IT Consultant Everyday Notes

Just some problems/solutions storage

SCCM 2012: OSD Windows 8 : First logon fails with "The universal unique identifier (UUID) type is not supported"

When you deploy Windows 8/8.1 using SCCM 2012/2012 R2 the first logon fails with abovementioned error.

Microsoft has a KB about that: http://support.microsoft.com/kb/2976660 describing two workarounds. The easier way is to force a reboot at the end of TS using SMSTSPostAction variable in the TS set to “shutdown /r /t 0”

image

SCCM 2012: Certificate requirements

Lync: Wireshark and Netmon plugins for STUN troubleshooting on Lync Edge server

James Cussen published a useful plugin for Wireshark network analyzer. You can use Microsoft Network Monitor, it has Lync plugin pack too.

 

Wireshark plugin: http://www.mylynclab.com/2014/05/microsoft-lync-wireshark-plugin.html

 

Microsoft  NetMon Lync plugin pack: http://www.microsoft.com/en-us/download/details.aspx?id=22440

Lync 2013: Front end server start fails

One of my Lync 2013 FE did not start after update to August 2014 CU.

The error pointed to certificate:

 

Event Id: 14397:

A configured certificate could not be loaded from store. The serial number is attached for reference.

Extended Error Code: 0x800B0109(CERT_E_UNTRUSTEDROOT).

—————————————————————————————————

Event Id 14646:

A serious problem related to certificates is preventing Lync Server from functioning.

Unable to use the default outgoing certificate.
Error 0x800B0109(CERT_E_UNTRUSTEDROOT).
The certificate may have been deleted or may be invalid, or permissions are not set correctly.
Ensure that a valid certificate is present in the local computer certificate store. Also ensure that the server has sufficient privileges to access the store.

——————————————————————————————————

details page (for Event Id 14397) shows the certificate number. I tried to find it using PowerShell

Get-ChildItem -Path CERT: -Recurse | FT Subject, SerialNumber | FindStr <NUMBER FROM EVENT VIEWER>

It returned an empty string. So I rerun it without |findstr … and checked output. Naturally I saw one of cert number is similar to whatever was in event id  BUT

1. it was backward and

2. each two bytes were changed in place

It is confusing, eh? so I will try to give an example:

Number in Event viewer:    ABCDEFGH12

Certificate number: 12GHEFCDAB

After that I found the certificate in question – it is my pool cert which works just fine of my first FE server…

I checked the certificate using Cert MMS – it looked ok and fully trusted. Trusted root – GeoTrust Global CA was on its place.

Resolution: An intermediate certificate (GeoTrust SSL CA – G2) was not under “Intermediate Certification Authorities”. I copied it from my first server store to the second one and restarted the front-end on the second server. It started successfully this time.

SCCM 2012 R2: Migration from SCCM 2007 SP2

Wally Mead on SCCM migration video: http://vimeo.com/101353581

SCCM 2012 R2: OSD fails after upgrade

 

I upgraded SCCM 2012 SP1 CU2 to SCCM 2012 R2 CU2 and after that my OSD TS starts to fail with:

SNAGHTML161552

401 – Unsuccessful with context credentials. Retrying with supplied credentials.   …
Network access account credentials not supplied.

401 – Unsuccessful on all retries.

 

I tried to delete/re-create Network access account – no go

Add a new account to NAA list (SCCM 2012 R2 supports multiple NAA) – no go

Made minor changes to my boot image to force boot image rebuild – after redistribution on DP TS successfully started.

 

NOTE: if you use CD/USB media you need to recreate it!

SCCM 2012: ActiveSync Connector account configuration

Account used for SCCM Exchange Active Sync connector must have proper permissions on Exchange side. A script available to automate this task:

http://gallery.technet.microsoft.com/office/Configure-Exchange-cmdlet-c4f2affd

Office 2013: Fails when use File menu

I tried to open a file using Excel 2013 today – Excel is crashed.

Apparently Microsoft has a KB about that http://support.microsoft.com/kb/2987489/en-us?ibuckettable=1

Looks like July 8, 2014 update (http://support.microsoft.com/kb/2880987) is a culprit. The only workaround for now – uninstall the update!

Windows 8: Start Control Panel Applets from command line

Anoop Nair published a nice list of .cpl files you can use to start Control Panel applets from command line in his blog.

 

Syntax: control /name <Name Of the Applet>

 

Applets:

Applet Explanation
Control smscfgrc Command Line Shortcut to launch Configuration Manager SCCM Control Panel Applet
Control SMSRAP Command Line Shortcut to Launch Configuration Manager SCCM Run Advertised Programs (RAP) Canonical names of SCCM RAP
Control SMSPDM Command Line Shortcut to launch Configuration Manager SCCM Program Download Manager (PDM)
AppWiz.cpl Command Line  Shortcut for launching Add Remove Programs – Control Panel\All Control Panel Items\Programs and Features
BthProps.cpl Command Line Shortcut for launching Bluetooth Devices – Control Panel\All Control Panel Items\Devices and Printers\Bluetooth Devices
CollAb.cpl Command Line Shortcut to change your profile picture via People Near Me (Only for Windows 7 and below)
DESK.cpl Command Line Shortcut to change Control Panel\All Control Panel Items\Display\Screen Resolution
FireWall.cpl Command Line Shortcut to change Windows FireWall settings – Control Panel\All Control Panel Items\Windows Firewall
FlashPlayerCPLApp.cpl Command Line  Shortcut to Flash Player Settings Manager – It’s not working from Command prompt for me
HdwWiz.cpl Command Line Shortcut for launching Device Manager
Igfxcpl.CPL Command Line Shortcut to launch Intel Graphics and Media Control Panel
Inetcpl.CPL Command Line Shortcut to launch internet properties
Intl.CPL Command Line Shortcut to launch Regional Setting – Region and Language Setting – Location, Keyboards etc..

Irprops.CPL

Command Line  Shortcut to launch Infrared Port Properties

Joy.cpl

Shortcut to launch Game Controllers – Joystick Properties

Main.cpl Command Line Shortcut to launch Mouse properties
MLCFG32.CPL Command Line Shortcut to Launch Mail Setup – Outlook – It won’t work from command prompt as this CPL file is located at program files folder
mmsys.CPL Command Line Shortcut to launch Sound properties
ncpa.CPL Command Line Control Panel\All Control Panel Items\Network Connections – Shortcut to Network connections
powercfg.CPL Command Line Control Panel\All Control Panel Items\Power Options – Shortcut to launch Power Plan Configuration
RTSnMg64.CPL Command Line Shortcut to launch Realtek Audio Manager…. RTSnMg64.CPL‘ is not recognized as an internal or external command, operable program or batch file.
S32LUCP2.CPL Command Line Shortcut to Launch Symantec Live Update Configuration – it won’t get launched from from Default command prompt… ERROR message ‘S32LUCP2.cpl’ is not recognized as an internal or external command, operable program or batch file.

sapi.CPL

Command Line Shortcut to launch Speech Properties  – it won’t get launched from from Default command prompt

ERROR message ‘sapi.cpl’ is not recognized as an internal or external command, operable program or batch file.

sysdm.CPL Shortcut to launch System Properties
TabletPC.cpl Shortcut to launch Tablet PC -Pen, Touch, Handwriting and Flicks configurations
Telephon.CPL Shortcut to launch Location Information and telephone configuration in OLD times windows 8 1 windows 8 windows script sccm runbook  SCCM and Windows Command Line Shortcut to Launch Control Panel Tools Applets via CPL files
TimeDate.cpl Shortcut to launch Time and Date, Additional Clocks, Internet Time Configurations
Wscui.cpl Control Panel\All Control Panel Items\Action Center – Shortcut to launch Action Center
control /name Microsoft.BitLockerDriveEncryption Shortcut to the configuration of BIT Locker Encryption. Control Panel\All Control Panel Items\BitLocker Drive Encryption
control admintools Shortcut to launch Control Panel\All Control Panel Items\Administrative Tools
control /name Microsoft.AutoPlay Shortcut to launch Auto Play - Choose what happens when you insert each type of media or device – Control Panel\All Control Panel Items\AutoPlay
control /name Microsoft.ColorManagement Shortcut to launch color Management
control /name Microsoft.CredentialManager Shortcut to launch Credential Manager – This view and delete your logon information. – Control Panel\All Control Panel Items\Credential Manager
control /name Microsoft.DefaultPrograms Shortcut to Launch Default program – Choose the default programs which is used by Windows – Control Panel\All Control Panel Items\Default Programs
control printers Shortcut to launch printers – Control Panel\All Control Panel Items\Devices and Printers
control schedtasks Shortcut to launch Task Scheduler
control /name Microsoft.WindowsUpdate Shortcut Launch  Windows Update – Control Panel\All Control Panel Items\Windows Update

control userpasswords

Shortcut to launch User Account management – Control Panel\All Control Panel Items\User Accounts

in this post he also listed available snap-ins for MMC.

azman.MSC – Command Prompt Shortcut or canonical name to Launch Authorization Manager
certlm.msc – Command Prompt Shortcut or canonical name to Launch Certificates Manager for Local Computer or Machine
certmgr.MSC – Command Prompt Shortcut or canonical name to Launch Certificates Manager for Local User
comexp .msc-  Command Prompt Shortcut or canonical name to Launch Component Services (DCOM console),Event Viewer and Services

compmgmt.msc – Command Prompt Shortcut or canonical name to Launch Computer Management
devmgmt.msc – Command Prompt Shortcut or canonical name to Launch Device Manager

diskmgmt.msc – Command Prompt Shortcut or canonical name to Launch Disk Management

eventvwr –  Command Prompt Shortcut or canonical name to Launch Event Viewer

fsmgmt – Command Prompt Shortcut or canonical name to Manage Share Folders,Sessions and Open Files Sessions
gpedit  – Command Prompt Shortcut or canonical name to Launch Local Computer (Machine) Policy
lusrmgr.msc –  Command Prompt Shortcut or canonical name to Launch and Manage Local Users and Groups

NAPCLCFG.MSC – Command Prompt Shortcut or canonical name to Launch and Manage NAP Client Configuration
perfmon.MSC – Command Prompt Shortcut or canonical name to Launch and Manage Performance Monitor
printmanagementCommand Prompt Shortcut or canonical name to Launch and Manage Print Management

rsopCommand Prompt Shortcut or canonical name to Launch and Manage  RSOP Resultant Set Of Policies
secpolCommand Prompt Shortcut or canonical name to Launch and Manage Local Security Policy
services – Command Prompt Shortcut to or canonical name Launch and Manage local Services
taskschd – Command Prompt Shortcut or canonical name to Launch and Manage Task Scheduler
tpm –  Command Prompt Shortcut or canonical name to Launch and Manage Trusted Platform Module (TPM) Management
virtmgmt.msc -Command Prompt Shortcut or canonical name to Launch and Manage Virtual Machines using Hyper-V manager.
WF – Command Prompt Shortcut or canonical name to Launch and Manage Windows Firewall with Advanced Security.
WmiMgmtCommand Prompt Shortcut or canonical name to Launch and Manage Windows Management Instrumentation (WMI) management.

adsieditCommand Prompt Shortcut or canonical name to Launch and Manage Active Directory Services Interfaces (ADSI) Editor

AdRmsAdmin.mscCommand Prompt Shortcut or canonical name to Launch and Manage Active Directory Right Management Services (AD RMS).

CluAdmin.msc –  Command Prompt Shortcut or canonical name to Launch and Manage Cluster Manager

dfsmgmt.msc – Command Prompt Shortcut or canonical name to Launch and Manage DFS Management

domain.msc – Command Prompt Shortcut or canonical name to Launch and Manage Active Directory (AD) Domains and Trusts

dsa.msc – Command Prompt Shortcut or canonical name to Launch and Manage AD users and computers

dssite.msc –  Command Prompt Shortcut or canonical name to Launch and Manage AD Sites and Services

fsrm.msc – Command Prompt Shortcut or canonical name to Launch and Manage  File Server Resource Manager

gpmc.msc –  Command Prompt Shortcut or canonical name to Launch and Manage Group Policy Management

gpme.msc – Command Prompt Shortcut or canonical name to Launch and Manage Group Policy Objects

gptedit.msc – Command Prompt Shortcut or canonical name to Launch and Manage Group Policy Starter GPO Editor

HCSCFG.MSC – Command Prompt Shortcut or canonical name to Launch and Manage Health Registration Authority

nps.mscCommand Prompt Shortcut or canonical name to Launch and Manage Network Policy Server

pkiview.mscCommand Prompt Shortcut or canonical name to Launch and Manage Enterprise PKI

rrasmgmt.mscCommand Prompt Shortcut or canonical name to Launch and Manage Routing and Remote Access

tapimgmt.msc – Command Prompt Shortcut or canonical name to Launch and Manage Telephony

wbadmin.msc – Command Prompt Shortcut or canonical name to Launch and Manage Windows Server Backup WBADMIN

WdsMgmt.msc – Command Prompt Shortcut or canonical name to Launch and Manage Windows Deployment Services

winsmgmt.msc – Command Prompt Shortcut or canonical name to Launch and Manage WINs

wlbadmin.msc – Command Prompt Shortcut or canonical name to Launch and Manage Local Backup Console Root 

PKI: Enable SAN support on Microsoft CA after server migration.

 

I migrated my Lab Enterprise CA from Windows Server 2008 R2 to Windows Server 2012 R2. I tried in-place upgrade. Everything seemed to be fine until I tried to request a SAN certificate from it.

It looks like this feature was lost in migration and I needed to re-enable it using

certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2

command (one line).

 

Do NOT forget to restart the CA service – the commend makes changes in registry.

More information about SANs and why you may decide to not enable them in this Technet Article

Follow

Get every new post delivered to your Inbox.