Archive for the ‘Windows’ Category

Failed to gracefully demote domain controller

December 5, 2013 Leave a comment

I was getting ready to upgrade the hardware and server version on an old Windows Server 2008R2 domain controller when I ran into a interesting problem. After launching DCPROMO and going through the steps, I received an error that said “The directory service is missing mandatory configuration information, and is unable to determine the ownership of floating single-master operation roles”.

After doing some research, it turns out that the domain controller has incorrect information as to the FSMO operation master owner. It is set to a domain controller that has been deleted or does not exist. In my case, the person before me must have improperly decommissioned a domain controller, leaving cruft behind in the AD. I launched ADSIEdit on the domain controller I was trying to remove and went to the infrastructure container and sure enough under “fSMORoleOwner” is had garbage.

When I tried to edit the value, I received an error stating “Operation Failed. Error code: 0x20ae The role owner attribute could not be read 000020AE: SvcErr: DSID-03152BF7, Problem 5003 (WILL_NOT_PERFORM) Data 0”. If you receive this error message when trying to change the value of “fSMORoleOwner”, you must change the value from the domain controller that holds the FSMO role. Once you change it there, depending on your replication scheme, the change should be updated on the domain controller you are trying to demote and it should now allow you to complete the process.

VirtualBox Error 0x000000C4

November 21, 2013 5 comments

I recently tried to upgrade a Windows 8 VirtualBox virtual machine to Windows 8.1 and ran into an error during the process. If I tried to run the upgrade from within the operating system (which is the required way), I received an error stating that my system did not meet system requirements. Specifically it mentions that my processor does not support “CompareExchange128”. After doing some research, I figured out how to turn on support for that in VirtualBox.

In Linux type the following in a terminal:
VBoxManage setextradata [vmname] VBoxInternal/CPUM/CMPXCHG16B 1
NOTE: Be sure to replace [vmname] with the name of your virtual machine.

In Windows type the following in a command prompt:
"C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" setextradata [vmname] VBoxInternal/CPUM/CMPXCHG16B 1
NOTE: Be sure to replace [vmname] with the name of your virtual machine.

This also affects individuals installing Windows Server 2012 R2 on VirtualBox.

Command Line Activation Tools for Windows and Office

November 21, 2013 2 comments

If your a Windows Administrator, you should be familiar with the following tools. slmgr.vbs is a command line software licensing management tool for Windows. It works with Windows Activation (Retail and MAK) as well as Key Management Service (KMS). You can call it from anywhere in a command prompt. slmgr.vbs has many options including installing a product key, uninstalling a product key, displaying license information, and activating. For a complete list of options, visit the following TechNet article.

opss.vbs is also a command line software licensing management tool but for Microsoft Office. It also works with Windows Activation (Retail and MAK) as well as Key Management Service (KMS).

  • Office 2010 (32-bit) on a 32-bit version of Windows:
  • cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS"

  • Office 2010 (32-bit) on a 64-bit version of Windows:
  • cscript "C:\Program Files (x86)\Microsoft Office\Office14\OSPP.VBS"

  • Office 2010 (64-bit) on a 64-bit version of Windows:
  • cscript "C:\Program Files\Microsoft Office\Office14\OSPP.VBS"

  • Office 2013 (32-bit) on a 32-bit version of Windows:
  • cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS"

  • Office 2013 (32-bit) on a 64-bit version of Windows:
  • cscript "C:\Program Files (x86)\Microsoft Office\Office15\OSPP.VBS"

  • Office 2013 (64-bit) on a 64-bit version of Windows:
  • cscript "C:\Program Files\Microsoft Office\Office15\OSPP.VBS"

For more information on opss.vbs visit the following TechNet article.

You can easily use these tools to install and activate a product key in a batch script and deploy it to a large number of machines.

Windows 8.1 Available for Download

October 17, 2013 Leave a comment

Windows 8.1 has been available for some time now for MSDN subscribers, but today Microsoft has just publicly released Windows 8.1 for Windows 8 and Windows 8 Pro users. You can get this new update through the Microsoft Store. It is packed with many updates, fixes, and tweaks that will hopefully improve the user experience. Of these changes, my favorites are:

  • The return of the Start button
    The Start button now sports the new Microsoft logo and launches the start screen. The veteran Windows users would like to see the return of the original start menu, however, this is a welcomed improvement over the previous method where you had to put your cursor in the very bottom left corner of the screen.
  • The option to boot directly to the desktop
    To turn on boot-to-desktop, right-click the Taskbar and choose Properties, and then Navigation. Finally, under Start screen, check the box that says “Go to the desktop instead of Start when I sign in.”

How to Use a Command Prompt During GUI-Mode Setup

June 29, 2013 2 comments

In some cases, it may be helpful to have access to a command prompt during GUI-mode Setup for the purposes of troubleshooting, partitioning the disk, copying drivers, starting and stopping services, starting tools such as Task Manager, or other for other needs.

To gain access to a command prompt during GUI-mode Setup, press SHIFT+F10.

Latest Microsoft Update Causes Issues For Some

April 12, 2013 7 comments

For some, Microsoft’s latest set of patches for April 2013 has caused headaches. Microsoft is investigating behavior where systems may not recover from a restart or applications cannot load after installing security update KB2823324. This marks Microsoft’s second botched update this year. Microsoft recommends that customers uninstall this update. As an added precaution, Microsoft has removed the download links to the KB2823324 update while they investigate.

If you have installed this update but have not yet restarted your computer, you can uninstall the update by going to Control Panel > Programs and Features > View Installed Updates. Select “Security Update for Microsoft Windows (KB2823324)” and choose uninstall. If you manage a large number of machines, you can create a script to uninstall it with the command:

wusa.exe /uninstall /kb:2823324 /quiet /norestart

or by using Microsoft’s Sysinternals PsExec

Psexec -d -s \\remotemachine wusa.exe /uninstall /kb:2823324 /quiet /norestart

If you were among the unfortunate who installed the update, rebooted, and received a blue screen of death, chkdsk or other type of error, try one of the following procedures:

I suggest you try these in order. All of these require using ‘System Recovery Options’. You can get to this by pressing F8 during startup and choosing ‘Repair your Computer’ or by booting from a Windows 7 DVD or USB bootable media. The first two recover windows using System Restore points. The third tries to uninstall the update from the command line.

  1. Use ‘System Restore’ to restore Windows to an earlier point in time (before the Microsoft Update was installed)
  2. Use ‘Command Prompt’ and issue the command ‘dism /image:C:\ /cleanup-image /revertpendingactions’
  3. Use ‘Command Prompt’ and issue the command ‘dism /image:C:\ /remove-package /PackageName:Package_for_KB2823324~31bf3856ad364e35~x86~~’

Reboot your computer after performing each step and hopefully you will be able to boot again normally. Good luck.

For more information visit: You receive an Event ID 55 or a 0xc000021a Stop error in Windows 7 after you install security update 2823324

EDIT: Microsoft has released KB2840149 to address the security issue that was suppose to be fixed by the botched update.

The original update created a conflict with certain third-party software installed on user machines. This resulted in system errors that caused the reboot loop. Microsoft immediately pulled the update to prevent any more issues from coming up. Microsoft eventually released a secondary update which removed the first update. If you are running Windows 7, head over to Windows Update to download the latest security fix. If you have automatic updates enabled, you probably already have it.

Using Network Time Protocol with Windows Server

April 2, 2013 1 comment

We all know that time synchronization is a crucial aspect for all the computers on the network, especially servers. In Windows, client computers obtain the time from domain controllers and the domain controllers obtain their time from the domain’s primary domain controller operation master. The primary domain controller obtains its  time from an external source, usually Microsoft ( If you would like to have your primary domain controller synchronize with a NTP server, the process is fairly simple. My department maintains our own SNTP servers but you could use one from the NTP Pool Project.

For my fellow administrators in the North American continent, you would use:


I recommend you use the DNS name instead of an IP address because the IP addresses may change in the future for what ever reason. Now lets configure our primary domain controller to synchronize with our NTP server.

      1. Sign into your primary domain controller with Administrator credentials. If you do not know which of your domain controllers is the primary domain controller, you can query a domain controller using netdom. Use the command ‘netdom /query fsmo’.
      2. Open a command prompt window.
      3. Stop the W32Time service by using the command ‘net stop w32time’.
      4. Now it is time to configure the external NTP source. Use the command: w32tm /config /syncfromflags:manual /manualpeerlist:<NTP Servers here> /reliable:yes
      5. Start the W32Time service again by using the command ‘net start w32time’.

NOTE: If you are going to use more than one NTP server, you must enclose them in quotes and delimit each entry with a space. Ex: “”.

The Windows Time Service should begin to synchronize the time with external NTP server you chose. You can view your current configuration by using the command ‘w32tm /query /configuration’ and check your Event Viewer for any error messages.