Some users are reporting a sudden loss of drive space. It seems a recently released Microsoft Defender update is generating thousands, and even millions, of files consuming many GB of storage space. The folder where these files are located is C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store
You can resolve the issue by “checking for updates” under Update and Security (Windows 10) and installing the latest Microsoft Defender update.
Today started, after patch Tuesday, with many machines crashing when one tried to print resulting in the standard “Your PC ran into a problem….” with a Stop Code: APC_INDEX_MISMATCH error, due to win32kfull.sys
UPDATE: Microsoft released updates today, March 16/21 to resolve the problem but you must manually download and install:
Windows 10 emergency updates released to fix printing crashes (bleepingcomputer.com)
UPDATE 2: It seems the first patch further broke some printers resulting in blank pages or missng content. Another ‘out-of-band’ update was released the 18th.
Windows message center | Microsoft Docs
UPDATE 3: Microsoft halts the rollout for the “emergency” patch for the patch for the patch Tuesday update đŚ
Microsoft halts rollout of Windows 10 KB5001649 emergency update (bleepingcomputer.com)
With my clients this seemed to happen with any Office or Windows app, even notepad. However Adobe seemed to be OK and oddly if you just right click on any file and choose print, without opening it, it seemed to be OK as well. Many report updating the printer drivers solved the problem, but doing so in my cases “Windows encountered an error”. Uninstalling the printer and reinstalling with the latest drivers did resolve the problem. Also it seems not all printers are problematic. On one system which had multiple printers, the error occurred when printing to any printer, but just reinstalling the Ricoh C2504 printer eliminated the problem for all printers. Google shows Ricoh and Kyocera printers seem to be the most problematic.
Several months after every QuickBooks Pro and Enterprise annual upgrade my clients run into an issue where they cannot connect to the QuickBooks database with messages indicating, the application cannot access the database, and H2020 Error, or QuickBooks is unable to open this company file due to the file being open on another computer in single user mode. Most recently, as per the image below:
I have found over the years the solution is to open the services management console ( services.msc )  on the server or computer hosting the data, scroll down to locate the QuickBooks service named âQuickBooksDBxxâ, where xx = a number relating to the current version. If you have installed multiple versions over the years there will be one for each year. You want the one with the highest number. (note in the images below the changes have already been made)
Double click on the service to open the properties for that service and click on the âLog Onâ tab. The radio button âThis Accountâ will be checked, a QBDataServixeUserxxâ name will be shown, and a hidden password entered. Change to âLocal System accountâ, click apply and close, then right click on the service and choose start. (NOTE: if you change this setting to service account and want to change back for some reason you will likely need to re-install QuickBooks)
You now need to run the âQuickBooks Database Server Managerâ app from the programs menu, in the QuickBooks folder.  Under the Scan Folders tab make sure the folder that contains your data is shown If not browse to it and select, then click the âStart Scanâ button. It should show âsuccessfulâ when done and you can choose close. Assuming you have the same issue, running this wizard before making the change above will result in âfailureâ.
On a couple of occasions I have run into the following error/message and I see many others have done so based on dozens of posts:
OneDrive can’t be run using full administrator rights.
In my case both machines had been upgraded from Windows 7 with the problem being one is unable to set up OneDrive app and sync locally with Windows Explorer.
The issue is exactly as described by the error. To resolve: Locate OneDrive.exe, the default location is C:\Users\username\AppData\Local\Microsoft\OneDrive then right click on it, choose properties, and under the Compatibility tab uncheck “Run this program as an administrator”
You cannot install a standard version of Office on an RDS server. Prior to Office 365 you had to buy Enterprise licenses for each user which are quite expensive.  I understand Enterprise licenses are still available and I assume they will still work but you may already have a suitable Office 365 subscription, or you can upgrade to one that will.  Your Microsoft 365 license must include Office Pro Plus, a Business Standard license will not work.  There is an Office Pro Plus license or an E3 or higher license includes Office Pro Plus.  With Office/Microsoft 365 you can use your current licenses but have to download a special installation version and jump through a few hoops. This method is supported by Microsoft.
(Oct 2020 update: Microsoft has changed the naming of it’s Office 365 subscriptions to new Microsoft 365 names. I believe the minimum license level now is Microsoft 365 Business Premium but be sure to confirm with your vendor. The following is a Sept 2020 article referencing the install with the new licenses https://docs.microsoft.com/en-us/deployoffice/deploy-microsoft-365-apps-remote-desktop-services#:~:text=If%20you%20use%20Remote%20Desktop%20Services%20%28RDS%29%20to,installation.%20The%20following%20are%20two%20common%20RDS%20scenarios%3A )
Note: when installing apps on terminal servers in the past you had to put the server in âInstall modeâ by running from an elevated command promptÂ
Though this is still recommended, I tried it without doing so and it worked, but make sure you are an administrator of the machine (local or domain) and all other users are logged out. I recommend a clean reboot before starting.
Create a shared folder such as \\RDS\O365 pointing to C:\Temp\O365
Download the Office deployment tool from the link below and extract to your shared folder \\RDS\O365
https://www.microsoft.com/en-us/download/details.aspx?id=36778
Create an .xml configuration file for the download and save to the same folder. I named DownloadConfig.xml
<Configuration>
<Add SourcePath="\\RDS\O365" OfficeClientEdition="64">
<Product ID="O365ProPlusRetail" >
<Language ID="en-us" />
</Product>
</Add>
</Configuration>
Download the custom version of Office. To do so open an elevated command prompt, change to the directory containing the .xml file C:\Temp\O365\MayBeSubfolder and run the following command.
setup.exe /download DownloadConfig.xml
This may seem like it hangs, but wait. I believe it took about 15 minutes with my connection.
Create another .xml configuration file for installation and save again to the same folder. I named InstallConfig.xml
<Configuration>
<Add SourcePath="\\RDS\O365"
OfficeClientEdition="64"
Channel="Monthly">
<Product ID="O365ProPlusRetail">
<Language ID="en-us" />
</Product>
</Add>
<Display Level="None" AcceptEULA="True" />
<Property Name="SharedComputerLicensing" Value="1" />
<Logging Level="Standard" Path="C:\Temp" />
</Configuration>
Deploy Office using: \\RDS\O365\setup.exe /configure \\RDS\O365\InstallConfig.xml
Note: you must use the full path
Again it may appear to hang, but be patient
If you ran Change User /Install before starting, run Change User /Execute
Microsoft has more detailed information and options to customize the xml files at:
https://docs.microsoft.com/en-us/deployoffice/deploy-microsoft-365-apps-remote-desktop-services
https://docs.microsoft.com/en-us/deployoffice/office2019/deploy
Immediately after Windows updates today on 2 different systems, so far, you cannot open Outlook. As soon as you open it closes. Next time you open you get the Open Outlook In Safe mode popup, which also doesnât work. After looking at commonalities in the two systems and trouble shooting it seems the issue was the July 14th âPatch Tuesdayâ update âCumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4565483)â. The update includes multiple features but among them is âUpdates to improve security when using Microsoft Office products.” Uninstalling the update immediately resolved the issue.
If unfamiliar with doing so go to Control Panel, click on âPrograms and Featuresâ, then âView installed updatesâ, locate the (KB4565483) Update, right click and choose uninstall. As always you should have a backup of your system before adding or removing updates.
I have also selected “pause updates for 7 days” in case it tries to reinstall before Microsoft has a fix.
Update: It seems this does not always work. Instead you need to roll back Office, however Microsoft has apparently realized the problem and is pushing out the fix. To enforce, just close Outlook and re-open. This worked on the latest machine with which I had a problem and there was a message in Outlook about the issue when it did open. It may not be pushed out to all machines yet so waiting a couple of hours may be necessary. See the following link from Microsoft regarding details: https://support.microsoft.com/en-us/office/active-investigation-into-outlook-crashing-on-launch-9c59ad4b-813c-432a-afdc-f14717a4528d?ui=en-us&rs=en-us&ad=us
When you enable multifactor authentication in Microsoft 365 (formerly Office 365) with an existing tenant, Outlook starts asking for a password and will not accept your current Microsoft 365 password. You then need to use app passwords for Outlook, rather than standard MFA with your password and a second option such as the Microsoft Authentication app, Txt, E-mail, or call. Those options work fine with access to Web and other Office Apps but not Outlook. See the following link to manage App Passwords; https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords#:~:text=To%20create%20app%20passwords%20using%20the%20Office%20365,password%2C%20and%20then%20select%20Next.%20More%20items…%20
You can however enable standard MFA methods for Outlook using powershell. The credit for most of the instructions below goes to; https://www.petri.com/enable-modern-authentication-exchange-online
Instructions to enable MFA with Exchange On-line (paraphrased)
When asked for credentials, you need to use an O365 admin account that does not have MFA enabled. I create one without an Office license just for this.
I use the PowerShell ISE but I suspect standard PowerShell run as admin will work as well
Connect to an Exchange PowerShell session by running the following 2 lines
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
This is not in the Petri link above, but you need to run the following line to allow running scripts
Set-ExecutionPolicy RemoteSigned
Test if MFA is already enabled. Will return âfalseâ if not enabled
Get-OrganizationConfig | ft name, *OAuth*
Assuming not enabled run
Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true
Then run the following again to confirm now enabled, i.e. âTrueâ
Get-OrganizationConfig | ft name, *OAuth*
Close session
Remove-PSSession $Session
I find it takes 30-60 minutes before the policy is applied and changes in use
Many years ago I wrote numerous blog articles relating to VPNs, and primarily PPTP VPNs. Hits on those blog pages are up 300% since the Coronavirus outbreak due to people looking for ways to work from home. I wanted to warn PPTP is an old solution and is considered to be âbrokenâ and very insecure. Please consider other options.
Rather than creating new articles explaining how to configure various remote access methods I thought I would provide some suggestions and links as it has all been written before by very talented IT folk.
Firstly VPNs. I would always recommend using a VPN appliance/router over the server itself. It is more secure, authenticates at the network perimeter not the server itself, and allows more control. Cisco, Sonicwall, Juniper, Watchguard, and others provide very good solutions . However one concern with any VPN solution is the fact that though it is a secure tunnel, it also allows any and all traffic between an unmanaged remote client computer and the corporate network. Viruses can travers the VPN tunnel, should the client PC be hacked the hacker has direct access to the corporate network, and the remote user can easily copy/steal corporate data that they maybe should not. In addition VPNs occasionally just do not work due to network addressing, slow ISP service, or blocked protocols by ISPs.
If you do want to set up a VPN on a windows server, I would recommend SSTP. Thomas Maurer has a great configuration guide:https://www.thomasmaurer.ch/2016/10/how-to-install-vpn-on-windows-server-2016/
Perhaps a better option than a VPN is a terminal server, now called a remote desktop server (RD Server). I have never seen the RDP protocol blocked, performance is usually better than a VPN, and all data stays on the corporate network. If set up correctly it uses the Remote Desktop Gateway service and SSL which is very secure. You can, if you like, also use this within your VPN tunnel and if using a business class VPN solution restrict traffic to RDP.
Another alternative if you donât want to set up an RD Server is to configure the RD Gateway service on your server and allow users to connect securely to their own desktops PCs with the same level of performance. This was a built in feature of SBS and Server Essentials 2016 and earlier. Mariette Knap has a excellent article on configuring the RD Gateway service, specifically on Server 2019 Std:https://www.server-essentials.com/support/setup-rds-gateway-as-a-replacement-for-access-anywhere-from-the-essentials-experience-role
Regardless of what method you use, as soon as you allow any remote access, make sure you configure Group Policy to enforce strong passwords and to lock accounts after âXâ wrong password guesses. (I use 5, and lock out for 30 minutes). You can set this on the server for domain wide deployment or on an individual PC using GPedit.msc. For both it is located under Computer Configuration |Windows Settings | Security Settings | Account Policies .
The other alternative of course is to use cloud based services such as Microsoft’s Office 365 which you can from any where, at any time. If dong so, make sure you enable multi-factor authentication for security.
I hope this is of some help and please stay safe n these uncertain times.
Over the past 6 months I installed 4 Server 2019 Hyper-V hosts for various clients. After several months with no problems, following a reboot, all running VMâs completely disappeared from the Hyper-V management console and were not accessible from the network using management tools, file shares, remote desktop, or even pings. Oddly, shut down or saved VMâs were present.
When this first happened I was shocked. The VHDX files were all present so I could create a new VM, but that didnât seem practical. Googling showed that this can happen if the Hyper-V Virtual Machine Management service did not start, but in my case it had. I tried restarting the service, the VMâs instantly reappeared, and were in a running state with boot up almost complete.
This issue over the coming months started happening on other 2019 servers and after every reboot, planned or due to a power outage, I had to connect to the host and restart the Hyper-V Virtual Machine Management service.
Further Googling this issue brings up suggestions of corrupt VM configuration files, granting “NT Virtual Machine\Virtual Machines” the “logon as a service right”, doing the same with group policy, and other suggestions, but where restarting the service would resolve in every case I assumed there was not a configuration issue.
In the end setting the Hyper-V Virtual Machine Management service start up type to âAutomatic (delayed start)â resolved the problem on all machines, though it resulted in a slightly longer boot time for the VMs.
All of thee servers worked fine for a few months so I assume the problem was due to a Windows update but to date I have found no actual cause. Also, I can confirm this only occurs on my 2019 Hyper-V hosts. There are no issues with Server 2016 or earlier servers.
Update: Oct 2020. I had another server with the same issue. O/S had been installed 8 months prior and no updates applied in recent months. Setting the service as delayed start did not resolve. I had to create a scheduled task to run 10 minutes after boot up. 5 minutes did not work. The scheduled task simply pointed to a batch file with the following. (the ping command just delays the process to be sure Net Stop completes before the next line).
Net Stop VMMS
ping -n 10 127.0.0.1
Net Start VMMS
Exit
LAN-Tech Network Management 