Resolving BSOD with Cisco VPN on Windows 8/ Server 2012 Hyper-V

Posted on Updated on

Recently I began to support a client remotely, and noticed a huge spike in blue screen events on my PC, after I installed their VPN client. I was using a Server 2012 R2 box configured with desktop experience, and as a Hyper-V host.

Symptom The errors would only come up during name resolution (if I pinged or performed an NSLookup on a server or workstation within the remote domain, or when trying to connect to a remote system within their network), and the Blue Screen Error Code was: UNEXPECTED_KERNEL_MODE_TRAP (7f).

I fired up WinDBG (Wind Bag, as it is affectionately referred to) and loaded up my minidmp file, found under C:\Windows\MiniDmp. When I performed the !analyze -v command, I received the following explanation: Read the rest of this entry »

ScriptSharing : Quest Get-SwitchedStatus

Posted on

This is another Quest Migration Manager for Exchange, Active Directory (QMM post).

Sorry for the big influx of these, as you can tell I’ve been doing a lot of Exchange and AD Migration work recently :)

So, during a Quest driven migration project, you generally have two goals.

  1. Migrate a User’s AD and E-mail accounts from the existing domain (Source) to the new domain (Target)
    2. Migrate a User’s Computer to the target

In order to do this, you have a few dependencies: Read the rest of this entry »

Quest Migration Manager : ‘Resolving QMM No Matching was found’

Posted on Updated on

If in Baretail (or your log file of choice) you see something similar to the following when attempting to Switch a mailbox.

Quest_NoMatching

Text:

Starting to process collection ‘SPEEDITUP’ (Source server ‘FOXXC04′, target server ‘FOXDAG01′, type ‘0’).
Starting to process item ‘/o=Contoso/ou=Exchange Administrative Group ((01))/cn=Recipients/cn=Test.User’ (Collection ‘SPEEDITUP’, PST: ‘B5BDFEF890CD84439F04FC4B711E3E75186′, SyncMailboxInfo: ‘True’, SyncSwitched: ‘False’, SyncAllContent: ‘False’, SyncFolderContent: ‘False’).
Retrieve info from RootDSE. Getting RootDSE
Logging on to the mailbox ‘/o=Contoso/ou=Exchange Administrative Group ((01))/cn=Configuration/cn=Servers/cn=FOXXC04/cn=Microsoft System Attendant’ (Server: ‘FOXXC04′, user: ‘FOX_adAD_svc_exqmm’, has assocciated PFDB: ‘False’, connection flags = 32768).
Trying to synchronize MAPI profile creation.
Creating MAPI profile.
Trying to logon.
Trying to open private store.
Trying to open address book.
Setting search path.
Setting cached Address lists.
No matching was found for ‘/o=Contoso/ou=Exchange Administrative Group ((01))/cn=Recipients/cn=Test.User’. Please make sure that the user is migrated, the matching rules are correct, and the script components are functioning.
Skipping collection ‘Resource Calendar Mailboxes’ because it is disabled.
Skipping collection ‘All Mailboxes’ because it is disabled.
No more items to process in this session.
Logging off from the mailbox ‘/o=Contoso/ou=Exchange Administrative Group ((01))/cn=Configuration/cn=Servers/cn=FOXXC04/cn=Microsoft System Attendant’ (Server: ‘FOXXC04′, user: ‘FOX_adAD_svc_exqmm’).
Session has been stopped.

If you run into this issue, first verify that a Quest AD Account Migration Completed Successfully. If not, then verify that the Exchange Quest service has permission to the mailbox in the source by using the following PowerShell Commandlette


Function Fix-MailboxPerms {
$ServiceQMMAccount = "foxdeploy\_svcQMM"


param([Alias("SamAccountName","DisplayName")][Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]$UserName)

#if $UserName came from MailboxStatistics, give us the size
if ($username.TotalitemSize){Write-Host (($UserName.TotalItemSize).Value.ToMB() ) "MB Mbx" }
    
$username| 
 get-mailbox | % { $user = $_;
"Setting AD Rights for object...$ServiceQMMAccount"
$user | Add-ADPermission -User $ServiceQMMAccount -AccessRights GenericAll -ExtendedRights Receive-As,Send-As

"Setting Mailbox Permissions...$ServiceQMMAccount"
$user |  Add-MailboxPermission -User $ServiceQMMAccount -AccessRights FullAccess

}


}

If this still doesn’t work, search in the Target Domain to verify that a mailbox exists for the user account. If not, this may signify that Calendar Sync agent isn’t configured to run regularly (possibly indicating a new user account). You can quickly resolve the matter by Mail enabling the user’s account in the target domain with the following syntax:

Get-User Test.User1 | Enable-Mailbox -Database Region_db01

Once completed, run another AD Object migration session, and then watch Calendar Sync (CSA.log) or Mail Source Agent (EMWMSA.log) to see if the changes are noted. You can also directly compare attributes within AD from the source and target accounts.

You should see the LegacyExchangeDN for the Source Account listed as an x500 proxyAddress in the target account. You should also see the LegacyExchangeDN for the Target account listed as an x500 proxyAddress in the source account.

In no time, you should see the mailbox switch/sync/or whatever you were trying to do.

My most useful 8 liner yet

Posted on

In my line of work, I’m constantly copying and pasting from e-mails, SharePoint, into PowerShell to do some meaningful work.  This means all day long I’m setting variables equal to paste, then removing blank entries, and then splitting them (because people never say ‘please migrate these computers’ and provide a list like $computers=”compA”,”compB”,”compC”.

I then end up Pasting, and running $variable= Paste, then $variable.Trim().Split(“`n”).  I finally decided to speed things up by making this short little few-liner.  I always forgot whether it was Split-N-Trim or not, so I made an alias for the other way around.

It now has a permanent place within my $PSProfile

Function Split-N-Trim {
param(
   [Parameter(Mandatory=$True,ValueFromPipeline=$True)][string[]]$Objects)
      Write-Host ("-Recieved " + $Objects.Count +" objects")
      $Objects = $Objects.Trim().Split("`n")
      Write-Host ("Returning " + $Objects.Count +" objects")
      Return $Objects
}
new-alias Trim-N-Split Split-N-Trim

Using Try Catch to get Better Output in your Functions and Tables

Posted on Updated on

Recently at a client, we have a situation arise in which we needed to verify which Domain a number of PCs were joined to.

One issue we encountered was that because of certain underlying settings conflicts between WINS, DHCP and DNS, occasionally the wrong computer name would reply to certain commands. To alleviate this, I wrote the following short code snippet to grab a computer from a CSV, run a Get-WMIObject command, and then return the domain name.

Write-Host "Ok output"
import-csv .\Desktop\Ampcs.csv | select -expand Name | ForEach-Object { 
    $name = $_
    Get-WmiObject -Class Win32_ComputerSystem -ComputerName $name | select @{Name="RUMName";Expression={$name} },@{Name="ReplyName";Expression={$_.Name} },@{Name="Domain";Expression={$_.Domain} }
    }

The problem with this approach is that if the computer is offline or doesn’t allow remote procedure calls (a tell-tale for being in the wrong domain, as WinRM should be enabled if the PC is in the right place via Group Policy) emerges in the form of nasty error messages.

TryCatchBetterOutput01

To ‘get the job done’ I told people just to ignore this message…but the dev inside of me couldn’t handle the ugliness of this whole process. With just a few small edits, I was able to get this much better output.


Write-Host "Better output"
import-csv .\Desktop\Ampcs.csv | select -expand Name | ForEach-Object { 
    $name = $_
    try {$a=Get-WmiObject -Class Win32_ComputerSystem -ErrorAction Stop -ComputerName $name} 
   catch{$a= [pscustomobject]@{Name=$name;Domain="Access Denied"}}
   [pscustomobject]@{RUM_Name=$name;ReplyName=$a.Name;Domain=$a.Domain}  
   }

The core difference here Is that I’m setting an object $a equal to either the results of a Get-WMIObject Command, or as a PSCustomObject with a hashtable that contains a description of my problem and some other attributes. It never occurred to me before to try this route, using the -ErrorAction Stop to trigger an alternate output of my command.

TryCatchBetterOutput02

I really like this method of communicating data, as it allows me to handle edge case scenarios gracefully. If I wanted to take it one step further, I could use multiple Catch Error blocks to provide logic for all different sorts of Error Messages, which would really elevate this code.

Hope you enjoy it!

Thank you ScriptingWife!

Image Posted on Updated on

When I heard that Don Jones brought a few thousand copies of The DSC Book, which I contributed to, as give-aways for this year’s PowerShell summit,  I was ecstatic to be printed!  And I really wanted to have a copy of the book.  Unfortunately, they ran out very quickly, and Don informed me that we had no more available.

I put out some calls for help on Twitter and Facebook, and was ecstatic to get a reply from Teresa Wilson (aka The Scripting Wife).  Today, this beauty arrived at my door!

 

2014-08-04 18.27.00

 

It’s surreal!

Thank you Don, Steve, and Teresa!

 

 

Quick Fix : Registry key to disable Hardware Graphic acceleration for Office

Aside Posted on

Hope this helps guys!

reg add HKCU\Software\Microsoft\Office\15.0\Common\Graphics /v DisableHardwareAcceleration /t REG_DWORD /d 0x0 /F