RSS

Category Archives: Windows 2008

Microsoft – Troubleshooting Key Management Service (KMS) activation

Today I helped a colleague troubleshoot a couple of systems were unable to activate using Key Management Service (KMS). Basically for this situation it boiled down to this:

Determine for the KMS service

  1. Which server is hosting the KMS service.If an SRV record has been added for KMS DNS auto discovery, run from CMD: nslookup -type=srv _vlmcs._tcp
  2. If the server hosting the KMS is functioning correctly:
  • Check if the server is up and running.
  • Check if the “Software Protection” service (sppsvc) is running.
  • Verify if the KMS service is listening on port 1688: telnet localhost 1688
  • Verify the KMS status. Run from CMD: slmgr.vbs /dli
  • Verify if a KMS key is installed and activated.
  • Verify if the minimum threshold for activation is being met.
  • Verify if other clients are able to activate using KMS. Even though the output of “slmgr.vbs /dli” gives you an indication, you can use the “Volume Activation Management Tool” (VAMT) for more insight and functionality.
  • Verify that a VLK key is being used.

For clients that are not able to activate

  • Verify if the correct KMS server can be resolved correctly:
    nslookup -type=srv _vlmcs._tcp
  • Verify if the KMS can be contacted:
    telnet <KMS FQDN or IP> 1688

    •  If this is not the case, perform a traceroute to determine potential causes. Reasons could include:
      • No default gateway configured on the client to reach the KMS.
      • No route configured on the client to reach the KMS.
      • Firewall on the client is blocking the traffic.
      • Firewall on the server is blocking the traffic.
      • If it is a VM, the virtual network might be misconfigured.
      • Routing on the network is not correct.
      • Firewall on the network is blocking traffic.
  • Clear any previous (mis)configuration: slmgr.vbs /ckms
  • Attempt activation: slmgr.vbs /ckms

NOTE: If you have lots of systems where you need to clear configuration and then attempt activation, you can also perform slmgr.vbs on remote computers using:
slmgr.vbs TargetComputerName [username] [password] /parameter [options]

Additional information

If you haven’t been able to resolve the issue, you might want to take a look here:

Advertisements
 

Tags: , , , , , , , , , , , , , , , , , , ,

PowerShell – Cleaning folders containing temporary files

At the companies I’ve worked for , disk space on the system disk ran out on a regular basis for some systems and caused a lot of monitor calls. These kind of boring repetitive tasks are always the ones you want to automate.

So when I came across the great blog post “Weekend Scripter: Use PowerShell to Clean Out Temp Folders” on the “Hey, Scripting Guy! Blog”, I wanted to post it on my own blog as well. The blog post also describes the process of creating the script very well, which is very convenient for those who are relatively new to PowerShell to scripting and want to learn how to do it better.

If you want to take it even a step further, you could automate it even more. By example by automatically running the clean script when an event is generated that the disk is running out of space. You can configure this using by example:

Or you could use PowerShell remoting to do it on many systems at the same time. This could come in handy by example when after WSUS patching the content in “C:\Windows\SoftwareDistribution\Download” is not deleted automatically.

 

Tags: , , , , , , , , , , , , ,

PowerShell – Manage printers

At work a colleague of mine was looking to modify printer permissions on a Server 2008 R2 terminal server using PowerShell. And to be honest, it was more difficult to do than I had expected.

So naturally, I started looking if someone had already created a script for this same purpose and eventually I found this great script created by Vadims Podans:
PrinterUtils.ps1 / Functions for advanced printer management

By leveraging this script, permissions were easily modified by adding the following lines:
$name = “Printername”
Get-Printer “localhost” $name | Add-PrinterPermission “corp\Domain Users” 0 “print”
Get-Printer “localhost” $name | Remove-PrinterPermission “everyone”
Get-Printer “localhost” $name

My modified script can be found here: http://bjornhouben-web.sharepoint.com/Lists/Scripts/DispForm.aspx?ID=22

Be sure to check Vadims Podans website for other great resources: http://en-us.sysadmins.lv/

 

Tags: , , ,

Microsoft – Run programs and scripts under the local system user context

In the past I’ve had numerous occasions where I wanted to run a program or system to run under the local system user context. Most of them involved customers and application administrators that wanted to have a service or scheduled task configured. They often weren’t able to tell me if it was sufficient to run the service or scheduled task as local system or that a special service account would have to be created.

The issue I always ran into when I wanted to test this, is that you had to provide a password that you didn’t know if you wanted to use “Run As” with the local system account.

Recently I ran into the “Run As System” application. It enables you to start a program or run command and script under a local system account. It is UAC compatible, but it requires administrative privileges.

Another use of the “Run As System” application is if you want to access files or folders that are normally not accessible for users. This can come in handy when troubleshooting Offline Files. The tool might not work correctly with Windows Explorer though, so you should consider using other tools like Total Commander.

Other methods to run something as system can be found here.

For more tools and applications, take a look at my website: http://bjornhouben-web.sharepoint.com/Lists/Applications/Summary.aspx

 

Tags: , , , , , , , , , , , , , , , ,

Create Active Directory Visio diagram automatically using Active Directory Topology Diagrammer ADTD

One of the least favorite tasks of many administrators is to document. Good administrators also don’t want to manually do things when it can be automated. This is where Active Directory Topology Diagrammer (ADTD) can help to automate documenting your Active Directory environment.

Recently I have been working on a new Active Directory OU design and used the Active Directory Topology Diagrammer to create a Visio diagram for the AS-IS situation. I have to say it worked great. Keep in mind though that it will show the OUs and not any other containers.

Besides documenting AD OUs, the Active Directory Topology Diagrammer can document many other things as well. Take a look at the article “How To Use The Active Directory Topology Diagrammer” or play around with it yourself to see what it can do.

The tool can also be very helpful when:

  • You’re in a new environment and need to get a quick overview of the Active Directory.
  • When there’s no documentation available or when the available documentation is outdated.
  • When you’re auditing the quality of documentation.

For more tools, take a look at my website: http://bjornhouben-web.sharepoint.com/Lists/Applications/Summary.aspx

 

Tags: , , , , , , , , , , , , , , ,

PowerShell – Video, presentation and script downloads from the PowerShell Summit 2013 North America

The PowerShell Summit took place in North America in April and many of the prominent PowerShell people were there. And from what I read there were a lot of great presentations.

The PowerShell Summit 2013 North America conference schedule can be found here. Thanks to Don Jones and PowerShell.org (most of) these sessions are available for download: http://powershell.org/wp/2013/04/22/summit-downloads/

Videos are available here:
http://powershell.org/wp/2013/05/07/powershell-summit-videos/

So even if you weren’t able to attend, you can still learn from their presentations. Or if you did attend, you can review them again.

 

Tags: , , , , , , , , , , , , ,

PowerShell – Get-GroupMemberships

This script determines the group membership of Active Directory users.

In this case, some users are member of multiple functional groups (groupname “*-core”), while the design assumes a user can only be a member a single functional group. This script helps determine the functional groups they are a member of.

Especially with a large number of users, scripting will save you a lot of time.

 

Tags: , , , , , , , , , , , , , ,

 
%d bloggers like this: