Obvious tip for web site admins…

Don’t use admin as the username to login to your website. Reason: Bots on the internet are constantly scanning the net and 95% of the time will automatically attempt to log in to your website using admin as the username. If you block any logins using admin, then you will block these attempts to hack your webserver.

How to troubleshoot failed Windows Insider Preview Build Installs

There is a folder called Panther, that holds the logs called setupact.log, and setuperr.log. The setupact.log should contain a run through log of the installation progress of the latest build install. If it fails, it will normally roll back to the last build and the user will not know why it failed. This Panther folder may hold the only answers to why the install failed. The Setuperr.log should just display the last error in the install process, which may help diagnose exactly why the installation of the latest build failed. However, most likely you want to read the setupact.log.

Disabling the windows firewall will block inbound Remote Desktop connections

WindowsPlatform_120If you disable the Windows Firewall, you will no longer be able to remote desktop into the machine, you will not see the machine on your network, and you will really not be able to do anything with it. It does no good, from a management perspective to disable the windows firewall. Try it and see. Disable the windows firewall and then try to connect to that host with Remote Desktop, (mstsc.exe). It will not work, it will even show the error that says that Remote desktop is not enabled, even though it is. As soon as you start the windows firewall service with an exception for port 3389, the rdp session will commence. You wont be able to ping the server either, the point is, DO not disable the windows firewall, unless you feel like troubleshooting network connections for awhile. Just leave the firewall enabled and configure the rules. I Never disable the windows firewall no matter what.

Use the updated PsDscResources instead of built-in DSC resources in Windows Server 2016

Powershell Logo

Powershell Logo

Microsoft has issued a statement that in order to keep updating the built-in PSDesiredStateConfiguration Resources that ship in the box with Windows 10 or Windows Server 2016, you should now use the PSDscResources module (located in the PowerShell gallery)instead of the old PSDesiredStateConfiguration, which can be downloaded and installed with Find-Module PsDscResources| Install-Module PsDscResources. This module currently contains an updated Service DSC Resource, which is a very useful resource to use. The reason that I like to use the Service Dsc Resource is because sometimes services may stop on their own, and there is usually no easy way to tell if a service is still running, without opening the services console, querying via PowerShell, or checking in Server Manager.

Services like the Windows Firewall, or Component Services (ComSysApp) services will cause network problems they stop running. File Sharing between computers on the same network may fail if either of these services is stopped. The Windows Firewall (mpssvc)Service actually causes the most damage when it is not running, and sometimes it gets corrupted because of conflicting Group Policies or it may just stop. Although DSC is not going to be able to solve all problems that may cause the Windows firewall service to stop, it will be able to start the service and make sure it is running, barring any corruption or permission errors.

I often will set some of my machines up with DSC and the service resource to ensure that the ComSysApp is running, if I need to make sure that these computers are found on the network. The ComSysApp service is needed for some remote administration as well. Many times when I have been troubleshooting why a computer disappeared from the network or from remote administration, it has involved this service being stopped for some reason.


Example DSC Configuration using the new Service resource:

Configuration Server1service
{
Import-DscResource -ModuleName PsDscResources -ModuleVersion 2.1.0.0
{
Node Server1
{
Service ComPLUS
{
Name = "ComSysApp"
BuiltInAccount = "LocalSystem"
DisplayName = "COM+ System Application"
StartupType = "Automatic"
State = "Running"
}
Service RemoteReg
{
Name = "RemoteRegistry"
BuiltInAccount = "LocalService"
DisplayName = "Remote Registry"
StartupType = "Automatic"
State = "Running"
}
}
}
}

Server1Service -OutputPath C:\Dsc -Verbose

Start-DscConfiguration -ComputerName Server1 -Path C:\Dsc\ -wait -verbose

Always install SQL Server Logs on separate hard drive, Not on C drive.

When installing Configuration Manager, the most important tip I could give would be to make sure you install the SQL Server logs on a different drive than the database files. You really should install the SQL Server database Data files on D drive, the Logs on E drive. and then put SQL Backups on F drive. If this is not done, there may be several problems that will occur in Configuration Manager. For example, a common error is Management Point is not responding to HTTP requests. This error will manifest itself all the time if your SQL Server data and Logs are on the same drive. Another problem that I have seen on servers with SQL Server Data files and Logs on same drive is the Application Catalog will not function correctly. If you install SQL Server correctly, and do not install database files, SQL logs, or SQL backup on the C (system Drive), then there is a good chance that Configuration Manager will run successfully in the green for months. This tip is from personal experiences.