Today I helped a colleague troubleshoot a couple of systems were unable to activate using Key Management Service (KMS). Basically for this situation it boiled down to this:
Determine for the KMS service
- Which server is hosting the KMS service.If an SRV record has been added for KMS DNS auto discovery, run from CMD: nslookup -type=srv _vlmcs._tcp
- If the server hosting the KMS is functioning correctly:
- Check if the server is up and running.
- Check if the “Software Protection” service (sppsvc) is running.
- Verify if the KMS service is listening on port 1688: telnet localhost 1688
- Verify the KMS status. Run from CMD: slmgr.vbs /dli
- Verify if a KMS key is installed and activated.
- Verify if the minimum threshold for activation is being met.
- Verify if other clients are able to activate using KMS. Even though the output of “slmgr.vbs /dli” gives you an indication, you can use the “Volume Activation Management Tool” (VAMT) for more insight and functionality.
- Verify that a VLK key is being used.
For clients that are not able to activate
- Verify if the correct KMS server can be resolved correctly:
nslookup -type=srv _vlmcs._tcp
- Verify if the KMS can be contacted:
telnet <KMS FQDN or IP> 1688
- If this is not the case, perform a traceroute to determine potential causes. Reasons could include:
- No default gateway configured on the client to reach the KMS.
- No route configured on the client to reach the KMS.
- Firewall on the client is blocking the traffic.
- Firewall on the server is blocking the traffic.
- If it is a VM, the virtual network might be misconfigured.
- Routing on the network is not correct.
- Firewall on the network is blocking traffic.
- Clear any previous (mis)configuration: slmgr.vbs /ckms
- Attempt activation: slmgr.vbs /ckms
NOTE: If you have lots of systems where you need to clear configuration and then attempt activation, you can also perform slmgr.vbs on remote computers using:
slmgr.vbs TargetComputerName [username] [password] /parameter [options]
Additional information
If you haven’t been able to resolve the issue, you might want to take a look here:
Like this:
Like Loading...
Tags: 1688, CMD, command, command prompt, DNS, ICT, Key Management Server, Key Management Service, Key Management Services, KMS, Microsoft, nslookup, Office, slmgr, slmgr.vbs, VAMT, Volume Activation Management Tool, Windows, _vlmcs, _vlmcs._tcp
At the companies I’ve worked for , disk space on the system disk ran out on a regular basis for some systems and caused a lot of monitor calls. These kind of boring repetitive tasks are always the ones you want to automate.
So when I came across the great blog post “Weekend Scripter: Use PowerShell to Clean Out Temp Folders” on the “Hey, Scripting Guy! Blog”, I wanted to post it on my own blog as well. The blog post also describes the process of creating the script very well, which is very convenient for those who are relatively new to PowerShell to scripting and want to learn how to do it better.
If you want to take it even a step further, you could automate it even more. By example by automatically running the clean script when an event is generated that the disk is running out of space. You can configure this using by example:
Or you could use PowerShell remoting to do it on many systems at the same time. This could come in handy by example when after WSUS patching the content in “C:\Windows\SoftwareDistribution\Download” is not deleted automatically.
Like this:
Like Loading...
Tags: automation, clean, disk full, disk running out of space, disk space, Event, Powershell, SCOM, Script, Scripting, System Center Configuration Manager, temp, temporary, temporary files
At work a colleague of mine was looking to modify printer permissions on a Server 2008 R2 terminal server using PowerShell. And to be honest, it was more difficult to do than I had expected.
So naturally, I started looking if someone had already created a script for this same purpose and eventually I found this great script created by Vadims Podans:
PrinterUtils.ps1 / Functions for advanced printer management
By leveraging this script, permissions were easily modified by adding the following lines:
$name = “Printername”
Get-Printer “localhost” $name | Add-PrinterPermission “corp\Domain Users” 0 “print”
Get-Printer “localhost” $name | Remove-PrinterPermission “everyone”
Get-Printer “localhost” $name
My modified script can be found here: http://bjornhouben-web.sharepoint.com/Lists/Scripts/DispForm.aspx?ID=22
Be sure to check Vadims Podans website for other great resources: http://en-us.sysadmins.lv/
Like this:
Like Loading...
Tags: management, Powershell, printer, printers
In the past I’ve had numerous occasions where I wanted to run a program or system to run under the local system user context. Most of them involved customers and application administrators that wanted to have a service or scheduled task configured. They often weren’t able to tell me if it was sufficient to run the service or scheduled task as local system or that a special service account would have to be created.
The issue I always ran into when I wanted to test this, is that you had to provide a password that you didn’t know if you wanted to use “Run As” with the local system account.
Recently I ran into the “Run As System” application. It enables you to start a program or run command and script under a local system account. It is UAC compatible, but it requires administrative privileges.
Another use of the “Run As System” application is if you want to access files or folders that are normally not accessible for users. This can come in handy when troubleshooting Offline Files. The tool might not work correctly with Windows Explorer though, so you should consider using other tools like Total Commander.
Other methods to run something as system can be found here.
For more tools and applications, take a look at my website: http://bjornhouben-web.sharepoint.com/Lists/Applications/Summary.aspx
Like this:
Like Loading...
Tags: application, Explorer, File Explorer, ICT, local system, local system user context, Microsoft, offline files, Permissions, Run as System, scheduled task, Script, system, system user, tool, Total Commander, Windows Explorer
One of the least favorite tasks of many administrators is to document. Good administrators also don’t want to manually do things when it can be automated. This is where Active Directory Topology Diagrammer (ADTD) can help to automate documenting your Active Directory environment.
Recently I have been working on a new Active Directory OU design and used the Active Directory Topology Diagrammer to create a Visio diagram for the AS-IS situation. I have to say it worked great. Keep in mind though that it will show the OUs and not any other containers.
Besides documenting AD OUs, the Active Directory Topology Diagrammer can document many other things as well. Take a look at the article “How To Use The Active Directory Topology Diagrammer” or play around with it yourself to see what it can do.
The tool can also be very helpful when:
- You’re in a new environment and need to get a quick overview of the Active Directory.
- When there’s no documentation available or when the available documentation is outdated.
- When you’re auditing the quality of documentation.
For more tools, take a look at my website: http://bjornhouben-web.sharepoint.com/Lists/Applications/Summary.aspx
Like this:
Like Loading...
Tags: Active Directory, Active Directory Topology Diagrammer, AD, ADTD, automate, automation, Diagram, document, document active directory, document AD, documentation, Microsoft, tool, Visio, Windows, Windows Server
The PowerShell Summit took place in North America in April and many of the prominent PowerShell people were there. And from what I read there were a lot of great presentations.
The PowerShell Summit 2013 North America conference schedule can be found here. Thanks to Don Jones and PowerShell.org (most of) these sessions are available for download: http://powershell.org/wp/2013/04/22/summit-downloads/
Videos are available here:
http://powershell.org/wp/2013/05/07/powershell-summit-videos/
So even if you weren’t able to attend, you can still learn from their presentations. Or if you did attend, you can review them again.
Like this:
Like Loading...
Tags: conference, conference schedule, Don Jones, download, downloads, North America, Powershell, PowerShell Summit, PowerShell Summit 2013, PowerShell Summit 2013 North America, PowerShell.org, schedule, session, sessions
Nowadays more and more work, communication and collaboration involves multiple external parties. This can involve by example employees, customers, partners, suppliers, cloud providers/platforms/applications.
This means it is becoming increasingly important to have proper authentication and authorization methods in place for single sign on (SSO) so users can be more productive. Besides the ease-of-use It can also lead to better security.
Microsoft’s Active Directory Federation Services (ADFS) will make this possible. For more information on ADFS, here are some resources. Keep in mind though that while some information may be outdated, it will give you a broad idea of the concept and the inner workings. The current version of ADFS in Windows Server 2012 is 2.1 , while Windows Server 2008 uses 2.0
PS: Microsoft is moving more and more towards claims based authentication. Examples include Windows Server 2012 Dynamic Access Control and also SharePoint 2013 that has switched to claims based authentication by default now.
If you have some other resources that might be useful, please let me know so I can add them as well.
Like this:
Like Loading...
Tags: Access control, Active Directory, Active Directory Federation Services, ADFS, ADFS 2.0, ADFS 2.1, authentication, authorization, Azure, Cloud, configure, configuring, Deploy, deploying, Dynamic Access Control, federated identity, ForeFront UAG, IAAS, ICT, jump start, Microsoft, Microsoft Intune, Office 365, PKI, plan, security, Sharepoint, Sharepoint online, singe-sign-on, Single Sign On, SSO, Technet, Threat Management Gateway, TMG, UAG, Universal Access Gateway, virtual lab, Windows Azure, Windows Server 2008, Windows Server 2012
A friend of mine who is still a student has been building his own VMware lab environment for some time now. Yesterday he contacted me that he couldn’t get the “VMware VirtualCenter Server service” to start anymore.
The log showed: EventID 7021 “The VMware VirtualCenter Server service terminated with service-specific error 2 (0×2).”
A quick google search however showed that many things could be causing this error. Because it was a lab environment, I wanted to upgrade the virtual center to the latest version. Before doing so, I took a look at the VMware blog post covering the latest update 5.1.0B. In the readme it said:
“SSO service dependency on MS SQL
When SSO is installed with local Microsoft SQL Server, the services must start in a specific order.
SSO must start after SQL Server starts. If SSO starts before SQL Server starts, restart the SSO
server after SQL server starts.”
Doing so resolved the issue. To prevent the issue from re-occurring, I made the SSO service dependent on the SQL service.
I don’t understand why this is not part of the automated installation process though 😦
Like this:
Like Loading...
Tags: dependency, ICT, Microsoft, MS SQL, MSSQL, service, SQL Server, SSO, The VMware VirtualCenter Server service terminated with service-specific error 2 (0×2), virtual center, virtualcenter, virtualization, VMware, VMware Virtual Center, VMware virtualcenter, VMware VirtualCenter Server service, VMware vSphere, vSphere, Windows
Microsoft has released the Security Compliance Manager 3.0 (SCM). This version includes support for Windows Server 2012, Windows 8, and Internet Explorer 10.
SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and Microsoft System Center Configuration Manager. It provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.
Basically in SCM 3.0 you can use predefined baselines, customize them or create completely new ones. Then you can export it from SCM 3.0 and apply it using an Active Directory GPO. To do this, create a new GPO in Group Policy Management, right click the GPO, import settings and complete the wizard.
You can also export existing GPO and then import it into SCM 3.0 and compare the differences.
Like this:
Like Loading...
Tags: Active Directory, AD, best practice, ConfigMgr, DCM configuration, GPO, Internet Explorer 10, policies, policy, Private Cloud, SCCM, SCM, SCM 3.0, Security Compliance Manager, Security Compliance Manager 3.0, settings, System Center Configuration Manager, System Center Configuration Manager 2007, System Center Configuration Manager 2012, Windows, Windows 8, Windows Server 2012
For those who are unfamiliar with Desktop Virtualization, Train Signal is providing a free video series “Intro To Desktop Virtualization on YouTube.
Be sure to check out these websites and twitter accounts as well if you want to keep track of what Train Signal is doing:
http://www.trainsignal.com
@TrainSignal
@davidmdavis
Like this:
Like Loading...
Tags: desktop, infrastructure, Microsoft, train signal, Training, Training Videos, trainsignal, VDI, videos, Virtual Desktop Infrastructure, virtualization, VMware, Youtube
blog.bjornhouben.com 