Monday, July 29, 2013

You have been logged on with a temporary profile

This is annoying. My domain-joined Windows 7 machine kept showing this error upon login and I couldn't save any new profile.
On the Event Viewer, I saw these 2 errors (Event 1511 and 1515)

Initially, I thought my roaming profile was corrupted. But re-building the profile did not solve the problem. The same error still appear until I saw this Microsoft KB post.

I enumerated through the registry records on
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Instead of just removing the sid.bak records, I removed all user registry records. In effect, it would force a rebuild of all local user profiles that would be synced from the central user profiles on the network share.

Wednesday, July 24, 2013

Delegate Certificate Template Management

By default, only Domain Admins are able to create and manage Certificate Templates on the Active Directory. To delegate to other groups (e.g. CA admins), follow this guide on Allowing the Creation and Modification of any Certificate Template.

Thursday, July 18, 2013

Cert Template MMC Crashed on WS2012 whenever Key Archival was enabled

Cert Template MMC (CertTmpl.msc) on WS2012 crashed whenever the archive key check-box was enabled as shown in red box below.

A technical support was raised to Microsoft premium support with TTTrace.exe debugging tool. Eventually, the support team replied that the crash was due to a recently added CA server did not return any cert template information. Indeed, after I issued a cert template on that CA server, the crash issue was gone.

No resolution or hotfix was given. Instead, the support team acknowledged that it was a bug that would be fixed in next Windows version. The decision was made due to the following considerations:
  • Low impact of this bug
  • Easy workaround by adding an unused cert template on the CA server
  • Any code change could potentially bring wider implication to world-wide customers
My guessing on the real reason: the hands of the development team are full....

Tuesday, July 16, 2013

Nice Random Password Generator

Nice random password generator for AD user account creation or reset. It's a Powershell script (Get-RandomString.ps1) available on  Generating Random Passwords in PowerShell.

If you need to reset the password of an AD user account, there is another script (AD_Password_reset_v1.0.ps1) that uses this random password generator.

Friday, July 5, 2013

Unable to add Hyper-V host due to failed agent installation

I wasn't able to add a domain-based Hyper-V host using SCVMM 2012. The error was:

Error (415)
Agent installation failed copying C:\Program Files\Microsoft System Center 2012\Virtual Machine Manager\agents\Amd64\3.1.6011.0\vmmAgent.msi to \\HyperVHost\ADMIN$\vmmAgent.msi.
The network path was not found

Hence, I attempted to perform a manual installation. On the Hyper-V host, I copied the agent installation files from the VMM server "\\VMMServer\C$\Program Files\Microsoft System Center 2012\Virtual Machine Manager\agents\Amd64" to a temp folder.

Step 1: Install "vcredist_x64.exe"
Step 2: Install vmmAgent.msi by double-clicking on it. Installation ended prematurely due to an error.
Retry step 2: Install vmmAgent.msi using elevated command prompt: msiexec vmmAgent.msi. Installation completed successfully.
Step 3: Restart the Add Host job on VMM console

Thursday, July 4, 2013

SQL Server 2008R2 Reporting Service Failed to Start after Sysprep

I was attempting the step-by-step guide for sysprepping SQL Server 2008R2 in my gold VM image on SCVMM2012. After successfully created a VM template out of this image, the Complete SQL wizard couldn't get a service to start. I noticed the failure was due to the SQL Reporting Service.

Thankfully, there was a resolution mentioned in this blog post, which I've reproduced here:
  1. Open Regedit on the problematic SQL server
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
  3. In the Right Pane create the following Key (If not already created)
    • Value: DWORD (32-bit)
    • Name: ServicesPipeTimeout
    • Value Data, Click Decimal and type 60000 (Not less than 60000)
Restart the server and the reporting service should be able to start up correctly. I went back to my gold VM and pre-created this registry setting.