Tag Archives: Windows

ipsec service fails to start and no network

apparently a known issue.  had no network after some windows updates on a windows 2003 VM

in the eventvwr:

The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.

The IPSEC Services service terminated with the following error:
The system cannot find the file specified.

  • check if there are any entries in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
  • if so, delete that subkey
  • then run regsvr32 polstore.dll
  • restart the ipsec service

howto force windows update client to check for updates now

  • stop automatic update service (wuaserv)
  • delete LastWaitTimeout / DetectionStartTime & NextDetectionTime reg keys
  • start automatic update service
  • run wuaclt /detectnow

script available at msmvps.com blogs

Required IIS role services in Windows 2008 for APP-V

make sure you install the following role services before installing APP-V 4.5 on Windows 2008

  • IIS6 Management compatibility
  • IIS management scripts and tools
  • IIS 7 Windows authentication

For the first 2 you might end up with an error installing app-V and rolling back : “The Installation program was unable to create the required IIS virtual directory”  (error 25120) If you don’t add Windows authentication, it’s possible that you can’t login to App-V (Error 0000C801)

install SQL2008 failover cluster on Windows 2008 R2 might fail

with error message : There was an error setting private property ‘RequireKerberos’ to value ‘1’ for resource ‘SQL Network Name ‘.  Error: Value does not fall within the expected range.

=> solution, slipstream SP1 into the sql 2008 installer.

howto get powershell scripts running.

first off, powerscript is disabled by default

first off => the execution of powerscript is disabled by default.  Run a powerscript for the first time on a box, and you’ll get :

File C:\psscripts\script.ps1 cannot be loaded because the execut
ion of scripts is disabled on this system. Please see “get-help about_signing”
for more details.
At line:1 char:28
+ .\script.ps1 <<<<
+ CategoryInfo          : NotSpecified: (:) [], PSSecurityException
+ FullyQualifiedErrorId : RuntimeException

query the exectionpolicy and you’ll get

PS C:\psscripts> Get-ExecutionPolicy
PS C:\psscripts>

a good help about the executionpolicies, is, like always, built in the powerscript help.

Get-Help About_Signing | more

help set-executionpolicy

when you’ve decided how you want to restrict the execution of powerscript scripts (remotesigned, all signed, unrestricted) run the following command :

PS C:\psscripts> set-executionpolicy RemoteSigned

Execution Policy Change
The execution policy helps protect you from scripts that you do not trust.
Changing the execution policy might expose you to the security risks described
in the about_Execution_Policies help topic. Do you want to change the execution
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is “Y”): y

more first steps into powershell can be found @ the windows powershell graphical help file found here.

now, how to run the file from the command line, start/run, vbscript, published app, …

powershell.exe -noexit & ‘q:\my scripting folder\script.ps1’

.{ED7BA470-8E54-465E-825C-99712043E01C} also works on Win2k8R2

A German blogger blogged about this one (thats what bloggers do) on the 12th of december 2009,  but during the last couple of days this one spread around the web.  A “Godmodus” for Windows 7.  You can’t actually do anything you couldn’t do before (if you’re an admin), and you can’t do anything new if you aren’t an admin.

But anyway, I tested it a few win2k8 R2 TEST/DEV servers, works fine.  Not going to enable this on PROD, and I don’t recommend enabling this on PROD as there are reports of crashing explorers etc also, but going to leave this enabled on those test servers, to see if it’s easier then the normal way of working.

and there is still powerscript…

PS: you can name the folder any way you want, it’s just the .{ED7BA470-8E54-465E-825C-99712043E01C} string that is important.  So creating a folder alltheadminstuf .{ED7BA470-8E54-465E-825C-99712043E01C} will also work.

windows update error 0xC80003FB

  • stop automatic update service
  • delete %windir%\SoftwareDistribution\datastore
  • start automatic update service