24 May 2017

Skype for Business 2015 Frontend Service won't start - Don't disable TLS 1.0 Event ID: 32192 & 32179

Finally figured it out.
Our Skype for Business 2015 Server Front-End service wouldn't start, it kept displaying "Starting".
The event-viewer kept filling up with:
Event ID: 32192

Closing routing group service due to an error.

Calling ReportFault on routing group {3C86EE90-FB81-5FC0-9B41-2C787B4ACC20} with FaultType 2 and ReasonCode 3. Error code: 0x00000000(ERROR_SUCCESS)
Cause: This may indicate a problem with the routing group. Please examine the server event logs and traces to identify the cause.
Resolution:
Run the commandlet Get-CsPoolFabricState -RoutingGroup [ROUTING GROUP] and make sure quorum is achieved. If the Pool is running and the Front-End is just started, this is normal for some time. If the error persists while the Front-End is running, restart the server.

And:
Event ID: 32179

Request to sync data from backup store for routing group {353B9BC5-A12D-578B-BAD5-F7F8BD5E02FC} was throttled due to pending requests.
Cause: This can happen when a Pool is re-started, and should go away automatically.

Turns out TLS 1.0 was disabled but this would be effective after the first reboot.
So when we rebooted for the latest WSUS updates it got activated and thereby killing the RTCSRV.exe service.

You can find the key here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0|Server
REG_DWORD - Enabled
Value: ffffffff (decimal: 4294967295)

The disabled value is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0|Server
REG_DWORD - Enabled
Value: 0(decimal: 0)

23 May 2017

Start Menu locations - Or add a simple Start Menu yourself without 3rd party tools

I keep forgetting the path to the Start Menu:
"C:\Program Data\Microsoft\Windows\Start Menu\Programs"

This is the same for Windows 7 up to Windows 10, and for Server 2012 to Server 2016.

But, wouldn't it be nice to have some sort of start menu without installing some malware/spyware infested tool? Then this quick fix is for you:

  • Display "Hidden items" on your C: Drive.
  • Open File Explorer and browse to your C: Drive. 
  • On the View tab, check the "Hidden items" checkbox.
  • Add a New Toolbar on your Taskbar.
  • Right-click on a blank area of your Taskbar and select Toolbars > New Toolbars.
  • Browse to the Start Menu\Programs folder.
  • In the New Toolbar dialog box, browse to the "C:\Program Data\Microsoft\Windows\Start Menu\Programs" folder. 
  • Click the "Select Folder" button.
  • Click the "Select Folder" button to add the new Toolbar to your Taskbar.

Here's what it looks like:

19 May 2017

Find all the KB's for Wannacry with PowerShell

I know this stuff is all over the place, but still could come in handy:

Check to see if the necessary Microsoft KB's are installed on your computer or server to protect you from "Wannacry":

#Current list of all the hotfixes from https://technet.microsoft.com/en-us/library/security/ms17-010.aspx            
$hotfixes = "KB3205409", "KB3210720", "KB3210721", "KB3212646", "KB3213986", "KB4012212", "KB4012213", "KB4012214", "KB4012215", "KB4012216", "KB4012217", "KB4012218", "KB4012220", "KB4012598", "KB4012606", "KB4013198", "KB4013389", "KB4013429", "KB4015217", "KB4015438", "KB4015546", "KB4015547", "KB4015548", "KB4015549", "KB4015550", "KB4015551", "KB4015552", "KB4015553", "KB4015554", "KB4016635", "KB4019213", "KB4019214", "KB4019215", "KB4019216", "KB4019263", "KB4019264", "KB4019472", "KB4015221", "KB4019474", "KB4015219", "KB4019473"            
             
#Check the computer it's run on if any of the listed hotfixes are present            
$hotfix = Get-HotFix -ComputerName $env:computername | Where-Object {$hotfixes -contains $_.HotfixID} | Select-Object -property "HotFixID"            
             
#Confirms whether hotfix is found or not            
if (Get-HotFix | Where-Object {$hotfixes -contains $_.HotfixID})            
{            
"Found HotFix: " + $hotfix.HotFixID            
} else {            
"Didn't Find HotFix"            
}            

If you are running Windows 10 Creator Update (Winver: 1703) you are good to go, as this build is not affected by Wannacry.

17 May 2017

PSGallery module gone - add it back to PowerShell-ISE

Unable to add modules from the PSGallery provider

When your Package provider list is empty:
Get-PackageProvider -ListAvailable

Run CMD.exe as an administrator and run the following command:
@powershell -NoProfile -ExecutionPolicy Bypass -Command "iex 
((new-object net.webclient).DownloadString('https://chocolatey.org/
install.ps1'))" && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

Close the CMD window, now you have a PS Repository:
PS C:\windows\system32> Get-PSRepository            
            
Name                      InstallationPolicy   SourceLocation
---------                 ------------------   --------------   
PSGallery                 Untrusted              https://www.powershellgallery.com/api/v2/

Set the PSGallery as trusted:
PS C:\windows\system32> Set-PackageSource -Name PSGallery -Trusted               
            
Name                             ProviderName     IsTrusted  Location            
---------                        -------------    ---------  --------                                                                                                                                  
PSGallery                        PowerShellGet    True       https://www.powershellgallery.com/api/v2/
Force add PSGallery

Register-PSRepository -Name PSGallery -SourceLocation https://www.powershellgallery.com/api/v2/ -PublishLocation https://www.powershellgallery.com/api/v2/package/ -ScriptSourceLocation https://www.powershellgallery.com/api/v2/items/psscript/ -ScriptPublishLocation https://www.powershellgallery.com/api/v2/package/ -InstallationPolicy Trusted -PackageManagementProvider NuGet

11 May 2017

Bitlocker everything - Store your bitlockerkeys in Onedrive

I was fooling around with bitlocker the other day and needed a way to store my bitlocker key other than on an external drive or USB drive and especially something else than printing them.

Right click on the physical drive you want to bitlocker and select "Turn on bitlocker".
Then your asked where the bitlocker recovery key has to be stored.
The first options that is presented turned out to be the most excellent one.

Save to your cloud domain account.
Now you might think that you need an Azure joined machine, this is partially correct.
If your machine is Azure Active Directory domain joined your bitlocker keys are stored in the "Devices" section in your account, you can the key under the details of your device.

But if you're not Azure domain joined but do have a Onedrive account setup than it will save your bitlocker key in your Onedrive.

Eureka, this means there is no more reason to not use bitlocker on your personal computers.
Knowing that in the case of theft or loss your data will not be compromised.
And the recovery key can be accessed fairly easy through this site:

https://onedrive.live.com/RecoveryKey.

Now this site is not accessible from your onedrive site directly, you won't find a link to it there, you have to know it and type it.

Here's what it looks like: