Category Archives: Windows General

WSUS Console Fails to Start: SQL server may not be running

The Scenario

I have WSUS installed on a Windows Server 2012 Standard instance. At the weekend I have installed various updates, including KB3159706.

The Problem

Once KB3159706 installed the WSUS console will not run despite both the WSUS Service and Windows Internal Database services running. It keeps reporting the error that the SQL server may not be running, which is not the case.

The Solution

The fault lies with update KB3159706, and there are two options

Solution 1 (Preferred):

Open an elevated command prompt and type

“C:\Program Files\Update Services\Tools\wsusutil.exe” postinstall /servicing

wsus1

Wait 1-2 minutes for it to complete…

wsus2

Enable HTTP Activation under .NET Framework 4.5 Features (I did this in PowerShell or use the Server Manager GUI)

Install-WindowsFeature AS-HTTP-Activation

wsus3

Finally, restart the WSUS Service

get-service WsusService | Restart-Service

The WSUS console should now launch successfully.

 

Solution 2 (less secure):

You can simply uninstall this update from the Control Panel (Control Panel > All Control Panel Items > Programs and Features > Installed Updates and search for this update, right-click and select uninstall).

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

MBAM Event ID 2: Error code:0x80310052

 in order to encryptThe Scenario

I have amended the disk partition configuration on my computer, now I need to run the MBAM (Microsoft BitLocker Administration and Monitoring – the enterpise implementation of BitLocker) client in order to encrypt the C drive.

The Problem

The MBAM client launches OK and I can set a PIN, but when I click proceed with the encryption of my C drive it fails with the following error:

mbam0

Reviewing the MBAM event logs (Event Viewer > Applications and Service Logs > Microsoft > Windows > MBAM > Admin logs). There is the following associated event:

mbam1

Event ID: 2

Error Code: 0x80310052

Details: The path specified in the Boot Configuration Data (BCD) for a BitLocker Drive Encryption integrity-protected application is incorrect. Please verify and correct your BCD settings and try again.

The Solution

In my case this is a result of me changing the size of the system partitions, so Windows becomes confused about where it should store the BitLocker BDE files. To repair this complete the following:

  1. Open an elevated command prompt and type: bcdboot %systemdrive%\Windows (requires a reboot but do not do so yet).
  2. Open Explorer, Go to C:\Windows\System32\Recovery and rename REagent.xml to eg. REagent.old.xml.
  3. Reboot computer.
  4. Rerun MBAM client.

 

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

ADMT Computer Migration Error: “Unable to determine which Domain the machine ‘computer-name’ belongs to”

The Scenario

I am attempting to migrate a computer account from domain “eng.domain1.test” to mynewdomain.test. There is a two-way forest trust between them. The two servers can ping each other using the FQDN.

The Problem

When I run the ADMT Computer migration wizard I search for and find the name of the computer I want to migrate (comp1.eng.domain1.test). However when  clicked next to proceed it returned the error:

“Unable to determine which Domain the machine ‘comp1’ belongs to”

I am blocked from proceeding with the migration.

The Solution

My issue was DNS related. The GPO applied to the ADMT server, which amongst other things defines the DNS suffix list in the advanced TCP-IP properties tab for the ADMT server’s Ethernet properties, did not include the domain eng.domain1.test.

Once I amended the GPO setting (Computer Configuration > Polices > Administrative Templates > Network > DNS Client > DNS Suffix search list) to include eng.domain1.test and this was applied to the server, I rebooted (it didn’t work until I did this) launched ADMT and this time it could determine the domain membership.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Partition Assist Standard – “Bootmgr is missing Press Ctrl+Alt+Del to restart”

The Scenario

I have a PC running Windows 7, it has a 300GB C drive and a 100mb System Reserved partition. I need to increase the size of the 100mb System Reserved Partition to 600mb. I’m going to use Partition Assistant Standard Edition 6.1 to complete the following tasks:

  1. Shrink the C drive by 500mb – this will create a 500mb unallocated blob at the end of the C drive partition.
  2. Move the C drive so the unallocated 500mb is to the right of the System Reserved partition (you can only extend a partition if there is unallocated space directly next to it)
  3. Increase the System Reserved partition to 600mb.

 

The Problem

I completed steps 1 & 2, applied them and restarted the computer (as is required as I have virtual of moving the OS partition). Upon reboot the computer fails to boot (shifting the C drive has moved the files but the partition table doesn’t yet know this has happened and is still pointing to boot files that no longer exist where it thinks they do) and Partition Assistant does not run to complete the tasks. All I get is the following error instead:

“Bootmgr is missing Press Ctrl+Alt+Del to restart”

The Solution #1 (You have the Windows OS installation media)

  1. Insert the Windows OS installation media and reboot – you need this to get to the Repair option.
  2. RC0a
  3. The media will start the installation process (you’re not going to proceed with the install). Select the Language and Time/Currency format settings for your current installation. Click Next
  4. RC0b
  5. In the lower left corner click the Repair your computer option
  6. RC0c
  7. The System Recovery Options will launch
  8. RC1
  9. Assuming your OS has been listed click Next to proceed.IMPORTANT Note the Location description, this is important for Step 12 when using the Recovery Command Prompt as you need to switch to the drive that has the OS installed and the drive mappings are temporarily changed whilst in Recovery mode.
  10. In the next System Recovery Options screen select the Command Prompt option
  11. RC2
  12. The Recovery Command Prompt will open at the X drive. Change to the D drive (or whatever drive letter was stated in step 7.
  13. RC4
  14. Type bcdboot d:\windows /s c: and press enter.
  15. RC5
  16. Type exit to close the command prompt and press Restart to reboot.
  17. RC6
  18. At this point I rebooted my PC and Partition Assistant ran it’s pending tasks and rebooted the PC. The OS then loaded normally.

The Solution #2 – if you do not have the Windows OS Installation media

  1. Reboot your computer and press F8 repeatedly until the Advance Boot Options window opens.
  2. RC7
  3. Select the top option Repair Your Computer

 

 

Hyper-V VM not recognising F8 Safe Boot Mode Keystroke

The Scenario

I have a Windows Server Vm running in Hyper-V. I have a problem with the OS and need to boot into Safe Mode by pressing F8 at boot time.

The Problem

The VM is not responding to the F8 keystroke, even if i start pressing it repeatedly, even over-zealously (mimicking days of yore when I played Daley Thompson’s Decathlon on the ZX Spectrum) as soon as the VM starts. The Safe Mode menu fails to materialise, instead it just boots as normal.

The Solution

Change the VM Automatic Start Action settings by changing the Automatic start delay time from 0 to 5 seconds (or any number great than 3 seems to work). Click OK to Confirm.

f8_error

Now when you restart the VM and press F8 the menu will appear:

8_per_1

 

Time; Windows Time Servive (W32tm)

Describes how to configure the Windows Time service (w32tm).

Configure an External NTP server

Open an elevated command prompt and type the following:

1. Net Stop w32Time
2. w32tm /config /syncfromflags:manual /manualpeerlist:””
3. w32tm /config /reliable:yes
4. Net Start w32Time
5. w32tm /config /update
6. w32tm /resync
7. w32tm /query /source (use this to confirm the NTP source set in step two)

EXAMPLE: W32tm /config /syncfromflags:manual /manualpeerlist:”0.uk.pool.ntp.org,1.uk.pool.ntp.org”

http://technet.microsoft.com/en-us/library/w32tm%28v=ws.10%29.aspx For further details an additional switches.

Configure a Client Computer for Automatic Domain Time Synchronisation (2003)

All clients within a domain should automatically synchronise their time from any available domain controller (domain controllers in turn synchronise their time from the domain controller that holds the PDC FSMO). However sometime this configuration doesn’t work and the client uses its internal CMOS clock instead, in these cases the client must be reconfigured to use the domain time by using the domhier (domain hierarchy) switch:

Open an elevated command prompt and type the following:

1. Net Stop w32Time
2. w32tm /config /syncfromflags:domhier
3. Net Start w32Time
4. w32tm /config /update
5. w32tm /resync
6. net time /querysntp

Configure a Client Computer for Automatic Domain Time Synchronisation (2008R2 and above)

Open an elevated command prompt and type the following:

1. Net Stop w32Time
2. w32tm /config /syncfromflags:domhier
3. Net Start w32Time
4. w32tm /config /update
5. w32tm /resync
6. w32tm /query /source

Disclaimer: provided “AS IS” with no warranties and confer no rights

DISM – Check Image Health in Windows PE

The Scenario

My Windows 8.1 client has been corrupted by a recent update and it is failing to boot. The auto-repair functions are unable to resolve the issue so I’m stuck in a reboot loop.

The Problem

I’ve launched the recovery command prompt console (check the blog post to see how) but the usual commands I’d use to check the status and then repair a corrupt OS do not work in in the Windows PE environment:

Dism /Online /Cleanup-Image /ScanHealth
Dism /Online /Cleanup-Image /CheckHealth
Dism /Online /Cleanup-Image /RestoreHealth /Source:\\network_share\sxs /LimitAccess

This is the result of Windows PE profiling being removed in 8.1 resulting in some options having been removed. See TechNet for more details.

The Solution

Run the following commands instead:

DISM /Image:D:\ /Cleanup-Image /ScanHealth
DISM /Image:D:\ /Cleanup-Image /CheckHealth
DISM /Image:D:\ /Cleanup-Image /RestoreHealth

NB In my example windows PE had mounted the system drive to the D drive. Use wmic logicaldisk get name to determine the drive mapping to your system drive and replace the “Image:D” to match that drive mapping.

 

Disclaimer: provided “AS IS” with no warranties and confer no rights

Windows Service “Starting” or Hung

The Scenario
I had to restart a service on my Windows 8.1 client

The Problem
The service took serveral minutes to try and start then hung with the status “starting”. I cannot stop, start or restart the service from the UI, using SC or via PowerShell.

The Solution
The only option is to forcibly kill the service. This involves finding the Process Identifier number then using this as the target of a taskkill command:

1. Get the PID of the hung service using: sc queryex <service_name>
PID

2. Kill the specific PID (forcibly): taskkill /f /pid [PID]
Kill_PID