server 2012

DFS Referral Error

Posted by robd on June 30, 2017
DFS, Server 2012 / No Comments

Kept getting the below error today while access a share, annoying the redirection share of a desktop.

SHARE is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions

Element not found


Weirdly I could

Access the share from another server,

I could access the share using the direct share.

So I installed DFSUTIL.EXE on the server having the problem by installing “Distributed File system tools” windows feature.

Then ran:

dfsutil cache referral flush




Tags: , ,

WSUS Issues – System.IO.IOException

Posted by robd on June 02, 2016
WSUS / 16 Comments

So we auto patch servers using WSUS (Version: 6.2 on Server 2012) which is great as all servers (and we have loads) get patched and we don’t have to do anything (except fix shitty MS updates).

Last week WSUS patched itself and all of a sudden the WSUS Admin console was inaccessible:

WSUS Error

Clicking the copy error to clipboard gave this:

The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, 

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

System.IO.IOException -- The handshake failed due to an unexpected packet format.


Stack Trace:
   at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
   at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
   at System.Net.ConnectStream.WriteHeaders(Boolean async)
** this exception was nested inside of the following exception **

System.Net.WebException -- The underlying connection was closed: An unexpected error occurred on a send.


Stack Trace:
   at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)
   at Microsoft.UpdateServices.UI.AdminApiAccess.AdminApiTools.GetUpdateServer(String serverName, Boolean useSecureConnection, Int32 portNumber)
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.ConnectToServer()
   at Microsoft.UpdateServices.UI.SnapIn.Scope.ServerSummaryScopeNode.get_ServerTools()


So after much Googling I found KB3148812 is the update that broke it.

To recover your console, run the following in an elevated command prompt (assuming Windows is installed on drive C):

cd C:\Program Files\Update Services\Tools

Wsusutil.exe postinstall /servicing

Then reset the server node or reboot WSUS, and you’re back in!


Once your back you may find that client scans against WSUS no longer succeed.

To restore client-server communication, enable HTTP Activation on your WSUS server via the Add Features and Roles Wizard in your Server Manager:

HTTP activation

Job Done.

Tags: , , ,

Server 2012 UAC – You don’t currently have permission to access this folder.

Posted by robd on May 13, 2014
Server 2012 / 1 Comment

Hi All,

Today I thought I’d setup roaming profiles on a Server 2012 file server, easy I thought, take me 10 minutes I thought…I was wrong.

So first things first, I created a share on my server with permissions:


Tested the share from another PC, great I can get on.

Jumped back on the server and tried to open the folder from the rout i.e. E:\Share\staff and I got the following

You don’t currently have permission to access this folder. Click Continue to permanently get access to this folder


Well if I click Continue then my share is ruined with ugly permissions I don’t want! I.e. I only want the permissions I specified above not my username dotted everywhere.

So I turned to UAC and disabled it:


No change, well thats mental……after a good hour of searching I found the answer was to set the registry to:


to 0


Reboot the server and all was fine in the world!!.

So why does UAC do this? UAC strips the admin credential from any un-elevated process. If you’re attempting to use an un-elevated process such as explorer to access a remote share using only admin credentials, UAC will strip the admin credentials from the process’ security token and the process will receive an “access denied” error.  Which is stupid if you changing permissions.

Tags: , ,

Find AD users using Profile Paths (roaming profiles)

Posted by robd on May 08, 2014
powershell / 1 Comment

So today due to a server migration I needed a list of all the users who have roaming profiles, found this useful Powershell script:

Please note you need to ammed this line of code to suite your site: “OU=VI2,OU=Students,OU=Users,OU=Monmouth School,DC=Monmouth,DC=local”

Get-ChildItem -Filter "(&(objectclass=user)(objectcategory=user)(profilepath=*))" `
 -Path Ad:\"OU=DEPARTMENT,OU=Users,OU=SITE,DC=DOMAIN,DC=local" -Recurse |             
foreach {             
 $user = [adsi]"LDAP://$($_.DistinguishedName)"            
 $user | select @{N="Name"; E={$}},             
 @{N="DistinguishedName"; E={$_.distinguishedname}},            
 @{N="ProfilePath"; E={$_.profilepath}}            
} | export-csv txt.csv  

Tags: , , , , , , ,