Archive for the ‘Active Directory’ Category

Procedures for joining workgroup PCs to remote Server Essentials domain

First step with new computer setup: Create Local user on workstation – skip the OOBE, do not use Hotmail account to create user, instead select limited or no internet and then create local user account – say pcadmin.  Set password and continue on till you get to the desktop.

Connecting PC to the Essentials Server:

  1. Go to to download the connector tool to the workstation PC1
  2. Run connector software – what this does is install the certificate and the VPN connection to site which connects to the foo.local domain.
  3. The connector then joins the domain or at least once you’re connected, you can open: sysdm.cpl and join the domain manually.
  4. After joining the domain manually, DO NOT REBOOT.  The reason is because you want to cache the new user1 credentials onto the workstation before rebooting and “losing” the remote connection.  So you do two things 1) add user1 to local administrators group and 2) logon with user1 to workstation before you reboot – yes it will work.
    1. Open elevated cmd prompt.
    2. Type:  net localgroup administrators foo\user1 /add   – this adds user1 to Administrators group on PC1
    3. Type: runas /user:foo\user1 cmd.exe  <enter key>  – then type in password for user1
    4. This opens CMD prompt under user1 credentials which thereby creates user1 profile.
  5. Now you’re still connected to the VPN network so you can switch user and logon to PC1 with user1 creds
  6. Click start, then go to admin account and choose switch user.
  7. At logon prompt type foo\user1 with password – this will finish with user profile creation and cache password.  Also, best once at desktop to lock workstation and unlock again with password.
  8. Then reboot computer
  9. Try logging on with user1 to foo domain.
  10. If it fails, then go back to local Admin account on PC1 and reconnect the remotewebaccess VPN
  11. Then switch user again and proceed to setup rest of items – like outlook, files etc.

    Ubiquity Edgerouter enable offloading to increase throughput

    I was just reading about throughputs on the Edgerouter 4 and Lites and Ubiquity came back with this article on how to increase speeds/throughput on the Edgerouters:,offloading%20enabled%2C%20the%20throughput%20will%20be%20about%20950Mbps.

    For these Edgerouter Models: ER-X, ER10X, ER-X-SFP, EP-R6

    Open terminal (ssh/putty) to router:

    Then run these commands:

    set system offload hwnat enable
    set system offload ipsec enable
    commit ; save

    For these Edgerouter Models: ER-LITE,ERP0E5,ER-8,EP-R8,ER-6P,ER-12,ER-12P,ER-8-XG

    Open terminal

    Then these commands:


    set system offload ipv4 forwarding enable

    set system offload ipv4 gre enable

    set system offload ipv4 pppoe enable

    set system offload ipv4 vlan enable

    set system offload ipv4 bonding enable

    set system offload ipv6 forwarding enable

    set system offload ipv6 pppoe enable

    set system offload ipv6 vlan enable

    set system offload ipsec enable

    commit ; save

    After doing so on either type of Router, reboot it to make the changes effective. 

    For the ER-Lite, it’s supposed to increase from 300Mbps to 900Mbps throughput.  I call that a winner winner chicken dinner!

    Categories: Active Directory

    Outlook client can’t find O365 to authenticate license

    Have had several colleagues have a problem authenticating and authorizing their O365 office software to the O365 license servers.

    Red Bar: Invalid license/not licensed

    Yellow bar: other said Activate now – nothing worked to activate user to O365.

    To fix this problem, had to import this registry info via a O365fix.reg file

    Note: copy and paste below starting with the Windows Registry… to the 001 value on last line.

    save file as o365fix.reg to c:\temp folder and then right click and merge the key on the client machine. from there it should authenticate to the license servers and be able to be used from there.

    Windows Registry Editor Version 5.00


    hope this helps all out there.

    Categories: Active Directory

    2016 Essentials – Anywhere Access setup fails

    When setting up new 2016 Essentials or really any version of Essentials and you’re trying to create/add a domain to append to the domain name the UI wizard fails with this error window:

    An error occurred while setting up your domain name: The domain name was not setup for your server. Wait a few minutes and run the wizard again. An unknown error occurred.

    No matter how much time you wait, the same error pops up each time. The problem isn’t DNS, or the server itself but rather the Cert revocation checks for .Net Framework!!

    To fix this you have to create a .reg file (call it what you want but it has to include the following settings:

    Windows Registry Editor Version 5.00





    After making the reg file, merge, REBOOT the server or the Anywhere access wizard may still show above error message. After reboot, open Essentials Console and re-rerun the Anywhere Access wizard, user a Hotmail account to create the domain <customer> Then click the wizard to install VPN and Remote Desktop Make sure the router and ISP are forwarding port 443 to the Essentials server.

    UPDATE: December 5, 2022.

    Tonight after having a similar issue with a 2016 Essentials server and Devices all turning to gray (Offline state) after installing the Anywhere Access to the server. (Had to manually install RRAS for Direct Access and VPN before the Anywhere Access wizard would install successfully – but that’s another blog I need to write). Installing the Direct Access role disconnected all the clients from the dashboard and no matter what we tried to “fix” the client nothing worked. argh!!

    Options we tried on the Client:

    1. Uninstalled the Connector;

    2. Delete Data & Logs folders from \ProgramData\Microsoft\Windows Server;

    3. Open Task Scheduler, delete all tasks under: Microsoft >Windows >Windows Server Essentials. Then delete this folder.

    4. Delete the VPN SSTP connector.

    5. Reboot client

    6. Reinstall the Client connector. For most other occasions this should fix the clients.

    In tonight’s case though, messing with the client did not fix it. What did finally work is found under this Blog by ShoemakerBrian.

    Not sure how he found this solution but it instantly fixed the clients Online status:

    Open Admin PowerShell and run command below, changing the IP with the IP address of the Essentials server:

    Set-NetNatTransitionConfiguration –IPv4AddressPortPool @(“, 6001-6601”, “, 6603-47000”)

    Brilliant! – All clients now showed up in the Dashboard.

    Hope this helps everyone that runs into this issue. It’s a frustrating one and not many solutions out there.

    Categories: Active Directory

    Unifi Cloud Key WEB UI Password doesn’t work: “Invalid username and/or password”

    Attempts to logon to the Unifi Cloud-Key website for example: fails no matter if the username/password you enter is correct. Error message you get is: “Invalid Username and/or password”.

    Well that stinks. hmmm how to fix. Let’s try to connect using SSH (I like to use putty.exe)

    Putty to – using username and password combination that failed above worked just fine, I’m in, i can see all the commands etc. Okay that works but then the UI should work – Nope!

    After hours… I mean hours of searching different communities and solutions, this was the solution to fix it. It did happen to come from a Unifi Tech – 5 years ago – which means they still haven’t fixed it in their cloud key products :(.

    FROM UNIFI techs:   The issue appears to be arising from incorrect SUID account privileges on the UCK system.

    This can be confirmed by sshing into the CloudKey and running the following command:

    ls -l /usr/bin/sudo

    This should return output similar or identical to the following if the same root cause:

    -rwxr-xr-x 1 root root 106820 Jan 10 2016 /usr/bin/sudo

    To resolve this and ensure that any suid issues are not causing the issue, run the following command (Recommend copy & paste):

       chmod u+s /usr/bin/sudo

    Re-test logging in to the WebUI and confirm the issue is resolved. YEP that worked!

    I’m posting this again so people searching for this can find it faster than searching through 13 pages of the above solution from this link:

    or better:

    Categories: Active Directory

    Outlook Crashes/hangs since July 2020

    Outlook Crashes/hangs July 2020

    Ever since July of 2020, Msft has pushed out a few bad versions of office 365 which has caused client outlooks to crash and burn :(… The first time this happened, a large portion of my clients had this problem and so I created a script to fix them and used my RMM to push out the fix to all windows 10 machines with O365. By doing this they were able to get back to a working Outlook until MSFT fixed their bad update. It happened again later in 2020 and had to perform similar steps:

    1. “C:\Program Files\Common Files\microsoft shared\ClickToRun\officec2rclient.exe” /update user updatetoversion=16.0.6366.2062  all as one line. 

    2. If that fails run this:

    “C:\Program Files\Common Files\microsoft shared\ClickToRun\officec2rclient.exe” /update user updatetoversion=16.0.12827.20470

    Best of luck!

    Windows 10 1903 ESENT Event 455

    The powers that be… err rather the developers that be at Microsoft missed a step for the 1903 upgrade.  Every Windows 10 device that has this event message in the Application Log because the folder is missing under the systemprofile AppData folder… Doh.

    Here’s the error message:

    Log Name: Application
    Source: ESENT
    Date: 11/8/2019 10:22:06 AM
    Event ID: 455
    Task Category: Logging/Recovery
    Level: Error
    Keywords: Classic
    User: N/A
    Computer: Computername…
    svchost (1332,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

    So how to fix and remove the error message… open Admin cmd prompt and go to the C:\WINDOWS\system32\config\systemprofile\AppData\Local Folder and type:

    md TileDataLayer

    followed by

    md TileDataLayer\Database

    Thereafter you can close cmd.exe prompt and the error should go away.


    Categories: Active Directory

    You cannot turn on Network Discovery in Network and Sharing Center in Windows Server

    Assume that you try to turn on Network Discovery on a computer that is running any version of Windows Server. To do this, you change the Advanced sharing settings in Network and Sharing Center. However, the changes are not saved. Therefore, you cannot turn on Network Discovery, and you experience the following issues:

    • You cannot browse or find any network share.
    • You cannot view shared folders on a local network.

    This issue occurs for one of the following reasons:

    • The dependency services for Network Discovery are not running.
    • The Windows firewall or other firewalls do not allow Network Discovery.

    To resolve the issue, follow these steps:

    1. Make sure that the following dependency services are started:
    2. DNS Client
    3. Function Discovery Resource Publication
    4. SSDP Discovery
    5. UPnP Device Host


    Configure the Windows firewall to allow Network Discovery. To do this, follow these steps:

    1. Open Control Panel, click System and Security, and then click Windows Firewall.
    2. In the left pane, click Allow an app or feature through Windows Firewall if you are running Windows Server 2012. Or, click Allow a program or feature through Windows Firewall if you are running Windows Server 2008 or Windows Server 2008 R2.
    3. Click Change settings. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
    4. Select Network discovery, and then click OK.


    Configure other firewalls in the network to allow Network Discovery.

    Turn on Network Discovery in Network and Sharing Center.

    Redirect new users and new computers to different OU in Active Directory

    I’m sure everyone knows this but it’s often forgotten and not used.  I find it useful to redirect new users and new computers joined to the domain to go to an OU where you can create policies.  Never mind why Microsoft didn’t do this in the first place.

    Here are the two commands to redirect users and computers respectively.

    Redirect users to different container:  redirusr <DN path to alternate OU>

    1. Ex: redirusr “OU=Users,OU=My Office,DC=domain,dc=local”

    Redirect computers to different OU:  redircmp container-dn container-dn

    1. Ex: redircmp “OU=Computers,OU=My Office,DC=domain,dc=local”
    Categories: Active Directory

    Deleting directory with long names inside

    When you want to completely delete a directory and it has file with long names inside it, Robocopy does a VERY good job.  The type of folders in this case could be Favorites with URLs that are really long.  When this happens the folder/file path becomes too long for Windows to delete properly.

    Open Cmd.exe prompt as administrator.

    Type the following commands:

    1. mkdir “empty_dir”
    2. robocopy “empty_dir” “the_dir_to_delete” /s /mir
    3. rmdir “empty_dir”
    4. rmdir “the_dir_to_delete”