Author Archives: krylon

Windows Server 2016 Stuck at 0% Windows Updates

New install of Windows Server 2016 (build 14393.447 from ISO SW_DVD9_Win_Svr_STD_Core_and_DataCtr_Core_2016_64Bit_English_-3_MLF_X21-30350 with no updates) had an issue where Windows Updates would hang / freeze indefinitely at 0% progress.  When Windows Update ran it would briefly flash a list of updates that were available before disappearing. Then it would simply state “Updates are available” with a progress of 0%.  Also the folder C:\Windows\SoftwareDistribution was roughly 500MB in size.  The solution was to re-enable the Windows Firewall which had been disabled immediately after the initial install and prior to running Windows Update for the first time. After enabling Windows Firewall, restart the Windows Update service (in services.msc) and then have Windows check for updates again.

Windows Server 2016 Activation Error

Attempting to activate / convert an evaluation copy of Windows Server 2016 (specific build 14393.rs1_release.161220-1747) to the full version using a valid retail key, resulted in the following error:

This edition cannot be upgraded.

A solution is to perform the activation via console with the following command:

Dism /online /Set-Edition:<Edition> /AcceptEula /ProductKey:<ProductKey>

where <Edition> is either ServerDatacenter or ServerStandard and <ProductKey> is your product key with dashes.

The Deployment Image Servicing and Management tool may indicate that it has finished installing product key, but then hang at 10.0% on the next step:

Removing package Microsoft-Windows-Server.....

If after 30 minutes it has not progressed – cancel the entire process, then repeat the same steps and it should go through the second time.

Windows Server 2016 Remote Desktop Connection Fails

Brand new install of Windows 2016 Server Evaluation without any updates installed, specific build 14393.rs1_release.161220-1747 (also 14393.447)  Attempting to remote desktop to the server from a Windows 10 client resulted in an error:

An authentication error has occurred.
The function requested is not supported
Remote computer:
x.x.x.x
This could be due to CredSSP encryption oracle remediation. For more information, see https://go.microsoft.com/fwlink/?linkid=866660

Note: For Windows 7 clients, the last line above in red color will be omitted from the error message.

This happened for both Datacenter and Standard installs of the same build. The fix is to simply install all available updates from Windows Update, rebooting in between as necessary. After all updates have been installed, try the remote connection again.

Installing Logitech QuickCam 4000 in Windows 7

QuickCam 4000 shows up as “Unknown device” in Windows 7 Device Manager
(USB\VID_046D&PID_08B2)

Download the 64-bit driver from Logitech
ftp://ftp.logitech.com/pub/techsupport/quickcam/qc1051enu_x64.exe

Unpack this .exe file to a folder using 7zip, WinRAR, etc.

In Device Manager right click the device, update driver, Browse my computer and point it to this folder containing the unpacked files.

Disable “Debug the program” After Application Crash in Windows Server 2012 R2

Group Policy options will let you disable the button for error reporting to Microsoft (Check online for a solution and close the program) but there is no option in Group Policy to disable the debugging button. To disable the “Debug the program” button that is shown in the Windows Problem Reporting window after a program crashes, there are two registry entries that must be modified. One controls it for 64-bit program crashes and the other for 32-bit program crashes:

64-bit
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug]

32-bit
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\AeDebug]

Under each of these keys, you will see a string titled Debugger.  Rename it (e.g., Debugger.bak) and the debug button will no longer show up.

 

Windows Update Code 780 for Two Office 2010 Updates

Strange issue with Windows Update occurred. In this case Windows Server 2012 R2 was trying to install 2 updates for Office 2010 but was failing.

KB4461579 failed with Code 780
KB2553332 failed with Code 780

First it turned out that a 64-bit version of Microsoft Access database engine 2010 had managed to get installed which does not play nice with 32-bit versions of MS Office on the same machine.  The 64-bit engine was uninstalled and then replaced with the 32-bit version.  When the 64-bit version was uninstalled, it also removed the 64-bit version of the Office Source Engine service from the system that was showing up in services.msc. However after this change, the 2 Windows updates listed above were still failing.

Also installed on the system was Microsoft Access 2010 Runtime.  Within Programs and Features of the Control Panel, performing a Change->Repair option on it completed fine, but wanted a reboot.  After rebooting, the two Windows updates listed above were then able to complete successfully.

MemTest86 Freeze After Test 0

Background information:  swapped out a CPU during an upgrade (old CPU DDR3-1333, new CPU DDR3-1600).
After that the system was booted using an Ubuntu Live CD without any obvious problems, but ESXi installer was crashing with Pink Screen of Death (PSOD). Next step was to test with MemTest86 (in this case V8.1 build 1000). The system would repeatedly freeze on Test 0 [Address test, walking ones, 1 CPU] with no errors reported. To fix, all that was needed was a CMOS / BIOS reset (to defaults). After that MemTest86 and ESXi installers ran through without any problems.

Ubuntu Guest VM Random Freezing Lockups on ESXi 6.5

Ubuntu Server 17.10 was randomly freezing / locking up after periods of time, even if left idle.  The solution for this VM was to change the type of network adapter assigned to the guest. By default, ESXi 6.5 will assign an adapter type of VMXNET 3 for a new guest VM. Switching it to E1000 in the VM settings seems to have resolved the problem.

If running Ubuntu Server you may need to perform the following steps to enable the new adapter after changing the adapter type for the VM:

First get a list of all adapters currently detected. Make note of the interface name (e.g., abc12)

Then enable the interface using the interface name recorded above

Then enable DHCP client for the interface

You can now check if the system has obtained an IP address by using the following command:

To make this change permanent so that it persists with every reboot follow these steps:

Edit the following file:
/etc/network/interfaces

Then add the following lines. They may already be present referencing the old adapter name so you can simply update the name of the adapter.

 

Steps to Downgrade MongoDB on Ubuntu (for UniFi Controller)

This is an example for downgrading from MongoDB version 3.6 to version 3.4 in Ubuntu 18.04 LTS, but it can be adapted for any combination of versions.

Remove old versions. Since this was done for a compatibility issue with UniFI Controller, the first step is optional

Install MongoDB v3.4 Community Edition using the guide below. They also provide guides specific to other versions that you may need.
https://docs.mongodb.com/v3.4/tutorial/install-mongodb-on-ubuntu/

If you are doing this for UniFi Controller (optional), download latest controller package for Ubuntu
https://www.ubnt.com/download/unifi#

Install it (optional)

Fix any broken packages

 

 

Restore Default Certificate Deployment Level for RemoteApp (Windows Server 2012 R2)

This guide details how to change the certificate deployment level of a Windows Server 2012 R2 RD system from “Trusted” back to the default configuration of “Not Configured.”    The main problem is that the Windows GUI does not allow you to simply delete the trusted certificate and reset it back to the default “Not Configured” state for the deployment certificate level. Instead the GUI will only let you choose a different certificate (whether trusted or self signed). The steps below will get around this limitation and allow you to reset the deployment level.

First set of steps are to delete any existing Remote Desktop certificates and have Windows generate a new one automatically:

  1. Launch mmc.exe on the 2012 R2 server
  2. Choose File-Add/Remove Snap in
  3. Add Certificates -> choose Computer account -> then Local computer. Click OK.
  4. On left hand side browse to Remote Desktop folder -> Certificates folder
  5. Delete all certificates
  6. Launch services.msc
  7. Restart Remote Desktop Configuration service
  8. In Event Viewer – System, you should see a notification that a new self signed certificate was created
  9. Go back to mmc.exe and at the top choose Action-Refresh.
  10. Confirm new certificate is shown in Remote Desktop folder -> Certificates folder
  11. Close mmc.exe. Choose No if it prompts to save.

The next set of steps are to change the deployment level:

There is one registry key that needs to be modified:

fHasCertificate – REG_DWORD set to a value of 0

Under this same key there is also a CertificateHash – REG_BINARY that contains thumbprint of the old certificate. It can probably be deleted but I have left it in place until it causes a problem.

There is a second key at the following location

with a key titled CertExpiryTracking and under it a key with a title equal to the old certificate thumbprint with a LastPeriodLogged REG_DWORD decimal value of 15.  The entire CertExpiryTracking key can probably be deleted but I have left it in place until it causes a problem.

Now you will need to connect to the Windows Internal Database:

  1. Download and install Microsoft SQL Server Management Studio (SSMS) v17 or higher
  2. Launch SSMS
  3. Connect to internal database using this server name:
    \\.\pipe\MICROSOFT##WID\tsql\query
  4. Navigate to Databases -> RDCms -> and select rds.DeploymentSetting
  5. Right click on it then choose Edit Top 200 Rows
  6. Rename the following items:
    1. RedirectorCertificate – > RedirectorCertificate.bak
    2. PublishingCertificate -> PublishingCertificate.bak
    3. DeploymentCertificateHash -> DeploymentCertificateHash.bak
    4. WebAccessCertificate -> WebAccessCertificate.bak
  7. Close SSMS
  8. Close and reopen any Server Manager windows. Then go back and check that deployment certificate level is now showing as Not Configured.

Also if you were using a trusted certificate in IIS you may need to change the certificate for RDWeb by following these steps:

  1. Launch IIS Manager
  2. Right click Default Web Site, choose Edit Bindings
  3. Select https, click Edit
  4. Choose the appropriate SSL certificate in the dropdown list
  5. Restart IIS