An internal error occurred – RDP


Error Message : An internal error occurred – RDP

 

 

 

 

 

Solution :

If you receive Event ID 1057 – “The Terminal Server has failed to create a new self signed certificate to be used for Terminal Server authentication on SSL connections. The relevant status code was Key not valid for use in specified state” from source TerminalServices-RemoteConnectionManager in the System event log, you may have an issue with a lot of strange advice. For me, none of which worked. I finally figured out the problem.

The conditions you’ll probably also notice is that you can’t remote desktop into the server until you remove the “Allow connection only from computers running Remote Desktop with Network Level Authentication” checkbox in the Remote Desktop Session Host Configuration’s RDP-Tcp properties General Tab or from the System settings under the Remote tab by changing the radio button back to “Allow connections from computers running any version of Remote Desktop (less secure)”.

In my case I had already tried a lot of the advice like deleting the self-signed certificate and rebooting (MMC/Certificates/Local Computer/Remote Desktop) And deleting these keys and restarting:
“HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM”  > Certificate “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM” > CertificateOld “HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations” > SelfSignedCertificate

I also deleted the Host Configuration’s RDP-Tcp connection object all together and restarted the Remote Desktop Services service.

What did finally work, I noticed that we had a bunch of crypto keys that looked like this:
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f686aace6942fb7f7ceb231212eef4a4_XXXXXXXX

I moved them all to a subfolder so there were none left in the MachineKeys folder. I then opened the MachineKeys and re-applied the full-control permission to the local server administrators group. (Security/Advanced/Change Permissions/Replace all child object permissions) and applied this.

I then restarted the Remote Desktop Services service and this time I didn’t get the error about the certificate. I changed the security setting for RDP back to secure and was able to log on through Remote Desktop.

Url : https://blogs.technet.microsoft.com/the_9z_by_chris_davis/2014/02/20/event-id-1057-the-terminal-server-has-failed-to-create-a-new-self-signed-certificate/

Blank default gateway may occur after configuring Static IP address


Error: Blank default gateway may occur after configuring Static IP address or if you configure IP address in your NIC by next restart of VM or the guest OS the gateway will disappear.

Cause:  When removing a network driver using a vendor-provided uninstallation program or through Device Manager, previously entered static IP address information may not be removed correctly from the registry. After reinstalling the network driver and reentering the same static IP address, the presence of previous registry information prevents the newly entered address information from being saved correctly.

For VM if you upgrade VMtools or any hardware version this error will occur to some of the VM.

Solution:

Open a command prompt under the administrator context and run the following command TWICE, using the desired static address information. For example:

netsh interface ipv4 set address “Local Area Connection” static 10.0.0.55 255.0.0.0 10.0.0.1

Note: This first command may return an error “Object already exists”
netsh interface ipv4 set address “Local Area Connection” static 10.0.0.55 255.0.0.0 10.0.0.1

 

Note: This command should succeed with no errors

Event log contents by email on an event log trigger


Scenario: You need to get an alert email for specific events occurred on the critical / production server.

Solution:

Step 1:

Identify the event which you need to trigger

2

 

 

 

 

Step 2: Go to Task scheduler and select the Event viewer tasks & create a new task.

11

 

 

 

 

 

Step 3:  Name the task and select “Run whether user logged on or not” & “Run with highest privilges”

12

 

 

 

 

 

 

Step 4: Go to triggers and select the option begin the task “On an Event” & select the option as per screenshot

13

 

 

 

 

Step5:

Go to actions and need to perform two actions

  1. Query a script which will create a copy of the required event in text and make an action in the scheduler.

Script to run : save the below as Query.cmd

del %temp%\Logonfailure.txt

wevtutil query-events Security /rd:true /format:text /q:”Event[System[(EventID=4625)]]” > %temp%\Logonfailure.txt

14

 

 

 

 

 

 

2. Create another action for sending email with the required recipient and attachment of the query log

15

 

 

 

 

 

 

Output will be

 

 

 

 

 

 

 

RESET NTFS PERMISSION – GUI


When we do data migration from one server to another server we will use fast copy or robocopy to get the same ACL in the target server or storage.

Some times the ACL will not get inherited to the sub folders or files, even when we try to do reset permission in the advanced tab in the security menu.

The following is the syntax to reset the folder permission in command mode.

icacls “Folder path\*” /T  /L  /Q /C /RESET

or you can download the GUI tool which will do the NTFS permission reset (i.e.) the permission will be applied to the sub folders and files successfully.

Url: https://www.dropbox.com/s/ipblchbgrzz4587/ResetPermission.zip?dl=0

 

 

 

Trust Relationship Across forest in Active directory


Hi,

I hereby enclosing the procedure in step by step pdf format for implementing trust relationship across forest in Active directory…

Thanks

Trust relationship – Two different Forest

Hyper-V installation in Vsphere 5.1


To install Hyper-V in an Esx server, the following requirements to be done before the installation of Windows2012 OS.

Step-1:

If you are using vSphere 5 or greater then you need to modify the vmware config file on the ESXi host that will run the Hyper-V virtual machine. To edit this file, ssh to the server and vi /etc/config/vmware. Add the line vhv.allow = “TRUE” to the file and save it with “wq”.

Hyper-V cannot be installed-2

Step-2: In the .VMX config file, path /vmfs/volumes/datastores/VMfolder (HyperV-VM), adding these 4 lines:

mce.enable = "TRUE"
hypervisor.cpuid.v0 = "FALSE"
featMask.vm.hv.capable = "Min:1"
vhv.enable = "TRUE"

Alternatively, you should change the suffice guestOS line to
guestOS = "winhyperv" in the .vmx config file and save the file.

Now the Hyper-V VM can be successfully power on without any issues.

 

For more info : http://www.tinkertry.com/vmware-esxi-5-1-can-run-microsoft-hyper-v-server-2012-vms-nice/

 

 

Installation of Hyper-V Windows2012


When you install Hyper-V in windows 2012 in the add and remove roles you will get an error message “Hyper-V cannot be installed: A hypervisor is already running. Refer screen shot below.

 

Hyper-v-role-issue

 

 

 

 

 

 

 

Solution:

The first thing you need to do is to open and change the PowerShell execution policy scripts to RemoteSigned then run the following command to install the Hyper-V :

C:\> Get-ExcutionPolicy

c:\>Enable-WindowsOptionalFeature –Online -FeatureName Microsoft-Hyper-V –All -NoRestart

The above command installs only the hypervisor but does not install the administration tools, so you can manage the Hyper-V within the virtual machine you must install RSAT for Hyper-V to do this run the following command:

c:\> Install-WindowsFeature RSAT-Hyper-V-Tools -IncludeAllSubFeature

 

Now I suppose you want to create a cluster then you need to install the Cluster service,  run:

c:\>Install-WindowsFeature RSAT-Clustering -IncludeAllSubFeature

 

Optionally you can install Multipath I/O to enable multiple paths to the storage, if this is your case follow:

c:\>Install-WindowsFeature Multipath-IO

Then restart Computer

c:\>Restart-Computer

 

Windows2012 Hyper-V successfully installed.