Monthly Archives: August 2016

Run as different user, plus elevated

The Scenario

I have a user Joey Bloggs, who  has recently been migrated to a new domain DOMAINB.TEST. He’s currently logged on to a client in the DOMAINB.TEST domain. However he needs to run a powershell script against servers still residing in DOMAINA.TEST using his old DOMAINA credentials. NB there is a two-way trust between the domains.  However he also needs to run the script within an elevated Powershell ISE window.

The problem

Windows only provides the option to run as administrator OR a different user. I need to do both.

run_as

The Solution

On the DOMAINB.TEST client Joey Bloggs opens an elevated command prompt and enters:

runas /netonly /user:jbloggs@domaina.test PowerShell_ISE.exe

He’s them prompted to enter his DOMAINA.TEST credentials. The ISE sessions opens elevated and running as jbloggs@domaina.test.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Of course this would work just as well in the same domain. In this scenario Bill is logged in and for some reason needs to run a cmdlet or script as Joey Bloggs and within an elevated session. Bill would complete the following steps:

  1. Open an elevated command prompt
  2. Run runas /netonly /user:jbloggs@domaina.test PowerShell_ISE.exe
  3. Enter Joey’s credentials.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Advertisements

Cannot connect to Hyper-V host via Windows 8 Client and Hyper-V Manager

The Scenario

I have domain Windows 8.1 client with Hyper-V manager installed. There is also a Hyper-V host (Windows Server 2012 R2 with Hyper-V role). The client needs to connect to the Hyper-V host via the Hyper-V Manager. The user logged on to the client is a member of the Hyper-V Administrators group on the host.

The Problem

The connection attempt fails with the following error:

hvm-error1

The Solution

On the host open an elevated command prompt and run:

MOFCOMP %SYSTEMROOT%\System32\WindowsVirtualization.V2.mof

mofcomp

No reboot is required, the fix is immediate.

Disclaimer: provided “AS IS” with no warranties and confer no rights

ADMT: ERR2:7674 Unable to determine the local path for ADMIN share

The Scenario

I am attempting to migrate a server from one domain to another using the Microsoft ADMT (Active Directory Migration Tool). The ADMT is running as a Domain Admin account on the destination domain.

The Problem

ADMT reports the following error when attempting to run the pre-check

“ERR2:7674 Unable to determine the local path for ADMIN share on the machine ‘<server_fqdn>’.  rc=-2147024891”

The Pre-check fails and the migration tasks stops.

The Solution

Add the user account you’re logged in to the ADMT server (and running the migration task) as to the local admin group of the server you are trying to migrate. ADMT will detect the change within 1-2 minutes.

DISM – Check Image Health in Windows PE

The Scenario

My Windows 8.1 client has been corrupted by a recent update and it is failing to boot. The auto-repair functions are unable to resolve the issue so I’m stuck in a reboot loop.

The Problem

I’ve launched the recovery command prompt console (check the blog post to see how) but the usual commands I’d use to check the status and then repair a corrupt OS do not work in in the Windows PE environment:

Dism /Online /Cleanup-Image /ScanHealth
Dism /Online /Cleanup-Image /CheckHealth
Dism /Online /Cleanup-Image /RestoreHealth /Source:\\network_share\sxs /LimitAccess

This is the result of Windows PE profiling being removed in 8.1 resulting in some options having been removed. See TechNet for more details.

The Solution

Run the following commands instead:

DISM /Image:D:\ /Cleanup-Image /ScanHealth
DISM /Image:D:\ /Cleanup-Image /CheckHealth
DISM /Image:D:\ /Cleanup-Image /RestoreHealth

NB In my example windows PE had mounted the system drive to the D drive. Use wmic logicaldisk get name to determine the drive mapping to your system drive and replace the “Image:D” to match that drive mapping.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Extend Linux Partition

The Scenario

My Debian (Jessie 8.4) server has a 20GB root partition. It is a guest VM running in a VMware ESXi4.1 cluster.

The Problem

The root partition of the Debian server is only 20GB and the application hosted on this server won’t start as it is reporting the disk is full. There are no files i can delete from the disk so I need to expand it.

The Solution

There are two parts to this solution;

  1. Increase the vmdk file of the VM.
  2. Increase the disk size within the OS itself to utilise all the new disk capacity.

Phase 1: Increase the VM guest disk (.VMDK) file
In the vclient UI right click the VM and select settings then the hard disk you want to expand. Under disk provisioning increase the disk provisioned size to the required size. NB If this option is greyed out it is because there is at least one snapshot of that disk, you will have to delete all snapshots before proceeding).

vm_disk_size_orig

In my case I increased the disk to 50GB, then click OK to have disk increased.

Phase 2: Backup Data on Disk

Whilst I have never experienced any data loss completing this operation, any disk reconfiguration does present a risk. Have a full data backup at the ready before proceeding to Phase 3.

Phase 3: Increase the disk within the OS
At this point the OS has no idea you have expanded the capacity of its disk. You need to use the FDISK command to do this.

Step 1 – Check Operating System Detects New Disk Size:
Confirm that the disk has increased by running lsblk

lsblk

In this example you can see that sda is the disk, which has been increased from 20GB on the VMware console to 50GB. The next step is to increase the partition size of /dev/sda1 to use all of this additional space

Step 2 – Remove Swap:
First unmount any Swap mount using swapoff -a

Step 3 – Print Partition Table:
Run fdisk /dev/sda (or whatever your main disk is called – see above). Then press P to print the Partition table. In this examples there is a single partition called /dev/sda1 . In this example it’s also importnat note that the * in the boot column, (no prizes for guessing this is the boot partition). If your partition is also a boot partition you will require an extra step once the new partition is created (see Step 6)

fdisk

Important! The key number out of this entire list is the start number (in this example 2048) as you need this later in this process

Step 4 – Delete the Current Partition:
Yes, you heard me correctly, in order to expand a Linux partition you have to delete the existing one, then create a new larger partition. Please note that your data is secure during this process (though do have your backup at the ready).

Press d to delete /dev/sda1 partition. Upon pressing d you’ll be asked for the Id number of the partition you want to delete. In this example I want to delete /dev/sda1 which has the Id 83. If I had more than one partition I would have to stipulate Id 83 and press enter. However as this is my only partition it is automatically selected.

Important! DO NOT press w at this point, wait until the new partition has been created later in the process.

Press p to confirm /dev/sda1 has been deleted

Step 5 – Create a New Partition:
Press n to create a new primary partition. Select partition number 1, the start sector 2048 (the same start number as shown above) and select the default last sector i.e. the whole disk.

new-part1

Step 6 – Make New Partition Bootable:
Press a to toggle the bootable flag on the new /dev/sda1

bootable

Step 7  – Write Changes
Press w to write the new partition table to disk. You’ll get a message telling that the kernel couldn’t re-read the partition table because the device is busy, but that it will applied at the next reboot.

write

Reboot the server with the reboot command.

Step 8 – Resize Partition

At this point the partition knows to use the full size of the new disk but it has yet to complete this process. The final task is to initiate the resizing of the partition.

Login as root and run resize2fs /dev/sda1 – this form will default to making the filesystem to take all available space on the partition. NB This process can take several minute depending on the size of the new disk.

Run df -h to confirm your new partition (/dev/sda1) is the size required.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Windows Service “Starting” or Hung

The Scenario
I had to restart a service on my Windows 8.1 client

The Problem
The service took serveral minutes to try and start then hung with the status “starting”. I cannot stop, start or restart the service from the UI, using SC or via PowerShell.

The Solution
The only option is to forcibly kill the service. This involves finding the Process Identifier number then using this as the target of a taskkill command:

1. Get the PID of the hung service using: sc queryex <service_name>
PID

2. Kill the specific PID (forcibly): taskkill /f /pid [PID]
Kill_PID

TeamCity: SQL exception: Cannot open database – 500 Internal Server Error

The Scenario

I rebooted my TeamCity server following updates.

The Problem

When I start the TeamCity agents they report a 500 Internal Server Error and the login page (http://teamcity-server:8080) reports the error:

SQL exception: Cannot open database requested by the login. The login failed. ClientConnectionId:f17b1159-b183-4241-bc98-c119d1767b49

The Solution

The issue is that the TeamCity Server service is starting and requesting database access before the MSSQL services are ready.

Quick Fix: Restart the TeamCity Server service (sc stop teamcity && sc start teamcity)

Long-term Fix: Change the TeamCity Server service startup type from Automatic to Automatic (Delayed) (sc config teamcity start= delayed-auto)

 

Disclaimer: provided “AS IS” with no warranties and confer no rights