Monday May 20th, 2019 14:15 The Case of the Unrestorable AD Account

So, funny thing happened to me today.

By “funny” I mean “so maddening I wanted to execute the original programmer so the evil bastard can’t breed.”

So, you know how when you delete an Exchange mailbox, the only warning it gives you is:

Do you want to delete “XXX”?

Turns out that also deletes the AD account.

Wait. Check that.

It instantly deletes and recycles the AD account, bypassing the tombstone waiting period.

So, I had cause to restore one this morning and I usually:

1. Open up LDP, connect everything and grab the GUID
2. Open up AD PS and run get-adobject with the -includedeleteditems switch, to make sure it’s still there
3. Restore-adobject -identity “[GUID]” [other necessary junk]

Simple.

Except I’m getting ‘Directory object not found’ or ‘Illegal modify operation’ or, ‘The requested delete operation could not be performed’ when I was ready to give up and kill the whole thing.

So, literally the only reasonable thing you can do, whether the account was deleted in Exchange on purpose or not, is to adjust the tombstone lifetime to 1, then wait until tomorrow. There’s a nice, straightforward guide on that here, if you’re not familiar.

And on another note, exactly how stupid is it that “isrecycled=true” means that something is no longer in the recycle bin. It makes logical sense with an *actual* recycling bin, as recycled items have to be removed first, but flies directly in the face of decades of training – from the same company – to read “recycled” as ‘still available somewhere’ while the word for ‘nope, you’re not getting that back’ is “deleted.”

Now, I know I could go through authoritative restore, but that was entirely too much to do after I’d wasted so much time on this nonsense, leaving it outside the parameters of “reasonable.”

In: Computers, How ToNo Comments

Monday April 29th, 2019 12:35 The Spamvengers: Stupidgame

So, one of my users just got a phishing email from a lazy-ass cred thief.

It was fairly well composed, HTML-wise. So, I’ll give them that. But OMFG how could you completely fall down on the job with everything else? For instance:

The second dir I obfuscated because it’s the name of the supposed sender. I’m gathering this twit got a hold of their account and copied out the contacts list for this little endeavor.

But, seriously? Block directory listing, you imbecile.

Because that inevitably leads to someone clicking through and finding a handy zip of all your PHP. And that leads to them finding a plain text copy of the emails you were having all the credentials sent to:

And that leads to no one caring about obfuscating your address, since you’re a spammer dickhead. Or using online services to flood your inbox for hours on end.

I don’t know what dastardly individual would do that second part, though.

Oh, that’s right.

In: Computers, How ToNo Comments

Thursday November 15th, 2018 13:27 X1 Yoga fan and the MacGyver option

It appears that some of the fan casings for the 2nd-gen X1 Yoga didn’t receive the care and attention they deserved at the manufacturing plant. The little plastic clips that connect it to the copper plating are sometimes the wrong size, or simply don’t clip at all.

This, of course, results in a rousing rendition of the most annoying sound in the world, of which everyone in the office it thoroughly appreciative.

Depot RMA on these things is a 4-6 week process, at which time they will replace exactly one part, possibly from the same batch of junk they put in there in the first place.

Luckily, there’s a 20-minute solution:

Never fear to MacGyver that business.

Provided you know what you’re doing, of course.

In: Computers, How ToNo Comments

Monday September 24th, 2018 15:23 Cisco 8832 stuck on ‘connecting’ and how to fix it

I SEOed the shit out of that title. But I have a good reason.

If you go looking around for this problem, you get the official Cisco instructions plus a number of other people reposting those same instructions.

These instructions:

Step 1 Unplug the phone:
If using PoE, unplug the LAN cable.
If using the power adapter, unplug the adapter.
Step 2 Wait 5 seconds.
Step 3 Press and hold #, and plug the phone back in.
Step 4 When the phone boots up, the LED strip lights up. When the LED turns off, press 123456789*0# in sequence.
After you press these buttons, the phone goes through the factory reset process.

If you press the buttons out of sequence, the phone powers on normally.

Caution
Do not power down the phone until it completes the factory reset process, and the main screen appears.

Seems simple, right?

Here’s the problem:

In step three, you have to hold the * key instead.

Seriously, that’s it. The problem disappears immediately.

You’re welcome.

In: Computers, How ToNo Comments

Wednesday February 7th, 2018 12:08 A new Win10 update is borking domain machines; here’s how to fix it

So far this week, I’ve had three different users looking down the barrel at a BSOD after they did exactly what I asked by running a once-weekly reboot.

Win 10 hasn’t given me a lot of BSOD problems, and most of them have been a simple reboot and things were done. But this sum’bitch right here is nasty as hell.

You’ll end up with an infinite restart loop after a benign reboot – this is your warning sign that this is going to hurt.

asplode

Let’s not muck about with why or how this happened (might be this). Here’s what to do:

  1. Go into restore and pick the latest point you can find. Thankfully restore only messes with installed programs anymore, so it’s easy enough to deal with anything lost after this step.
    • At this point a domain machine will do the first fun thing, which is have a broken trust relationship, even if the restore point was from that same morning
  2. Log in with a local account
  3. Discover that, for no fucking reason at all that your local admin account is now a guest account
  4. Grab (or create if need be) a usb installer for Win 7/8/10 – all will work – and boot to that
  5. Use the Utilmon.exe replace trick (detailed in answer 2 here) and use that to enable the built-in administrator (or change the account type on the existing login)
  6. Sign in as administrator and give admin rights back to your other local account
  7. Unjoin the domain
  8. When that mysteriously fails, open Local Security and go to Local Policies -> User Rights Assignment and re-add your locals to the Back Up and Restore lists, which are now exclusively populated by de-coupled GUIDs
  9. Reboot, unjoin domain again, reboot, rejoin domain, reboot
  10. Drink. Heavily.

My second go at this went a lot easier than numbers 1 and 3, so you might get lucky and be able to skip a few steps. But don’t expect it.

Good luck, kids.

In: Computers, How ToNo Comments

Wednesday September 6th, 2017 09:57 Chimpcrosoft 101

Seriously, I keep telling people this, and they think I’m joking. It seems stupid, but there are real technical reasons why it works so often.

MS_101_chimp

p.s. SMBC is awesome and you should give them some of your money.

In: Computers, How ToNo Comments

Tuesday May 16th, 2017 22:55 Veeam “Failed to create Hyper-V Cluster Wmi utils: Failed to connect to WMI on host” Fixed

Yes, I know I should be beaten with the SEO mace for that post title. It’s intentional because I spent entirely too much time on Google trying to use the actual error code as a guide to find the source of the error. Stupid me.

Nearly everything I could find that was specifically related to Veeam either provided L1-phone support answers or only contained part of the reported error1.

That said: If you’re seeing that particular error, the actual problem has a high probability of being a simple fix. And here’s how that goes.

1. Forget about Veeam. That’s most likely not your problem, even if it’s happening on every job. It’s WMI itself.

22. Open WMI management on your Veeam server. It’s under start if you just type “wmi” or you can load it from MMC.

3. Right-click “WMI Control” – should have “(Local)” next to it at this point.

wmi

4. Check the properties to make sure it doesn’t say RPC Server unavailable. If it does, go to another server (that isn’t failing backup – hopefully you’ve got a standalone DC) and start over until you get a result with some basic sys info and a version number.

5. Close that window and right-click control again, but this time connect to another server.

6. Put in the name of the server that is failing backup and see what happens. For me, I got a positive result.

7. Now put in the IP of that same server. For me, RPC fail.

7.5 If those two things don’t happen, sorry. This procedure will probably not help you.

8. Given that scenario, connect to a DC that handles DNS for your domain.

9. Check the reverse lookup entries for the server failing backup. If you’re not seeing the correct name next to the correct IP, put it in there and delete any other reference to either (assuming they’re not accurate to another NIC’s IP, of course).

Be thorough. If someone gave a host a name outside the netbios limit and there’s a shortened entry, get rid of it. Only leave the un-suffixed FQDN entries. Check other subnets too.

RDNS is not something most of us clean up regularly, and conflicting entries can bork things.

10. Redo steps 5-7 from your step 4 server, connecting to whichever one(s) Veeam errored on. Remember to flush the DNS first. If good info now appears, you should be able to hit retry on the backup job(s) and walk away.

Hope that helps some other poor schmuck out there. No need to thank me; just remember to write it up when you solve your next annoying problem. Beats going begging to reddit.

1. Almost all of the posts had error messages that ended in some iteration of ‘bad credentials.’ Seriously, how are you employed if you needed to look that up?

2. This can also be done via CLI. This guy has a cut-and-paste-ready command.

In: Computers, How To(5) Comments

Wednesday November 16th, 2016 13:53 Pretty much my life

In: Computers, How ToNo Comments

Thursday May 5th, 2016 14:53 Logitech C920 webcam in a conference room

I’m not the guy you find in a web conference. I’m the guy who makes it happen. So it was a bit of a surprise to me that my office had been using a simple Logitech C920 – which is one of the most popular and highly-rated webcams on the market – and the video looked like utter crap.

Naturally looking to do better, I did all kind of tests and looked up replacements. First off, the next level of webcam (ignoring the C930) is a full-price conference room setup. We have one in the big board room, and that puppy was over $15k. You can go way down to $800 or so, but almost none of those come with built-in mics.

While looking, I tried to search out a cam with a large depth of field. The real problem with the C920 is that, from 15 feet away, everything is fuzzy. It claims an ‘infinite’ zoom after a couple meters, but not so much.

This is when I stumbled upon some tiny Finnish site that suggested opening it up and manually messing with the lens.

So, yank it apart and find this (pic via the Finns):

purettu3

Grab yourself a pair of small but strong pliers and, very carefully, twist that lens clockwise a little bit – 1/8 to 1/4 turn. It’s going to look like you’re breaking things, but all you’re actually doing is tightening it against the body of the device.

The result: crystal.

I didn’t even have the thing fully in place when someone walked in for a pending meeting and asked me if I got a new camera. It looks infinitely better.

Score one more for the ‘when in doubt, poke it with a stick’ philosophy.

Note: In the disassembly, after the first two screws are removed and you need to pop off the mic covers, put a flathead in the slot below the two screws and pry up. Wedge the gap with your fingernail and do it again. That will allow it to pop out without risking breaking the other plastic latch-type thing on the other side, to which there is no access.

Note 2: It is noticeably slower to do the first auto-zoom adjustment after making this alteration. Make sure to wave your hand or something in order to trigger the adjustment more quickly.

In: Computers, How ToNo Comments

Tuesday April 26th, 2016 16:48 Deleting a Windows file whose path/file name is too long (the magic way)

In any shared file system, there will be at least one person who manages to get a file, 13 folders deep, to have a 487 billion-character file name. You will not see this file until it completely screws up a move project.

When you run into such a problem and try to look it up on the internet, there is always the ‘use rd/rmdir’ trick and the subst drive creation trick or robocopy them over to a new dir.

One of those always works, provided you didn’t walk into the situation I did.

Your average person might assume that any person would see the title “Distributed File System” and think that it has something to do with distribution. That the part of it distinctly labeled “Replication” is in some way related to replicating things.

Those people were not my predecessor.

Two major folders, one for user profiles, one simple shared space. The former is set up in DFS replication, but doesn’t replicate anywhere. The latter has a standalone, top-level namespace that points to…a share with an identical path.

This is just the part I could bring myself to investigate. I have no clue what other awful nonsense was going on there, except that it broke all the usual methods of deleting files that had gone over max_path. I decided to try manually changing every folder level to a single character and seeing if that would bring me under 260.

So, here’s the magic part

I went up one level from the errant file and renamed its containing folder to a single character. After that, I went back inside and the actual file was suddenly available for renaming.

Why? I have no earthly idea and I don’t care.

It worked on every single one, so there must be some reason. But this is one of those rare instances where I’m just going to take the money and run.

And since it appears the entire intertubes has never even heard that this was possible, I’m going to spend a few minutes walking around like this:

imbrilliant
In: Computers, How ToNo Comments

Whois

IT guy, dev, designer, writer.

Got a degree in print journalism from UF but history dealt some bad cards to that industry, so I moved back to an earlier love: the computer.

Was recently at ZMOS Networks, but am now the Senior IT Associate at the Edna McConnell Clark Foundation.

My name is moderately common, as are a couple screen names, so always look for the logo to make sure you're reading something with official Km approval.

You can get to me directly with kyle(@)kylemitchell.org