduce serious side effects. Especially in environments running applications like Exchange Server, IIS or other components that depend on schannel. Misapplied registry changes, unsu… Read the rest “HealthChecker Script & Schannel TLS Registry Issues”
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are protocols that provide secure communications. Today several versions of these protocols exist, and not all of them are considered secure by Microsoft or other security companies.
Schannel is a Security Support Provider (SSP) that implements the SSL, TLS and Datagram Transport Layer Security (DTLS) Internet standard authentication pro… Read the rest “TLS Musings”
The below post initially stemmed from an Exchange Risk Assessment which noted that all of the customer's Exchange servers were missing critical Windows updates. The customer's security team were slightly upset as they believed (mistakenly) that all assets were properly updated. This was not the case. When we looked into the details, the monthly Windows Server 2012 R2 updates had been failing to… Read the rest “Unable to Install Windows Updates or Windows Components”
After preparing AD and installing the first Windows Server 2019 DC into an existing AD environment, it was noted that there were unresolved SIDs listed at the root of the domain. This was corelated to the AD 2019 upgrade as permissions had been audited and cleaned up prior due to previous issues in the environment. Previously all DCs were Windows Server 2012 R2 with all updates installed.
After r… Read the rest “Unresolved RID 526 and 527 After ADPrep”
One issue when cutting over services or performing datacentre disaster recovery operations consists of three little letters - DNS.
DNS records have a time to live (TTL) and depending on the zone file configuration, it could be several hours or even measured in days. So if a record was changed, this means that in normal run state clients would continue to connect to the old IP rather than the new I… Read the rest “Windows 10 FlushDNS”
January 2020 is going to be a very important month. There are multiple large and important products which will exit out of their extended support lifecycle phase. The list includes Exchange 2010.
We reviewed this a year ago, to provide additional warning and notification as many customers still run Exchange 2010 on-premises. For those who are not in the middle of upgrade or migration activities t… Read the rest “Save The Date – End of Exchange 2010 Support–T Minus 1 Year”
With my customer facing role, there are lot of demonstrations to enterprise customers. Manually reverting machines back to the initial starting point for the next demo can be time consuming and error prone.
One example of this is clearing out the contents on Window's Credential Manager. There is no option to do a block select to delete multiple entries at once. Worse still is that Modern Authent… Read the rest “Script to Clear Credman”
In current versions of Windows the venerable snipping tool (snippingtool.exe) has been updated with improved functionality.
This is the Snipping Tool from a Windows 7 lab machine:
Clicking on Options we see:
The below were taken from my Windows 10 build 1803 machine. Note that there are now additional buttons present.
Specifically the Mode and Delay b… Read the rest “QuickTip–Delay Functionality In Windows Snipping Tool”
The below is an issue which caused this week’s customer a little stress. They wanted to review the current AD FS configuration, but were not able to successfully run the Get-AdfsPropeties cmdlet.
The Get-AdfsProperties cmdlet would generate the error below.
For make most glorious benefit of search engines:
Get-AdfsProperties : ADMIN0120: The client is not authorized to access the endpoint net.tcp://… Read the rest “Get-AdfsProperties Error ADMIN0120”