VSS Admin Writers & Services

VSS WriterService NameService Display Name
ADAM $instanceName WriterADAM_$instanceName$instanceName
ASR WriterVSSVolume Shadow Copy
BITS WriterBITSBackground Intelligent Transfer Service
Certificate AuthorityCertSvcActive Directory Certificate Services
COM+ REGDB WriterVSSVolume Shadow Copy
DFS Replication service writerDFSRDFS Replication
DHCP Jet WriterDHCPServerDHCP Server
FRS WriterNtFrsFile Replication
FSRM writersrmsvcFile Server Resource Manager
IIS Config WriterAppHostSvcApplication Host Helper Service
IIS Metabase WriterIISADMINIIS Admin Service
Microsoft Exchange Replica WriterMSExchangeReplMicrosoft Exchange Replication Service
Microsoft Exchange WriterMSExchangeISMicrosoft Exchange Information Store
Microsoft Hyper-V VSS WritervmmsHyper-V Virtual Machine Management
MSMQ Writer (MSMQ)MSMQMessage Queuing
MSSearch Service WriterWSearchWindows Search
NPS VSS WriterEventSystemCOM+ Event System
NTDSNTDSActive Directory Domain Services
OSearch VSS WriterOSearchOffice SharePoint Server Search
OSearch14 VSS WriterOSearch14SharePoint Server Search 14
OSearch15 VSS WriterOSearch15SharePoint Server Search 15
Registry WriterVSSVolume Shadow Copy
Shadow Copy Optimization WriterVSSVolume Shadow Copy
SharePoint Services WriterSPWriterWindows SharePoint Services VSS Writer
SMS WriterSMS_SITE_VSS_WRITERSMS_SITE_VSS_WRITER
SPSearch VSS WriterSPSearchWindows SharePoint Services Search
SPSearch4 VSS WriterSPSearch4SharePoint Foundation Search V4
SqlServerWriterSQLWriterSQL Server VSS Writer
System WriterCryptSvcCryptographic Services
TermServLicensingTermServLicensingRemote Desktop Licensing
WDS VSS WriterWDSServerWindows Deployment Services Server
WIDWriterWIDWriterWindows Internal Database VSS Writer
WINS Jet WriterWINSWindows Internet Name Service (WINS)
Windows Server Storage VSS WriterWseStorageSvcWindows Server Essentials Storage Service
WMI WriterWinmgmtWindows Management Instrumentation

SCCM Site Console (Admin UI) Failure

Following a number of interferences with our beloved SCCM Primary Site it was in a broken state.

The “\Program Files\Microsoft Configuration Manager\AdminConsole\AdminUILog\SmsAdminUI.log” reported:

“Error Code:
ProviderLoadFailure
\r\nSystem.Management.ManagementException\r\nProvider load failure \r\n   at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode)
   at System.Management.ManagementObjectCollection.ManagementObjectEnumerator.MoveNext()
   at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryResultsObject.<GetEnumerator>d__74.MoveNext()\r\nManagementException details:
instance of __ExtendedStatus
{
    Operation = “ExecQuery”;
    ParameterInfo = “SELECT * FROM SMS_Site WHERE SiteCode = ‘XXX'”;
    ProviderName = “WinMgmt”;
};

Where “XXX” is the name of an SCCM site but not ours! This led me to https://docs.microsoft.com/en-us/previous-versions/system-center/configuration-manager-2007/bb633148(v=technet.10)?redirectedfrom=MSDN followed by https://docs.microsoft.com/en-us/previous-versions/system-center/configuration-manager-2007/bb932190(v=technet.10)?redirectedfrom=MSDN , this latter article walked me through examinig the SMS_Providor WMI class and it is there I found the spurious reference to the unknown XXX site.

Deleting that reference restored AdminUI Console functionality (yay!).

Another case with similar symptoms was the result of a WMI db corruption which caused the OS to automatically rebuild the db but which did not re-import the SCCM WMI references. That was resolved by:

  1. Run > Wbemtest
  2. Connect to “root\sms” –> Enum Classes–>Select recursive and check for SMS_ProviderLocation – it was not present
  3. From an elevated command prompt enter the following commands to add the SCCM .mof’s (excluding the _*.mofs) to the $mofs variable and then switch to the Wbem folder and import the WMI modules to the OS PS D:\> $mofs = get-childitem "D:\Program Files\Microsoft Configuration Manager\bin\X64" -filter "*.mof" -exclude "_*.mof" -recursePS D:\> cd C:\Windows\System32\WbemPS C:\Windows\System32\Wbem> foreach ($mof in $mofs){mofcomp $mof.FullName}
  4. Restart the Windows Management Instrumentation Service
  5. Repeated Steps#1 & 2 and noted SMS_ProviderLocation now exists in WMI
  6. Launched SCCM Admin Console locally successfully
  7. Launched SCCM Admin Console remotely successfully
  8. Launched Task Sequence Creation Wizard successfully

Powershell Domain Controller Assessment

To get a list of the FSMO Role holders for a Single Domain.

1 Get-ADDomain | Select-Object DistinguishedName, SchemaMaster, DomainNamingMaster, InfrastructureMaster, PDCEmulator, RIDMaster

To get a list of the FSMO Role holders in a Forest.

1 Get-ADForest | Select-Object Name,SchemaMaster, DomainNamingMaster,InfrastructureMaster, PDCEmulator, RIDMasterall

To get a nicely formatted list with all the Domain Controllers and who owns which particular role.

1 Get-ADDomainController -Filter * | Select-Object Name, Domain, Forest, OperationMasterRoles | Where-Object {$_.OperationMasterRoles}

ref: https://www.markou.me/2016/10/get-list-fsmo-role-holders-using-powershell-one-liners/

Powershell : Domain Binding & Description

To bind a machine to the domain, rename it and put it in the desired OU:

Add-Computer -DomainName $FQDN -NewName $COMPUTERNAME -Credential $DOMAINBINDACCOUNT -OUPath "OU=SOMEOU, DC=test, DC=com" -restart

To replace an AD Computer object’s Description field:

$description = "This is a test description"
$ADComputer = get-adcomputer <ENGS-XXXX> -properties Description
Set-ADComputer $ADComputer -Description "$($ADComputer.Description) $description"

Windows Server eventlog ID 5152 Filtering Platform Packet Drop

After some online searching around EVENT ID 5152 which had started littering my DC’s eventlogs following some additional audit enabling I discovered how to silence these logs from the SECURITY eventlog, leaving them in place for the FIREWALL log instead:


auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:disable

The 5152 event:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: XXXX
Event ID: 5152
Task Category: Filtering Platform Packet Drop
Level: Information
Keywords: Audit Failure
User: N/A
Computer: XXXX
Description:
The Windows Filtering Platform has blocked a packet.

Application Information:
Process ID: 0
Application Name: –

Network Information:
Direction: Inbound
Source Address: XXXX
Source Port: 54915
Destination Address: XXXX
Destination Port: 54915
Protocol: 17

Filter Information:
Filter Run-Time ID: 85817
Layer Name: Transport
Layer Run-Time ID: 13
Event Xml:

5152 0 0 12809 0 0x8010000000000000 437620320 Security XXXX
0 – %%14592 XXX 54915 XXXX 54915 17 85817 %%14597 13

Plex Media Server Ubuntu Sources

Thanks to https://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/how-to-install-plex-media-server-on-ubuntu-18-04-ubuntu-16-04-linux-mint-19.html

Using Plex Repository

Import the Plex repository’s GPG key using the curl command.

curl https://downloads.plex.tv/plex-keys/PlexSign.key | sudo apt-key add -

Add the Plex repository to your system using the below command

echo "deb https://downloads.plex.tv/repo/deb public main" | sudo tee /etc/apt/sources.list.d/plexmediaserver.list

Now, update the apt index and install the latest version of the Plex Media Server.

sudo apt update
sudo apt install -y plexmediaserver

Plex Media Server package places repository configuration in /etc/apt/sources.list.d directory. Since we already have the plexmediaserver.list in the repo directory, the installer may ask you below questions. Type Y and press enter.

Configuration file '/etc/apt/sources.list.d/plexmediaserver.list'
 ==> File on system created by you or by a script.
 ==> File also in package provided by package maintainer.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : start a shell to examine the situation
 The default action is to keep your current version.
*** plexmediaserver.list (Y/I/N/O/D/Z) [default=N] ? Y
Installing new version of config file /etc/apt/sources.list.d/plexmediaserver.list ...

IPv4 Subnet Calculating

Calculating the Netmask Length (also called a prefix):

https://networkengineering.stackexchange.com/questions/7106/how-do-you-calculate-the-prefix-network-subnet-and-host-numbers

Convert the dotted-decimal representation of the netmask to binary. Then, count the number of contiguous 1 bits, starting at the most significant bit in the first octet (i.e. the left-hand-side of the binary number).

255.255.248.0   in binary: 11111111 11111111 11111000 00000000
                           -----------------------------------
                           I counted twenty-one 1s             -------> /21

The prefix of 128.42.5.4 with a 255.255.248.0 netmask is /21.

Calculating the Network Address:

The network address is the logical AND of the respective bits in the binary representation of the IP address and network mask. Align the bits in both addresses, and perform a logical AND on each pair of the respective bits. Then convert the individual octets of the result back to decimal.

Logical AND truth table:

Logical AND
128.42.5.4      in binary: 10000000 00101010 00000101 00000100
255.255.248. 0   in binary: 11111111 11111111 11111000 00000000
                           ----------------------------------- [Logical AND]
                           10000000 00101010 00000000 00000000 ------> 128.42.0.0

As you can see, the network address of 128.42.5.4/21 is 128.42.0.0

Calculating the Broadcast Address:

The broadcast address converts all host bits to 1s…

Remember that our IP address in decimal is:

128.42.5.4      in binary: 10000000 00101010 00000101 00000100

The network mask is:

255.255.248.0   in binary: 11111111 11111111 11111000 00000000

This means our host bits are the last 11 bits of the IP address, because we find the host mask by inverting the network mask:

Host bit mask            : 00000000 00000000 00000hhh hhhhhhhh

To calculate the broadcast address, we force all host bits to be 1s:

128.42.5.4      in binary: 10000000 00101010 00000101 00000100
Host bit mask            : 00000000 00000000 00000hhh hhhhhhhh
                           ----------------------------------- [Force host bits]
                           10000000 00101010 00000111 11111111 ----> 128.42.7.255

Calculating subnets:

You haven’t given enough information to calculate subnets for this network; as a general rule you build subnets by reallocating some of the host bits as network bits for each subnet. Many times there isn’t one right way to subnet a block… depending on your constraints, there could be several valid ways to subnet a block of addresses.

Let’s assume we will break 128.42.0.0/21 into 4 subnets that must hold at least 100 hosts each…

subnetting

In this example, we know that you need at least a /25 prefix to contain 100 hosts; I chose a /24 because it falls on an octet boundary. Notice that the network address for each subnet borrows host bits from the parent network block.

Finding the required subnet masklength or netmask:

How did I know that I need at least a /25 masklength for 100 hosts? Calculate the prefix by backing into the number of host bits required to contain 100 hosts. One needs 7 host bits to contain 100 hosts. Officially this is calculated with:

Host bits = Log2(Number-of-hosts) = Log2(100) = 6.643

Since IPv4 addresses are 32 bits wide, and we are using the host bits (i.e. least significant bits), simply subtract 7 from 32 to calculate the minimum subnet prefix for each subnet… 32 – 7 = 25.

The lazy way to break 128.42.0.0/21 into four equal subnets:

Since we only want four subnets from the whole 128.42.0.0/21 block, we could use /23 subnets. I chose /23 because we need 4 subnets… i.e. an extra two bits added to the netmask.

This is an equally-valid answer to the constraint, using /23 subnets of 128.42.0.0/21…

subnetting, 2nd option

Calculating the host number:

This is what we’ve already done above… just reuse the host mask from the work we did when we calculated the broadcast address of 128.42.5.4/21… This time I’ll use 1s instead of h, because we need to perform a logical AND on the network address again.

128.42.5.4      in binary: 10000000 00101010 00000101 00000100
Host bit mask            : 00000000 00000000 00000111 11111111
                           ----------------------------------- [Logical AND]
                           00000000 00000000 00000101 00000100 -----> 0.0.5.4

Calculating the maximum possible number of hosts in a subnet:

To find the maximum number of hosts, look at the number of binary bits in the host number above. The easiest way to do this is to subtract the netmask length from 32 (number of bits in an IPv4 address). This gives you the number of host bits in the address. At that point…

Maximum Number of hosts = 2**(32 – netmask_length) – 2

The reason we subtract 2 above is because the all-ones and all-zeros host numbers are reserved. The all-zeros host number is the network number; the all-ones host number is the broadcast address.

Using the example subnet of 128.42.0.0/21 above, the number of hosts is…

Maximum Number of hosts = 2**(32 – 21) – 2 = 2048 – 2 = 2046

Finding the maximum netmask (minimum hostmask) which contains two IP addresses:

Suppose someone gives us two IP addresses and expects us to find the longest netmask which contains both of them; for example, what if we had:

  • 128.42.5.17
  • 128.42.5.67

The easiest thing to do is to convert both to binary and look for the longest string of network-bits from the left-hand side of the address.

128.42.5.17     in binary: 10000000 00101010 00000101 00010001
128.42.5.67     in binary: 10000000 00101010 00000101 01000011
                           ^                           ^     ^
                           |                           |     |
                           +--------- Network ---------+Host-+
                             (All bits are the same)    Bits

In this case the maximum netmask (minimum hostmask) would be /25

NOTE: If you try starting from the right-hand side, don’t get tricked just because you find one matching column of bits; there could be unmatched bits beyond those matching bits. Honestly, the safest thing to do is to start from the left-hand side.