How to find Local Administrator Password Set in MDT

Research

Naviate to your DeploymentShare and Open up the Task Sequence in the Control Directory

C:\DeploymentShare\Control\TaskSequence1

Open 

Unattend.xml 

Search for AdministratorPassword in this file

You should see the password in plaintext

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

Research

Trying to diagnose an issue of a reason why an NPS server would not let a user in and come back with Access-Reject produces the following Reason in the event log

An NPS extension dynamic link library (DLL) that is installed on the NPS server rejected the connection request.

I recommend uninstalling the NPS Extension for Azure MFA Plugin 

Retrying the access which should give you some better reason in the event log e.g. The RADIUS request did not match any configured connection request policy (CRP).

Once this is fixed you can reinstall the Plugin and re-authenticate it

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

(“pwcount= + “1”) – Expression syntax error [ount= + “1^”), Offset 15]

Research

Recently I was trying to hide the password 2 field on a netscaler box due to Azure MFA Radius.

The netscaler was brining back the error : Expression syntax error [ount= + “1^”), Offset 15] 

It looks like there is syntax errors on guides online , the expression should be

 

(“pwcount”= + “1”)

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Http/1.1 Internal Server Error 43531

Research

Recently trying to setup a secondary virtual server for Citrix , on login the following prompt was displayed

Http/1.1 Internal Server Error 43531

Make sure your Virtual Server has session policies bounded : https://www.carlstalhood.com/category/netscaler/netscaler-12/netscaler-gateway-12/#bind

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Server 2008 R2 servers keep failing to install Windows Updates

Research

Microsoft changed the signing of update packages for Windows 7 and Windows Server 2008 R2 devices on the August 2019 Patch Day for the first time. The company signs packages only with SHA-2 since August 2019; it signed them with SHA-1 and SHA-2 previously but decided to drop SHA-1 because of known weaknesses.

 

To sort out this issue, install the following patches in order (ideally reboot after installing each) and then patch your servers successfully:

https://support.microsoft.com/en-us/help/4490628/servicing-stack-update-for-windows-7-sp1-and-windows-server-2008-r2

https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Policy’s to deploy in MDT ( Default start bar and file Assoc )

Research

File Association

FileAssoc.wsf

<job id="ZTIDefaultAssociations">
   <script language="VBScript" src="../../Scripts/ZTIUtility.vbs"/>
   <script language="VBScript">
' // ***************************************************************************
' // 
' // Copyright (c) Microsoft Corporation.  All rights reserved.
' // 
' // Microsoft Deployment Toolkit Solution Accelerator
' //
' // File:      ZTIDefaultAssociations.wsf
' // 
' // Version:   6.3.8443.1000
' // 
' // Purpose:   Use Dism to force apply start screen layout.
' // 
' // Usage:     cscript ZTIDefaultAssociations.wsf [/debug:true] [/UDI]
' // 
' // ***************************************************************************
Option Explicit
RunNewInstance
'//----------------------------------------------------------------------------
'//  Main Class
'//----------------------------------------------------------------------------
Class ZTIDefaultAssociations
  '//----------------------------------------------------------------------------
  '//  Main routine
  '//----------------------------------------------------------------------------
  Function Main
 
    '//----------------------------------------------------------------------------
    '//  Declare variables
    '//----------------------------------------------------------------------------
    Dim iRetVal
    iRetVal = Success
    '//----------------------------------------------------------------------------
    '//  Copying OEMDefaultAssociations.xml file
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copying OEMDefaultAssociations.xml to Windows\System32.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\OEMDefaultAssociations.xml", oEnv("WinDir") & "\System32\OEMDefaultAssociations.xml", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\fz-a2_specsheet.pdf", oEnv("SystemDrive") & "\Users\Public\Desktop\fz-a2_specsheet.pdf", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\fz-q2_specsheet.pdf", oEnv("SystemDrive") & "\Users\Public\Desktop\fz-q2_specsheet.pdf", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Toughbook.url", oEnv("SystemDrive") & "\Users\Public\Desktop\Toughbook.url", true
    '//----------------------------------------------------------------------------
    '//  Specify to use OEMDefaultAssociations via Registry
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Import DefaultAssociationsConfiguration Reg Key.", LogTypeInfo
    iRetVal = oUtility.RegWrite("HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System\DefaultAssociationsConfiguration", oEnv("WinDir") & "\System32\OEMDefaultAssociations.xml")
  End Function
End Class
    </script>
</job>

 

 

DefaultAssociations.xml

<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
  <Association Identifier=".3gp2" ProgId="WMP11.AssocFile.3G2" ApplicationName="Windows Media Player" />
  <Association Identifier=".acrobatsecuritysettings" ProgId="AcroExch.acrobatsecuritysettings" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".fdf" ProgId="AcroExch.FDFDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".htm" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".html" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".MP2" ProgId="WMP11.AssocFile.MP3" ApplicationName="Windows Media Player" />
  <Association Identifier=".mpeg" ProgId="WMP11.AssocFile.mpeg" ApplicationName="Windows Media Player" />
  <Association Identifier=".oxps" ProgId="Windows.XPSReachViewer" ApplicationName="XPS Viewer" />
  <Association Identifier=".pdf" ProgId="AcroExch.Document.DC" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".pdfxml" ProgId="AcroExch.pdfxml" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".pdx" ProgId="PDXFileType" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".shtml" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".tif" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows Photo Viewer" />
  <Association Identifier=".tiff" ProgId="PhotoViewer.FileAssoc.Tiff" ApplicationName="Windows Photo Viewer" />
  <Association Identifier=".txt" ProgId="txtfile" ApplicationName="Notepad" />
  <Association Identifier=".url" ProgId="IE.AssocFile.URL" ApplicationName="Internet Browser" />
  <Association Identifier=".webp" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".website" ProgId="IE.AssocFile.WEBSITE" ApplicationName="Internet Explorer" />
  <Association Identifier=".xdp" ProgId="AcroExch.XDPDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".xfdf" ProgId="AcroExch.XFDFDoc" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier=".xht" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".xhtml" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier=".xps" ProgId="Windows.XPSReachViewer" ApplicationName="XPS Viewer" />
  <Association Identifier="ACROBAT" ProgId="acrobat" ApplicationName="Adobe Acrobat Reader DC" />
  <Association Identifier="bingmaps" ProgId="AppXp9gkwccvk6fa6yyfq3tmsk8ws2nprk1p" ApplicationName="Maps" />
  <Association Identifier="FTP" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="http" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="https" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="IRC" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="mailto" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="MMS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="NEWS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="NNTP" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="SMS" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="SMSTO" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="TEL" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="URN" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
  <Association Identifier="WEBCAL" ProgId="ChromeHTML" ApplicationName="Google Chrome" />
</DefaultAssociations>

 

Start Menu Layout

<job id="ZTIStartLayoutConfig">
   <script language="VBScript" src="../../Scripts/ZTIUtility.vbs"/>
   <script language="VBScript">
' // ***************************************************************************
' // 
' // Copyright (c) Microsoft Corporation.  All rights reserved.
' // 
' // Microsoft Deployment Toolkit Solution Accelerator
' //
' // File:      ZTIStartLayoutConfig.wsf
' // 
' // Version:   6.3.8443.1000
' // 
' // Purpose:   Use Dism to force apply start screen layout.
' // 
' // Usage:     cscript ZTIStartLayoutConfig.wsf [/debug:true] [/UDI]
' // 
' // ***************************************************************************
Option Explicit
RunNewInstance
'//----------------------------------------------------------------------------
'//  Main Class
'//----------------------------------------------------------------------------
Class ZTIStartLayoutConfig
  '//----------------------------------------------------------------------------
  '//  Main routine
  '//----------------------------------------------------------------------------
  Function Main
    '//----------------------------------------------------------------------------
    '//  Declare variables
    '//----------------------------------------------------------------------------
    Dim iRetVal
    iRetVal = Success
    '//----------------------------------------------------------------------------
    '//  Copying StartLayout.xml file
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copying StartLayout.xml to Windows\System32.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\StartLayout.xml", oEnv("SystemDrive") & "\Windows\System32\StartLayout.xml", true
    '//----------------------------------------------------------------------------
    '//  Copy Desired lnk files to %ALLUSERSPROFILES%
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Copy Desired lnk files to %ALLUSERSPROFILES%.", LogTypeInfo
    oFileHandling.CopyFile oUtility.ScriptDir & "\File Explorer.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Internet Explorer.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk", true
    oFileHandling.CopyFile oUtility.ScriptDir & "\Google Chrome.lnk", oEnv("AllUsersProfile") & "\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk", true
    '//----------------------------------------------------------------------------
    '//  Apply start screen layout using Dism
    '//----------------------------------------------------------------------------
    oLogging.CreateEntry "Importing StartLayout.xml using Powershell's Import-StartLayout cmdlet.", LogTypeInfo
    iRetVal = oUtility.RunWithConsoleLogging("powershell.exe -ExecutionPolicy ByPass -Command ""Import-StartLayout -MountPath " & oEnv("SystemDrive") & "\ -LayoutPath " & oEnv("WinDir") & "\System32\StartLayout.xml""")
  End Function
End Class
    </script>
</job>

 

StartLayout.xml

 

<LayoutModificationTemplate
    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
    Version="1">
    <LayoutOptions StartTileGroupCellWidth="6" />
    <DefaultLayoutOverride>
        <StartLayoutCollection>
            <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
                <start:Group Name="Panasonic Apps" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout">
                    <start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />
                    <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
                </start:Group>
            </defaultlayout:StartLayout>
        </StartLayoutCollection>
    </DefaultLayoutOverride>
    <CustomTaskbarLayoutCollection PinListPlacement="Replace">
        <defaultlayout:TaskbarLayout>
            <taskbar:TaskbarPinList>
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk" />
                <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk" />
            </taskbar:TaskbarPinList>
        </defaultlayout:TaskbarLayout>
    </CustomTaskbarLayoutCollection>
</LayoutModificationTemplate>

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Updating VCenter : Cannot validate target appliance configuration as not enough information from the source appliance can be collected. For more details check out the server logs

Research

Trying to upgrade Vcenter 6.5 to 6.7 , The following error comes up

Cannot validate target appliance configuration as not enough information from the source appliance can be collected. For more details check out the server logs

Fix

SSH into new 6.7u1 applicance:

“software-packages install –url –acceptEulas”

and then

“shutdown reboot -r “patch reboot””

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Powershell Script to Export Exchange mailbox to smaller PST Chunks

Research

Powershell Script to Export Exchange mailboxes in 20GB PST allotments for upload to Mimecast

 

Import-Module activedirectory

$TargetUserName="jsmith"
$Useremail="jsmith@domain.com
$Location = "\\10.1.10.18\ArchiveExport\"

$FirstEmail = Get-MailboxFolderStatistics $TargetUserName -IncludeOldestAndNewestItems | ? {$_.OldestItemReceivedDate} | Sort-Object OldestItemReceivedDate | Select -ExpandProperty OldestItemReceivedDate -First 1
$FirstEmail = $FirstEmail.ToString("MM/dd/yyyy")

$finish = $FirstEmail

#The end date of when the last email wants to be exported , if using Mimecast this will be the date of enabling archiving
$startdate = Get-Date

$startofmonth = Get-Date $startdate -day 1 -hour 0 -minute 0 -second 0

$endofmonth = (($startofmonth).AddMonths(1).AddSeconds(-1))

$pstnumber = 1

do {
$startvalue = Get-Date -format d -Date $startofmonth

$endvalue = Get-Date -format d -Date $endofmonth

New-MailboxExportRequest $TargetUserName -ContentFilter "((Received -gt '$startofmonth') -and (Received -lt '$endofmonth'))" -FilePath $Location$Useremail".pst" -Confirm:$false

$ExportStats = Get-MailboxExportRequest -Mailbox $TargetUserName
$ExportStatus = $ExportStats.Status

Do{
Start-Sleep 10
$ExportStats = Get-MailboxExportRequest -Mailbox $TargetUserName
$ExportStatus = $ExportStats.Status
} while ($ExportStatus -eq "Queued" -or $ExportStatus -eq "InProgress")

Start-Sleep 30

Get-MailboxExportRequest -mailbox $targetusername -Status "Completed" | Remove-MailboxExportRequest -Confirm:$false

Start-Sleep 30

if((Get-Item $Location$useremail".pst").length -gt 20gb) {
Rename-Item $Location$Useremail”.PST” $Location$Useremail”.“$pstnumber”.PST”
$pstnumber++
}

$startofmonth = (($startofmonth).AddMonths(-1))

$endofmonth = (($startofmonth).AddMonths(1).AddSeconds(-1))

Start-Sleep 30

}

while ($startofmonth -ge $finish)
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Refresh Azure AD auth token

Research 

# Revoke tokens in Azure AD, existing application and browser windows with access token needs to be terminated to revoke the access token

Get-AzureADUser -SearchString user@domain.com | Revoke-AzureADUserAllRefreshToken

Set-User -Identity user@domain.com -AuthenticationPolicy "Allow Basic Auth for ActiveSync" -StsRefreshTokensValidFrom $([System.DateTime]::UtcNow) 

Set-User -Identity user@domain.com -AuthenticationPolicy "Disable Basic Auth" -StsRefreshTokensValidFrom $([System.DateTime]::UtcNow)
VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Mimecast Synchronization Engine : exchange mailbox validation failed, code: MailboxUnreacheable

Research

Recently trying to install the Mimecast mimecast synchronization engine on an Server with Exchange 2013 Machine , since Exchange 2013 ,

  1. Made sure impersonation was setup https://community.mimecast.com/docs/DOC-1734
  2. Made sure OWA was working with the Mailbox

Error exchange mailbox validation failed, code: MailboxUnreacheable

EWS restricts you running API requests locally by default.

Try running this software from another machine

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)