C# ValidateCredentials fails on Windows 10 with System.IO.FileNotFoundException: The system cannot find the file specified.

April 15, 2016, 1:06 am

≫ Next: Updated and retune DAB digital radio stations stations on Audi cars

≪ Previous: Browing the MOB on ESX 6 displays 503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x4bf02038] _serverNamespace = /mob _isRedirect = false _pipeName =/var/run/vmware/proxy-mob)

When you try to validate credentials using .NET on Windows 10 you may get the rather confusing errror

System.IO.FileNotFoundException: The system cannot find the file specified.

The full exception trace looks like this

System.IO.FileNotFoundException: The system cannot find the file specified.

   at System.DirectoryServices.AccountManagement.UnsafeNativeMethods.IADs.Get(String bstrName)
   at System.DirectoryServices.AccountManagement.CredentialValidator.BindSam(String target, String userName, String password)
   at System.DirectoryServices.AccountManagement.CredentialValidator.Validate(String userName, String password, ContextOptions connectionMethod)
   at System.DirectoryServices.AccountManagement.PrincipalContext.ValidateCredentials(String userName, String password, ContextOptions options)

To resolve this make sure that the RegisteredOwner and RegisteredOrganization string values are found here HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion.

More information can be found here
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/6638841/

Alternatively you can make sure that your project is not running in x86 mode.

↧

Updated and retune DAB digital radio stations stations on Audi cars

April 21, 2016, 5:47 am

≫ Next: VMware Documentation PowerShell Script

≪ Previous: C# ValidateCredentials fails on Windows 10 with System.IO.FileNotFoundException: The system cannot find the file specified.

If you find that you need to update and retune your DAB stations on an Audi car you won't find the retune on the DAB settings as I've just found out today!

Simply scroll to the very top of the stations list and select "Update station list"

The system will then automatically retune.

↧

VMware Documentation PowerShell Script

May 31, 2016, 3:22 am

≫ Next: Citrix Error: The current user does not appear to be the member of an Active Directory domain. Studio cannot be run by a local user.

≪ Previous: Updated and retune DAB digital radio stations stations on Audi cars

We've recently updated our VMware documentation tool, XIA Configuration Server automatically creates documentation for your VMware environment. It audits both vCenter and ESX and documents the configuration of virtual machines, hosts, resource pools, clusters and more.

We now support a whole range of new functionality and improved PDF output

This includes enhanced support for hosts, clusters and virtual machines

This includes the ability to capture screenshots of your running virtual machines

All of the information can be accessed through our web interface and exported to PDF however you can also access the information through a supported mobile device or using PowerShell scripting.

↧

Citrix Error: The current user does not appear to be the member of an Active Directory domain. Studio cannot be run by a local user.

June 8, 2016, 4:24 am

≫ Next: Citrix XenDesktop Site setup hangs on "Configuring Services"

≪ Previous: VMware Documentation PowerShell Script

We've recently run into an error when testing our XenDesktop automated documentation tool.

"The current user does not appear to be the member of an Active Directory domain. Studio cannot be run by a local user."

This is strange as we checked and the currently logged on user is a member of the domain and accessing \\domaincontroller works correctly.

The event log reports the following.

The Citrix Broker Service failed to initialize. The service will attempt to initialize again in approximately 1 minute(s). See Citrix Knowledge Base article CTX126990.

Error details:
Exception 'Failed to get the local computer AD object DN' of type 'Citrix.Fma.Sdk.ActiveDirectory.ADFailedToGetLocalComputerDNException'.

We immediately assumed that this is a Citrix problem. Sorry Citrix but it wasn't. We quickly installed the Active Directory Users and Computers tool on the Citrix server.

Running the following commands on the Citrix server had the following results
nslookup domain [works]
nslookup domaincontroller.domain [works]
ping domaincontroller.domain [Fails]

This is very strange as nslookup works but ping doesn't.

We eventually fixed the problem by resetting the TCP/IP settings using the following command

netsh int ip reset c:\resetlog.txt

More details are in this article.
https://support.microsoft.com/en-gb/kb/299357

You then have to re-enter any static IP addresses and then everything works.

↧

Citrix XenDesktop Site setup hangs on "Configuring Services"

June 8, 2016, 4:43 am

≫ Next: AdvancedInstaller ODBC Connect: Timeout Exceeded

≪ Previous: Citrix Error: The current user does not appear to be the member of an Active Directory domain. Studio cannot be run by a local user.

We've recently run into an error when testing our XenDesktop automated documentation tool.

If you find that when you're performing site setup the system hangs on Configuring Services simply check the amount of memory available to the server.

If the memory amount is not high enough the system will hang at this point.

Nice to have a simple fix for a change!

↧

AdvancedInstaller ODBC Connect: Timeout Exceeded

June 8, 2016, 7:56 am

≫ Next: Citrix Error XDDS:19E984FA when creating machine catalog

≪ Previous: Citrix XenDesktop Site setup hangs on "Configuring Services"

When using AdvancedInstaller you may see the following error
ODBC Connect: Timeout Exceeded

...when you are using the SQL Server ODBC driver and TLS 1.0 has been disabled.

You can test this using the following PowerShell Script (modify the connection string as you need).

Write-Host"Connecting..."

$connection=New-ObjectSystem.Data.Odbc.OdbcConnection

$connection.ConnectionString ="Driver={SQL Server};Server=localhost\SQLExpress; Trusted_Connection=yes; Database=dbXIAConfiguration"

$connection.Open()

$connection.Close()

Write-Host"Connected"

If this is the same error you will see the following

Connection Failed:
SQLState: '01000'
SQL Error: 1
[Microsoft][ODBC SQL Server Driver][DBNETLIB]ConnectionOpen (SECCreateCredentials()).
Connection failed:
SQLState: '08001'
SQL Error: 18
[Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error

NOTE: The SSL Security Error

Check the following registry key and ensure that is set to 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client\Enabled

NOTE: TLS 1.0 may have been disabled due to the security policy of your organisation.

↧

Citrix Error XDDS:19E984FA when creating machine catalog

June 10, 2016, 2:22 am

≫ Next: The virtual machine requires hardware features that are unsupported or disabled on the target host

≪ Previous: AdvancedInstaller ODBC Connect: Timeout Exceeded

When you try to create a machine catalog in Citrix XenDesktop you might get a very confusing error such as the one below.

Error Id: XDDS:19E984FA

Exception:
    Citrix.Console.Models.Exceptions.ProvisioningTaskException Failed to copy the snapshot image /DEMO-CTX01.vm/Citrix_XD_Test.snapshot to the storage referenced by the Resources DEMO-ESX51i-02.
       at Citrix.Console.PowerShellSdk.ProvisioningSchemeService.BackgroundTasks.ProvisioningSchemeTask.CheckForTerminatingError(SdkProvisioningSchemeAction sdkProvisioningSchemeAction)
       at Citrix.Console.PowerShellSdk.ProvisioningSchemeService.BackgroundTasks.ProvisioningSchemeTask.WaitForProvisioningSchemeActionCompletion(Guid taskId, Action`1 actionResultsObtained)
       at Citrix.Console.PowerShellSdk.ProvisioningSchemeService.BackgroundTasks.ProvisioningSchemeCreationTask.StartProvisioningAction()
       at Citrix.Console.PowerShellSdk.ProvisioningSchemeService.BackgroundTasks.ProvisioningSchemeCreationTask.RunTask()
       at Citrix.Console.PowerShellSdk.BackgroundTaskService.BackgroundTask.Task.Run()

    DesktopStudio_ErrorId : ProvisioningTaskError
    ErrorCategory : NotSpecified
    ErrorID : DiskConsolidationFailed
    TaskErrorInformation : Terminated
    InternalErrorMessage : File [datastore1] DEMO-CTX01/DEMO-CTX01.vmdk was not found

I find it very difficult to troubleshoot server products that dump the entire error stack on you. It makes it impossible to read and also very difficult to Google for the solution.

In this case the problem is that the hosting resource in Citrix XenDesktop (as shown in the screenshot) is using a different datastore than is configured for the virtual machine in the vSphere client.

↧

The virtual machine requires hardware features that are unsupported or disabled on the target host

June 10, 2016, 2:36 am

≫ Next: AppDNA Invalid username or password - more Citrix craziness...

≪ Previous: Citrix Error XDDS:19E984FA when creating machine catalog

When you're trying to run 64-bit hosts inside a virtualized ESXi host you may get the following error.

The virtual machine requires hardware features that are unsupported or disabled on the target host: * Longmode: required for 64-bit guest OS support. On Intel systems, longmode requires VT-x to be enabled in the BIOS. On nested virtual ESX hosts, longmode support normally requires upgrading your VM to ESX 5.1 compatibility level (VM version 9) and enabling the "Virtualized Hardware Virtualization" flag on the outer VM. For incompatibilities other than NX/XD or longmode: if possible, use a cluster with Enhanced vMotion Compatibility (EVC) enabled; see KB article 1003212.

Even though the processor mode is set to Intel VT-x or AMD-V

This is quite simple to fix, you just need to enable nested virtual machines by adding the following line to your ESXi virtual machines .vmx file

vhv.enable = "TRUE"

More information can be found in this article.
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034803

↧

AppDNA Invalid username or password - more Citrix craziness...

June 10, 2016, 8:11 am

≫ Next: Citrix XenDesktop administrator report missing information

≪ Previous: The virtual machine requires hardware features that are unsupported or disabled on the target host

I have Installed and Configured AppDNA but unable to Login, what is the default Username and Password?

So you've installed AppDNA and try and login however you get the error "Invalid username or password".

This is because AppDNA installs with a default well-known username and password (which is therefore completely pointless).

Thanks Citrix.

Here's the login details

Username: administrator

Password: apps3cur3

↧

Citrix XenDesktop administrator report missing information

June 10, 2016, 9:38 am

≫ Next: Document AppDNA connection settings in Citrix Studio

≪ Previous: AppDNA Invalid username or password - more Citrix craziness...

We've just been testing our XenDesktop documentation script against the latest release of XenDesktop, XenDesktop 7.9 and noticed that we need to resolve the latest administrator rights to their human-readable strings, for example "AppDisk_AddScope" becomes "Add AppDisk to Scope".

To do this we generated a report of the permissions assigned to a user and were a little worried that these reports don't contain all of the information about the permissions assigned to a user.

For example we added some of the new AppDisk permissions to a role and assigned a user to that role.

Then generated a report for that user

It appears that the permission report isn't aware of the new permissions (AppDNA is there however the AppDisk settings are not seen). A little worrying from a security perspective.

↧

Document AppDNA connection settings in Citrix Studio

June 13, 2016, 9:27 am

≫ Next: SQL 2014 installer hangs on "Install_WatsonX86_Cpu32_Action"

≪ Previous: Citrix XenDesktop administrator report missing information

We've now updated XIA Configuration Server to document AppDNA connection settings in Citrix Studio.

This is what it's going to look like in the next release...

↧

SQL 2014 installer hangs on "Install_WatsonX86_Cpu32_Action"

July 4, 2016, 7:33 am

≫ Next: Windows Service Recovery Settings with PowerShell

≪ Previous: Document AppDNA connection settings in Citrix Studio

If you see the error "Install_WatsonX86_Cpu32_Action" when installing SQL Server check to see if there are any other installations started on the machine and close them.

The SQL Server installer should then continue.

↧

Windows Service Recovery Settings with PowerShell

July 15, 2016, 2:48 am

≫ Next: Documenting Fine-Grained Password Policies in an Active Directory domain

≪ Previous: SQL 2014 installer hangs on "Install_WatsonX86_Cpu32_Action"

We've often been asked about gathering the recovery settings for Windows services and providing it as part of the audit documentation.

Recovery settings determine what actions a service should take (on Windows 2000 and above) should the service fail.

The actions can include restarting the service or the computer or running a program.

The problem is that the standard PowerShell command Get-Service and the WMI class Win32_Service do not provide this information.

The good news is that we've now updated our server documentation tool with the ability to gather service recovery information which you can then query with PowerShell, view in the web interface or export to PDF.

For more information visit our web site.

↧

Documenting Fine-Grained Password Policies in an Active Directory domain

July 20, 2016, 6:54 am

≫ Next: Document Windows Time (NTP) Settings for PCI-DSS requirement 10.4 Synchronize all critical system clocks and times

≪ Previous: Windows Service Recovery Settings with PowerShell

Fine-grained password policies allow the definition of multiple password and account lockout policies for different sets of users in a domain and are available on Windows 2008 and above.

With the XIA Configuration Server Active Directory documentation agent you can now automatically document these settings.

The documentation includes

Name
Precedence
Description
Minimum Password Length
Password History
Password Must Meet Complexity Requirements
Store Password Using Reversible Encryption
Minimum Password Age
Maximum Password Age
Last Updated
Creation Date
Account Lockout Policy
Account Lockout Duration

Reset Failed Logon Attempts After (minutes)
Applies To (accounts)

↧

Document Windows Time (NTP) Settings for PCI-DSS requirement 10.4 Synchronize all critical system clocks and times

July 22, 2016, 5:37 am

≫ Next: Automate PCI-DSS Requirements

≪ Previous: Documenting Fine-Grained Password Policies in an Active Directory domain

We've recently been asked to help gather information for the following PCI-DSS requirement

10.4 Using time-synchronization technology, synchronize all critical system clocks and times and ensure that the following is implemented for acquiring, distributing, and storing time.

So we've added some new information gathering and reporting to our server documentation tool.

↧

Automate PCI-DSS Requirements

July 22, 2016, 9:35 am

≫ Next: The security identifier of the "NT SERVICE\WdiServiceHost" account is "S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"

≪ Previous: Document Windows Time (NTP) Settings for PCI-DSS requirement 10.4 Synchronize all critical system clocks and times

Today we received a testimonial from one of our customers using our software to help with their PCI-DSS requirements.

We're hoping to improve the alignment of XIA Configuration Server to PCI-DSS in the coming months.

XIA Configuration Server has helped us with reporting and evidence gathering aspects of the PCI-DSS process and has provided valuable insight into systems that have not met specific PCI-DSS requirements for remediation purposes.

The software is light on system resources and requirements great when for IT audits and other system checks to ensure that required systems are in line with PCI-DSS requirements.

The version comparison feature provides proof against change controls and provide a great time saving advantage on otherwise tedious admin overhead.

The CENTREL Solutions team is dedicated to providing service excellence and provide product enhancements to keep up with our growing demands.

Shimmy Garoeb
System Administrator (IT Operations)
http://www.namclear.com.na

↧

The security identifier of the "NT SERVICE\WdiServiceHost" account is "S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"

July 28, 2016, 3:43 am

≫ Next: Windows virtual machines display Black Screen after booting up in VMware ESXi or VMware Workstation

≪ Previous: Automate PCI-DSS Requirements

This week we have been working on support for PCI-DSS and CIS compliance auditing.

One of the CIS server requirements is to ensure that the following is configured

2.2.34 Set 'Profile system performance' to 'Administrators, NT SERVICE\WdiServiceHost' (Scored)

Rather than code string values into the product (which can cause problems with foreign language operating system installations) we use the well known security identifiers of these built in accounts.

The security identifier of the "NT SERVICE\WdiServiceHost" account does not appear to be documented (well not easily found anyway) so here it is.

The security identifier of the "NT SERVICE\WdiServiceHost" account is "S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"

This has been tested on

Windows Server 2008 R2
Windows Sever 2012
Windows Server 2012 R2
Windows 10

↧

Windows virtual machines display Black Screen after booting up in VMware ESXi or VMware Workstation

August 3, 2016, 1:37 am

≫ Next: You can't see the SCM: Pass the Hash Mitigations group policy settings

≪ Previous: The security identifier of the "NT SERVICE\WdiServiceHost" account is "S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420"

If you're having problems that when you boot up a VMware virtual machine (in this case in VMware Workstation) and find that the machine seems to boot up but the screen is black and doesn't respond to any commands you can try the following

Firstly try to disable the "Accelerate 3D graphics" option

If this doesn't solve the problem you can also change the hardware compatibility, this can certainly help if you're using an updated version of VMware version and you've migrated the virtual machine from an older version.

↧

You can't see the SCM: Pass the Hash Mitigations group policy settings

August 8, 2016, 6:27 am

≫ Next: AuditPol Error 0x00000522 occurred: A required privilege is not held by the client.

≪ Previous: Windows virtual machines display Black Screen after booting up in VMware ESXi or VMware Workstation

If you can't see the SCM: Pass the Hash Mitigations group policy settings such as 'Apply UAC restrictions to local accounts on network logons' (for example when you are using the CIS server hardening standard) you need to do the folllowing

Download the security baselines from here and unzip
https://blogs.technet.microsoft.com/secguide/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final/

Take the file PtH.admx and place into %SystemRoot%\PolicyDefinitions

The policies should then be available

↧

AuditPol Error 0x00000522 occurred: A required privilege is not held by the client.

August 9, 2016, 2:33 am

≫ Next: Document Windows Advanced Audit Policy Configuration with C# .NET AuditEnumerateCategories Win32 API

≪ Previous: You can't see the SCM: Pass the Hash Mitigations group policy settings

When running auditpol.exe you may see the error

Error 0x00000522 occurred:

A required privilege is not held by the client.

This can occur if you have UAC installed and you have not right clicked the command prompt and selected Run as Administrator.

↧