Server

DirectAccess IP-HTTPS Error 0x2af9

Posted by robd on October 26, 2017
Direct Access, powershell, Server / No Comments

My Windows 10 client wouldn’t connect to our Direct Access severs today, kept just getting Connecting

So to troubleshoot I’d recommend:

Checking your internet connection:

Now its worth running some PowerShell commands to get the actual error:

This likeley means your proxy is in the way of your connection.

Check the settings:

Get-NetIPHttpsConfiguration

Double check your internet connection

Test-NetConnection

I think its time to check the proxy settings:

Check if you can get to a website via IE and try via another browser such as Firefox.

If you cant then check if your proxy is off:

Now check the windows 10 proxy and the Netsh proxy:

Windows 10, turn it off:

Check the netsh and then turn it off or reset it to IE:

When reset should look like this:

 

Failing that reset the IP Helper in services.msc or reboot:

 

The netsh settings fixed it for me, the reason I’d set it was to allow PowerShell out to the internet for Exchange 365 work.

Tags: , , ,

Greyed out login box on iLO 3 after updating to 1.26

Posted by robd on April 16, 2016
Server / No Comments

If you update iLO to 1.26 (interim FW update before you can update to anything later) and afterwards the web interface still shows 1.10 (or earlier) and the login box is greyed out, purge temporary internet files and you should be good to carry on!

Tags: ,

Log a User off a Server Remotely

Posted by robd on November 04, 2015
Server / No Comments

Open a command prompt as a administrator (i.e. someone with admin over the server your trying to logon too).

Check the session number with qwinsta:

Write down the session ID.

Then use the logoff command:

Done.

Mandatory Profiles

Posted by robd on December 23, 2014
Server / 1 Comment

Step 1 – Create a share for the Mandatory profile

On a central file server, create and share a folder that you want to use for the Mandatory profile. Apply the following share permissions;

Authenticated Users – Read
Administrators – Full Control

To provide better security, always create the share on a NTFS volume. Make sure you set the following NTFS access permissions (including child objects);

SYSTEM – Full Control
Administrators – Full Control
Authenticated Users – Read & Execute

Step 2 – Create a Share for the Folder Redirections

On a central file server, create and share a folder that you want to use for the folder redirections and apply the following share and NTFS permissions.

Share Permissions

Everyone – Change
Administrators – Full Control

NTFS Permissions

CREATOR OWNER (Subfolders and files only)
–        Full control
Authenticated Users (This folder only)
–        Traverse folder / execute files
–        List folder / read data
–        Read attributes
–        Read extended attributes
–        Create folders / append data
–        Read permissions
SYSTEM (This folder, subfolders and files)
–        Full control
Administrators (This folder, subfolders and files)
–        Full control

To configure that users only can see the files and folders they have access rights to, enable Access Based Enumeration on the share.

Profile1

Step 3 – Create a Local Template user

On a Windows 7 client create a Local non-administrative user account.

If you do create a Local administrator account you get the following unnecessary settings within the profile;

Software\Microsoft\Microsoft Management Console
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 (through 4)

The last registry hive has a lot of setting… and why should you’re creating an administrator account anyway?

For this guide I will create a Template user with the name “robinhobo-com”.

Step 4 – Login with the Template account you just created

Login with the local user account created in step 3 and do the necessary customizations. To keep the profile as clean as possible, customize only what is necessary. Mostly I customize the Pinned Items, the System Tray icons behaviour and some Start Menu properties.

Profile2

I also remove all the public folders from the users Libraries. You can do this while customize the template user or afterwards by editing the library XML files (see step 5).

To clear the recently opened programs in the Start menu (as shown in the right image below), open the Taskbar and Start Menu Properties, open the Start Menu tab, unselect “Store and display recently opened programs in the Start menu” and “Store and display recently opened items in the Start menu and the taskbar” (as shown in the left image below), hit the Apply button. Now select both options again and click Apply.

Profile3

When you’re done with the customization of the profile, log out.

Step 5 – Clean up the Template user

First of all, I will make a local backup copy of the profile. As you can see in the picture below, all unnecessary shortcuts from the profile are automatically removed by this copy action.

Profile4

I will use the backup copy to finish the Mandatory profile. The next step is to load the NTUSER.DAT in the Registry Editor.

Profile5

Open the Registry Editor, select HKEY_LOCAL_MACHINE, open the File menu and select Load Hive..

Enter a key name, in this case I will give the key the name “PROFILEMAN”.

Profile6

Right click the Loaded Hive and select Permissions. Remove the template user and the administrators group. Add Authenticated Users and give this group Full Control permissions. Click OK.

Consider whether you can empty / delete the following registry keys in your environment;

–        <loaded hive>\Software\Microsoft\SoftGrid\4.5\Client\UserInfo\DataDirectory
–        <loaded hive>\Software\Microsoft\WAB\(Default)
–        <loaded hive>\Software\Policies
–        <loaded hive>\Software\Microsoft\CurrentVersion\Policies
–        <loaded hive>\Software\Microsoft\Windows\CurrentVersion\Run
–        <loaded hive>\Software\Microsoft\Windows\CurrentVersion\RunOnce

Within the <loaded hive> search for the template user name and replace it with %username%, except for Shell Folders.

Shell Folders

Shell Folders is a different story. Some people leave as it is, some people replaces the Template username with %username% and some people delete all the Shell Folder keys.
The problem is that some applications needs this keys to work well and they cannot handle with variables.

I will delete the keys except the “(default)”, “!Do not use this registry key” and “Fonts” and let Windows recreate the keys with the Active Setup at user logon.

Profile7

To do that delete the following registry key;

–        <loaded hive>\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}

Now when the user logs on, the Active Setup will recreate the Shell Folders in the right way so that programs that need the Shell Folder keys will work well.

Profile8

Select the <loaded hive>, go the File menu and click on Unload Hive. Close the registry editor.

Delete the following files and folders within the profile folder;

–        AppData\Local
–        AppData\LocalLow
–        Contacts\<username>.contact
–        The .LOG1, .LOG2, .blf and the .regtrans-ms files

Profile9

Public Folders

As I mentioned in step 4 you can remove afterwards the public folders from the libraries.
To do so edit the following (hidden) files;

–        Documents.library-ms
–        Music.library-ms
–        Pictures.library-ms
–        Videos.library-ms

These files are located in the following location and are only visible through the command prompt;

C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Libraries\

Remove the last “searchConnectorDescription” element from the files to remove the Public folder as shown in the picture below.

Profile10

Step 6 – Copy the profile to the network share

 Copy the profile to the network share created in step 1. Rename the folder to a name so that it is recognizable as a mandatory profile and append the .V2 extension to it.

Rename the NTUSER.DAT to NTUSER.MAN.

Step 7 – Add the profile to the user in AD:

Find a user in AD, go to Profile and change the path to the profile:

DO NOT INCLUDE THE .V2 OF THE PROFILE FOLDER.

Profile11

Enable Folder Redirection

To enable user folder redirection, apply the following GPO settings for (domain) users:

User Configuration > Policies > Windows Settings > Folder Redirection

You can redirect the following folders;

–        AppData (Roaming) (Not recommended with a mandatory profile)
–        Desktop
–        Start Menu
–        Documents
–        Pictures
–        Music
–        Videos
–        Favorites
–        Contacts
–        Downloads
–        Links
–        Searches
–        Saved Games
Profile12

On the Target tab select “Basic – Redirect everyone’s folder to the same location”. By Target folder location select “Create a folder for each user under the root path”. By Root Path fill in the share created in step 2. Make sure that “Grant the user exclusive rights to Documents” is deselected on the Settings tab.

To disable the message “Some library features are unavailable due to unsupported library locations” from appearing apply the following policy;

User Configuration > Policies > Administrative Templates > Windows Components > File Explorer

–        Turn off Windows Libraries features that rely on indexed file data – Enabled

Profile13

Tags: , ,

HP SAN P4300 Performance

Posted by robd on April 04, 2014
Networking, SAN, Server / No Comments

We had some issues a while back where there was latency between a PC and SAN so I started to look at all the layers to try and find a problem, here’s my findings in case anyone finds it a interesting read.

To rule out the PC, I’ve tested the performance of the SAN and network throughput.

The performance of the SAN which is based in IOP’S (Input/Output Operations Per Second) and the current average total is 800 (found on the SAN info page).  To put this prospectus, a poor performance would be in the 2000’s.

The below graph only shows output from 17:28 but has been running all day meaning the average should be accurate:

SAN1

Looking at the performance of switches can be difficult, but we’ve started using HP Intelligent Management Centre which is great at collating stats. The switches reported low bandwidth, CPU, memory and I/O seemed normal:

Switch1

We know from experience the throughput on these switches is limited by infrastructure in our case 1GB fibre.

These are the theoretical Max Sequential (SEQ) write limits we could obtain from our connection to the SAN (in practice there is a  5%-20% overhead involved):

SAN2

I’ve managed to very roughly test this write limit from a client to the SAN SAS disks:

SAN3

A result of 81.12MB/s is very positive, considering we can realistically over ever achieve 125MB on our current setup.

What this meant in my opinion was the SAN and network were not to blame meaning it was either client or server….Long story short the AV on the server was causing our latency not the “network”.

Tags: , , , ,

HP ProLiant G7 N54L 2.2GHz MicroServer

Posted by robd on June 11, 2013
Server / No Comments

Well after lots of umming and arring, I’ve finally bought myself a home server, specifically a “HP ProLiant G7 N54L 2.2GHz MicroServer” from ebuyer!!

 

The spec if you’re interested:

 

AMD Turion II Neo N54L 2.2GHz Dual-Core CPU, 2GB DDR3 ECC UDIMM, Internal SATA Cold Plug SATA 250GB Hard-Drive, Embedded RAID 0/1, 1x Gigabit Ethernet, 150W PSU, 1 Year

 

The selling point for me was the £100 cash back from HP, which made a £209 server into a £109 server, which is a bargin!!!

http://www.serversplus.com/pdfs/ms100_june13.pdf

 

So far its brilliant if lacking a few bits I’ve had to add after purchase namely:

More RAM – only comes with 2GB which is seriously not enough for anything but a basic install of hefty OS’s such as Server 2012! I intend to add 16GB but until that arrives I’ve got 4GB L

More Hard Drives – only comes with one 250GB, I’ve put three 1TB drives in but intend to put in another 1TB and try and then use the 250GB it comes with in the DVD drive slot!

Tags:

Copy Protected by Chetan's WP-Copyprotect.