Blog: Windows

I was working on a Windows 10 PC connected to a domain. This PC could be pinged by DNS name and IP address.  RDP was also working.  There were no other issues on network.  No domain policies were in place that should have been keeping PC admin shares from working.  But it was still failing after registry settings changes, removing and re-adding to domain, etc.
 
I found an article about shares not working if there is a misconfigured DNS entry somewhere.  I looked on the secondary DNS server and there was an old, incorrect entry for that PC.  Removed the DNS entry and shares began to work.

 

I was working with a customer who called in a disk space issue. I ran SpaceSniffer and discovered  there were 92GB of files in a temp folder and nearly all were cab files.

My research discovered that on Windows 7 64bit and Server 2008 R2 the makecab.exe utility breaks whenever a log file is over 2GB. The problem is that the cabinet file format cannot store files larger than 2GB and it breaks the compression process as a result. Consequently all new logs created afterwards never get created properly and C:\Windows\Temp fills up with corrupt cabinet files; as much as 200MB+ a day. 

The only solution is to delete all of the corrupted cab files from the temp folder and the initially corrupted log file in the CBS folder. Here is a link to the article explaining this issue. 

https://serverfault.com/questions/746849/windows-temp-large-amounts-of-cab-xxxx-files


 

I was working with a customer who had accidently deleted some files when copying them to a different drive. When trying to restore them using the Previous Versions option, I got a message saying that the source file name was too long. I tried everything, but eventually the steps below worked for me:
 
  1. Right click on the folder you're trying to restore from shadow copy and chose Previous Versions. Chose a date and click on Open.
  2. Right click on any file or folder within the previous folder and chose Properties. On the General tab copy what's shown in 'location', e.g.: \\localhost\D$\@GMT-2011.09.20-06.00.04\_Data
  3. Open cmd.exe and type in - subst X: \\localhost\D$\@GMT-2011.09.20-06.00.04\_Data
  1. Open PowerShell and use robocopy to copy content of X:  - robocopy Z: D:\Folder\ /E /COPYALL
  1. Check that all files have been copied.
  2. When finished type - subst X: /D in cmd.exe

 

I have had the issue of Windows explorer crashing several times a day. All explorer windows, the desktop and task bar disappear then the desktop and task bar reappear after a few seconds.

I did not nail down the specific culprit but used ShellExView (www.nirsoft.net/utils/shexview.html) to disable all non-Microsoft shell extentions. That made a significant difference and I haven't had explorer crash in the last few days. Of course, it could be a combination of shell extensions that will make it harder to identify. In the meantime, I will add an extension as I miss it and see if it destabilizes Windows explorer again.


 

I was recently doing a maintenance window for a customer and had an issue with several of their servers giving me an Error Code 80243004 – Windows Update encountered an unknow error when I was trying to install updates.  After researching, I came across an article with a very simple and weird fix for the issue. 

  1. Right click on the taskbar and select Properties.
  2. Click the Customize… button on the Taskbar and Start Menu Properties window.
  3. On the Notification Area Icons window, make sure Always show all icons and notifications on the taskbar is checked and click OK.

After turning on the notifications for Windows Update, I was able to successfully install all Windows Updates.


 

Recently I was deploying Cylance for a customer. The first approach I took to deployment was to create a group policy that ran a batch script at logon. I set up the policy and then restarted one of the test PCs I was working with. The group policy was being applied, but the software was not installing.

My research suggested disabling  asynchronous processing of group policies. To do that, I went to Group Policy and navigated to:  Administrative Templates\System\Logon. There is a policy called Always wait for the network at computer startup and logon and when that is enabled, it turns off asynchronous processing. As soon as I enabled that, the install worked.

Not long after I applied that policy, the customer called and said their users were having issues with one of their applications not launching. After some investigating, it turned out that the program required that a network drive be mapped first, before the program could launch. Clearly the order of operations was broken when I disabled asynchronous processing. So, I turned it back on, but the trick about group policies is that you have to go in and manually fix anything that was modified in the registry. I fixed that and everything started working. Moral of the story is always remember the policy changes you make, just in case you need to go unmake them.


 

I had two customers that needed to exempt a couple of systems from a group policy that disables USB/CD-ROM access, but I ran into the same issue both times when trying to do so.

I added the user to the appropriate group to block the GPO, but when I logged into the user’s PC, the drives still said access denied. I figured the group policy had not applied, so I forced it to apply and then I had the user both log off and back on and also restart with no success on the policy applying.

I did some digging and discovered that there is a bug in Windows that affects the Portable Device Enumerator Service. I tried several things with that service (restarting, looking at other depenedent services, etc) but nothing worked. Microsoft had a Hotfix available, so I tried that and still got nothing. Finally, after some additional research, I ran across a KB article that recommended going into Disk Management, uninstalling the driver for the CD-Rom and then rescanning the disks to let it re-install. As soon as I did that, everything started working properly. 

Here is the KB article with the Hotfix, in case it happens to work for someone else down the road: https://support.microsoft.com/en-us/help/2738898/users-cannot-access-removable-devices-after-you-enable-and-then-disabl


 

Recently I wanted to test a dual factor authentication solution on my Windows VM, so I took a snapshot to revert to later if needed. After testing for several days I reverted to the snapshot, but started getting an error about an expired computer account password. Apparently the machine password expired and automatically renewed while testing, so this was lost when I reverted to the old snapshot.

Rather than disconnect and rejoin the computer from the domain, I found a Powershell command to reset the machine password. Details about this command are at:

https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.management/reset-computermachinepassword


 

I recently worked with a customer because their C: drive was out of space. He had another drive in their laptop (D: drive) that had 500GB of free space.  I decided to move all offline files from the C: drive to the D: drive. I found the following article and worked through it:

https://support.microsoft.com/en-us/kb/942960

After getting the offline files synced, I started working to clean up the old location of the offline files. I took ownership and I was able to delete most of them, but I kept getting an error that I could not delete some of the files because “the file name was too long”. I spent a long time researching and trying to figure out how to gain this space back by deleting the files. I eventually created a share to the folder, accessed it from another system, and I was able to successfully delete it from there.

 

 


 

For some versions of the TPM chip found in the Lenovo ThinkPad T420, you will receive an Access Denied error message when attempting to encrypt the hard disk if you have a group policy enabled that restricts CD/DVD access.  Apparently, some models of TPM chip are seen by the system as a CD/DVD device, and will not function correctly if it has been disabled via Group Policy. 

The fix is to just disable the group policy until after the disk has been encrypted and the PIN has been setup.  Once it has been encrypted you can reapply the Group Policy and it will continue to function normally.