Windows 10 1903 ESENT Event 455

The powers that be… err rather the developers that be at Microsoft missed a step for the 1903 upgrade.  Every Windows 10 device that has this event message in the Application Log because the folder is missing under the systemprofile AppData folder… Doh.

Here’s the error message:

Log Name: Application
Source: ESENT
Date: 11/8/2019 10:22:06 AM
Event ID: 455
Task Category: Logging/Recovery
Level: Error
Keywords: Classic
User: N/A
Computer: Computername…
Description:
svchost (1332,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

So how to fix and remove the error message… open Admin cmd prompt and go to the C:\WINDOWS\system32\config\systemprofile\AppData\Local Folder and type:

md TileDataLayer

followed by

md TileDataLayer\Database

Thereafter you can close cmd.exe prompt and the error should go away.

 

Categories: Active Directory

Datto RMM Agent Browser lost in Chrome extensions

A few days ago I noticed that after some updates or whatever on my laptop, that the Agent Browser for Datto (Autotask) RMM wasn’t opening when trying to access a client’s machine. I could do the web access but anything requiring the Agent Browser to open, failed. Rather than uninstalling I dug into what was going on between a working machine and a non working machine. Plus found something on the web that described similar issue with other application.

Long story short, this is because the Agent Browser setting got lost in the Chrome Setting Preferences file. The file is located here:
c:\users\\appdata\local\google\chrome\user data\default\preferences

Look for Excluded_Schemes and if not found, add the information below back to the preferences file and save. then close out of Chrome and re-open. Thereafter when you want to connect to client’s desktop using the Agent Browser, it will be called upon.

Look for this area of preferences:
{“prompt_seed”:”3D27E4CC2D0E92F24A3C5968E9DBDADBE0EBA5B25796B65941263B9AA403604F”,”prompt_version”:”3DA0AEEA958AC953255D01DECEE8E9C6B22C092A3506B81E2C72B7BDEAFEF4A8″,”reporting”:”3B35D18EE559CA6ABF680C70EAC5575A6D243BEA86B122BC695E781FE07E12FC”}}},“protocol_handler”:{“excluded_schemes”:{“cag”:false,”gotoopener”:false,”teamviewer8″:false,”zoommtg”:false,”zoomrc”:false}},“session”:{“restore_on_startup”:4,”startup_urls”:

Add section in italics to the file, hit save and reopen chrome.

hope this helps MSP’s out there in need of this relief!

You cannot turn on Network Discovery in Network and Sharing Center in Windows Server

Assume that you try to turn on Network Discovery on a computer that is running any version of Windows Server. To do this, you change the Advanced sharing settings in Network and Sharing Center. However, the changes are not saved. Therefore, you cannot turn on Network Discovery, and you experience the following issues:

  • You cannot browse or find any network share.
  • You cannot view shared folders on a local network.

This issue occurs for one of the following reasons:

  • The dependency services for Network Discovery are not running.
  • The Windows firewall or other firewalls do not allow Network Discovery.

To resolve the issue, follow these steps:

  1. Make sure that the following dependency services are started:
  2. DNS Client
  3. Function Discovery Resource Publication
  4. SSDP Discovery
  5. UPnP Device Host

 

Configure the Windows firewall to allow Network Discovery. To do this, follow these steps:

  1. Open Control Panel, click System and Security, and then click Windows Firewall.
  2. In the left pane, click Allow an app or feature through Windows Firewall if you are running Windows Server 2012. Or, click Allow a program or feature through Windows Firewall if you are running Windows Server 2008 or Windows Server 2008 R2.
  3. Click Change settings. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  4. Select Network discovery, and then click OK.

 

Configure other firewalls in the network to allow Network Discovery.

Turn on Network Discovery in Network and Sharing Center.

Redirect new users and new computers to different OU in Active Directory

I’m sure everyone knows this but it’s often forgotten and not used.  I find it useful to redirect new users and new computers joined to the domain to go to an OU where you can create policies.  Never mind why Microsoft didn’t do this in the first place.

Here are the two commands to redirect users and computers respectively.

Redirect users to different container:  redirusr <DN path to alternate OU>

  1. Ex: redirusr “OU=Users,OU=My Office,DC=domain,dc=local”

Redirect computers to different OU:  redircmp container-dn container-dn

  1. Ex: redircmp “OU=Computers,OU=My Office,DC=domain,dc=local”
Categories: Active Directory

Deleting directory with long names inside

When you want to completely delete a directory and it has file with long names inside it, Robocopy does a VERY good job.  The type of folders in this case could be Favorites with URLs that are really long.  When this happens the folder/file path becomes too long for Windows to delete properly.

Open Cmd.exe prompt as administrator.

Type the following commands:

  1. mkdir “empty_dir”
  2. robocopy “empty_dir” “the_dir_to_delete” /s /mir
  3. rmdir “empty_dir”
  4. rmdir “the_dir_to_delete”

 

 

Windows Server 20xx Essentials cannot connect to O365.

I found this cheat to reset the connection between the Essentials Server Dashboard and O365.

First check the log to find out why it’s failing.  Log file is found here:

C:\ProgramData\Microsoft\Windows Server\Logs\SharedServiceHost-EmailProviderServiceConfig.log

If log looks something like the below, then follow steps to fix:

BecWebServiceAdapter: Connect to BECWS failed due to known exception : System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://bws902-relay.microsoftonline.com/ProvisioningWebservice.svc?Redir=1098557810&Time=636356539931802459 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. —> System.Net.WebException: Unable to connect to the remote server —> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused

 

To fix:

Open Regedit and navigate to the following key:

HKEY_Local_Machine\Software\Microsoft\Windows Server\Productivity\O365Integration\Settings

Delete the BecEndPointAddress key.

Close Regedit and re-open the Essentials Dashboard.  Re-attempt to integrate with O365 and this time it should work.

Reference Link:  https://social.technet.microsoft.com/Forums/windowsserver/en-US/6c855e8f-795f-485c-9b29-2732a45e94a6/i-cannot-integrate-office-365-with-server-2012r2?forum=winserveressentials>

Resetting local Admin password for any Windows machine.

It’s kinda crazy how easy it is to crack a user’s workstation without ever logging onto the machine.  It really means we should keep track of our local Admin passwords on our workstations and servers and after that lock down the BIOS so no one can re-arrange the boot order to be able to boot off a USB stick.  When I worked at Microsoft, we developed a secured workstation that severely locked down the BIOS such that only the hard drive could boot – the key here was putting a password in the BIOS to prevent unauthorized changes.

However, there is at times a need to crack/reset the local Admin account password.  This happened to me this week when I took over a client from another colleague of mine but the passwords for the Admin accounts were lost and since the users were just users (not admins) they couldn’t install anything nor make any system changes.

This procedure is out on the web too but thought I’d add my two cents.

Prerequisites:
1.  Bootable USB stick – with Windows OS install or something else that will at least get you to a cmd prompt.
2.  Access to BIOS to change boot order and allow USB to boot first prior to Operating System.

Setup BIOS to boot from USB first:
1.  Boot up computer/server and use whatever Function keys to access the Bios.
2.  Change menu option till you select BOOT.  Then use keys to move USB boot to top of the line.
3.  Save and reboot computer.

Change SETHC application to open cmd.exe application:
1.  Insert bootable USB tool into port in computer.
2.  System should select USB to boot first – if it didn’t try again and if still not, recheck BIOS settings to ensure Boot order has right USB set at top.
3.  When setup screen comes up from USB, hit Shift+F10 to open cmd.exe prompt.
4.  Locate the Drive C: or whichever drive letter has the operating system on it.
5.  Change directories to get to c:\windows\system32 directory.
6.  Type: copy c:\windows\system32\sethc.exe c:\sethc.exe  * Note this makes a copy of executable file so you can copy it back after procedure is done.
7. Type: Copy c:\windows\system32\cmd.exe c:\windows\system32\sethc.exe – This copies cmd prompt exe on top of sethc.exe (sticky keys application).
8. Reboot computer and remove USB from computer.

Change Admin Password:
1. At logon screen of computer, hit the Shift key a bunch of times, sometimes holding it down will do the same.   The result will be a cmd.exe prompt running under the system context which gives access to reset passwords and do a host of other things.
2. To look for users type:  net user  – this will dump out list of users.
3. To reset password for say Admin account type:  net user Admin password (substitute password for the real password.  Should get a result of completed successfully.
4. Make sure the account you just reset password is active, to check type: net user Admin – it will show full status of account – look for attribute: Active  – if says No… then you need to activate/enable it in order to use it.
5.  To make active: net user Admin /Active:yes;  Then check attributes again to ensure it’s active.
6.  Now you can reboot back and access the machine using the admin account with password you just set,  but you also have to go back with the USB utility to change the exe of sethc.exe back to it’s original function.

Reset System back to normal:
1. Reboot computer with USB inserted.
2. At setup screen, hit Shift+F10 to open cmd.exe prompt.
3. Change directory to c:\windows\system32
4. type: Copy c:\sethc.exe c:\windows\system32\sethc.exe  – This returns original sethc.exe to copy over cmd application named sethc.exe.
5.  exit and reboot computer and go back into BIOS to change boot order again to where Drive is primary (or whatever you would like).

Thanks.