Wednesday February 7th, 2018 12:08 A new Win10 update is borking domain machines; here’s how to fix it

So far this week, I’ve had three different users looking down the barrel at a BSOD after they did exactly what I asked by running a once-weekly reboot.

Win 10 hasn’t given me a lot of BSOD problems, and most of them have been a simple reboot and things were done. But this sum’bitch right here is nasty as hell.

You’ll end up with an infinite restart loop after a benign reboot – this is your warning sign that this is going to hurt.

asplode

Let’s not muck about with why or how this happened (might be this). Here’s what to do:

  1. Go into restore and pick the latest point you can find. Thankfully restore only messes with installed programs anymore, so it’s easy enough to deal with anything lost after this step.
    • At this point a domain machine will do the first fun thing, which is have a broken trust relationship, even if the restore point was from that same morning
  2. Log in with a local account
  3. Discover that, for no fucking reason at all that your local admin account is now a guest account
  4. Grab (or create if need be) a usb installer for Win 7/8/10 – all will work – and boot to that
  5. Use the Utilmon.exe replace trick (detailed in answer 2 here) and use that to enable the built-in administrator
  6. Sign in as administrator and give admin rights back to your other local account
  7. Unjoin the domain
  8. When that mysteriously fails, open Local Security and go to Local Policies -> User Rights Assignment and re-add your locals to the Back Up and Restore lists, which are now exclusively populated by de-coupled GUIDs
  9. Reboot, unjoin domain again, reboot, rejoin domain, reboot
  10. Drink. Heavily.

My second go at this went a lot easier than numbers 1 and 3, so you might get lucky and be able to skip a few steps. But don’t expect it.

Good luck, kids.

In: Computers, How ToNo Comments

Tuesday January 2nd, 2018 16:43 First thoughts of the new year

I was configging a workstation on the Dell site, just to see what the price would be, when I noticed that selecting the ‘no mouse’ option enabled the following spec code:

nomse

And now, all I can think about is this:

Perhaps 2018 will be an improvement.

In: Computers, Music/Movies/TV, OtherNo Comments

Wednesday September 6th, 2017 09:57 Chimpcrosoft 101

Seriously, I keep telling people this, and they think I’m joking. It seems stupid, but there are real technical reasons why it works so often.

MS_101_chimp

p.s. SMBC is awesome and you should give them some of your money.

In: Computers, How ToNo Comments

Tuesday May 30th, 2017 15:54 Your things belong to you now (some of them, at least)

Big news, via the EFF.

Finally, a court has stepped up to knock down the notion of companies owning not only patents but consumers’ decisions over what to do with their own property.

trebek

In this instance, we are only talking about the right to refill printer cartridges. But the breadth of the ruling is sure to seep into other aspects of technology bemired in the overreach that is a company daring to tell me what I can and can’t do with something I already paid them for.

It’s the government’s job to pointlessly flail about trying to do that.

In: Computers, News, PoliticsNo Comments

Tuesday May 30th, 2017 12:55 Truth

As seen on teh intertubes:
1pz3ft

In: ComputersNo Comments

Tuesday May 16th, 2017 22:55 Veeam “Failed to create Hyper-V Cluster Wmi utils: Failed to connect to WMI on host” Fixed

Yes, I know I should be beaten with the SEO mace for that post title. It’s intentional because I spent entirely too much time on Google trying to use the actual error code as a guide to find the source of the error. Stupid me.

Nearly everything I could find that was specifically related to Veeam either provided L1-phone support answers or only contained part of the reported error1.

That said: If you’re seeing that particular error, the actual problem has a high probability of being a simple fix. And here’s how that goes.

1. Forget about Veeam. That’s most likely not your problem, even if it’s happening on every job. It’s WMI itself.

22. Open WMI management on your Veeam server. It’s under start if you just type “wmi” or you can load it from MMC.

3. Right-click “WMI Control” – should have “(Local)” next to it at this point.

wmi

4. Check the properties to make sure it doesn’t say RPC Server unavailable. If it does, go to another server (that isn’t failing backup – hopefully you’ve got a standalone DC) and start over until you get a result with some basic sys info and a version number.

5. Close that window and right-click control again, but this time connect to another server.

6. Put in the name of the server that is failing backup and see what happens. For me, I got a positive result.

7. Now put in the IP of that same server. For me, RPC fail.

7.5 If those two things don’t happen, sorry. This procedure will probably not help you.

8. Given that scenario, connect to a DC that handles DNS for your domain.

9. Check the reverse lookup entries for the server failing backup. If you’re not seeing the correct name next to the correct IP, put it in there and delete any other reference to either (assuming they’re not accurate to another NIC’s IP, of course).

Be thorough. If someone gave a host a name outside the netbios limit and there’s a shortened entry, get rid of it. Only leave the un-suffixed FQDN entries. Check other subnets too.

RDNS is not something most of us clean up regularly, and conflicting entries can bork things.

10. Redo steps 5-7 from your step 4 server, connecting to whichever one(s) Veeam errored on. Remember to flush the DNS first. If good info now appears, you should be able to hit retry on the backup job(s) and walk away.

Hope that helps some other poor schmuck out there. No need to thank me; just remember to write it up when you solve your next annoying problem. Beats going begging to reddit.

1. Almost all of the posts had error messages that ended in some iteration of ‘bad credentials.’ Seriously, how are you employed if you needed to look that up?

2. This can also be done via CLI. This guy has a cut-and-paste-ready command.

In: Computers, How To(2) Comments

Monday March 13th, 2017 10:13 Worst Buy case update

Regarding the news from a couple months ago

told_you_so

It’s official now. Best Buy’s Dupe Squad was actively collaborating with the FBI to spy on anyone and everyone foolish enough to trust them to fix a computer.

In: Computers, NewsNo Comments

Friday February 3rd, 2017 10:33 Presented without comment

IT-Peeps

In: ComputersNo Comments

Tuesday January 10th, 2017 16:06 Trust, confidence and getting what you pay for

Doubtless, many people hear phrases like “I’ll just take it to Best Buy/the Apple store/etc.” all the time.

Me, not so much, given that I’m usually the repair point they’re taking ‘it’ to.

know_more_than_you

No matter how badly I’ve wanted any given person to take any given device anywhere else, not once have I let such words pass without at least a bit of snark – e.g. “Yes, and since I’m hungry, I’m going to go lick the bottom of a McDonald’s fry trough. Same as any other food, right?”

Listen up, people:

This is an actual ad for an ‘advanced’ Geek Squad tech. Having an A+ cert is ‘preferred.’

For those unaware, an A+ is the toilet paper of the cert world. Most certs are crap in general, and completely unnecessary for someone with a decent resume, but that one just comes right out and says ‘You will have no serious responsibilities or challenges, not the least bit owing to the fact that the supervisor who will be conducting your interview barely knows the difference between CMOS and ATMOS.’

The Apple ‘geniuses’ have an even lower bar.

But why should anyone give a damn, so long as the computer comes back fixed?

Well, besides it costing a whole lot more money and taking an absolutely absurd amount of time, Best Buy, specifically, is full of thin-skulled twits that are all too happy to rifle through your computer or phone in order to fulfill the childish fantasy of playing Junior G-Man in the service of unscrupulous FBI agents.

It’s kind of funny to a tech person that the world is just now finding out that the Bureau has been paying Geek Squad nitwits to spy on customers. Especially since the case in question has had that as an open question for nearly a year now.

The thing is that we’ve always known they were doing that. This is just the first time there may be court-recognized proof.

Think of it this way:

If you’re sending off a computer to be repaired, it stands to reason that you don’t know much about computers. Odds are, you don’t know much about – to revisit my earlier example – making fast food either.

So why do you trust one group to handle a device full of personal correspondence, photos, and videos as if they are beyond reproach, but check the bag to make sure you got your fries while the other is still in the window, watching you insult their capabilities?

Literally the only thing that the Best Buy employee has on the McDonald’s employee is having done a similar job for one year. This qualifies them for ‘advanced’ work.

So is it hard to imagine that (probably) young, barely-skilled retail employees jump right in at the movie-script-esque prospect of spying for the FBI?

About as easy to imagine as a pimple-faced teenager intentionally dropping your burger on the floor?

There’s little chance that anyone not doing anything wrong will end up in such dire straits as Dr. Rettenmaier. But that doesn’t mean it won’t happen. And it doesn’t mean that the government gets to employ entry-level retail employees as de facto federal agents and send them off to rifle through your data just because a USB port broke on your laptop.

In: Computers, News, PoliticsNo Comments

Wednesday November 16th, 2016 13:53 Pretty much my life

In: Computers, How ToNo Comments

Whois

IT guy, dev, designer, writer.

Got a degree in print journalism from UF but history dealt some bad cards to that industry, so I moved back to an earlier love: the computer.

Was recently at ZMOS Networks, but am now the Senior IT Associate at the Edna McConnell Clark Foundation.

My name is moderately common, as are a couple screen names, so always look for the logo to make sure you're reading something with official Km approval.

You can get to me directly with kyle(@)kylemitchell.org