Posted on

How to set accurate time for Windows Server

Having the right time on your network is very critical to have all your network devices function correctly. Also best for troubleshooting issues to see a pattern, otherwise you will have some devices reporting a few minutes or even hours off from real-time. These days most if not all of the networks are in virtual environments (for some it’s called cloud). Windows Hyper-V’s recommendation is to turn off time sync for all VMs and let the PDC role holder go out to the internet and get time from a reliable source, then have your local device sync up to PDC. The Second option for a smaller network synchronizes your Hyper-V hosts’ hardware clock to the NTP authority. This guide is to have your Windows primary domain controller configuration of NTP (Network Time Protocol) point to the reliable source, so your local devices also get the correct time. Let’s get started

Login to your Primary Domain Controller:
Open CMD console with Admin rights:
First, check the current status:
W32tm /query /status

Or check the NTP server in use
net time

To see the current time server source:
w32tm /query /source

Then, check the current configuration:
w32tm /query /configuration

Once you have verified status and configuration, then stop the NTP service: 
net stop w32time

Find your time zone NTP server from https://www.ntppool.org/en/
Example of NorthAmerican time zone setting few servers:

w32tm /config /syncfromflags:manual /manualpeerlist:”0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org3.pool.ntp.org”

Or you could you w32tm /config /syncfromflags:manual /manualpeerlist:pool.ntp.org and it will find the closest server automatically

To make your DC reliable time source:

w32tm /config /reliable:yes
net start w32time

To verify you can run check current configuration comment:
w32tm /query /configuration

Or registry check you should see the same:

That should be it, verify your network firewalls allowing the NTP protocol across the network.
check more info from Microsoft for Windows server NTP

common issues and solutions:

If you see the source as “Free-running System Clock”, which means your system does not have a time server set

You may get: Local CMOS Clock if it’s not updated yet

Once you have configured correctly you should see something like this:

If you see this message in your VM: Integration Services “Time synchronization” is on


Posted on

How to restore Remote Server Administration Tools on Windows 10

When you get the Microsoft windows to update your Remote Server Administrations Tools (RSAT) gets removed, this happened to me 3 times already after windows 10 updates.  Many system admins use this to manage their server, so they don’t have to RDP to each server, even though now many tasks can be done via Powershell commands.  Some of the GUI is not available for server, you need to know Powershell to manage, add or remove features or services.  It does not happen for smaller updates, only major updates.  Also, you may see other settings get reset like Suggested notification, default app, printer and you may want to double check your settings to make sure it’s not reset.

I had server admin tools and after the windows 10 updates, it got removed, as you can see in this screenshot:

Remote Server Administration Tools (RSAT) for Windows 10

You can download it from Microsoft: https://www.microsoft.com/en-us/download/details.aspx?id=45520

Then just run the installer wizard

If everything went well you should see whatever you had pinned to your start menu shows up

I notice when I had Windows updates for 1709 and 1803 updates, hope this helps someone out there.  Learning Powershell command is a way to go for doing server manage for many repetitive tasks.  Knowing Powershell commands also helps for user device troubleshooting too.


Posted on

How to Upgrade Win 2012 core to Win 2016 core

How to upgrade your Windows 2012 Hyper-V core to Microsoft Hyper-V Server 2016.  Make sure you have a good backup and if you have any running VM’s it must be turned off to void any issues with the upgrade process.  Download the ISO from the Microsoft website, you will need an account to download the ISO Microsoft Hyper-V Server 2016.  Login to your current Windows 2012 core server and create a Directory in C drive called ISO and navigate to it.  Attach as ISO you just downloaded or copy the extracted the ISO content drive.

Creating ISO directory:
C:\>mkdir ISO

Navigating to ISO directory:
C:\>cd ISO

Running the command to start the installation of Microsoft Hyper-V Server 2016

C:\ISO>setup.exe /auto upgrade /compact ignorewarning

You should see the checking updates, Installing Windows Server 2016 screen

Before upgrade:

Powershell get-wmiobject win32_operatingsystem

After upgrade:

Powershell get-wmiobject win32_operatingsystem

Then check the windows updates, that’s it


Posted on

How to secure against Meltdown and Spectre vulnerabilities?

This is one of the big security vulnerabilities that are affecting many systems because it’s the flaw in the processor, so the Operating system could be Windows’s, Linux’s, Mac’s, Android, etc… Devices could be Desktop computer, Laptops, Tablet’s, smartphone’s, TV’s, including your car software needs to be patched.

Dell: has released the patch for their devices, please go to this link and check it out, to make sure you are protected: www.dell.com/support/meltdown-spectre

HP: A vulnerability has been disclosed with modern CPU architecture referred to as side-channel analysis or speculative execution. Researchers have nicknamed the vulnerabilities “Spectre” and “Meltdown”. The result of exploits could potentially lead to the loss of sensitive information
https://support.hp.com/us-en/document/c05869091 

Lenovo:  is aware of vulnerabilities regarding certain processors nicknamed “Spectre” and “Meltdown” by their discoverers. Both are “side channel” exploits, meaning they do not access protected data directly, but rather induce the processor to operate in a specific way and observe execution timing or other externally visible characteristics to infer the protected data.
https://support.lenovo.com/us/en/solutions/len-18282

You can read how to protect your Windows devices, Microsoft has released a security patch.  Here is a link to Microsoft where it list who is affected and what you need to do.

https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

This is what I did for my computer using Lenovo, note each vendor has their own patch, some are still working on it and some have released.  It’s best to look up your model/bios version and make sure it’s up to date.

To see if your computer is protected, you can run PowerShell script that Microsoft has published

This is what it looks like before I applied the patch:

This is what it looked like after the updates:

You will also need to do Bios update from the manufacturing and may want to check other updates that you may need.

Note: when doing bios updates, some computer takes a little bit time and may look like a black screen doing nothing, but it’s finishing up a firmware update.  Do NOT shut down by force, otherwise, you will have a dead device.


Posted on

Exchange 2010 Kerberos authentication failed

Exchange 2010 is about 8 years old, but many organizations still using it.  System admin like us needs to support, as much as we can, while keeping up with today’s technologies.  There will be times when you might get a message like this in Exchange 2010 Kerberos authentication failed.  There are many blogs, who have found a solution, I would just like to have for myself and maybe others will find useful too.   Here is the screenshot of the error, I saw, when trying to access the Exchange 2010 management console:

You may also get something like this too:

You might want to back up your registry just in case, one of the settings called “NodeStructureSettings”

Then run this command it fixed for me: by resetting the IIS via CMD command

Here is how you like it to be always, working without error 24/7

Hope you will never have to do the fix, but you never know