Pagine

Tips - You receive a "The User Profile Service failed the logon” error message

When a user try to login and get following error you need to utilize this procedure

"The User Profile Service failed the logon”

First fix method.

Method 1: Fix the user account profile

To fix the user account profile, follow these steps:

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows How to back up and restore the registry in Windows
  1. Click Start, type regedit in the Search box, and then press ENTER.
  2. In Registry Editor, locate and then click the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
  3. In the navigation pane, locate the folder that begins with S-1-5 (SID key) followed by a long number.
  4. Click each S-1-5 folder, locate the ProfileImagePath entry in the details pane, and then double-click to make sure that this is the user account profile that has the error.
    2705065

    • If you have two folders starting with S-1-5 followed by some long numbers and one of them ended with .bak, you have to rename the .bak folder. To do this, follow these steps:
      1. Right-click the folder without .bak, and then click Rename. Type .ba, and then press ENTER.
        2493038
      2. Right-click the folder that is named .bak, and then click Rename. Remove .bak at the end of the folder name, and then press ENTER.
        2493039
      3. Right-click the folder that is named .ba, and then click Rename. Change the .ba to .bak at the end of the folder name, and then press ENTER.
        2493040
    • If you have only one folder starting with S-1-5 that is followed by long numbers and ends with .bak. Right-click the folder, and then click Rename. Remove .bak at the end of the folder name, and then press ENTER.
  5. Click the folder without .bak in the details pane, double-click RefCount, type 0, and then click OK.
    2493045
  6. Click the folder without .bak, in the details pane, double-click State, type 0, and then click OK.
    2493046
  7. Close Registry Editor.
  8. Restart the computer.
  9. Log on again with your account.


Full article:

http://support.microsoft.com/kb/947215/en-us

WSUS - 3.0 SP2 and Windows 8/2012 Server issue KB2734608

To manage Windows 8 and Windows Server 2012 via WSUS 3.0. SP2 must be installed on the WSUS server hotfix KB2734608:

http://support.microsoft.com/kb/2734608/en-us 

here are some part that I highlighted from precedent article:

<-----------> 

Issues that are fixed

This update lets servers that are running Windows Server Update Services (WSUS) 3.0 SP2 provide updates to computers that are running Windows 8 or Windows Server 2012.

This update fixes the following issues:

  • Installation of update 2720211 may fail if Service Pack 2 was previously uninstalled and then reinstalled.
  • After you install update 2720211, health monitoring may fail if the WSUS server is configured to use SSL.

How to apply this update

We recommend that you synchronize all WSUS servers after you apply this update. If you have a hierarchy of WSUS servers, apply this update, and then synchronize your servers from the top of the hierarchy on down. To synchronize your servers in this manner, follow these steps:

Note Before computers that are running Windows 8 or Windows Server 2012 can be updated by WSUS 3.2 servers, you must complete these steps.

  1. Start the process with WSUS 3.0 SP2 that synchronizes with Microsoft Update.
  2. Apply this update.
  3. Start a synchronization.
  4. Wait for the synchronization to succeed.
  5. Repeat steps 2 through 4 for each WSUS 3.0 SP2 server that synchronizes to the server that you just updated.

Known issues with this update

  • If you have Windows 8 or Windows Server 2012 clients that synchronized with WSUS 3SP2 before you applied this update, wait for the update to be applied to the WSUS servers, and then follow these steps:
    1. On the affected client, open cmd.exe in elevated mode
    2. Type the following commands. Make sure that you press Enter after you type each command:

      Net stop wuauserv

      rd /s %windir%\softwaredistribution\

      Net start wuauserv
==============================================================

Related articles:





Tips - upgrade SQL Express to Full version

If you need to upgrade SQL Express version to FULL you can proceed executing following command:

setup / ACTION = editionupgrade / INSTANCENAME = <INSTANCENAME> / PID = <XXXXX-XXXXX-XXXXX-XXXXX>

where <INSTANCENAME> is the name of the instance to be updated (default is SQLExpress) and <XXXXX- XXXXX- XXXXX- XXXXX- XXXXX> represents the license of the full version.


[original article http://www.achab.it/blog/index.cfm/2014/12/aggiornare-sql-server-express-a-una-versione-completa.htm]

Lync 2010 and 2013 Bandwidth Calculator



With the Lync Server 2010 and 2013 Bandwidth Calculator, you can enter information about your users and the Lync Server features that you want to deploy, and the calculator will determine bandwidth requirements for the WAN that connects sites in your deployment. The accompanying User Guide describes the recommended process for estimating your WAN bandwidth needs for Lync client real-time traffic. The User Guide will be updated periodically with new information and modifications. 

Download:

http://www.microsoft.com/en-us/download/details.aspx?id=19011 

Backup - Some Ghost free softwares

In precedent article I suggested some live CD/USB to create HD clone/ghost:

CD Live - Ghost Alternative - REDO Backup

http://www.alessandromazzanti.com/2011/10/cd-live-clonezilla-live.html 

An alternative it would be to utilize following softwares:

Download Macrium Reflect Free Information

Download Seagate DiscWizard

Download Acronis True Image WD Edition

They must be installed when pc/server is on.

You will start ghost procedure and backup it to any other location.

to restore image you will need to create an USB/CD live about this purpose.

At the following link you can find an easy tutorial:

https://www.raymond.cc/blog/how-to-create-full-windows-backup-by-imaging-without-using-norton-ghost/


Microsoft - how to restore single user with AdRestore Sysinternal Utility

http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx

If you are in following scenarios:

    - User accounts, groups, computers, OUs or other objects in domain accidentally deleted.
    - No system state backup available for authoritative restoration.
    - No other DC's available.

Consider that when an object is deleted from Active Directory, it isn't actually removed but is instead marked as deleted by an internal marker called a tombstone.

You can verify Tombstone with following article:


http://technet.microsoft.com/it-it/library/cc784932%28v=ws.10%29.aspx


Consider that you can follow this articlet

How to restore deleted user accounts and their group memberships in Active Directory 

But an easily alternative would be ADrestore Utility:

http://technet.microsoft.com/en-us/sysinternals/bb963906.aspx 

After you installed ADRestore, you can restore an object by running
the command.


Before to restore any user you can launch adrestore utility and you will prompted about all object deleted during tombstone period.

Indeed following command:

ADRestore –r

ADRestore removes the 'isDeleted' TRUE attribute from tombstoned accounts and changes the RDN back to the previous path, effectively resurrecting it.
 

Consider that -r tells ADRestore to prompt the user before restoring the AD objects
to their original location.

SCCM 2012 - How to install AnyConnect VPN with SCCM 2012

If you need to install, with SCCM 2012, cisco Anyconnect 3.1.01065 at first you need to know that profiles files are at following path

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile

Silent installation string

msiexec /i “anyconnect-win-3.1.01065-pre-deploy-k9.msi”    /norestart /passive

You can get .msi file at following links:

http://vpn.managednetworks.net/vpn/

https://ftp.rush.edu/users/vpn-client/


Here is a .vbs script that test if program is installed, in case install it, copy settings file and verify that installation went well.

'*****************************************************************************
' Author : Alessandro Mazzanti
' Creation date : 12/01/2015
' Version : 1.00                                                                                 
' Running on OS : Windows 7
'*****************************************************************************
'Installa Irfan View

Option Explicit
On error resume next


'---------------------------------------------------------------------------------------------------
'------------------------------------Variables definitions--------------------------------------
'---------------------------------------------------------------------------------------------------

Const ForWriting = 2


Dim objFile                                                                    'Create log file
Dim objFSO, objFolder                                                  'Object filesystem
Dim windir                                                                      'windows folder
Dim WshShell, WshNetwork                                         'Create Shell Object
Dim strComputer                                                              'Local Computer
Dim objSoftware                                                                 'Object software installed
Dim colSoftware                                                                'collection software installed
Dim objWMIService                                                             'objectWMI
Dim folder                                                                    'Processes Collection
Dim prova, Data, Temp, strusername, strComputerName, strLogPath            
Dim boolCisco, strCisco



'---------------------------------------------------------------------------------------------------
'------------------------------------ISTANCES Definition------------------------------------
'---------------------------------------------------------------------------------------------------

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
Set windir = objfso.GetSpecialFolder(0)
Set Temp = objfso.GetSpecialFolder(2)
Set WshNetwork = WScript.CreateObject("WScript.Network")



'---------------------------------------------------------------------------------------------------
'------------------------------------PROGRAMS----------------------------------
'---------------------------------------------------------------------------------------------------


'Sezione per ritrovare il nome del computer e l'username
strUserName = WshNetwork.UserName
strComputerName = WshNetwork.ComputerName

'path di destinazione dei log
strLogPath = "c:\windows\temp\" & strComputerName & "_" & strUserName & "_VPN_ESITO.log"
Set objFile = objFSO.CreateTextFile ( strLogPath, ForWriting)

objFile.WriteLine Now & " - Inizio Script"

strComputer = "."
boolCisco = False

'Verifica se la cartella è presente
'if objFSO.FolderExists("c:\vpn_install") <> True Then
'        Set objFolder = objFSO.CreateFolder("c:\vpn_install")
'End If

'verifica se la vpn non è già installata
Software_installato

If boolCisco = False Then
    'installa la vpn
    Installa_VPN
    'copia i file
    Copia
    Software_installato
End If

objFile.Close

Sub Copia

    Const OverwriteExisting = True
    objFile.WriteLine Data & " - Inizio copia file di settaggio"
    objFSO.CopyFile "\\...server...path\Packages\Cisco Anyconnect 3.1.01065\Profilo\AnyConnectProfile.xsd", "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\AnyConnectProfile.xsd" , OverwriteExisting
    objFSO.CopyFile "\\...server...path\Packages\Cisco Anyconnect 3.1.01065\Profilo\Seves.xml", "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile\Seves.xml" , OverwriteExisting

    objFile.WriteLine Now & " - Copiati file locali della VPN"   

    if prova = 0 Then
        Data = Now
        objFile.WriteLine Data & " - Esito copia file effettuato con successo"

    else
        Data = Now
        objFile.WriteLine Data & " - Copia non effettuata con errore: " & prova
    End if
   
End Sub

Sub Installa_VPN
    'folder = "c:\vpn_install"
    objFile.WriteLine Now & " - Installazione VPN in corso..."
    prova = WshShell.Run ( windir & "\system32\msiexec.exe /i anyconnect-win-3.1.01065-pre-deploy-k9.msi /qn /norestart", 0, true)

    if prova = 0 or prova="3010" Then
        objFile.WriteLine Now & " - Esito Installazione VPN effettuata con successo"
    else
        objFile.WriteLine Now & " - Esito Installazione VPN NON effettuata con codice d'errore " & prova
        objFile.WriteLine "INSTALLAZIONE TERMINATA ANTICIPATAMENTE CON ERRORE IRREVERSIBILE"
        wscript.quit
    End if
   
    wscript.sleep 1000
    objFile.WriteLine Now & " - Fine Installazione VPN  - Sleep 5 minuti..."
End Sub

Sub Software_installato
    Data = Now
    boolCisco = false

    objFile.WriteLine Data & " - Interrogazione WMI in corso per vedere il software installato..."
        Set objWMIService = GetObject("winmgmts:" _
        & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
    Set colSoftware = objWMIService.ExecQuery _
        ("Select * from Win32_Product")

    For Each objSoftware in colSoftware
        'descrizione del sw installato
        if Ucase(Trim(objSoftware.Name)) = Ucase("Cisco AnyConnect Secure Mobility Client") Then
            boolCisco = True
            strCisco = " - " & objSoftware.Name & " versione " & objSoftware.Version & " - PRESENTE"
        End If

    Next

    'test presenza Cisco e scrittura del relativo log
    Data = Now
    If boolCisco = True Then
        objFile.WriteLine Data & strCisco
    else
        objFile.WriteLine Data & " - Client Cisco AnyConnect Secure Mobility Client 3.1.05182 ASSENTE"
    End If
End Sub

Here you can find other links that you could find them useful:

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect31/administration/guide/anyconnectadmin31/ac02asaconfig.pdf

http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/administration/guide/anyconnectadmin30/ac02asaconfig.html

...

<------other -----="" articles="" blogs="" related="">

...

SCCM 2012 - How to install AnyConnect VPN with SCCM 2012


Tips - Locating the Cisco AnyConnect Profiles


Linux - Creare un Gateway Server


Backup - Fare il backup delle connessioni di rete e VPN


Tips - Cisco VPN e Vodafone Connect Card


Tips - Cisco errore Secure VPN Connection terminated locally by the Client. Reason 440: Driver Failure.


Tips - Cisco VPN 5.0 e Windows 8


Tips - Locating the Cisco AnyConnect Profiles

If you need to know where are AnyConnect VPN profiles here they are:


XML and profile files are stored locally to the users machine. The location varies based on OS.


Windows XP

%ALLUSERSPROFILE%\Application Data\Cisco\ Cisco AnyConnect Secure Mobility Client\Profile


Windows Vista

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
 

Windows 7

%ProgramData%\Cisco\Cisco AnyConnect Secure Mobility Client\Profile
 

Mac OS X

/opt/cisco/anyconnect/profile
 

Linux

/opt/cisco/anyconnect/profile


...

<------other -----="" articles="" blogs="" related="">

...

SCCM 2012 - How to install AnyConnect VPN with SCCM 2012


Tips - Locating the Cisco AnyConnect Profiles


Linux - Creare un Gateway Server


Backup - Fare il backup delle connessioni di rete e VPN


Tips - Cisco VPN e Vodafone Connect Card


Tips - Cisco errore Secure VPN Connection terminated locally by the Client. Reason 440: Driver Failure.


Tips - Cisco VPN 5.0 e Windows 8



Tips - Default FullZoom Level and mantain Firefox zoom level

Change Firefox zoom level can be very useful. Firefox default setting is 100% with the ability to edit the bar displays zoom, etc .. + or - unfortunately once restarted the session we will get to the point of 100% zoom, ie the default Firefox...

But if we do not want that at startup Firefox retains the settings adjusted to the previous session we can install following addon.


https://addons.mozilla.org/en-US/firefox/addon/default-fullzoom-level/ 

here you can find more technical details:

About this Add-on

1.This extension can change Default FullZoom Level.
This extension is useful in the case of a high-definition display.

2. The zoom mode is restored every domain name or tab as well as the zoom level.

3. In the case of a local file, you can set whether zoom every file or every folder.

4. Two toolbar buttons are provided.
"A":Text Zoom BUtton.
"P":Full Zoom Button.
Left, middle, right button click will enlarge, reset and reduce page or text respectively.
Wheel button rotation will enlarge and reduce them.
And Shift+right click show up the option dialog.

5.Indicate Zoom level in Statusbar.
Left click : popup zoom level list
Middle click: reset zoom level
Right click: toggle zoom mode.

6. Keyboard shortcut:
TextZoom reduce :accel+ <(comma)
TextZoom enlarge :accel+>
Fullzoom reduce : default(accel+-)
Fullzoom reset : default(accel+0)
Fullzoom enlarge : default(accel++)
Where, An accel key may be a crtl key in Windows's keyboard.

If you want to ask something about this, please post it to the following forum.
http://forums.mozillazine.org/viewtopic.php?t=659681

Microsoft - Determine the tombstone lifetime for the forest

It's important know Tombstone value about your forest/domain in case you need to restore single user/Ou and so on with ADrestore.Exe utility (take a look to following blog article)

http://technet.microsoft.com/it-it/library/cc784932%28v=ws.10%29.aspx


Applied Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 Foundation, Windows Server 2008 R2, Windows Server 2008 R2 Foundation, Windows Server 2012

The tombstone lifetime in an Active Directory forest determines how long a deleted object (called a “tombstone”) is retained in Active Directory Domain Services (AD DS). The tombstone lifetime is determined by the value of the tombstoneLifetime attribute on the Directory Service object in the configuration directory partition.
You can use this procedure to determine the tombstone lifetime for the forest.
Membership in Domain Users, or equivalent, is the minimum required to complete this procedure.

More details:

Gruppi predefiniti locali e di dominio 


(http://go.microsoft.com/fwlink/?LinkId=83477).

To determine the tombstone lifetime for the forest using ADSIEdit

  1. Click Start, point to Administrative Tools, and then click ADSI Edit.
  2. In ADSI Edit, right-click ADSI Edit, and then click Connect to.
  3. For Connection Point, click Select a well known Naming Context, and then click Configuration.
  4. If you want to connect to a different domain controller, for Computer, click Select or type a domain or server: (Server | Domain [:port]). Provide the server name or the domain name and Lightweight Directory Access Protocol (LDAP) port (389), and then click OK.
  5. Double-click Configuration, CN=Configuration,DC=ForestRootDomainName, CN=Services, and CN=Windows NT.
  6. Right-click CN=Directory Service, and then click Properties.
  7. In the Attribute column, click tombstoneLifetime.
  8. Note the value in the Value column. If the value is , the value is 60 days.

To determine the tombstone lifetime for the forest using Dsquery

  1. Open a Command Prompt window. To open a command prompt, click Start, click Run, type cmd, and then press ENTER.
  2. At the command prompt, type the following command, and then press ENTER:
    dsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,
    dc=" –scope base –attr tombstonelifetime
    
    Be sure to replace with the actual distinguished name of the forest. For example, if your forest name is corp.proseware.com, type the following, and then press ENTER:
    dsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=corp,
    dc=proseware,dc=com" –scope base –attr tombstonelifetime
    

[update 2017.05.17]


From veeam article that explain how to recover deleted AD object using Veeam 

https://www.veeam.com/blog/reanimating-active-directory-tombstone-objects-best-practices-for-ad-protection.html

Here they are some articles parts:

Once the Active Directory object is deleted, it is not hard deleted from a system. As you may know, Active Directory makes the object hidden by changing its attribute isDeleted to TRUE value. Then, it drops most of the objects’ attributes, renames the object, and moves it to a special container (CN=Deleted Objects). From now on, the object has a tombstone status, and standard Active Directory utilities don’t see its presence. Then, the object is conserved within this special state for a lifetime period (60 days for Windows Server 2000/2003 and 180 days for Windows 2003 SP1/2008).  This is to ensure that the information about removal was successfully replicated across the system. Once the tombstone lifetime period is over, a special process called garbage collector physically removes the object from the database.
Here comes the question. If the tombstone object was not physically deleted within a certain amount of time, would it be possible to recover (reanimate) it? The short answer is yes.