31 December 2016

Poor Network Performance | Network Shares (Server 2012 R2)

I was recently doing some work for a client where they had noticed that the network performance from their workstations to the File Server was rather poor.  When transferring data to the File Servers (and any other shares on the Virtual Host), it was very slow.

All the VMs were either Server 2016 or 2012 R2, and it was running on a Virtual Host which was Server 2012 R2.  The Server was a Lenovo x3650 m5.  All the NICs were Broadcom and the drivers were fully up to date.

After looking into the issue, I found that some of the settings on the Network Adapters needed to be changed/updated (on the Virtual Host itself) to allow for faster transfer speeds.  To do this, I needed to open up each Network Adapter, then click on Configure, then the Advanced tab.  Once I did this, I had to set the following options to Disabled:
  • TCP/UDP Checksum Offload (IPv4)
  • TCP/UDP Checksum Offload (IPv6)
  • Large Send Offload V2 (IPv4)
  • Large Send Offload V2 (IPv6)
  • Virtual Machine Queues
Just remember that when performing these changes, it will drop the network connectivity to the adapter for about 5 seconds.  If you're making this change on a live host, it will potentially disrupt network traffic to the VMs and the Host.  If you have a NIC Team in place, do this to one Adapter, then wait for it to come back online before doing it to the next one to make sure that network connectivity to the host itself remains active. 

After doing this to the NICs in my NIC Team, I tested the network connectivity and it was considerably faster.

28 December 2016

Directory service is missing mandatory configuration information | Server 2008R2

I was recently demoting a Domain Controller as I had upgraded to Server 2016, when I came across the following error message:

What this means is that the fSMORoleOwner is most likely pointing to the server that you're trying to decommission, and of course you can't do this.  So what needs to be done is to update this to point to another DC that's active.

First, to confirm this, you will need to go into ADSI Edit. Connect to the following:

Once you've done this, open up DC=Infrastructure:

Look for fSMORoleOwner and check the server name that is referenced here:

In this case, it's showing my new DC, however originally it was showing the DC that I was wanting to decommission.  In order to resolve this, I used the following script:

const ADS_NAME_TYPE_1779 = 1

set inArgs = WScript.Arguments

if (inArgs.Count = 1) then
    ' Assume the command line argument is the NDNC (in DN form) to use.
    NdncDN = inArgs(0)
    Wscript.StdOut.Write "usage: cscript fixfsmo.vbs NdncDN"
End if

if (NdncDN <> "") then

    ' Convert the DN form of the NDNC into DNS dotted form.
    Set objTranslator = CreateObject("NameTranslate")
    objTranslator.Init ADS_NAME_INITTYPE_GC, ""
    objTranslator.Set ADS_NAME_TYPE_1779, NdncDN
    strDomainDNS = objTranslator.Get(ADS_NAME_TYPE_CANONICAL)
    strDomainDNS = Left(strDomainDNS, len(strDomainDNS)-1)
    Wscript.Echo "DNS name: " & strDomainDNS

    ' Find a domain controller that hosts this NDNC and that is online.
    set objRootDSE = GetObject("LDAP://" & strDomainDNS & "/RootDSE")
    strDnsHostName = objRootDSE.Get("dnsHostName")
    strDsServiceName = objRootDSE.Get("dsServiceName")
    Wscript.Echo "Using DC " & strDnsHostName

    ' Get the current infrastructure fsmo.
    strInfraDN = "CN=Infrastructure," & NdncDN
    set objInfra = GetObject("LDAP://" & strInfraDN)
    Wscript.Echo "infra fsmo is " & objInfra.fsmoroleowner

    ' If the current fsmo holder is deleted, set the fsmo holder to this domain controller.

    if (InStr(objInfra.fsmoroleowner, "\0ADEL:") > 0) then

        ' Set the fsmo holder to this domain controller.
        objInfra.Put "fSMORoleOwner",  strDsServiceName

        ' Read the fsmo holder back.
        set objInfra = GetObject("LDAP://" & strInfraDN)
        Wscript.Echo "infra fsmo changed to:" & objInfra.fsmoroleowner

    End if

End if

Create a new VBS file with the above script, and called it "FixFSMO.vbs".  Copy this to the desktop of a DC that's active and then run the following command:

cscript fixfsmo.vbs DC=DomainDnsZones,DC=contoso,DC=com

You will also need to run the same command, but for ForestDNSZone.  

cscript fixfsmo.vbs DC=ForestDNSZones,DC=contoso,DC=com

Once you've done this, check the ADSI object again and you will notice this has now updated to an active DC.  Let this sit for 15 minutes or so to ensure that it syncs to all DCs, and then you should be able to re-run the DCPROMO to demote the Domain Controller. 

Migrate DHCP Server to Server 2016

The following process can be followed when you're creating a new Domain Controller, and you'd like to migrate DHCP settings from an old DC to a new one.

I have done this from Server 2008R2 to Server 2016, however this can be used from 2008 to 2016.
  1. Log in to the old (existing) Domain Controller running DHCP
  2. Open up an Administrative Command Prompt
  3. Type the following:
    netsh dhcp server export C:\Users\<username>\Desktop\dhcp.txt all
  4. Copy the .txt file over to the desktop of the new DC
  5. Open up an Administrative Command Prompt
  6. Type the following:
    netsh dhcp server import C:\Users\<username>\Desktop\dhcp.txt all
  7. Open DHCP on the new 2016 server.  You will notice all the settings have now been migrated (including reservations and leases)
Once you've done this, you will then need to authorise the new DC and unauthorise the old DC.  This should happen automatically when you authorise the new DC, however make sure you double check this on the old one. 

To be on the safe as once you've done this, make sure you disable the DHCP Server service on the old DC.  This will ensure it does not start again if you were to reboot the server.

If you require IT Support in Perth, contact Winthrop Australia

Enable Split Tunnelling | Windows 10 VPN

In older versions of Windows (eg 7/8.1 etc) you were able to enable Split Tunnelling by removing the default gateway IP address from the IPv4 settings of a VPN's properties.  This is now not available on Windows 10 and you can't actually click on the IPv4 properties.

In Windows 10, you now need to enable Split Tunnelling through PowerShell.   It is done with a simple command:

Set-VPNConnection "VPN Name" -SplitTunneling $true

To verify that this was successful, you can type the following command to get the details of your VPN connection:


Winthrop Australia can supply all your IT Support needs in Perth, and most of Australia

21 December 2016

SMTP Relay Not Sending Mail

We have a SMTP Relay configured on a client's server to relay mail from on-prem to their Office 365 tenant.  This allows Scan to Email functionality from printers etc.

Recently a client told me that they're trying to scan to email but it's failing for them.  I created a test email.txt file which was to just send a simple email.  I put this file in the 'Pickup' folder, and it just stayed there.  Usually it's picked up immediately and relayed.

I checked the services and noticed that the Simple Mail Transfer Protocol (SMTP) service was stopped, and for some reason it was set to 'Manual'.  A quick manual start and then changing this to 'Automatic' resolved the issue for me.

If you require IT Support or Consultancy, contact Winthrop Australia

15 December 2016

Missing Application in Task Sequence | SCCM 2012

Recently a client of mine was trying to add an application to be installed as part of the 'Install Application' sequence within an Operating System Deployment Task Sequence.  They were able to find many applications that were available, however they couldn't see this particular one (in this case it was VLC).

The application was showing up under Apps:

When adding it into the Task Sequence, there was no error messages, it was just not there:

To resolve this, go into the application itself, click on the Deployment Type tab, then click User Experience and make sure its set to Logon Requirement: Whether or not a user is logged in.

Once you've done this, it will allow you to see the app and choose to add it into the Task Sequence. 

12 December 2016

Enable Multicast | SCCM 2012

This is a quick post to show you how to enable Multicast deployments through SCCM 2012.

  1. Click Administration
  2. Click Servers and Site System Roles
  3. Click on the SCCM server
  4. Double-click on Distribution Point
  5. Tick the Enable Multicast option

Once you have done that, you will need to enable the multicast distribution for any packages/operating systems you may have.  To do this, do the following:

  1. Click on Software Library
  2. Click on the folder where you've saved your packages or operating systems
  3. Right-click on the Operating System or Package and click on Properties
  4. Click on Distribution Settings
  5. Tick Allow this package to be transferred via Multicast

It is not recommended that you enable Multicast when using SCCM.  This has been known to cause issues with the WDS service constantly crashing. 

Winthrop Australia provides some of the best IT Support in Perth.  Contact us today to find out how we can help you.

Disable Yammer for all users | Office 365

I recently did an Office 365 migration where our client was using E3 licenses.  This includes a Yammer subscription, which they were not interested in using at this stage.  I was asked to disable this service for all users.

To do this, I did the following:

Get-MsolAccountSku | Format-List –property accountskuid,activeunits,consumedunits
This will show you which license pack you're currently using:

Get-MsolAccountSku | Where-Object {$_.SkuPartNumber -eq “ENTERPRISEPACK_FACULTY”} | ForEach-Object {$_.ServiceStatus}
This shows the license packs that are available for this particular O365 License:
In this case we're wanting to disable "Yammer_EDU".
Type the following:
$x = New-MsolLicenseOptions -AccountSkuId “AccountSKUID:ENTERPRISEPACK_FACULTY” -DisabledPlans “YAMMER_EDU”
Note: the bold section is the AccountSKUID which has been blurred out in this case, but can be found here:
To apply this to all users who have a current O365 license, type the following:
Get-MsolUser -all | Where-Object {$_.isLicensed -eq $True} | Set-MsolUserLicense -LicenseOptions $x
This will take ~5 minutes or so depending on the amount of users you have in your Tenant, however once this has completed, you will notice that the Yammer license is now set to 'off'.

09 December 2016

WSUS Not Downloding Updates

I recently had a client who had WSUS setup on Server 2016.  It was trying to downloading some updates after a synchronisation, but it would freeze at 100% and not go any further.

Synchronisations were fine, and it would download the data that's required, however these 5 updates would just sit there.  Checking Event Logs, I saw the following error:

After running the following command I found the following event

"C:\Program Files\Update Services\Tools\WsusUtil.exe CheckHealth"

It looks like the particular file it's trying to download is corrupt.  Checking WSUS to find out what the update is, KB3172989 is actually a CU for Server 2016 Technical Preview.  In this case, it's not needed so it was declined through WSUS.  After doing this, I did a search for all the Technical Preview updates, and declined them as well.  After running a Synchronisation again, it worked well. 

07 December 2016

Exchange 2007 Uninstall Hanging on 'Remove Exchange Files'

I was recently decommissioning an Exchange 2007 server for a client.  When I was going through the installation process, I noticed that it was hanging at the 'Remove Exchange Files' section.

After giving it sufficient time to complete on it's own, I had to go into the Task Manager to stop the PowerShell.exe task.

Simply end the process and PowerShell.exe will start back up immediately.  Once that has done, take a look at the Exchange installation process, and you will notice that it will complete within about 15 seconds or so of stopping this process.