Add Active Directory Domain Services (AD DS) Role on Server 2016 Fails with Error: 0x800f0831

You just spun up a fresh server and it won’t install the Domain Controller Role. and you are frustrated. I am here to help. When attempting to install AD DS or .Net 3.5 you get this error. You will get the same error from the GUI or Powershell:

Install-windowsfeature -name AD-Domain-Services

The Error Code 0x800f0831 means Windows is attempting to check updates for the needed software package. This causes the hang/fail because it is not there. This is the error:

The request to add or remove features on the specified server failed. Installation of one or more roles, role services, or features failed. Error: 0x800f0831

Restarting doesn’t help, nor will most other “fixes” on the internet.

The problem is that you have the Windows installation disk attached (in my case to a virtual machine in VMware or in the disk drive after installation) so that is where Windows is trying to find the files.

Verify the Remote Registry service is running. Open Services on your machine and Start the Remote Registry service if it is not already running.

You can presumably unattach the disk and restart but I selected Specify an alternate source path on the Confirmation page.

Luckily there are instructions. The path on my system was as follows because the ISO was attached to the D: drive.

WIM:D:\sources\install.wim:4

Enter the path information into the box and click ok.

Now it will install without hanging or failure. I just saved you a big headache, shared the love.

 

Namespace ‘Microsoft.Policies.WindowsStore’ is already defined as the target namespace for another file in the store

Windows 10 Creators Update build 1703 came with a new set of .admx and .adml policy definitions. Everything was working fine but Microsoft changed the name of the Windows Store policy definition files and borked up a bunch of random unrelated GPO. If you view affected GPO in Group Policy Manager on your domain controller you may see this error in place of your normal settings information.

The error is:

Namespace ‘Microsoft.Policies.WindowsStore’ is already defined as the target namespace for another file in the store. File \FQDN-DC\SysVol\domain.com\ Policies\PolicyDefinitions\WinStoreUI.admx, line 4, column 80

To fix this issue go to your sysvol. Usually at path above or something similar:

\\SysVol\ yourdomain.com\Policies\PolicyDefinitions\

Delete the file: WinStoreUI.admx

Rename file WindowsStore.admx to WinStoreUI.admx

\\SysVol\ yourdomain.com\Policies\PolicyDefinitions\en-US (or whatever your language is)

Delete the file: WinStoreUI.adml

Rename file WindowsStore.adml to WinStoreUI.adml

Refresh the settings view in Group Policy Manager and you will see that your policy definitions are working again.

You are done!

File Explorer Not Responding Issue After Windows 10 Update

I have been having an issue recently with my File Explorer in Windows 10 opening painfully slow, so slow that it indicated Not Responding in the status bar. I thought this was just happening on my work computer, which has an SSD, plenty of RAM and a decent CPU too.  Then I discovered the same issue on my home PC which has 32 GB of RAM and realized that this must be an issue with a recent Windows update.

After some experimentation, I determined that the bug is with the Quick Launch function in File Explorer.  If you set File Explorer to go to This PC or turn off the Quick Launch function, the problem stops immediately.

Open File Explorer, go to File, then select Change folder and search options.

Select This PC from Open File Explorer to field. Or you can deselect the Privacy check boxes Show recently used files in Quick access and Show frequently used folders in Quick access. Either way will get you to the solution you want.

You File Explorer should open very quickly now!

VMware Common Logging Service Health Alarm VCSA

If you get this service alarm, you are having a problem with your logging service in vCenter Server Appliance 6.0. Typically the log drive fills up and it is not set to auto expand so you get a critical error and logs won’t be saved.

To correct this issue, follow these steps. To view the logging health open up vCenter Web Client and navigate to Administration > System Configuration > Services > VMware Syslog Service. Verify your service is still running.

 

Open up Putty and access vCenter with the VCSA IP Address and root account. Run this command to check status:

service-control –status vmware-syslog

Run these command to enable shell:

shell.set –enabled true
shell

Check the status of the log drive by running the command:

df -h

Notice that the log drive in 10GB in size and is almost full.

Go to vCenter Web Client and open up your vCenter Service Appliance Server properties and select Edit Setting in VM Hardware.

Select Manage other disks.

Go to Hard Disk 5 and increase the size from 10GB to 20GB close and save.

Go back to Putty and enter this command to set the drives to autogrow.

vpxd_servicecfg storage lvm autogrow

When the command runs successfully you should get this result.

VC_CFG_RESULT=0

View the VMware kb article here for more details.

NetApp Virtual Storage Console (VSC) Error – TLS Not Configured

We utilize NetApp Virtual Storage Console on our vCenter Server. Something recently disrupted our connectivity to the storage server. We went to investigate.

vsc

If you navigate to Storage Systems from the VSC Dashboard, you will see the error TLS is not configured. This could be caused by several things but in our case the SSL certificate on the NetApp had expired. Default self-signed NetApp SSL certificates are set to expire after 365 days. For those who have vCenter Server and require NetApp Virtual Storage Console an active self-signed SSL certificate must be in place on the NetApp for it to work.

tls-not-conf

There are instructions in the console to correct the issue but they are not effective. To solve this problem you should open an SSL session to the filer and follow the instructions below. I use Putty for SSL. These instructions should work for Clustered Data ONTAP 8.1, 8.2 and 8.3.

Open Putty, enter the IP address of your NetApp and connect, enter your user and password. Once connected run this command to enable privileged mode:

cm2244a-cn::> set -privilege advanced
cm2244a-cn::*> security certificate show

The output will show the SSL expiration date.

SSL      server
Expiration Date: Thu Feb 27 14:16:49 2013

Check which SSL certificate is currently in use.

cm2244a-cn::> security ssl show
vser

To renew the certificate you should delete the original one and replace it with a new one. But first check the details to ensure you are deleting the correct certificate.

cm2244a-cn::*> security certificate show -instance -vserver cm2244a-cn 

vser3

vser2

Delete the SSL certificate by filling in the unique information from the above results. For Data ONTAP 8.2 and 8.3 use the following command. For Data ONTAP 8.1 commands refer to this articleNote: As soon you delete the certificate, the SSL service will be disabled.

cm2244a-cn::*> security certificate delete -common-name christoh-svm1.cert -ca christoh-svm1.cert -type server -vserver christoh-svm1 -serial 5514941E

Warning: Deleting a server certificate will also delete the corresponding
server-chain certificate, if one exists.
Do you want to continue? {y|n}:

Say yes to the prompt. Then recreate the SSL certificate with a longer lifespan.

cm6240c-cluster::> security certificate create -vserver christoh-svm1 -common-name christoh-svm1.cert -size 2048 -type server -country US -expire-days 3650 -hash-function SHA256

Verify your new certificate is in place.

cm2244a-cn::*> security certificate show -instance -vserver cm2244a-cn -common-name cm2244a-cn.cert

          FQDN or Custom Common Name: cm2244a-cn.cert
 Size of Requested Certificate(bits): 2048
              Certificate Start Date: Mon Sep 02 21:10:05 2013
         Certificate Expiration Date: Thu Aug 31 21:10:05 2023
              Public Key Certificate: -----BEGIN CERTIFICATE-----

 

Then you have to Enable SSL after the certificate is in place.

ssl modify -vserver cm2244a-cn -server-enabled true

Verify your results.

ssl show

If you would like more detail please visit this NetApp kb article.

Migrating Mailbox to Cloud Fails in Hybrid Exchange Deployment

If you attempt to migrate an on-prem mailbox to Exchange Online using the Office 365 portal and it fails, there are several steps to take to correct the issue. This article assumes you have DirSync installed and are using it to sync your passwords.

Start by checking that the user has an Exchange license in Office 365 by using the portal. Lack of an Exchange Online license may cause migration failures.

Migrating 5

To check, go to the Admin page in the Office 365 portal

Migrating 1

Find and select the user

Migrating 2

 

On the user profile page, go to licences and select the location and both the Exchange Online and SharePoint Online licenses, save

Migrating 3

This may solve the problem. Wait a minute or so and attempt to migrate the mailbox again. If it doesn’t work, move on to the next steps below which are more complicated.

Migrate mailbox from on-prem Exchange to Office 365 with powershell 

First step is to download and install Windows Azure Active Directory Module for Windows PowerShell. Once installed, start the PowerShell module on a domain joined machine.

ad azure ps

 

To connect to a session, cut and paste these following PowerShell commands all at once, hit enter when needed to execute. The first two prompts require Office 365/Azure global admin credentials, in full email or “domain\username” form. The last prompt requires local admin credentials in full email or “domain\username” form.

Import-Module MSOnline
Connect-MsolService
$LiveCred = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic -AllowRedirection
Import-PSSession $Session
$OnPremAdmin=Get-Credential

 

Outlook Stuck Working Offline After Installing Office 2016

outlook offline 1

Working Offline in Outlook used to be solved by just clicking a button in the Send / Receive tab. This message appears on the lower right border when Outlook is Working Offline but it is not a button, only a status message.

If you just installed Office 2016 and Outlook is stuck in offline  mode you may be having difficulty trying to get it back into online mode. This is because there is no longer a button in the Send / Receive tab like in Office 2013.

Luckily there is an easy fix! Just reboot your device and the problem will solve itself. You may be prompted to log into Microsoft services on your computer if you have an Office 365 or Exchange online hosted email account. Fill in all passwords when required and you should be back in business.

 

 

Severe Outlook Performance Issues Connecting to Exchange Online in RDS 2012 R2

O365AdminM08_960

If you are experiencing severe issues with Outlook performance in RDS 2012 R2, this article is if for you. This article represents several weeks of work and stress. After migrating user mailboxes to Office 365 were encountered an issue that appeared so impossible that we were even considering moving the entire organization back to on-prem. It took Microsoft support engineers over 2 weeks, bless their hearts, to finally provide a fix that actually worked. It took another week to test it and several days to implement. First I will walk you through a little history.

The environment:

  • Outlook 2013
  • RDS 2012 R2 deployment
  • Folder redirection and UPD for Appdata
  • On-prem Exchange 2010
  • All hosted in a colocation site
  • 230+ network users
  • Hybrid deployment with Exchange Online in Office 365

We deployed Office 365 in starting back in 2013 and took some time to get to know the interface and features while continuing to use our on-prem Exchange 2010 server. In the summer we decided to move forward with a hybrid deployment to migrate user mailboxes at our own pace  to avoid the pressure and rush of a cutover migration.

Over two months of slowly moving mailboxes and testing,  we found 365 to be a touch slower to load the message in the view pane but it was barely noticeable. So we decide to go for it. We migrated all the rest of the user mailboxes to Exchange Online. Users we so proud that they could tell their friends that they were in the cloud!

Users continued to use Outlook 2013 in RDS to connect to Exchange Online. For two weeks we did not have a single complaint! Users barely noticed except that they had to change the settings on their phones to get email. We recommended users download OWA for Android and iPhone. The app was well received because it look and feels just like OWA in 365. Then all of a sudden on Friday August 22nd after lunchtime, we got slammed with support tickets. The CEO said “my computer is freezing up” and sure enough Outlook was hanging bad.

While not every user in our office had issues right away, the impact was severe enough to be highest priority. Office 365 was unaffected. Users did not have any problems accessing email through OWA but they were not used to the interface and several refused to use 365.

Before involving Microsoft support engineers I tried all the basic steps from this Microsoft KB article on basic Outlook troubleshooting and several more. Microsoft engineers suggested fixes like: using the Microsoft Office Configuration Analyzer Tool 1.2 (OffCAT) to find issues. I disabled the hybrid configuration for a while to test if that was the cause, it wasn’t. During this process we upgraded Outlook to the latest version with patches that added some features. After a week I had spoken with so many support engineers from every team that I knew more than most of them did, including: the Outlook team, RDS team, mailflow team, Exchange Online team , and hybrid team – and opened I multiple tickets too!

Anytime I got pitched to a new team, the green tier 1 engineer would fumble around so much I was telling them what to do. Many of the engineers had no idea how to approach this issue because they were unfamiliar with RDS technology,  the layer of complexity RDS presented or could not get around the inability to use normal troubleshooting tools in that environment. For example the normal Microsoft “Fix it” tools were throwing errors.

Several engineers suggested using cached mode although it is not advised for RDS and when we got really desperate, we instructed the users with issues to set their mail profiles to cached mode. This is a great Microsoft article on when to use cached mode. Finally I reached a tier 3 engineer in the Exchange Online department, he determined that we needed to go back to work with an engineer in the Outlook team. The quest came full circle.

In the end, when working with the Outlook team we ran Procdump (tricky in RDS because limited user rights settings) to gather the needed data from a problem account. After a week of analyzing the results, the engineers had a potential solution.

Outline of the issue experienced:

Outlook says Not Responding in the application title bar, app whites out and is inaccessible

Outlook Not Responding Error

User sees message in lower right saying: Outlook is trying to retrieve data from the Microsoft Exchange server outlook.office365.com

Outlook trying to retrieve data error

Outlook does not load profile when opening or takes 5-10 minutes to load

Outlook mailbox open error

If you click too much while it is loading you get an apphang and system freezes, giving various errors

Outlook trying to retrieve data network error

Not all users had issues, and the issue was not 100% repeatable but for problem accounts usually I could get the error by just opening Outlook and clicking around too fast. It was a come-and-go issue, inconsistent and variable but impacting a significant amount of users.

The resolution 

Disable MAPI/HTTP by setting the following key on the RDS session host server. Open regedit and navigate to this location:

HKEY_CURRENT_USER\Software\Microsoft\Exchange
Create a DWORD entry with the name MapiHttpDisabled
Value: 1

DWORD

After creating the DWORD, open the entry and enter the value 1

Result

After Making the above changes please restart Outlook and go to the connection status Windows by holding the Crtl Key down and right clicking the Outlook icon in the System Tray.

In the window that Pops-up > scroll to the Right and under connections ensure it is displaying Shows RPC/HTTP.

Ensure that there is only a single account configured in Outlook and check if the issue persists. You may want to restart the users RDS session to refresh everything before testing.

For most users this fix worked great immediately, but for a single user where we had to delete and create his UPD (user account appdata) so it would forget his corrupted profile and build a new one for him. After that it worked great!

All the while through this issue the support engineers at Microsoft were acting baffled, like this was the first time they had ever seen this issue, and for many that may have been true. But later on when communicating with a really great engineer on the mail flow team for a different issue, he said, “oh that, that is a known issue.”

 

System Center DPM 2012 R2 Install Error ID: 812

When installing Data Protection Manager DPM 2012 R2 a common installation error system admins encounter is ID: 812. This is caused by the SQL Server Reporting Services misreading the reporting database. The good news is that there is an easy fix.

Open SQL Reporting Services Configuration Manager

Go to the Database tab, select change database

Select Create a new report server database and click next

Choose your SQL instance and select Test Connection, then next

Change the Database Name to your choice, select next

Select next

Select next

Select Finish

Select close, you are finished

Attempt to reinstall DPM and it will work!

Hope this helps!

 

Failed Install for Windows 8/Server 2012 Update KB2920189

There is a known issue with Windows 8/Server 2012 Update KB2920189 for Generation 2 VM guests on Hyper-V hosts and systems installed on UEFI firmware with secure boot enabled. When attempting to “Update and Restart” the system will restart but not complete the update no matter how many times you try.

When attempting to install updates manually the following error occurs. The error code 800F0922 is returned and it will fail every time.

The solution is to enable the feature BitLocker on the system and the update will install without an issue. On Server 2012 these are the steps:

Open Server Manager and select Add Roles and Features

Select Role-based or Feature-based installation and click Next

Select the server you want to install the feature on and click Next

You want to install a feature so select Next on the Roles page

On the Features page select BitLocker Drive Encryption

Select Add Features

Select Next

Select Restart the destination server automatically if required (a restart is required to complete this installation), select Install

After the installation of BitLocker and system restart, you will be able to install Windows update KB2920189 without error.

Hope this helps!