Archive for the ‘2008’ Category

Failed to download this file. Error code 0x800C0008

Friday, January 6th, 2017

One of our services gave an odd error. External user would attempt to access it and they would get an error about a configuration file not downloading.

The part of the error message that interested me was:

Failed to download this file. Error code 0x800C0008

What was odd was the service worked inside the firewall.

I thought it was browser related and checked the Net.

I tried the suggested registry change:

  1. Start Registry Editor.
  2. For a per-user setting, locate the following registry key:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

    For a per-computer setting, locate the following registry key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  3. On the Edit menu, click Add Value, and then add the following value:
    BypassSSLNoCacheCheck“=Dword:00000001
  4. Exit Registry Editor.

This did not need a reboot and the change worked.

To add more “oddness” the service started working before the affected users made the change.

Hmmmmmm?  Network people or Security people?

Posted in 2008, Internet Explorer, Windows | Tagged , , | Leave a comment

The Group Policy Client service failed the logon. Access denied

Thursday, March 17th, 2016

I had a user complaint over not being able to access a terminal server. He would attempt access and receive an error message:

The Group Policy Client service failed the logon. Access denied.

Since it was a terminal server; I renamed his profile and he was able to access it.

Posted in 2008, Terminal Server | Tagged , , | Leave a comment

Remote logins are currently disabled.

Sunday, November 15th, 2015

Our monitoring systems reported errors with a terminal server. I tried remote desktop and received the following error:

Remote logins are currently disabled.

Someone with administrator access disabled the logins with the change logon command.

The management console for reasons not pertinent to this issue was not usable at this time. In order to enable the logins, I needed to a way to submit the command.

Time for our trusty friend “psexec”

psexec.exe “\\<terminal server>\ change logon /enable”

After that we could access the terminal server.

Posted in 2008, psexec, Terminal Server | Tagged , , | Leave a comment

Anti-virus firewall is blocking remote desktop.

Friday, October 30th, 2015

Company acquisitions bring new challenges to environments. Such was the case with two servers which are used to test McAfee with the companies product. These servers were moved from a public area to a hardened site. They used to walk up and login when needed but now they could only use remote desktop. They reported the servers were down.

The McAfee fire was setup with a basic configuration and blocked ICMP and but did not block remote desktop.

Ping was enabled and on further review port 3389 needed to be enabled for TCP.

Posted in 2008, firewall, Remote Desktop | Tagged , , | Leave a comment

Importing Powershell Active directory module into windows 2008

Wednesday, June 17th, 2015

I am “crash and burn” testing windows 10. Painful but a good way to get the feel of it. One painful loss was the Active Directory module for Powershell. You have to have Remote Server Administration Tools (RSAT) and they stopped working for Win 10. There was a special release for the January version of Win10 but it died with the May version and Microsoft reported they will fix it with the general release.

What to do?

I thought about using one of my test VMs running Windows 2008. It had RSAT but when I tried to import the Active Directory module into Powershell; I received an error saying it did not exist.

I found there were a extra other steps needed to be done:

1) Import-Module ServerManager

2) Add-WindowsFeature RSAT-AD-Powershell

After that, I was able to import the active directory module.

-edit- 07/23/15

There was a recent update to windows 10 and it nuked RSAT.  Microsoft will basically fix it after the OS is released.  *sighs*

Posted in 2008, PowerShell, Windows | Tagged , , , | Leave a comment

Missing Internet Settings GPO for Internet Explorer 11

Tuesday, April 14th, 2015

I had a request for a server running a tool to allow users to access it via Citrix and not have to enter the URL into the trusted sites.

With old versions of IE, you would simply modify the local GPO for Internet Settings. To my surprise, this was gone. It seems Microsoft decided to favor Global Policies starting with version 10 for such issues. It makes sense when it involves many systems; but It seems overkill for one system. I do not have access to the Domain Controllers so my choices were rather limited.

I decided to play around with the registry and found this could be accomplished by creating a couple keys and dwords.

Using regedit, I drilled down to : HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Internet Settings\ZoneMap

I created a new key called: EscDomains and inside that another key for the ServerName

This is used when enhanced security is enabled for IE.

Inside this key, I created two new DWORDS :   http and https and set both to 2 which signifies Trusted Site.

Not knowing why Enhanced Security was in use for this server, I decide to create a couple more entries in case somebody decided to disable it.

The two new keys went in the ZoneMap\Domains:   company.com\servername

Obviously you change that to your domain name and the name of the server.

Inside the servername key I created the same two dwords as before.

After that I tested the access and the users could get the login screen without modifying IE.

Granted not the best solution and caution should be used but it solved my issue.

Information used to research this:

MSDN Inhanced Security Zones

ServerFault post

Spiceworks

thesysadmins

Posted in 2008, Internet Explorer | Tagged , , , | Leave a comment

Winlogon initiates shutdown. Reason Code: 0x500ff

Thursday, April 9th, 2015

One machine decided it didn’t want to work anymore. The event viewer showed a message logged where the winlogon initiated a shutdown with the Reason Code: 0x500ff.

Not a typical error.  Power was ok and there wasn’t anything else obvious.

A Technet question found a similar issue happened to someone else.

The power supply was reseated and so far the system remains up.

Posted in 2008, troubleshooting, Windows | Tagged , | Leave a comment

iLO 3 reports (Error code: ssl_error_bad_mac_alert)

Monday, April 6th, 2015

We are transitioning our console management setup and one of the Windows systems reported an error when trying to access it through the iLO management port.

Secure Connection Failed
An error occurred during a connection to <FQDN>. SSL peer reports incorrect 
Message Authentication Code. (Error code: ssl_error_bad_mac_alert)
The page you are trying to view cannot be shown because the authenticity of 
the received data could not be verified.
Please contact the website owners to inform them of this problem.

It’s an odd error as this was the only system reporting it and it happened on different browsers (IE, Firefox, Chrome).

I tried resetting to factory defaults but that didn’t solve it.

Drivers were up to date but the firmware looked old.  I pulled down the latest version and installed it.

Problem solved.

Posted in 2008, troubleshooting | Tagged , , | Leave a comment

saveIndx: Unknown index name from ELIM

Monday, August 11th, 2014

While reviewing a server for an issue; I noticed a few messages from LSF.

saveIndx: Unknown index name <name> from ELIM

This message is reported a missing flag from lsf.shared. A quick edit and a process and service restart and the message went away.

 

Posted in 2008, LSF | Tagged , , | Leave a comment

« Previous Entries