My technical journal.

Maybe useful, maybe not.
posts - 105 , comments - 45 , trackbacks - 0

My Links

News

Tag Cloud

Archives

Post Categories

Monday, February 3, 2020

Disabling Secure Boot on a Hyper-V guest

To test out the MAP Toolkit, I wanted to have some Linux machines for it to detect. 
I created a virtual machine with an empty virtual had drive file and associated the latest Mint ISO file to the DVD drive.
On boot-up, I see it didn't like the ISO:

"The image's hash and certificate are not allowed (DB)"


It says "not allowed" rather than missing, corrupt or whatever so looks like a Secure Boot problem, as discussed here:

So into Powershell:

[hyper-v-host]: PS C:\> get-vm
Name               State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
----               ----- ----------- ----------------- ------   ------             -------
Linux Mint         Off   0           0                 00:00:00 Operating normally 8.0


[hyper-v-host]: PS C:\> get-vm -name "Linux mint"
Name       State CPUUsage(%) MemoryAssigned(M) Uptime   Status             Version
----       ----- ----------- ----------------- ------   ------             -------
Linux Mint Off   0           0                 00:00:00 Operating normally 8.0


[hyper-v-host]: PS C:\> get-vm -name "Linux mint" | Get-VMFirmware
VMName     SecureBoot SecureBootTemplate PreferredNetworkBootProtocol BootOrder
------     ---------- ------------------ ---------------------------- ---------
Linux Mint On         MicrosoftWindows   IPv4                         {Drive, Network, Drive}


[hyper-v-host]: PS C:\> get-vm -name "Linux mint" | set-VMFirmware -EnableSecureBoot off

After which, restarting the virtual machine gives me:




Posted On Monday, February 3, 2020 10:44 PM | Comments (0) | Filed Under [ Hyper-V Linux ]

Sunday, February 2, 2020

Setting DNS server addresses with Control Panel and Powershell

In my test environment, which isn't optimally configured, new installations can't find the domain as they are not pointing to the domain's DNS. Instead they default to the hub which forwards all DNS requests to the Default Gateway and the Internet.

I can fix this on a case-by-case basis through the Control Panel:

  1. Go to 'Control Panel \ Network and Internet \ Network Connections'
  2. Right-click the network adapter and choose 'Properties'
  3. Select "Internet Protocol version 4 (TCP/IPv4) and click 'Properties'
  4. On the General tab, select "Use the following DNS server addresses:"
  5. For "Preferred DNS server:", enter the IP address of the DNS machine for the test domain
  6. For "Alternate DNS server:", enter the IP address of the Internet router
  7. Click 'OK', then 'Close'
Alternatively, if there is no Desktop Experience (i.e. Core) then the following Powershell command will do the same thing:

Set-DNSClientServerAddress –interfaceIndex 15 –ServerAddresses (“192.168.0.1”,”10.0.0.2”)

You may need to find the interface index first with Get-NetIPInterface:

ifIndex InterfaceAlias                  AddressFamily NlMtu(Bytes) InterfaceMetric Dhcp     ConnectionState PolicyStore
------- --------------                  ------------- ------------ --------------- ----     --------------- -----------
1       Loopback Pseudo-Interface 1     IPv4            4294967295              75 Disabled Connected       ActiveStore
45      Local Area Connection* 27       IPv4                  1500              25 Disabled Disconnected    ActiveStore
32      Ethernet 8                      IPv4                  1500               5 Enabled  Disconnected    ActiveStore
23      Bluetooth Network Connection 7  IPv4                  1500              65 Enabled  Disconnected    ActiveStore
15      WiFi                            IPv4                  1500              50 Enabled  Connected       ActiveStore



References


Posted On Sunday, February 2, 2020 8:59 PM | Comments (0) |

Tuesday, January 28, 2020

Enter the rack mounted server

A generous contact has loaned me a rack mounted server to turn into a Windows Hyper-V host.

I don't have a rack to mount the machine in so have made use of a glass and chrome TV stand instead.

 

RackPC

 

Screams like banshees for a couple of minutes when switched on but pretty quiet the rest of the time.

The machine seemed to be running Linux (like I’d know) so I decided to burn the installation software onto a DVD and boot off that. Searching around, I found the sold writeable DVD in the house – a lovely, unused 4.8GB disk. Sadly, the Windows server ISO was over 6Gb so wasn’t going to fit. This was when I learnt how many different capacities of 12cm DVD disks there are.

 

  • Single-sided, single layer – 4.7GB (your standard, off-the-shelf product)
  • Single-sided, double layer – 8.54GB
  • Double-sided, single layer – 9.4GB
  • Double-sided, double layer – 17.08GB

 

Giving up on that, I bought a ridiculously cheap pack of 16GB USB sticks.

 

USB sticks

 

Rufus can write the ISO to a USB stick and make the whole thing bootable. Unfortunately, not always reliably:

 

RufusFail

 

To ensure the ISO I was using was intact, I decided to re-download it.

This time, though, I noticed an “Microsoft Hyper-V Server 2016” option and used that instead.

Rufus worked this time and the server installation completed

Microsoft Hyper-V Server 2016

but I now seem to have installed the Core version – no graphical applications; just Notepad.exe and the command line.

This going to be interesting.

Time to dust off the Powershell.

Posted On Tuesday, January 28, 2020 1:35 AM | Comments (0) |

Monday, January 27, 2020

Working towards “MCSA: Windows Server 2016” certification

A little too late, it could be argued, I’ve decided to refresh my Windows server skills to improve my job prospects. Looking at my MCSE certification, the story is quite woeful. Although I was sitting (and passing) MCP exams up until I left Microsoft in 2010, none of the products were particularly leading edge at the time. The last exam I passed, for example, was 70-299 - “Implementing and Administering Security in a Microsoft Windows Server 2003 Network”. On reflection, it may have been more useful to instead go for 70-649 “Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008” which came out in 2007.

That means I’m back on the MCP trail where setting myself a certification target will generate the self-study required to pass. I’m going for Windows server 2016 on the assumption that more companies will be running this operating system rather than last year’s release. There are three to pass before achieving “MCSA: Windows Server 2016” certification:

  • 70-740  Installation, Storage, and Compute with Windows Server 2016
  • 70-741  Networking with Windows Server 2016
  • 70-742  Identity with Windows Server 2016

((743    “Upgrading Your Skills to MCSA: Windows Server 2016” is unavailable as I don’t already have the qualifying MCSA: Windows Server 2008 or 2012 R2 certification))

I’ve booked myself in for the first one so need to get to work on learning. There’s a lot of online training to use but a hands-on server lab is essential although not usually the sort of thing most people have at home (although looking at the demographic I associate with, it does depend who you know as to what counts as “usual”).

Looking at hardware, I definitely don’t want to repurpose my Microsoft Surface but there are a couple of old desktops lying around which I could make use of instead. Or not…

System Requirements

  • Processor - Minimum: 1.4 GHz 64-bit processor

Well, they can be used to run Linux instead which is going to be another learning project.

Luckily, Sue has been complaining that her PC, an old 64-bit Dell Dimension E520, needed replacing after 10 years of service. After buying a new Dell Inspiron, the E520 was designated ‘test server’.

The DataCentre evaluation ISO downloaded from Microsoft installed easily enough and the PC was soon a domain controller of its own forest. Next step was to add some features so I could create some virtual machines to play with Hyper-V and Nano servers. Unfortunately, this was when I discovered that not all PCs can support virtualisation, which was a surprise.

Posted On Monday, January 27, 2020 9:48 PM | Comments (0) |

Friday, January 10, 2020

So there are 64-bit machines that can't run Hyper-V

My wife has finally replaced her desktop with a new one, releasing the old one for me to make into a test server. It's 64-bit so can run Windows 2016 datacentre edition which I download an evaluation version of. I was looking forward to creating a range of virtual machines to play with but Windows reported that the hardware wouldn't support this.

Running MSINFO32.EXE to have a look at the processor: 

  • Hyper-V - VM Monitor Mode Extensions - "No"
  • Hyper-V - Second Level Address Translation Extensions - "No"
  • Hyper-V - Virtualization Enabled in Firmware - "No"
  • Hyper-V - Data Execution Protection - "Yes"

Oh dear. 1 out of 4 isn't really good enough


Nothing in the setup to indicate virtualisation is an option:





Dell setup

So can't just swap out the CPU for a better one as the 2007 BIOS doesn't support the functionality I want anyway.

Posted On Friday, January 10, 2020 2:51 PM | Comments (0) |

Wednesday, July 4, 2018

Can't drag large MSG files into Outlook

I have a manual process where I :
  1. Drag emails from Outlook on PC1 to a shared folder, creating *.msg message files
  2. Drag message files from shared folder to Outlook 2010 on PC2, creating emails.
There's a resource limit to how many message files can be converted to emails in one go so step 2 is usually performed in chunks. Step 1 just handles however many emails you're dragging to the folder.

Recently, this has stopped working for files over 1MB in size (roughly).



"Cannot copy the items. Cannot open file: C:\Folder\Filename.msg to Outlook\Filename.msg.... The file may not exist, you mat not have permission to open it, or it may be open in another program. Right-click the folder that contains the file, and then click Properties to check your permissions for the folder."

Neither explanation would appear to be correct as small message files are imported into Outlook fine.

Solution I found:
  1. Double-click the message file to open up the email
  2. Choose the 'Move' icon from the toolbar
  3. Choose 'Copy to Folder...' (everything else is greyed out)
  4. Choose destination Outlook folder and click OK.
  5. Email appears in destination folder even though dragging the original wouldn't work
{Shrug}

Posted On Wednesday, July 4, 2018 3:04 PM | Comments (0) | Filed Under [ Outlook ]

Thursday, July 28, 2016

Changing service logon accounts via the back door

I’m installing a product that runs a service under a pre-determined logon account. I needed to rename the created account afterwards to get round a conflict somewhere else. Sounds simple – just modify the account’s logon name and update the service’s “log on as” properties to match it.

The obstacle was that the password was secret for compliance reasons. All the sleight of hand I tried just ended up in logon failures and the service being unable to start.

or

Solution was to hack the registry. Always a favourite. ((Thanks to Stan Nyks for the answer))

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MyService\ObjectName contains the account name used by the service. All I needed to do was rename the account in Computer Management and then modify the ObjectName value to .\MyRenamedAccount.

Pleasantly surprised to find the service still worked afterwards.

Posted On Thursday, July 28, 2016 3:57 PM | Comments (0) |

Wednesday, April 27, 2016

PC down

Last Saturday my Windows 10 PC refused to boot

Recovery

There was a problem with a device connected to your PC
An unexpected I/O error hs occurred
File:\Boot\BCD
Error code: 0xc00000e9
The problem can happen when a removable storage device is removed while it's in use or is failing. Properly connecting any removable storage and restarting your PC may fix this problem.

PhotoCrop_2016-04-23_02-25-22-PM

This screen would display for a while and then the PC would reboot, only to fail again.

Tried the basics, such as rebooting, unplugging from the mains for a few hours and rebooting, glaring, all to no affect.

Yesterday I popped the drive into the data centre server array that sits on top of the fridge in the study. This was to see if I could get any useful data off the drive before playing with it.

First thing that happened was that CHKDSK kicked in for a looooong time, eventually creating a 4.4 MB txt file report. No-one wants to see that amount of error reporting on a disk drive.

PhotoCrop_2016-04-26_08-10-30-PM

Huge amount of "Deleting extended attributes set due to the presence of reparse point in file xxxxxx."
I've looked up Reparse Points but am none the wiser.

After moving all user data to a safer place, I put the (much emptier) drive back in my PC and powered up, only to see the same recovery error.

Went off to look for some USB sticks to make into bootable repair tools. The first one (from work) was dead. Second, some shiny marketing thing for Biztalk 2004, was detected but failed to load. While I was searching for more USB sticks, I noticed my faulty PC had a log-on screen...

Seemed that it must have been rebooting quietly to itself and eventually repaired whatever was wrong.

Logged on, checked the event logs and found that the drive had a bad block (well diagnosed, Sue). Must have a look in the CHKDSK log file to see if the problem was fixed when I moved the drive to the server. Otherwise, all my work would have been for nothing as the solution would have been to just let Windows keep rebooting until it magically cured itself.

Posted On Wednesday, April 27, 2016 11:13 AM | Comments (0) |

Tuesday, October 20, 2015

Windows 10 – how to change Workgroup

Let’s say you have machines in an old school workgroup without a domain and you want to change the name of that workgroup.

In the Windows 10 user interface, where should you go?

Is it Settings? Where you can change the computer name or join a domain.

image

No, that would be far too sensible.

You have to use Control Panel, just like in the old days.

image

Posted On Tuesday, October 20, 2015 3:33 PM | Comments (0) |

Monday, October 19, 2015

Incoherent versioning

 

To check my PC is up to date on Windows 10 display drivers, I installed the “Intel Driver Update Utility”. After a quick scan, I was surprised to see I was apparently 5 major versions behind current!

Screenshot 2015-10-19 16.20.58

So the 10.x software is dated quite recently - August 17th, 2015.

Screenshot 2015-10-19 16.24.35

The 15.x software, though, is actually dated a few weeks earlier - 29th July 2015.

image

That makes a lot of sense. Both from Intel. Both drivers for “Intel HD Graphics”.

And once installed? I’ve downgraded to 10.18.10.4252 from 10.18.10.4276.

image

That was a waste of time.

Surprise, surprise, Windows Update has “Intel Corporation - Graphics Adapter WDDM1.0, Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3 - Intel(R) HD Graphics” waiting to install.

Posted On Monday, October 19, 2015 3:34 PM | Comments (0) |

Powered by: