Sunday, November 24, 2019

GPUpdate failing due to LDAP Bind Issue

For some reason one computer in my domain cannot update domain policy. Wen I try to force update policy it gives me error:

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
User Policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows could not authenticate to the Active Directory service on a domain controller. (LDAP Bind function call failed). Look in the details tab for error code and description.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results.
Running gpresult /h gives The user does not have RSoP data
Log event viewer shows that that gpupdate fails with an error code 49 Invalid Credentials.

Fix I've found somewhere on serverfault.com

1. Download PsExec from https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
2. From an elevated command prompt run PsExec.exe -i -s cmd.exe
3. From that window, run rundll32.exe keymgr.dll, KRShowKeyMgr (That will open a gui with a list of cached credentials).
4. In that gui, delete any credentials that look suspicious (In my case the credentials were named after my PDC).


Tuesday, July 24, 2018

How to enable disabled account in windows if you could not login.

Almost all the way to enable login in windows assume that you can log in to windows, but what if you cannot? What to do if you accidentally locked you computer?
Solution is pretty simple: Boot from windows CD or USB drive.
When you see windows setup screen press "Shift" + "F10", this open command prompt.
Then you need to replace utilman.exe file to cmd.exe to do this enter following commands:

copy d:\windows\system32\utilman.exe d:\
copy /y d:\windows\system32\cmd.exe d:\windows\system32\utilman.exe

Usually windows is located on drive d: if it is located in different drive correct commands accordingly.

Now type:

wpeutil reboot

after PC reboots and you see login screen press "Easy Of Access" icon and command prompt opens.

Now you can enable disabled users. For example if you want to enable disabled builtin administrator:

net user Administrator /active:yes

Now reboot computer and try to login with administrator account.

Friday, July 20, 2018

User profile service failed to sign in

Logon to windows(in my case win8.1) failed with error "user profile service failed to sign in", "user profile cannot be loaded". I was able to create user, but it was impossible to login with that user. Users with already created profiles can login without any problem.
After browsing internet for one day no solution was found. I check system integrity (sfc /scannow), check disk for errors (chkdsk), made restore of system files (dism utility), check registry and etc. All was unsuccessful. The problem was that something was wrong with default profile permissions. To fix this issue go to c:\Users\Default right click on that folder, select "properties"->"security"->"advanced"->"change permissions"->select checkbox "replace all child object permission entries from this object"  and click "OK"

Then try to login.

Monday, May 7, 2018

Login to ESET ERA web console failed

Login to ESET virtual appliance failed with message Connection failed with state "Not Connected"
This happens after ERA updates and restarts.
Solution is to edit MySQL configuration file located at /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
with right connection string. Issue command as root or sudo:

sed -i 's/MySQL ODBC 5.3/MySQL ODBC 8.0/g' /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
this command just replaces MySQL ODBC 5.3 to MySQL ODBC 8.0 in connection string.
After that restart MySQL:

service mysqld restart

and restart era service

service eraserver restart


Wednesday, March 7, 2018

How to enable remote dektop remotely.

1. Open "Active Directory Users and Computers"
2. Find the computer
3. Right click on it and select manage
4. Expand "Services and Applications" and select "Services"
5. Find "Remote registry" service and start it.
6. Press "WIN" + "R" and type regedit
7. From Registry editor select "File..." -> "Connect Network Registry.."
8. Find the computer and press "OK" button
9. In connected registry go to "HKEY_LOCAL_MACHINE\SYSTEM|CurrentControlSet\Control\Terminal Server\"
10. Find "fDenyTSConnections" and set it to "0"
11. Connect to remote desktop.


Wednesday, February 21, 2018

Xubuntu. No network with Intel I219-V ethernet card

xubuntu 16.04 does not recognize Intel I219-V Ethernet card.
solution is to download driver sources from Intel Downloads Site then unpack sources to your home catalog. Find file nvm.c file and open it in editor.
Find function e1000e_validate_nvm_checksum_generic(struct e1000_hw *hw) and comment body as shown:

s32 e1000e_validate_nvm_checksum_generic(struct e1000_hw *hw)
{
    /*
s32 ret_val;
u16 checksum = 0;
u16 i, nvm_data;

for (i = 0; i < (NVM_CHECKSUM_REG + 1); i++)
{
    ret_val = e1000_read_nvm(hw, i, 1, &nvm_data);

   if (ret_val)
  {
    e_dbg("NVM Read Error\n");
    return ret_val;
   }
checksum += nvm_data;
}

if (checksum != (u16)NVM_SUM) {
  e_dbg("NVM Checksum Invalid\n");
  return -E1000_ERR_NVM;
}
    */
return 0;
}

after that, build and install new module:

make

sudo rmmod e1000e
sudo make install
sudo modprobe e1000e



after that Ethernet should work.

Tuesday, December 12, 2017

How to remove unused USB serial ports in windows and change port numbers

Sometimes when you connect usb to serial adapter to your pc it gets com number with very high numbers. Not every software can handle that big port numbers. For example some programs cannot work with port numbers higher than com20. So if 20 com ports are in use it is impossible to use that software.  That happens because every time you plug in new USB to serial adapter it gets new com port number, and even if you do not use it anymore port is marked as "in use".
To delete these ports open elevated command prompt: find cmd, right click on it and select "run as administrator".
Then type:

set DEVMGR_SHOW_NONPRESENT_DEVICES=1

after that run device manager:

devmgmt.msc

Enable "Show hidden devices" in the "View" menu, and uninstall grayed-out COM ports

After that you can change your device com port number: right click on it, select properties, then  advanced setting.