Category Microsoft Server 2016

vSphere ESXi 6.7 Unable to talk between subnets between hosts

Configuration was :

ESXi 6.7 – vSphere handling all the port groups tagged with VLANs

Firewall – CISCO ASA

 

Problem : New ESXi 6.7 hosts. A virtual machine if on the same host and vSwitch could communicate no problem. However if a virtual machince was communincating with another virtual machine on another host on a different, subnet they were unable to communicate between subnets and hosts. Both virtual machines could ping their local gateways. Firewall, CISCO ASA was just dropping all packets and showing the following error

Error on the Firewall when capturing ping traffic “No source port  on ping “Error (Type 8, Code 0), Denied ICMP type=8, code=0”

 

Solution

Sometimes its the simple tick box on the Firewall / ASA config

“Enable traffic between two or more interfaces which are configured with the same security levels”

All traffic started communicating and the virtual machines could talk between the subnets as per the rules on the Firewall.

Task : Output A List Of Home Drive Paths Configured In Active Directory

#DSQuery

dsquery user -name “*” -limit 0 | dsget user -samid -hmdir -hmdrv -profile >c:\temp\usersV2.txt

 

#PowerShell # More flexibility # Includes the state of the computer account (Enable or Disabled)

Get-ADUser -Filter * -Property Name,CanonicalName,CN,DisplayName,DistinguishedName,HomeDirectory, HomeDrive,SamAccountName,UserPrincipalName | export-csv -path (Join-Path $pwd HomeDrive.csv) -encoding ascii -NoTypeInformation

List all users in the domain and email addresses

 import-module activedirectory

#List all users in the domain

# Display Name and Email Address

get-aduser -Filter *  -SearchBase “dc=Test,dc=com” -Properties Displayname,emailaddress | select displayname ,emailaddress | Export-Csv C:\temp\users_and_email.csv   

 

Troubleshooting Windows Updates and WSUS

Troubleshooting Windows Updates #Windows 10 #Windows 2016

Windows Update Log

PowerShell command to check the Windows Update log

Get-WindowsUpdateLog

 

Check Registry Keys

Run command prompt as adminitrator and paste these query registry keys in to see what your client has set for Windows Updates.

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate /s

reg query HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update

reg query HKLM\SOFTWARE\Microsoft\WindowsUpdate\UX\Settings

 

Check CBS Log

Find the Component-Based Servicing log here.

C:\Windows\Logs\CBS

PowerShell Script to find all AD users who have the “cannot change password” box checked in a specific OU

# script to find all AD users who have the “cannot change password” box checked in a specific OU

# Windows Server 2016

# Powershell

Get-ADUser -Filter * -Properties CannotChangePassword -SearchBase “OU=specificOU,DC=TEST,DC=com” | where { $_.CannotChangePassword -eq “true” } | Format-Table Name, DistinguishedName

 

Robocopy. Copy Move Files Older or Newer than X number of days

Script options

  • Move only files under 60days old
  • Move files older than 60days
  • Move files back
  • Move files older than 182 is number of days (6 months roughly)
  • Move only files under 60days old

Parameters

  • /MAXAGE:n :: MAXimum file AGE – exclude files older than n days/date.
  • /MINAGE:n :: MINimum file AGE – exclude files newer than n days/date.
  • /copyall /s  :: copys all sub folders and moves files to the folders
  • /mov Moves files, and deletes them from the source after they are copied.
  • /move Moves files and directories, and deletes them from the source after they are copied.  (note the MOVE option will fail if any files are open and locked)

Examples:
Move only files under 60days old
robocopy c:\temp c:\temparchive /mov /MAXAGE:60 /copyall /s >c:\temp\FileUnder60daysMoved.txt

Move only files under 60days old back 
robocopy c:\temparchive c:\temp /mov /MAXAGE:60 /copyall /s >c:\temp\FileUnder60daysMovedReturned.txt

Move files older than 60days
robocopy c:\temp c:\temparchive /mov /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMoved.txt

Move files older than 60days back
robocopy c:\temparchive c:\temp /mov /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMovedreturned.txt

182 number of days (6 months roughly)
robocopy c:\temp c:\temparchive /mov /MINAGE:182 /copyall /s >c:\temp\FilesOver182daysMoved.txt

Deletes the original directories after moving
robocopy c:\temp c:\temparchive /move /MINAGE:60 /copyall /s >c:\temp\FilesOver60daysMoved.txt

Microsoft examples in more detail
https://social.technet.microsoft.com/wiki/contents/articles/1073.robocopy-and-a-few-examples.aspx#Move_files_over_14_days_old

WSUS – GPO and Windows 10 / Server 2016 Registry Settings

You create a WSUS GPO and apply it to the Computers.

Now how do you validate its working

Open the registry and browse to :
computer\HKLM\Software\Policies\Microsoft\Windows\WindowsUpdate

 

The GPO for WSUS should populate the registry with following values

WUServer …updates server
WUStatusServer…update
UpdateServicesURLAlternate

These values should match the GPO settings for WSUS.

WSUS and Windows 10 – Clients not checking in or checking in and then disappearing

Clients not checking in or checking in and then disappearing

Cloned images – SUSCLIENTID is not reset with Sysprep!!!

This needs to be done if your creating a template for Windows 2016 and Windows 10 in a virtual environment.

So if you have deployed servers from template already, do the following fix. Or if you realised before deployment, just delete the reg keys before converting the virtual machine to a template.

Solutions / Fix

Stop Windows Update service

 

Open up regedit

Browse to  : computer\hklm\software\microsoft\windows\currentversion\windowsupdate

Delete susclientID
Delete susclientidvalid

Start Windows Update service

Open up command prompt as admin on the effected Window 2016 or Window 10 client, if the image has already been deployed

type

c:\windows\system32\UsoClient.exe RefreshSettings

The clients should then check in and create a new SusClientId and SusClientIdValidation