RSS

Category Archives: Windows 2003

Microsoft – Troubleshooting Key Management Service (KMS) activation

Today I helped a colleague troubleshoot a couple of systems were unable to activate using Key Management Service (KMS). Basically for this situation it boiled down to this:

Determine for the KMS service

  1. Which server is hosting the KMS service.If an SRV record has been added for KMS DNS auto discovery, run from CMD: nslookup -type=srv _vlmcs._tcp
  2. If the server hosting the KMS is functioning correctly:
  • Check if the server is up and running.
  • Check if the “Software Protection” service (sppsvc) is running.
  • Verify if the KMS service is listening on port 1688: telnet localhost 1688
  • Verify the KMS status. Run from CMD: slmgr.vbs /dli
  • Verify if a KMS key is installed and activated.
  • Verify if the minimum threshold for activation is being met.
  • Verify if other clients are able to activate using KMS. Even though the output of “slmgr.vbs /dli” gives you an indication, you can use the “Volume Activation Management Tool” (VAMT) for more insight and functionality.
  • Verify that a VLK key is being used.

For clients that are not able to activate

  • Verify if the correct KMS server can be resolved correctly:
    nslookup -type=srv _vlmcs._tcp
  • Verify if the KMS can be contacted:
    telnet <KMS FQDN or IP> 1688

    •  If this is not the case, perform a traceroute to determine potential causes. Reasons could include:
      • No default gateway configured on the client to reach the KMS.
      • No route configured on the client to reach the KMS.
      • Firewall on the client is blocking the traffic.
      • Firewall on the server is blocking the traffic.
      • If it is a VM, the virtual network might be misconfigured.
      • Routing on the network is not correct.
      • Firewall on the network is blocking traffic.
  • Clear any previous (mis)configuration: slmgr.vbs /ckms
  • Attempt activation: slmgr.vbs /ckms

NOTE: If you have lots of systems where you need to clear configuration and then attempt activation, you can also perform slmgr.vbs on remote computers using:
slmgr.vbs TargetComputerName [username] [password] /parameter [options]

Additional information

If you haven’t been able to resolve the issue, you might want to take a look here:

 

Tags: , , , , , , , , , , , , , , , , , , ,

PowerShell – Cleaning folders containing temporary files

At the companies I’ve worked for , disk space on the system disk ran out on a regular basis for some systems and caused a lot of monitor calls. These kind of boring repetitive tasks are always the ones you want to automate.

So when I came across the great blog post “Weekend Scripter: Use PowerShell to Clean Out Temp Folders” on the “Hey, Scripting Guy! Blog”, I wanted to post it on my own blog as well. The blog post also describes the process of creating the script very well, which is very convenient for those who are relatively new to PowerShell to scripting and want to learn how to do it better.

If you want to take it even a step further, you could automate it even more. By example by automatically running the clean script when an event is generated that the disk is running out of space. You can configure this using by example:

Or you could use PowerShell remoting to do it on many systems at the same time. This could come in handy by example when after WSUS patching the content in “C:\Windows\SoftwareDistribution\Download” is not deleted automatically.

 

Tags: , , , , , , , , , , , , ,

PowerShell – Manage printers

At work a colleague of mine was looking to modify printer permissions on a Server 2008 R2 terminal server using PowerShell. And to be honest, it was more difficult to do than I had expected.

So naturally, I started looking if someone had already created a script for this same purpose and eventually I found this great script created by Vadims Podans:
PrinterUtils.ps1 / Functions for advanced printer management

By leveraging this script, permissions were easily modified by adding the following lines:
$name = “Printername”
Get-Printer “localhost” $name | Add-PrinterPermission “corp\Domain Users” 0 “print”
Get-Printer “localhost” $name | Remove-PrinterPermission “everyone”
Get-Printer “localhost” $name

My modified script can be found here: http://bjornhouben-web.sharepoint.com/Lists/Scripts/DispForm.aspx?ID=22

Be sure to check Vadims Podans website for other great resources: http://en-us.sysadmins.lv/

 

Tags: , , ,

Microsoft – Run programs and scripts under the local system user context

In the past I’ve had numerous occasions where I wanted to run a program or system to run under the local system user context. Most of them involved customers and application administrators that wanted to have a service or scheduled task configured. They often weren’t able to tell me if it was sufficient to run the service or scheduled task as local system or that a special service account would have to be created.

The issue I always ran into when I wanted to test this, is that you had to provide a password that you didn’t know if you wanted to use “Run As” with the local system account.

Recently I ran into the “Run As System” application. It enables you to start a program or run command and script under a local system account. It is UAC compatible, but it requires administrative privileges.

Another use of the “Run As System” application is if you want to access files or folders that are normally not accessible for users. This can come in handy when troubleshooting Offline Files. The tool might not work correctly with Windows Explorer though, so you should consider using other tools like Total Commander.

Other methods to run something as system can be found here.

For more tools and applications, take a look at my website: http://bjornhouben-web.sharepoint.com/Lists/Applications/Summary.aspx

 

Tags: , , , , , , , , , , , , , , , ,

Create Active Directory Visio diagram automatically using Active Directory Topology Diagrammer ADTD

One of the least favorite tasks of many administrators is to document. Good administrators also don’t want to manually do things when it can be automated. This is where Active Directory Topology Diagrammer (ADTD) can help to automate documenting your Active Directory environment.

Recently I have been working on a new Active Directory OU design and used the Active Directory Topology Diagrammer to create a Visio diagram for the AS-IS situation. I have to say it worked great. Keep in mind though that it will show the OUs and not any other containers.

Besides documenting AD OUs, the Active Directory Topology Diagrammer can document many other things as well. Take a look at the article “How To Use The Active Directory Topology Diagrammer” or play around with it yourself to see what it can do.

The tool can also be very helpful when:

  • You’re in a new environment and need to get a quick overview of the Active Directory.
  • When there’s no documentation available or when the available documentation is outdated.
  • When you’re auditing the quality of documentation.

For more tools, take a look at my website: http://bjornhouben-web.sharepoint.com/Lists/Applications/Summary.aspx

 

Tags: , , , , , , , , , , , , , , ,

PowerShell – Video, presentation and script downloads from the PowerShell Summit 2013 North America

The PowerShell Summit took place in North America in April and many of the prominent PowerShell people were there. And from what I read there were a lot of great presentations.

The PowerShell Summit 2013 North America conference schedule can be found here. Thanks to Don Jones and PowerShell.org (most of) these sessions are available for download: http://powershell.org/wp/2013/04/22/summit-downloads/

Videos are available here:
http://powershell.org/wp/2013/05/07/powershell-summit-videos/

So even if you weren’t able to attend, you can still learn from their presentations. Or if you did attend, you can review them again.

 

Tags: , , , , , , , , , , , , ,

Microsoft – Resources to get more familiar with Active Directory Federation Services (ADFS)

Nowadays more and more work, communication and collaboration involves multiple external parties. This can involve by example employees, customers, partners, suppliers, cloud providers/platforms/applications.

This means it is becoming increasingly important to have proper authentication and authorization methods in place for single sign on (SSO) so users can be more productive. Besides the ease-of-use It can also lead to better security.

Microsoft’s Active Directory Federation Services (ADFS) will make this possible. For more information on ADFS, here are some resources. Keep in mind though that while some information may be outdated, it will give you a broad idea of the concept and the inner workings. The current version of ADFS in Windows Server 2012 is 2.1 , while Windows Server 2008 uses 2.0

PS: Microsoft is moving more and more towards claims based authentication. Examples include Windows Server 2012 Dynamic Access Control and also SharePoint 2013 that has switched to claims based authentication by default now.

If you have some other resources that might be useful, please let me know so I can add them as well.

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

 
%d bloggers like this: