Jamie's Blog

Change Terminal Services Profile Path PowerShell

Problem: I needed to change all domain users to the new terminal services profile server

Solution
I was able to create a powershell script that loops through the domain and finds instances of where the terminal services profile path is set to the old server. It then replaces the old server with the new server name and logs the output to console.

You can modify the below to limit the scope of the items found (findall() only does 1000 objects by default) by changing adding in an OU filter or creating a function that adds in the user. In any case my problem was solved with the below script.

$root = "LDAP://DC=GALAXY,DC=local"
$searcher = ([ADSISearcher]"(&(samAccountType=805306368)(!userAccountControl:1.2.840.113556.1.4.803:=2))") #user account type will be person and the account not disabled.
$searcher.SearchRoot=$root
$users = $searcher.findall()
 foreach ($user in $users) {
    try {
    $userSearch = ""
    $tsprofilepath = ""
    $username = ""
    $userSearch = [adsi]"$($user.path)"
    $tsprofilepath = $userSearch.psbase.InvokeGet("TerminalServicesProfilePath")
    
    $username = $userSearch.psbase.InvokeGet("sAMAccountName")
                
       if ($tsprofilepath) { #check for not null
            if ($tsprofilepath.contains("OLDSERVERNAME")) { #check for containing string
                $newtsprofilepath = $tsprofilepath.Replace("OLDSERVERNAME", "NEWSERVERNAME") ##set ts profile path location
                Write-Output "$username has profile path of $tsprofilepath"#log existing
                $userSearch.psbase.Invokeset(“terminalservicesprofilepath”, $newtsprofilepath) #set new path
                $userSearch.setinfo() #save user info
                Write-Output "$username changed profile path to $newtsprofilepath" #log new path
                }
            else {
                Write-Output "$username has a profile path of $tsprofilepath" #log already has new path
                }
            }
            else {
                Write-Output "$username has a no profile path set" #log already has no path
            }
            #start-sleep 1 #loop sleep Timer
        }
        catch { 
        #error handle
        $ErrorMessage = $_.Exception.Message
        $FailedItem = $_.Exception.ItemName
        Write-Output "$username had an error of: $ErrorMessage"
        Write-Output "$FailedItem"
    }
}

SCCM 2012 R2 OSD Deployment Run Task Sequence From Distribution Point

Problem
Unable to switch the deployment option to run from local distribution point

Solution

All the software included in the task sequence need to have the option enabled “copy the content in this package to a package share on distribution points”
an easy way to find which packages do not have this enabled is the SQL query below:

1. Find your PackageID number for the task squence

2. Login to sql and run the query against the sccm db

Declare @TaskSequenceID char(8); set @TaskSequenceID = '000CB'

and (128 & P.PkgFlags) <> 128 --the bitmask for the "Copy the content... option in the Package Data Access properties"

3. Enable the option: Copy the content in this package to a package share on distribution points

Extend encrypted LVM By adding new physical disk

1. Verify the volume group and the logical volume name:

pvdisplay
lvdisplay


2. Add a new hard disk device to add to the volume group (in this example /dev/sdd):


pvcreate /dev/sdd
vgextend existing_volume_group /dev/sdd


3. After extending the volume group, extend the underlying Logical Volume (500GB):


sudo lvextend -L+500G /dev/existing_volume_group/logicalvolume_data


4. Resize the Crypt:

sudo cryptsetup resize /dev/mapper/


5. Resize filesystem:

sudo resize2fs /dev/mapper/


SharePoint 2013 missing Manage services on server for farm admins

Problem:
Sharepoint is missing options for Manage services and Backup and Restores

Solution:
The issue is even though the admin or group is configured as a Farm administrator inside of SharePoint 2013 the admin/group is not configured on the server as an Administrator. The group must be added as a server Admin to be able to manage these functions.

SCCM 2007 – Server 2012 and Windows 8 Support

Problem:
SCCM 2007 SP2 is not showing any Windows 8 or Windows Server 2012 updates in Software Updates.

Solution:

There are two fixes that need to be installed on the server:
http://www.microsoft.com/en-us/download/details.aspx?id=30747
http://support.microsoft.com/kb/2750782

IIS Reverse Proxy Module 500 error when going to PHP backend

Problem:
When setting up IIS reverse Proxy to connect back to a linux PHP application the site would not load and IIS would throw a 500 error. When browsing to the PHP site from the IIS server manually no errors and connectivity was working fine.

Solution:
I missed an option in the web.config file for the PHP pattern “pattern=”^text/php”” :

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
      <rewrite>
        <outboundRules>
          <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
            <match filterByTags="A, Area, Base, Form, Frame, Head, IFrame, Img, Input, Link, Script" pattern="^http(s)?://10.0.xxx.81/(.*)" />
            <action type="Rewrite" value="http{R:1}://www.xxxx.com/{R:2}" />
          </rule>
          <preConditions>
            <preCondition name="ResponseIsHtml1">
              <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
	      <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/php" />
            </preCondition>
          </preConditions>
        </outboundRules>
        <rules>
                <clear />
                <rule name="index" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
                        <add input="{REQUEST_FILENAME}" matchType="IsDirectory" />
                    </conditions>
                    <action type="Redirect" url="http://www.xxxx.com/xx/slovenia/index.php" />
                </rule>
                <rule name="ReverseProxyInboundRule1" patternSyntax="ECMAScript" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions logicalGrouping="MatchAny" trackAllCaptures="false">
                    </conditions>
                    <action type="Rewrite" url="http://10.0.xxx.81/bd/slovenia/{R:0}" />
                </rule>
        </rules>
      </rewrite>
        </system.webServer>
</configuration>

The password stored in Credential Manager is invalid.

Problem:

When a user was printing documents it would show up under a help desk person’s account.

Also was seeing a bunch of EventID 552 like these in the security logs

Logon attempt using explicit credentials:
Logged on user:
User Name: USER1
Domain: DOMAIN
Logon ID: (xxx,0x7D052)
Logon GUID: {xxxxxxx-07b5-8f5f-d5dd-d78268681b37}
User whose credentials were used:
User Name: HELPDESKUSER
Domain: DOMAIN.LOCAL

Logon GUID: –
For more information, see Help and Support Center at

Solution:

After enabling NetLogon debug logging information. http://support.microsoft.com/kb/109626

This would appear in the System Log under Kerberos Warning:

The password stored in Credential Manager is invalid. This might be caused by the user changing the password from this computer or a different computer. To resolve this error, open Credential Manager in Control Panel, and reenter the password for the credential XXX.

I was able to launch the Credential Manager using “rundll32.exe keymgr.dll,KRShowKeyMgr” and delete the cached credentials for the server that was running under the help desk person’s account.

Rebooted the PC and the user’s print jobs now show up under the correct account.

Remove .ashx extension from sitecore media file links

Problem:

When clicking on a linked PDF document or any media file sitecore added .ashx extension to the linked file. This caused issues with some browsers and OS versions not knowing what to do the file.

Solution:

Let the uploaded file present its original extension.

Modify the web.config file and look for

<setting name=”Media.RequestExtension” value=”ashx” />

change the setting to

<setting name=”Media.RequestExtension” value=”” />

Issues with SSRS 2012 SharePoint Integrated mode and SharePoint 2010

Problem:

I continued to run into issues with Kerberos and error message like Login failed for user ‘NT AUTHORITY\ANONYMOUS LOGON’ when using SharePoint Reporting Services and a SQL DB that I was reporting on a different server.

Solution:

When configuring Kerberos with previous SQL versions and SharePoint it was easy to set the delegation to “Trust this user for delegation to any service”. after setting SPNs you would be good to go.

However, with SSRS 2012 things have changed and SharePoint now uses the Claims To Windows Service to get authenticated correctly. I had it half way right and the fix was to add “trust this user for delegation to specified services only” on both the Claims To Windows Account and the SharePoint SSRS 2012 account. I found a sweet video on what needs to be done here:

http://technet.microsoft.com/en-us/video/Video/hh858469

Ubuntu 12 LIO iSCSI Target with SCSI-3

Problem:
Needed a quick solution to add storage to a failover cluster in a lab environment. LIO iSCSI supports scsi-3 persistent reservation iscsi. I decided to go with this solution.

Solution:

1. Install Ubuntu
install ubuntu
apt-get update
apt-get upgrade
apt-get install lio-utils

2. configure lio

attach additional storage to your ubuntu server. The following configuration can be used via command line first to test. Once everything is working you can make it static by modifying the files listed.

a. setup your devices to be used.

nano /etc/target/tcm_start.sh

tcm_node --block iblock_0/iscsiarray1 /dev/sdb
tcm_node --block iblock_0/iscsiarray2 /dev/sdc
tcm_node --block iblock_0/iscsiarray3 /dev/sdd
tcm_node --block iblock_0/iscsiarray4 /dev/sde

b. setup your iscsi target

nano /etc/target/lio_start.sh

lio_node --addlun iqn.2012.com.linux:iscsi.local:lun1 1 1 iscsi01 iblock_0/iscsiarray1
lio_node --addnp iqn.2012.com.linux:iscsi.local:lun1 1 10.0.0.1:3260
lio_node --disableauth iqn.2012.com.linux:iscsi.local:lun1 1
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun1 1 iqn.2012.com.microsoft:uranus.galaxy.local 1 1
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun1 1 iqn.2012.com.microsoft:neptune.galaxy.local 1 1
lio_node --enabletpg iqn.2012.com.linux:iscsi.local:lun1 1

lio_node --addlun iqn.2012.com.linux:iscsi.local:lun2 2 2 iscsi02 iblock_0/iscsiarray2
lio_node --addnp iqn.2012.com.linux:iscsi.local:lun2 2 10.0.0.1:3260
lio_node --disableauth iqn.2012.com.linux:iscsi.local:lun2 2
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun2 2 iqn.2012.com.microsoft:uranus.galaxy.local 2 2
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun2 2 iqn.2012.com.microsoft:neptune.galaxy.local 2 2
lio_node --enabletpg iqn.2012.com.linux:iscsi.local:lun2 2

lio_node --addlun iqn.2012.com.linux:iscsi.local:lun3 3 3 iscsi03 iblock_0/iscsiarray3
lio_node --addnp iqn.2012.com.linux:iscsi.local:lun3 3 10.0.0.1:3260
lio_node --disableauth iqn.2012.com.linux:iscsi.local:lun3 3
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun3 3 iqn.2012.com.microsoft:uranus.galaxy.local 3 3
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun3 3 iqn.2012.com.microsoft:neptune.galaxy.local 3 3
lio_node --enabletpg iqn.2012.com.linux:iscsi.local:lun3 3

lio_node --addlun iqn.2012.com.linux:iscsi.local:lun4 4 4 iscsi04 iblock_0/iscsiarray4
lio_node --addnp iqn.2012.com.linux:iscsi.local:lun4 4 10.0.0.1:3260
lio_node --disableauth iqn.2012.com.linux:iscsi.local:lun4 4
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun4 4 iqn.2012.com.microsoft:uranus.galaxy.local 4 4
lio_node --addlunacl iqn.2012.com.linux:iscsi.local:lun4 4 iqn.2012.com.microsoft:neptune.galaxy.local 4 4
lio_node --enabletpg iqn.2012.com.linux:iscsi.local:lun4 4