It seems recently many users are receiving an error logging into Remote Desktop Servers (Terminal Servers) from off-site. The error reads:
An authentication error has occurred.
The function request is not supported.
Remote computer <ServerName>
This could be due to CredSSP encryption oracle remediation.
For more information, see https://go.microsoft.com/fwlink/?linkid=866660
This is a result of a March 13th update. The previous error message was shorter, but an Apr 17 update elaborated the error message to read as above.
The link explains how to resolve using group policy but the simple fix, as of May 8th, is to apply the KM4103725 monthly rollup update. This will require a reboot on most servers, but should resolve the problem once complete.
It seems Server Essentials and possibly others will often show in the daily report a DFSR Event ID: 2147485861 error. There is also a corresponding Warning Event logged in the DFS Replication log (sub-folder of Applications and Services Logs) of the event viewer with Source DFSR and Event ID 2013, followed by an Event ID 2212. This is most often caused by a dirty shutdown.
There are numerous articles on the Internet explaining how to resolve this, but I was told they were not clear to some readers. So, hopefully to clarify:
Firstly open Regedit and locate the key below, and verify it is set to 1. If not change it to 1. (Note: you should always backup the registry before making any changes)
Then in the error message within the report locate the command as highlighted in the image above, but cut and past it from your server report as it will have the correct volume GUID. Make sure it is all one line. You may want to use Notepad to reassemble if broken in the report. You need to use an elevated command prompt to run this.
If you run the command with the wrong GUID it will display; “No Instance(s) Available”.
If successful your command window should look similar to this:
This should resolve the problem, but it may return at some point in the future. The Windows Server 2012 Essentials Build document (wiki article) suggests to prevent this in the future, after running the command successfully, change the aforementioned registry key from 1 to 0. Doing so enables DFS Replication automatic recovery.
I recently came across a Hyper-V host which after a power outage and a dirty shut down, due the absence of a UPS, could not connect to the Virtual Machine Management Service. When opening the Hyper-v console the VMs were not listed, and selecting “Connect to Server” resulted in the following error message; “An error occurred while attempting to connect to server ‘ServerName’. Check that the Virtual Machine Service is running and that you are authorized to connect to the server.”
The Hyper-V services displayed running in the Services management console, and permissions had not changed, however when checking for dependencies for the Hyper-V Virtual Management Service it show no dependencies. Comparing this to another Hyper-V host reveals the service depends on the Remote Procedure Call (RPC) and Windows Management Instrumentation service. Both of these were running as well.
When services and system information is not present in various consoles, and the WMI service is running, it can often be a result of missing or corrupt WMI files. You can confirm this by running msinfo32.exe (System Information). If so, you will receive a message “Can’t collect Information. Cannot access the Windows Management Instrumentation software. Windows Management files may be moved or missing.”
If this is the case there is an easy fix:
- Always have a full backup of your system before making any changes!
- Note: Microsoft recommends troubleshooting, and restoring the WMI files rather than deleting them as I describe here. Deleting the files can affect 3rd party software which may require reinstalling. For more information see the links at the end of this article. In this case the WMI checks showed no inconsistencies and a reset failed, so rebuilding was the best option.
- Stop the Windows Management Instrumentation service, which will warn you that it will also stop the Hyper-V Virtual Machine Management and other services, verifying the link between the two.
- Rename the WMI information file folder to something such as .old C:\Windows\System32\wbem\Repository.old
- Restart the host. Upon reboot it will recreate the Repository folder and its contents. You may find the first logon hangs for a few minutes and also it may be slow for a while as it rebuilds the files.
Additional information regarding troubleshooting WMI:
The past 8 or more years most of us have managed PC updates using WSUS (Windows Server Update Service) and Group policy. However, the structure of the modern office has changed to a large percentage of mobile employees who never ‘touch down’ at headquarters. If these devices do not connect to the domain they do not have updates applied.
A client who has not returned to the office in 18 months, and likely will not for the life of their laptop, recently asked how they could update their machine manually. Currently they were not able to do so as Windows Update showed “settings are managed by your system administrator”, in other words, by WSUS
It is quite simple to disable WSUS management in the registry, however remember if the device is reconnected to the domain, the WSUS policies will be reapplied. Therefore you may want to move the device to an OU not linked to the WSUS policy or remove the device in the policy under security filtering.
Disclaimer: Be aware making incorrect registry changes can have disastrous effects to the health of the device. Be sure to backup the registry before editing. To do so see the following Microsoft article; “How to back up and restore the registry in Windows” http://support.microsoft.com/kb/322756
- Open the registry editor, by entering Regedit in the Start / Run box, and browse to: HKLM\Software\Policies\Microsoft\Windows\
- Locate the WindowsUpdate Key and delete it
- Reboot the PC (may take 2 reboots)
- Now you can manually update and configure Windows updates to automatically check for and install updates directly from the Microsoft Update site
You may want to consider using a newer service such as Windows Intune to manage your computers, especially mobile devices. http://www.microsoft.com/en-us/server-cloud/products/windows-intune/
For those following my blog in Atlantic Canada, you may be interested in an upcoming local event:
An Introduction to Microsoft Virtualization and the Private Cloud with System Center 2012 and Hyper-V
Spend an evening with Mitch Garvis, Virtual Technology Evangelist with Microsoft Canada, getting to know the Microsoft server virtualization story. Learn not only about Hyper-V, but also the management and Private Cloud scenarios that System Center 2012 SP1 brings to the table, Learn how to build your cloud, and also how Microsoft sets itself apart from (and ahead of) the competition in the Virtualization world!
This informal event will consist almost entirely of discussions and demos, with only a smattering of PowerPoint and fluff. The demos will be entirely unscripted, so you will get to ask what you want to see… and Mitch will do it!
The event is to be held Tuesday, June 11, 2013 from 5:30 PM to 9:00 PM, at the Nova Scotia Community College Institute of IT Campus, 5685 Leeds St., Halifax, NS
To register: http://www.eventbrite.com/event/6998359281
In troubleshooting an issue with the SBS user creation wizard, I wanted to know what was set as the default Organizational Unit in which users would be placed. Though the following works with any server version which is domain functional level Server 2003 or newer, SBS defaults to placing users in the MyBusiness\Users\SBSUsers OU and I wanted to verify this was set appropriately. There are 100 articles explaining how to change the default users OU using the command “Redirusr”, or “Redircmp” for computers, but it was difficult to find a link explaining how to locate the current defaults. There are a few links explaining where the information is stored, which is in the “wellKnownObjects” attribute of the properties of the domain, in Active Directory Users and Computers.
However when you click on “View”, to inspect the settings for that attribute, you get a popup warning; “There is no editor to handle this attribute”, and the same happens when using ADSI Edit.
Thanks to a tip by Alex Verboon, using Microsoft’s (Sysinternal’s) Active Directory Explorer will allow you to see the settings of this attribute. Download AD Explorer, run the app, on a single domain server you can live all fields blank and click OK.
Click on your domain, then in the right hand window right click on wellKnownObjects”, and choose properties.
In the resulting window you can review the current settings for the default OU’s for Computers and Users
Microsoft Canada has created a great opportunity for free on-line training in Microsoft Private Cloud services, while at the same time entering your name for a chance to win a trip for two to Mexico. Free evaluation software is available for System Centre 2012, Windows Server 2008 R2 SP1, and Windows Server 2012 RC, as well as 6 free Virtual Academy courses, and 14 guided labs to introduce you to the Microsoft Private Cloud.
Keep in mind contest regulations state; “Sweepstakes is open to individual legal residents of Canada “ so your odds of winning are far greater than with global sweepstakes.
Learn About The Microsoft Private Cloud to Win a Trip for Two to Mexico!
Microsoft has released new and exciting products that will change the way IT Pros utilize Virtualization and Microsoft Private Cloud solutions. Two products which are a part of these great changes are the newly released System Center 2012 and the soon to be released Windows Server 2012. Both of these solutions were designed to make virtualization and extending to the private cloud simpler and much more efficient.
With these new changes to Infrastructure and the IT world, it’s a great time to learn about these new solutions and keep yourself and your organization ahead of the curve in terms of where technology is headed. In fact, Microsoft has even added an incentive to learn about their Private Cloud solutions through the Skyrocket Sweepstakes!
Entering is easy! All you have to do is register, and then download a free TechNet evaluation like Windows Server 2012 RC or System Center 2012 to get started. Every applicable evaluation you download gives you an entry into the sweepstakes! And the best part is the more evaluations you download, the better your chances. And what’s the prize you may ask? Oh, just a 7 day, 8 night trip for two to Cozumel, Mexico!
The contest ends September 6th so don’t wait! Register now!