Find patch installed or not find remote machine


Get-HotFix -ComputerName “PC1” | Where-Object -Property HotfixID -EQ “KB4040980”

 

 

Advertisements

Listening Ports & Netsh Bindings


Verify Listening Ports

If you want to investigate the TCP ports which the AD FS server is listening on, netstat can be used for this.

netstat -anob | findstr "443"

Verifying SSL Listening Ports Using Netstat

Verify Netsh Bindings

The same applies if you want to see the SSL bindings.  We can use netsh to review them:

netsh http show ssl | findstr /i "Hostname:port"

Verifying SSL Bindings Using Netsh

Event 36870/ 36880: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030D. The internal error state is 10001


A user in my environment was complaining that he was unable to connect to a remote server via Microsoft Remote Desktop Protocol (RDP), and provided the following screenshot:

img-001

 

Img-002.png

While all may seem well from the Certificates MMC snap-in, the solution to this error lies within the following directory:

C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

In my case, someone modified the permissions, denying a specific security group Full Control access to this directory. Also, the default permissions usually applied to this directory were non-existent.

To correct this, I made the following permission changes (these are the defaults):

Everyone; Allow; Read and Write

Administrators; Allow; Full Control

I also removed the Deny permission mentioned earlier.

After this I restarted the server, which resolved the issue for me. If this issue persists after granting the above mentioned permissions, you could also attempt to grant the following permisson:

NETWORK SERVICE; Allow; Read

https://blogs.msdn.microsoft.com/kaushal/2012/10/07/error-hresult-0x80070520-when-adding-ssl-binding-in-iis/

https://blogs.technet.microsoft.com/askperf/2014/10/22/rdp-fails-with-event-id-1058-event-36870-with-remote-desktop-session-host-certificate-ssl-communication/

How to install a .msu update on Windows 7 from the command line

object meta data information


repadmin /showobjmeta . “CN=JAYESH ROHIT,OU=Users,OU=Kolkatta,OU=Essel Mining,OU=Mining & Ferro Chem,OU=India,DC=testDC=me,DC=com”

. means search all the server

repadmin /showobjmeta ab-mumahu-dc03 “CN=JAYESH ROHIT,OU=Users,OU=Kolkatta,OU=Essel Mining,OU=Mining & Ferro Chem,OU=India,DC=abgplanet,DC=abg,DC=com”

specific DC server name :ab-mumahu-dc03

Search users specific OU


Get-ADUser -Filter * -SearchBase “OU=Belgaum,OU=Hindalco Industries,OU=Metals,OU=India,DC=me,DC=test,DC=com” -Properties * | select ‘SamAccountName’ , UserPrincipalName | Out-GridView

Note: result only view SAMACCOUNTNAME and UPN name.

 

Domain Join Debug Log


  • Open the file C:\WINDOWS\Debug\NetSetup.log.
  • Go to the very bottom of the file and find the last “NetpDoDomainJoin: status:”
  • If it is not 0x0, then the domain join failed and the code listed instead of 0x0 is the reason it failed.
  • Now, look at each previous line in the file until you come across the last line in the file that returned the same failure code as your Domain Join.
  • You have found the step of the domain join that failed and the reason it failed.

%d bloggers like this: