addresses

Could not open a connection to SQL server

I was getting the following error while login to SQL server 2008

Getting the following error:

Cannot connect to..+ additional information: +
A network-related or instance-specific error occurred while establishing a connection to SQL server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes provide, error: 40- could not open a connection to SQL server)(Microsoft SQL Server, Error: 2)


Resolution:
While verifying the Services i found that the MSSQLSERVER service was stopped, after starting this service my issue was resolved. 

Resolved: Lync Server Front-End Service unable to start (Event ID: 7024)

I have Lync server 2010 environment, have Lync FEPool which contain 2 Front End servers (FE01 and FE02), one multi role server with archiving/monitory (ArcMonit01) roles and one Edge server (EDGEServ01).

Recently have to renew internal SSL certificates on FE servers.

After renewal of internal SSL the Lync Server Front-End service on first FE server (FE01) was able to start successfully but was unable to start on second server FE02.

while trying to start it manually got this error in event viewer/system logs (Event ID: 7024).

The Lync Server Front-End service terminated with service-specific error %%-1008124830.)

After comparing the settings of both FE servers and also the new SSL certificate properties i came to know that the name of FE02 was not added as SAN in the SSL Certificate.

So i recreate the new CSR, Add the name of  FE02 as SAN (FE02.mydomain.com) and got new SSL certificate against this new CSR from internal CA and then import on the server from which CSR was generated, assign on that server and export from that server that SSL and import on the FE02 and assign accordingly and after that "Lync Server Front-End Service" was started successfully FE02. 

So my issue was due to the second server name (FE02.mydomain.com) was not added as the SAN in the internal SSL certificate.

Solved: unable to configure new outlook profile, it keep asking for password

I was unable to configure outlook, while trying to configure outlook getting continues credentials prompt, not going ahead and getting the following error in event viewer of the client machine.

Log name: System

Event ID: 4

Error:

The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server cas03$. The target name used was HTTP/autodiscover.domain.com. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Ensure that the target SPN is only registered on the account used by the server. This error can also happen if the target service account password is different than what is configured on the Kerberos Key Distribution Center for that target service. Ensure that the service on the server and the KDC are both configured to use the same password. If the server name is not fully qualified, and the target domain (domain.com) is different from the client domain (domain.com), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

Beside outlook issue, Lync 2010/Skype for business users were also getting the following credentials prompt and were same unable to authenticate, even typing the correct credentials many times. but were kept connected if just ignore the credentials prompt in skype for business

My environment: I have Hybrid environment with Exchange server 2013 on premise with office 365. same with Lync 2010 on premises and Skype for business online on Microsoft cloud.

After a lot of googling i came to know that lets check the UserPrinciplName with ServicePrinciplName using ADfind tool which you can download from (http://www.joeware.net/freetools/tools/adfind/index.htm) and after running the following command

adfind -f "servicePrincipalName=HOST/webmail.mydomian.com" -gcb




the output was blank / find nothing

so ran




adfind -f "servicePrincipalName=HOST/autodiscover.mydomain.com" -gcb

and found the following two values with a lot of other values

>userPrincipalName: nawaz@mydomain.com

>servicePrincipalName: host/autodiscover.mydomain.com

Now Nawaz@mydomain.com was my domain admin account and after disabling/deleting this account my issue was resolved, was able to configure outlook and also the credentials prompt from skype for business gone. seems the issue was this user Nawaz@mydomain.com

Edge Subscription in Exchange Server 2013

If you want to place Edge Transport for mail flow to/from external domain, which will add more security to your Email servers (Mailbox/CAS servers) As they (Mailbox/CAS) would not be exposed to external domains/internet, mailbox server containing your mailbox databases and CAS server containing other important data of your email system.
You need to create Edge Subscription as following

Note: I am using "–CreateInternetSendConnector $False –CreateInboundSendConnector $False" parameters as i don't want to create any new connector. connectors are already built and i just had to re subscribe edge server as i had added i new Mailbox/CAS server in the same AD site, so re-subscription was required to make the new Mailbox/CAS server fully functional.

1-       On the Edge Transport server, create the Edge Subscription file using the following syntax.

               New-EdgeSubscription -FileName "C:\My Documents\EdgeSubscriptionInfo.xml" -Force

2-       Copy the resulting Edge Subscription file to a Mailbox 2013 server in the Active Directory site you're subscribing the Edge Transport server to.

3-       On the Mailbox 2013 server, import the Edge Subscription file, use the following syntax.

4-       This example imports the Edge Subscription file named EdgeSubscriptionInfo.xml from the folder D:\Data, and subscribes the Edge Transport server to the Active Directory site named "ABC"

New-EdgeSubscription -FileData ([byte[]]$(Get-Content -Path "D:\Data\EdgeSubscriptionInfo.xml" -Encoding Byte -ReadCount 0)) -Site "ABC" –CreateInternetSendConnector $False –CreateInboundSendConnector $False

5-       On the Mailbox server, run the following command to start the first EdgeSync synchronization.

Start-EdgeSynchronization

6-       On Edge Server Restart Microsoft Exchange ADAM Service  && On Mailbox Servers and restart Microsoft Exchange Edge Sync Service

How to find SID for an Object in Active Directory

1:

How to find SID for an Object in Active Directory.

 Get-ADUser -Identity userid -Properties *

2:
How to find SID for an Object in Active Directory using PStools

C:\PSTool\PSTools>psgetsid user
SID for domain\user: S-1-5-21-1859561886-563848fdf002-90733365-71856

To find name against a SID

C:\PSTool\PSTools>psgetsid S-1-5-21-18fdsfdfs1886-563848002-907024965-7fdfs56

Account for S-1-5-21-1859561886-563848002-907333965-71856:

User: domain\user

unable to install an application on client machines through SCCM 2016

Getting the error "The software change returned error code 0x87D00607(-2016410105)".

after looking into it more, the reason was that the client machines IPs were not added in boundaries.  after adding the required IP ranges in boundary group, issue was resolved.

Block NDRs of a DynamicDistributiongroup to sender

I have a dynamic distribution group which contain thousands of members, some members does not care of their mailboxes and once some one from higher management send email to this group then they get hundreds of NDRs regarding full mailbox issues.
So i decided to stop these NDRs to received to the sender a follow the following way to accomplish this task.

To check the current status of the group: 
[PS] C:\Windows\system32>get-DynamicDistributionGroup -Identity "Abcgroup"| FL ReportToOriginatorEnabled

ReportToOriginatorEnabled : True

To apply the required changes on the group: 
[PS] C:\Windows\system32>Set-dynamicDistributionGroup -Identity "abcgroup" -ReportToOriginatorEnabled $False

To confirm that the required changes applied.

[PS] C:\Windows\system32>get-DynamicDistributionGroup -Identity "abcgroup"| FL ReportToOriginatorEnabled

ReportToOriginatorEnabled : False

SCCM errrors and solutions

Error:
 Failed to get DP locations as the expected version from MP 'MPname'. Error 0x87d00215
Solution:

adding boundary Groups to distribution point resolved my issue.
-Administration-->Site configuration-->servers and site system roles-->right click on Distribution point-->properties-->boundary groups and add the boundary group in which the client computer was residing

other settings to check

Select the site under administration > site configuration > sites

- Opened Hierarchy Settings (second button on top left corner)

- Enabled the "Use a fallback site" checkbox and selected my only site from the list

-Create a boundary group and add the IP ranges/AD sites in which the client computer objects resides

Resolved: SCCM 1702 updates synchronization issues

After installing WSUS role and adding the Software Update Point, SCCM was not synchronizing with Microsoft updates server/not getting the updates from Microsoft update Server. getting the following errors in SCCM logs (WCM and Wsyncmgr)

1:
"wsus synchronization failed 6703"

2:

"Sync failed: WSUS update source not found on site 101. Please refer to WCM.log for configuration error details.. Source: getSiteUpdateSource"
in SCCM-->Monitoring--->Software update point--->critical events

3:
" WSUS Synchronization failed.
 Message: WSUS update source not found on site 101. Please refer to WCM.log for configuration error details..
 Source: getSiteUpdateSource.
  The operating system reported error 2147500037: Unspecified error "

4:
"WSUS Configuration Manager failed to subscribe to update categories and classifications on WSUS Server "ServerName"."

After unchecking the Windows 7 Language Pack and restarting the synchronization the issue was resolved.