Posts Tagged ‘2012’

Customer has 2012 DC’s with NPS and the Azure MFA extension for their Cisco Meraki Client VPN
All staff were not able to connect to the VPN from 8am. I have not found why it started at this time. Users before this were able to log in…
Event Viewer showed Unknown username or bad password in use.

The NPS MFA extension leads you down a path that isn’t correct (for me). Dont trust this.

Also dont trust the reason codes in the NPS logs
You may see reason code 21, <Reason-Code data_type=”0″>21</Reason-Code></Event> Further pointing to MFA extension issues.
Run with powershell and select option 1 to temporarily remove the MFA requirement and attempt a login to prove its not MFA.
New errors in NPS logs.
I was getting <Reason-Code data_type=”0″>16</Reason-Code> Not the most helpful and there are LOTS of results. But I found the below recent article which fixed it for me. 
I did apply these keys for all the domain controllers. But that might be overkill and unnecessary. The real fix is to get off server 2012.
This isn’t complete yet, after enabling MFA I now have TLS and cipher errors from the MFA plugin. 
But hopefully this will be an easy fix.

GD Star Rating
GD Star Rating
Install Desktop Experience for servers for disk cleanup.

# V2 admin check
If (-NOT ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator"))
    Write-Warning "Please run this script as an Administrator!"
    Exit 1

[version]$OSVersion = [Environment]::OSVersion.Version

#check OS version
If ($OSVersion -gt "6.2") {
#server 2012 and above
   Install-WindowsFeature -Name Desktop-Experience
} ElseIf ($OSVersion -gt "6.1") {
#server 2008r2 and above
    Add-WindowsFeature -Name Desktop-Experience
} ElseIf ($OSVersion -gt "6.0") {
#server 2008 and above
    servermanagercmd.exe -install Desktop-Experience
} Else {
    write-host 'What OS Is this?'
GD Star Rating
GD Star Rating

A Server 2012 R2 started getting VSS Writer Errors randomly in Veeam backup job. The server is running AADconnect which is set to autoupdate

A restart of the VSS SQL Writer which usually fixes this did not resolve the issue.

A look in the event log shows

A VSS writer has rejected an event with error 0x800423f4, The writer experienced a non-transient error. If the backup process is retried,
the error is likely to reoccur.
. Changes that the writer made to the writer components while handling the event will not be available to the requester. Check the event log for related events from the application hosting the VSS writer.

PrepareForSnapshot Event

Execution Context: Writer
Writer Class Id: {a65faa63-5ea8-4ebc-9dbd-a0c4db26912a}
Writer Name: SqlServerWriter
Writer Instance Name: SQL Server Code-Named ‘Denali’ CTP2:SQLWriter
Writer Instance ID: {6c73bfe9-f82f-4854-bec4-4382c314a583}
Command Line: “C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe”
Process ID: 4292

With some

SQLVDI: Loc=SignalAbort. Desc=Client initiates abort. ErrorCode=(0). Process=4292. Thread=3940. Client. Instance=LOCALDB#SHDA41B2. VD=Global\{9C831400-DE4D-4364-BA22-A8299CF545FC}4_SQLVDIMemoryName_0.

Looks like you need to download the SQL Fix from here :

Mirror Here :!3AZ3gK7I!kDPhnAlur4XtslKxGXwmbnLitJiwN9R6rK-z4Rh0N-s


**Update , fix does not seem to work

A repair on the SQL database and then run the below script

Looks like this might be an issue with AADcoonect



 ADSync launches an SQL Server Local DB under it’s own user account
– The User Profile Service thinks ADSync is no longer logged on, and unloads the registry
– SQL Server though still has handles to the registry, but they’re invalid now

Detailed explanation:

In short: Computer Configuration->Administrative Templates->System->User Profiles->Do not forcefully unload the user registry at user logoff

GD Star Rating
GD Star Rating