Windows 10 1903 ESENT Event 455

The powers that be… err rather the developers that be at Microsoft missed a step for the 1903 upgrade.  Every Windows 10 device that has this event message in the Application Log because the folder is missing under the systemprofile AppData folder… Doh.

Here’s the error message:

Log Name: Application
Source: ESENT
Date: 11/8/2019 10:22:06 AM
Event ID: 455
Task Category: Logging/Recovery
Level: Error
Keywords: Classic
User: N/A
Computer: Computername…
Description:
svchost (1332,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

So how to fix and remove the error message… open Admin cmd prompt and go to the C:\WINDOWS\system32\config\systemprofile\AppData\Local Folder and type:

md TileDataLayer

followed by

md TileDataLayer\Database

Thereafter you can close cmd.exe prompt and the error should go away.

 

Categories: Active Directory

Datto RMM Agent Browser lost in Chrome extensions

A few days ago I noticed that after some updates or whatever on my laptop, that the Agent Browser for Datto (Autotask) RMM wasn’t opening when trying to access a client’s machine. I could do the web access but anything requiring the Agent Browser to open, failed. Rather than uninstalling I dug into what was going on between a working machine and a non working machine. Plus found something on the web that described similar issue with other application.

Long story short, this is because the Agent Browser setting got lost in the Chrome Setting Preferences file. The file is located here:
c:\users\\appdata\local\google\chrome\user data\default\preferences

Look for Excluded_Schemes and if not found, add the information below back to the preferences file and save. then close out of Chrome and re-open. Thereafter when you want to connect to client’s desktop using the Agent Browser, it will be called upon.

Look for this area of preferences:
{“prompt_seed”:”3D27E4CC2D0E92F24A3C5968E9DBDADBE0EBA5B25796B65941263B9AA403604F”,”prompt_version”:”3DA0AEEA958AC953255D01DECEE8E9C6B22C092A3506B81E2C72B7BDEAFEF4A8″,”reporting”:”3B35D18EE559CA6ABF680C70EAC5575A6D243BEA86B122BC695E781FE07E12FC”}}},“protocol_handler”:{“excluded_schemes”:{“cag”:false,”gotoopener”:false,”teamviewer8″:false,”zoommtg”:false,”zoomrc”:false}},“session”:{“restore_on_startup”:4,”startup_urls”:

Add section in italics to the file, hit save and reopen chrome.

hope this helps MSP’s out there in need of this relief!

You cannot turn on Network Discovery in Network and Sharing Center in Windows Server

Assume that you try to turn on Network Discovery on a computer that is running any version of Windows Server. To do this, you change the Advanced sharing settings in Network and Sharing Center. However, the changes are not saved. Therefore, you cannot turn on Network Discovery, and you experience the following issues:

  • You cannot browse or find any network share.
  • You cannot view shared folders on a local network.

This issue occurs for one of the following reasons:

  • The dependency services for Network Discovery are not running.
  • The Windows firewall or other firewalls do not allow Network Discovery.

To resolve the issue, follow these steps:

  1. Make sure that the following dependency services are started:
  2. DNS Client
  3. Function Discovery Resource Publication
  4. SSDP Discovery
  5. UPnP Device Host

 

Configure the Windows firewall to allow Network Discovery. To do this, follow these steps:

  1. Open Control Panel, click System and Security, and then click Windows Firewall.
  2. In the left pane, click Allow an app or feature through Windows Firewall if you are running Windows Server 2012. Or, click Allow a program or feature through Windows Firewall if you are running Windows Server 2008 or Windows Server 2008 R2.
  3. Click Change settings. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Select Network discovery, and then click OK.

 

Configure other firewalls in the network to allow Network Discovery.

Turn on Network Discovery in Network and Sharing Center.

Redirect new users and new computers to different OU in Active Directory

I’m sure everyone knows this but it’s often forgotten and not used.  I find it useful to redirect new users and new computers joined to the domain to go to an OU where you can create policies.  Never mind why Microsoft didn’t do this in the first place.

Here are the two commands to redirect users and computers respectively.

Redirect users to different container:  redirusr <DN path to alternate OU>

  1. Ex: redirusr “OU=Users,OU=My Office,DC=domain,dc=local”

Redirect computers to different OU:  redircmp container-dn container-dn

  1. Ex: redircmp “OU=Computers,OU=My Office,DC=domain,dc=local”
Categories: Active Directory

Deleting directory with long names inside

When you want to completely delete a directory and it has file with long names inside it, Robocopy does a VERY good job.  The type of folders in this case could be Favorites with URLs that are really long.  When this happens the folder/file path becomes too long for Windows to delete properly.

Open Cmd.exe prompt as administrator.

Type the following commands:

  1. mkdir “empty_dir”
  2. robocopy “empty_dir” “the_dir_to_delete” /s /mir
  3. rmdir “empty_dir”
  4. rmdir “the_dir_to_delete”

 

 

Windows Server 20xx Essentials cannot connect to O365.

I found this cheat to reset the connection between the Essentials Server Dashboard and O365.

First check the log to find out why it’s failing.  Log file is found here:

C:\ProgramData\Microsoft\Windows Server\Logs\SharedServiceHost-EmailProviderServiceConfig.log

If log looks something like the below, then follow steps to fix:

BecWebServiceAdapter: Connect to BECWS failed due to known exception : System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://bws902-relay.microsoftonline.com/ProvisioningWebservice.svc?Redir=1098557810&Time=636356539931802459 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused

 

To fix:

Open Regedit and navigate to the following key:

HKEY_Local_Machine\Software\Microsoft\Windows Server\Productivity\O365Integration\Settings

Delete the BecEndPointAddress key.

Close Regedit and re-open the Essentials Dashboard.  Re-attempt to integrate with O365 and this time it should work.

Reference Link:  https://social.technet.microsoft.com/Forums/windowsserver/en-US/6c855e8f-795f-485c-9b29-2732a45e94a6/i-cannot-integrate-office-365-with-server-2012r2?forum=winserveressentials>

Resetting local Admin password for any Windows machine.

It’s kinda crazy how easy it is to crack a user’s workstation without ever logging onto the machine.  It really means we should keep track of our local Admin passwords on our workstations and servers and after that lock down the BIOS so no one can re-arrange the boot order to be able to boot off a USB stick.  When I worked at Microsoft, we developed a secured workstation that severely locked down the BIOS such that only the hard drive could boot – the key here was putting a password in the BIOS to prevent unauthorized changes.

However, there is at times a need to crack/reset the local Admin account password.  This happened to me this week when I took over a client from another colleague of mine but the passwords for the Admin accounts were lost and since the users were just users (not admins) they couldn’t install anything nor make any system changes.

This procedure is out on the web too but thought I’d add my two cents.

Prerequisites:
1.  Bootable USB stick – with Windows OS install or something else that will at least get you to a cmd prompt.
2.  Access to BIOS to change boot order and allow USB to boot first prior to Operating System.

Setup BIOS to boot from USB first:
1.  Boot up computer/server and use whatever Function keys to access the Bios.
2.  Change menu option till you select BOOT.  Then use keys to move USB boot to top of the line.
3.  Save and reboot computer.

Change SETHC application to open cmd.exe application:
1.  Insert bootable USB tool into port in computer.
2.  System should select USB to boot first – if it didn’t try again and if still not, recheck BIOS settings to ensure Boot order has right USB set at top.
3.  When setup screen comes up from USB, hit Shift+F10 to open cmd.exe prompt.
4.  Locate the Drive C: or whichever drive letter has the operating system on it.
5.  Change directories to get to c:\windows\system32 directory.
6.  Type: copy c:\windows\system32\sethc.exe c:\sethc.exe  * Note this makes a copy of executable file so you can copy it back after procedure is done.
7. Type: Copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe – This copies cmd prompt exe on top of sethc.exe (sticky keys application).
8. Reboot computer and remove USB from computer.

Change Admin Password:
1. At logon screen of computer, hit the Shift key a bunch of times, sometimes holding it down will do the same.   The result will be a cmd.exe prompt running under the system context which gives access to reset passwords and do a host of other things.
2. To look for users type:  net user  – this will dump out list of users.
3. To reset password for say Admin account type:  net user Admin password (substitute password for the real password.  Should get a result of completed successfully.
4. Make sure the account you just reset password is active, to check type: net user Admin – it will show full status of account – look for attribute: Active  – if says No… then you need to activate/enable it in order to use it.
5.  To make active: net user Admin /Active:yes;  Then check attributes again to ensure it’s active.
6.  Now you can reboot back and access the machine using the admin account with password you just set,  but you also have to go back with the USB utility to change the exe of sethc.exe back to it’s original function.

Reset System back to normal:
1. Reboot computer with USB inserted.
2. At setup screen, hit Shift+F10 to open cmd.exe prompt.
3. Change directory to c:\windows\system32
4. type: Copy c:\sethc.exe c:\windows\system32\sethc.exe  – This returns original sethc.exe to copy over cmd application named sethc.exe.
5.  exit and reboot computer and go back into BIOS to change boot order again to where Drive is primary (or whatever you would like).

Thanks.

 

Autotask Endpoint Mgmt splashtop remote tool fails to open from Agent Browser

I’ve been using Autotask Endpoint Management to monitor and manage my clients’ systems. Today I had a problem where my laptop was actually a part of another Autotask account and the change over to my account was pretty gnarly!

There should be a procedure for how to do such things but so far there isn’t.
Steps to take:
1. Remove account from instance of Autotask (one you’re leaving) delete the account and let it take it’s course in uninstalling on the client machine.
2. Should the second part not work, go to appwiz.cpl (short for Programs and Features) old Win95 reference to Add/remove programs. From there remove the Centrastage application.
3. Once all that is cleared up you should be able to install the new client agent from the new AEM Site.
Here’s where things went amiss.

I did all the above, not necessarily in the same order but got it done.
However upon step #3, the agent (system tray) would not start. Took a while to figure out that my AV/Firewall was blocking the application from starting.. Or another option is access to the c:\programdata\centrastage folder – but after checking Perms – they all seemed good and my account and System had Full Control.

Found a tidbit to run C:\Program Files (x86)\CentraStage\Gui.exe from a command prompt to let it run through it’s paces to get the Centrastage Tray working. With FW turned off and after running this the tray application could start.

However even with it running, I could not manage my client machines – the tool wouldn’t start the agent browser where you can then look at and open remote console tools…ugh
So decided to uninstall again and rip out all other parts of Centrastage application:
rmdir or just type: rd /S /Q “C:\Program Files (x86)\CentraStage”
rd /S /Q “C:\Windows\System32\config\systemprofile\AppData\Local\CentraStage”
rmdir /S /Q “C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CentraStage”
rd /S /Q “C:\Users\%%f\AppData\Local\CentraStage”
rmdir /S /Q “%ALLUSERSPROFILE%\CentraStage”
reg delete “HKCR\cag” /f
reg delete “HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run” /v CentraStage /f

After, reinstalled everything and still not able to manage my client systems from the laptop.

Next decided to remove all the above again, and then remove all instances of Splashtop remote agents.
– Uninstalled Splashtop Streamer
– Uninstalled Splashtop Business Tool
Manually removed all splashtop folders found:
rd /q /s “C:\Program Files (x86)\Splashtop”
rd /q /s C:\programdata\splashtop
rd /q /s c:\%userprofile%\appdata\local\splashtop

Searched Registry for Splashtop items and removed things there as well (too many to list).

Did all that, and re-installed CentraStage application which in turn installed splashtop…
From there I was able to run the Agent Browser to connect to a device but when connecting to said machine using the splashtop plugin, Received a prompt asking which application to use to open the ST-Centrastage application… uh What? The only choice it gave you was to search the Microsoft Store… again What? What did I do to cause this behavior.

See picture:

The prompt states: You’ll need a new app to open this st-centrastage
with option to only look in the Store…

After much searching for st-centrastage and other… I was stumped and filed a ticket with Autotask folks.

Later in the day, decided to take a clean machine, join it to my AEM account and try to connect to a device using Splashtop. Before it could connect it prompted me stating it was missing the Splashtop Remote agent.. hmmm, said yes install it and then watched appwiz.cpl to see what application got installed – Sure enough MSP Remote Support by Splashtop was installed.
Went back to laptop and found the application was there but it couldn’t be uninstalled because I previously deleted all the Splashtop folders. Doh!

There are very few references on line for how to install this tool, there are plenty for uninstalling it but that doesn’t help when all the files are gone.

Ended up searching the registry for “MSP Remote” – started to delete all instances here as well so the connection program would later prompt me to re-install like on clean system above. As I ran through and found all the instances and deleted them, I came across one that showed the installer msi file used to install the application: LocalPackage – C:\windows\installer\43aee708.msi (different for every machine). So on laptop, went to that directory and ran the install. Rebooted and whoo hoo! success!

In a nutshell, to resolve transitioning from one AEM Instance to another
– Remove everything
– including the MSP application,
– then go back and remove the directories like above.
– then install the new AEM agent and attempt a remote connection (splashtop) if it fails with attached picture, search for the MSP Remote Support by Splashtop in registry to find the msi installer file to run and re-install this. without it you’ll go crazy looking for the solution. :).

Hope this helps.

How to remove about.blank from Internet Explorer

Been trying to figure out how to fix the start page in Internet Explorer. Unfortunately when you search for this on the web, all you get is a bunch of junk information with no real solution – mostly you get links to other scanners and spyware tools that really gets you nowhere.

Steps to fix:
1. Run a full scan with your antivirus software – make sure it’s a full system scan and all is clean.

2. If the AV finds nothing wrong with your computer, try running the CWShredder software from TrendMicro.

3. If results turn up nothing then you’re most likely not infected by any virus but you’ll find you still cannot change the start page.

4. Make sure the Search providers (under manage add-ons) show up nothing out of the ordinary – if it doesn’t show Bing and/or Google but something else – remove those and add the search provider of your choice back in.

5. Next go to the registry editor and find the “Start Page” value under the registry location: HKCU\software\Microsoft\Internet Explorer\Main and/or under HKLM\Software\Microsoft\Internet Explorer\Main
Try to edit the Start Page option – if you receive an error after typing it in then you’ll need to follow the next step:

6. Reboot computer into Safe Mode (during reboot process – Hit the F8 key several times till you get Safe Mode startup Menu. Choose Safe Mode Command prompt.

7. Logon with user account.

8. Open regedit.exe and peruse to the two locations from above.
Make changes to the Start Page in both locations – say http://www.bing.com

9. Reboot back into normal mode. Your Start Page should now open to Bing.com.

If you find any other solutions of value, please post them here.

Thanks.

Categories: Consulting, Win7

Windows 7 Bad Image Error

photo2

photo1

Client sent me email with errors on her Windows 7 machine with the attached photo.

The error came up with Bad-Image

C:\windows\system32\LMIRfsClientNP.dll is either not designed to run on Windows or it contains an error.  Try installing the program again using the original installation media or contact your system administrator or the software vendor for support.

Okay so what is this dll for might you ask?  Well after searching a bit, it belongs to Logmein too – a tool I install on all my clients in order to assist when necessary. 

Resolution – just re-install the Logmein tool and all will be well :). 

Thanks.