Domain Controller Status Unavailable

When running MMC with any AD management component inside it, and try to switch to another server you may notice sometimes the status shows “Unavailable”.

Most likely this is due to IPv6 not fully disabled, or not fully enabled (if you decide to run it), and you will need to update the registry value as per Microsoft article:

https://support.microsoft.com/en-us/help/929852/how-to-disable-ipv6-or-its-components-in-windows

HTH

Sample WMI Filters for GPO in AD

Hereafter listed few filters I keep using on my projects.

Almost every client I’ve worked with had these filters implemented in their Group Policy Console of Windows Active Directory.

So I keep it here for faster access, and easier than searching for it every time on different sites on the the web.

FILTER 1: Select DCs & Member Servers

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ OR ProductType=”2″

FILTER 2: Select Domain Controllers (DCs) Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”2″

FILTER 3: Select Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″

FILTER 4: Select Workstations Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”1″

FILTER 5: Select Win 2008 Member Servers Only

Namespace: root\CIMv2

Query: select * from Win32_OperatingSystem where ProductType=”3″ AND Version like “6.%”

What to Do? Exchange Server ContentIndexState Failed or Unknown with DAG

Yep, you’ve seen so many like this one, mostly they will suggest you to stop Exchange searching services, then delete the indexing folder (located inside the database folder) and then restart the searching services.

Well, that would work if you don’t have DAG.

Again, mostly you’ll find suggestions to use the update-mailboxdatabase with -catalogonly key

Yeah, that would work if any of the DAG members have a healthy catalog. Now what if all DAG members doesn’t have it?

You’ve two options, but both are risky and I have no responsibility what so ever happens to your data.

Option 1:

Remove one of the copies of the database from one DAG member

Delete the database folder copy from that member’s disk

Add the database copy again to the DAG member

Database index shows crawling for few hours, then healthy

Finally, you can use this new catalog to update other DAG members

Option 2 (have downtime):

Dismount all database copies on all DAG members

Shutdown Exchange searching services (two services) on all DAG members

Delete the catalog folder from all copies on all members

Restart Exchange searching services (two services) on all DAG members

All servers will start crawling

HTH

Import Using CSVDE with Unicode Switch Error

This is an old method, yeh I know. But not everyone moved on to the PowerShell yet.

Anyway, if you’re trying to import a CSV file to Active Directory, and got the error  message says:
Invalid file format. DN Attribute not defined

Just try to remove the Unicode switch “-u” from your command. If that works, then re-save (save as) the CSV file using Notepad, and make sure to select the unicode option, NOT the UTF-8

HTH some1

Reset Exchange Logs without Backup

USE THIS AT YOUR OWN RISK

You may come to a situation where the client is unable to use an Exchange aware backup solution, and for temporary situation, they cannot use the Windows backup. So basically you need to reset the Exchange LOGs without performing any actual backup.

This is applicable to Exch 2010 & 2013 on Windows 2008, 2008R2, 2012, and 2012R2
It works with single server, as well as DAG setups

Open elevated CMD

Run Diskshadow
Type “add volume E:”
(considering E: is the drive where LOG files exists)
Type “begin backup”
Type “create”
(This action will take some time, depending on the number of LOG files exist, and connection speed)
Type “end backup”

You should notice now the LOGs are being deleted

Make a full backup after this to protect the data

Cyberoam VLANs and Cisco Catalyst 500 Express

I can understand Cisco have a problem with Microsoft, but I don’t understand they have a problem with people.

The express switch is not express at all. The interface is extremely limited and annoying with the stupid restrictions they put on it.

I have no idea what happened, but the following scenario was working just fine for couple of weeks, then suddenly decided not to work anymore!!!!

Cyberoam firewall (FW) connected to the switch on trunk interface G1 defined as router type connection

FW is configured with subinterface for voice VLAN

FW running DHCP service for both default and voice VLANs to allow clients connects over VPN to our main office

Now, and for no obvious reason, the switch decided to not allow anyone on VLAN 2 (the voice VLAN) to communicate with IP Phones. Even when I’m configuring the port as “Server” role and set it on VLAN 2

CUCM LDAP Sync Stopped

First thing to check is the logs
Get into CLI of the callmanager (ssh) and check the files list:
file list activelog cm/trace/dirsync/log4j
then view the latest (by date) log file:
file view activelog cm/trace/dirsync/log4j/
Should the error be clear for verification and guide you in the right direction

RDP Error After Certificate Template Applied

Issue:
Remote Desktop connections fails to host after configuring RemoteDesktopCertificate template in your internal CA
You’ll have an error in the event log of the target machine like this:

The TLS protocol defined fatal error code is 40. The Windows SChannel error state is 1205

Most likely this is a Windows 8, 8.1, 2012, or 2012R2

If that is the case, you’ll have to delete the certificate from the system (the one issued for RDP template) and make sure it will NOT generate new one using the same template.

Then restart the machine (or you may try to restart Remote Desktop services only) and you should be able to login again.

If you’re looking for the reason behind it, then you’ll need to read more about the SHA algorithm and the updates pushed into Windows OS in latest versions.

I’d suggest you check this blog which has a nice topic about this subject: http://www.dotnetnoob.com/2013/10/hardening-windows-server-20082012-and.html

HTH

Dism Error 0x800f081f

Doesn’t really matter what feature you’re trying to enable, or which Windows OS you’re working on.
This error is common for those who have no Internet access, or slow connection and the offline (/source) key needed.
If you try to use the PowerShell to perform the same operation you’ll get a line in the log similar to this:
FIOReadFileIntoBuffer:(1415): The filename, directory name, or volume label syntax is incorrect

If you got such a thing, then most likely you have a file corruption on the disk. So try the following steps:

  1. chkdsk /r
  2. SFC /scannow

These commands will scan the disk and the system protected files. Then run the following for Dism cleaning:

  1. Dism /Online /Cleanup-Image /StartComponentCleanup
  2. Dism /Online /Cleanup-Image /RestoreHealth

After that you should be able to re-run the enablefeature command again without issues.

UPDATE: you may check article as it helped in other situation http://www.falconitservices.com/support/KB/Lists/Posts/Post.aspx?ID=101

HTH