Failed to gracefully demote domain controller

I was getting ready to upgrade the hardware and server version on an old Windows Server 2008R2 domain controller when I ran into a interesting problem. After launching DCPROMO and going through the steps, I received an error that said “The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles”.

After doing some research, it turns out that the domain controller has incorrect information as to the FSMO operation master owner. It is set to a domain controller that has been deleted or does not exist. In my case, the person before me must have improperly decommissioned a domain controller, leaving cruft behind in the AD. I launched ADSIEdit on the domain controller I was trying to remove and went to the infrastructure container and sure enough under “fSMORoleOwner” is had garbage.

When I tried to edit the value, I received an error stating “Operation Failed. Error code: 0x20ae The role owner attribute could not be read 000020AE: SvcErr: DSID-03152BF7, Problem 5003 (WILL_NOT_PERFORM) Data 0”. If you receive this error message when trying to change the value of “fSMORoleOwner”, you must change the value from the domain controller that holds the FSMO role. Once you change it there, depending on your replication scheme, the change should be updated on the domain controller you are trying to demote and it should now allow you to complete the process.

VirtualBox Error 0x000000C4

I recently tried to upgrade a Windows 8 VirtualBox virtual machine to Windows 8.1 and ran into an error during the process. If I tried to run the upgrade from within the operating system (which is the required way), I received an error stating that my system did not meet system requirements. Specifically it mentions that my processor does not support “CompareExchange128”. After doing some research, I figured out how to turn on support for that in VirtualBox.

In Linux type the following in a terminal:
VBoxManage setextradata [vmname] VBoxInternal/CPUM/CMPXCHG16B 1
NOTE: Be sure to replace [vmname] with the name of your virtual machine.

In Windows type the following in a command prompt:
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" setextradata [vmname] VBoxInternal/CPUM/CMPXCHG16B 1
NOTE: Be sure to replace [vmname] with the name of your virtual machine.

This also affects individuals installing Windows Server 2012 R2 on VirtualBox.

Command Line Activation Tools for Windows and Office

If your a Windows Administrator, you should be familiar with the following tools. slmgr.vbs is a command line software licensing management tool for Windows. It works with Windows Activation (Retail and MAK) as well as Key Management Service (KMS). You can call it from anywhere in a command prompt. slmgr.vbs has many options including installing a product key, uninstalling a product key, displaying license information, and activating. For a complete list of options, visit the following TechNet article.

opss.vbs is also a command line software licensing management tool but for Microsoft Office. It also works with Windows Activation (Retail and MAK) as well as Key Management Service (KMS).

• Office 2010 (32-bit) on a 32-bit version of Windows:

cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS"

• Office 2010 (32-bit) on a 64-bit version of Windows:

cscript "C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS"

• Office 2010 (64-bit) on a 64-bit version of Windows:

cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS"

• Office 2013 (32-bit) on a 32-bit version of Windows:

cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS"

• Office 2013 (32-bit) on a 64-bit version of Windows:

cscript "C:\Program Files (x86)\Microsoft Office\Office15\OSPP.VBS"

• Office 2013 (64-bit) on a 64-bit version of Windows:

cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS"

For more information on opss.vbs visit the following TechNet article.

You can easily use these tools to install and activate a product key in a batch script and deploy it to a large number of machines.

How to Flush DNS Cache in Mac OS X

For OS X 10.3 and 10.4
lookupd -flushcache

For OS X 10.5 and 10.6
dscacheutil -flushcache

For OS X Lion (10.7) and OS X Mountain Lion (10.8)
sudo killall -HUP mDNSResponder
Note: dscacheutil still exists in 10.7 and 10.8, but the official method to clear out DNS caches is by killing mDNSResponder.

For OS X Mavericks (10.9)
dscacheutil -flushcache;sudo killall -HUP mDNSResponder

How to Create a Mac OSX Mavericks USB Installation Drive

1. Insert a USB drive that is 8GB or larger and open Disk Utility.
2. Select your drive in the sidebar and click on the Erase tab.
   Format the drive as “Mac OS Extended (Journaled)” and name
   the drive “Untitled.”
3. Click the Erase button and wait for Disk Utility to finish.
4. Once it has finished, close Disk Utility and open up a Terminal
   window. Copy and paste the following command into the Terminal and press enter:

sudo /Applications/Install\ OS\ X\ Mavericks.app/Contents/Resources/createinstallmedia -volume /Volumes/Untitled -applicationpath /Applications/Install\ OS\ X\ Mavericks.app -nointeraction

The process should take approximately 20 minutes. Do not cancel it or eject your USB drive during this process. Once it has finished, you should receive a message stating the process is finished. You now have a Mac OSX Mavericks USB installation drive that you can use for clean installations or troubleshooting.

Synergy Fatal Error in Mac OSX Mavericks

Last night I upgraded my iMac at work to Mac OSX 10.9 Mavericks and this morning when I logged in to the machine and launched Synergy, I received an error:

FATAL: Init failed: system setting not enabled: "Enable access for assistive devices"

Apple changed the location for enabling access for assistive devices from “Accessibility” to “Security & Privacy” in Mavericks. In “Security & Privacy”, under the “Privacy” tab, click “Accessibility.” Apple now allows you to grant individual applications control of your computer whereas before it was one checkbox that allowed any program control.

In order to get the application to show in the list for you to enable, you must first try to run the program that requires the access for assistive devices.

Once I enabled access for Synergy, I still continued to receive the same error. I was able to get Synergy to work with Mavericks by doing the following:

1. Open Terminal
2. Execute Synergy from the Terminal by typing “/Applications/Synergy.app/Content/MacOS/Synergy” You should receive the same error about enabling access for assistive devices.
3. Go to “Security & Privacy” and enable access for the Terminal under “Accessibility.”
4. Now launch Synergy again from the Terminal using the command “/Applications/Synergy.app/Contents/MacOS/Synergy&”

The ampersand at the end of the command will run the command in the background and give you back the prompt right away.

Note: Closing the Terminal closes Synergy.

This is not a problem for me as I use the Terminal all day but for others it may. I believe Apple is allowing Synergy but not synergys to access privacy accessibility settings and hence why we are getting this message. Hopefully this will be fixed soon.

Microsoft Remote Desktop App for iOS and Android

Microsoft has finally released a remote desktop client application for iOS and Android. Remote Desktop, as the name implies, uses the same Remote Desktop Protocol (RDP) that Microsoft has used for years across its Windows desktop and server releases to connect to a PC. The application will support all Windows PCs that have Remote Desktop turned on, an option that can be configured in Control Panel. Until now, iOS and Android users had to use third party solutions that were usually not free. Ironically, no remote desktop application has been released for Windows Phone. Microsoft assures Windows Phone users that a remote desktop application will soon follow for them.

Windows 8.1 Available for Download

Windows 8.1 has been available for some time now for MSDN subscribers, but today Microsoft has just publicly released Windows 8.1 for Windows 8 and Windows 8 Pro users. You can get this new update through the Microsoft Store. It is packed with many updates, fixes, and tweaks that will hopefully improve the user experience. Of these changes, my favorites are:

• The return of the Start button
  The Start button now sports the new Microsoft logo and launches the start screen. The veteran Windows users would like to see the return of the original start menu, however, this is a welcomed improvement over the previous method where you had to put your cursor in the very bottom left corner of the screen.
• The option to boot directly to the desktop
  To turn on boot-to-desktop, right-click the Taskbar and choose Properties, and then Navigation. Finally, under Start screen, check the box that says “Go to the desktop instead of Start when I sign in.”

System Center 2012 Virtual Machine Manager Setup Error

Recently I installed System Center 2012 Virtual Machine Manager and ran into a peculiar error when configuring the service account for the installation. You are given the option to use the local system account of the machine it is being installed on or a domain account. You cannot change the Virtual Machine Manager service account after installation. This includes changing from the local system account to a domain account, from a domain account to the local system account, or changing the domain account to another domain account. To change the Virtual Machine Manager service account after installation, you must uninstall VMM (selecting the Retain data option if you want to keep the SQL Server database), and then reinstall VMM by using the new service account.

There additional benefits and conditions that require a domain account so I chose to use a domain account. Microsoft suggests you create a domain account that is specifically designated to be used for this purpose. When a host is removed from the VMM management server, the account that the System Center Virtual Machine Manager service is running under is removed from the local Administrators group of the host. If the same account is used for other purposes on the host, this can cause unexpected results.

NOTE: If you are going to use a domain account, the domain account must be a member of the local Administrators group on the computer that SCVMM is being installed on.

I created a new user account in Active Directory Users & Computers for this purpose, entered the credentials in the setup wizard, and received an error stating “The domain account specified for the service account could not be verified.” If you get this error message, ensure that:

• The domain name, user name, and password are correct.
• A domain controller for the Active Directory domain is available.
• The domain account is a member of the Administrators group on the local computer.

In my case, all three of those scenarios were correct. It turns out that I had never logged in to a workstation with the new domain account I had created. For some reason, because I had never logged in before with that account, it was not working. After I logged in to a workstation and logged back out, I tried the installation again with the same domain account and it worked! So if you are receiving the same error and have done all the above correct, make sure that you have logged in once with the service account you created. I don’t know why you would need to. If you guys know, please share the reason below in the comments. I would love to know why this occurs.

How to Use a Command Prompt During GUI-Mode Setup

In some cases, it may be helpful to have access to a command prompt during GUI-mode Setup for the purposes of troubleshooting, partitioning the disk, copying drivers, starting and stopping services, starting tools such as Task Manager, or other for other needs.

To gain access to a command prompt during GUI-mode Setup, press SHIFT+F10.