Windows

RDP Rescue: How to Fix Remote Desktop Issues Without a Reboot | Lazy Admin Blog

Posted on Updated on

If you can reach a server via ping or the VM console but RDP is failing, you can often “kick-start” the service by toggling specific registry keys. This forces the Terminal Services stack to re-read its configuration without dropping the entire OS.

1. The Firewall Check

Before diving into the registry, ensure the Windows Firewall isn’t blocking Port 3389. If you have console access, try disabling it temporarily to rule it out.

  • Quick Command: netsh advfirewall set allprofiles state off

2. The “Deny” Toggle (The Most Common Fix)

Sometimes the registry says RDP is allowed, but the service isn’t honoring it. Toggling the value can reset the listener.

Path: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

  • fDenyTSConnection: Should be 0. (If it’s already 0, change it to 1, refresh, then back to 0).
  • fAllowToGetHelp: Should be 0 to ensure Remote Assistance isn’t conflicting.

3. WinStation Listeners (RDP & Citrix)

If the main switch is on but the specific “listener” is disabled, you’ll get a “Connection Refused” error.

For Standard RDP: Path: HKLM\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp

  • fEnableWinStation: Must be 1. Toggle this (1 -> 0 -> 1) to reset the listener.

For Citrix Servers (ICA): Path: HKLM\System\CurrentControlSet\Control\TerminalServer\WinStations\ICA-Tcp

  • fEnableWinStation: Must be 1.

4. Port Verification

Ensure the server is actually listening on the standard port. If someone changed the RDP port for “security,” your connection will fail.

Path: HKLM\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp

  • PortNumber: Should be 3389 (Decimal).

Test it from your workstation: tnc <ServerIP> -port 3389 (PowerShell) or telnet <ServerIP> 3389

5. The Winlogon Block

In rare cases, the entire Winlogon station for terminal services is disabled at the software level.

Path: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

  • WinStationsDisabled: Must be 0. If set to 1, no one can log in via RDP regardless of other settings.

Lazy Admin Tip 💡

If you can’t get to the console, you can change these registry keys remotely from your workstation! Open Regedit, go to File > Connect Network Registry, and enter the target server’s name. You can perform all the toggles mentioned above without ever leaving your desk.

#WindowsServer #RDP #SysAdmin #Troubleshooting #ITOps #TechTips #Networking #RemoteDesktop #LazyAdmin #ServerManagement

This entry was posted in Windows and tagged , , , , , , , , , .

Master the Forest: Top Active Directory Interview Questions & Answers | Lazy Admin Blog

Posted on Updated on

Part 1: The Logical vs. Physical Structure

Understanding how AD is organized is the first step in mastering the service. Interviewers often look for the distinction between how objects are managed (logical) and how traffic flows (physical).

Logical Components

These define the administrative boundaries and hierarchy:

  • Forest: The uppermost boundary. It contains one or more trees that share a common schema and global catalog.
  • Tree: A collection of domains that share a contiguous namespace (e.g., corp.com and dev.corp.com).
  • Domain: The primary unit of replication and security. All objects in a domain share a common database (ntds.dit).
  • Organizational Unit (OU): Containers used to organize objects within a domain. OUs are primarily used to delegate administration and apply Group Policy.

Physical Components

These define how AD exists on hardware and over the network:

  • Domain Controllers (DC): The servers that host the AD database and handle authentication.
  • Sites: A grouping of IP subnets connected by high-speed links. Sites are used to control replication traffic and ensure users log on to a local DC rather than one across a slow WAN link.

Part 2: The Core “Under the Hood” Mechanics

The Active Directory Database

The database is stored in %systemroot%\ntds as ntds.dit. Key files include:

  • edb.log: Transaction logs (changes are written here first).
  • res1.log / res2.log: Reserve logs to ensure the system can write to disk if space runs out.
  • edb.chk: The checkpoint file that tracks which transactions have been committed to the database.

The Global Catalog (GC)

The GC is a partial, read-only replica of every object in the forest. It allows users to search for resources (like a printer in another domain) without needing to query every single DC in the forest.

SYSVOL Folder

The SYSVOL folder is a shared directory on every DC that stores the domain’s public files, including:

  • Login scripts (Netlogon share).
  • Group Policy Templates.
  • It is kept in sync across all DCs using the File Replication Service (FRS) or DFSR.

Part 3: Protocols and Naming

LDAP (Lightweight Directory Access Protocol)

LDAP is the language used to talk to Active Directory. It follows the X.500 standard and uses TCP/IP.

  • Distinguished Name (DN): The full path to an object (e.g., CN=JohnDoe,OU=Sales,DC=corp,DC=com).
  • Relative Distinguished Name (RDN): Just the object’s name (e.g., JohnDoe).
  • UPN (User Principal Name): The “email-style” login name (e.g., johndoe@corp.com).

Part 4: Essential Admin Tools

ToolPurpose
ADSIEditA low-level “registry editor” for Active Directory objects and attributes.
LDPA tool for performing LDAP searches and operations manually.
RepadminThe go-to command-line tool for diagnosing replication health.
NetdomUsed for managing trust relationships and joining computers to domains via CLI.
Dcpromo(Legacy) The command to promote or demote a Domain Controller.

Common Interview Scenario: “My Replication is Broken”

Answer: I would start by checking connectivity between sites. Then, I would use repadmin /showrepl to see which naming contexts (Domain, Configuration, or Schema) are failing. I’d also check the DNS SRV records to ensure the DCs can find each other.

#ActiveDirectory #SysAdmin #WindowsServer #ITJobs #TechInterview #Microsoft #Networking #ITOps #LazyAdmin

This entry was posted in Active Directory, Interview Questions, Windows and tagged , , , , , , , , , .

Configuring Cisco NIC Teaming on UCS B200-M3

Posted on Updated on

For Windows-based Cisco UCS B-Series blades, native teaming is often handled via the Cisco-specific driver contained in the UCS Windows Utilities ISO. Here is how to install and manage teams via the Command Line Interface (CLI).

Prerequisites

  1. Download the Windows Utilities ISO from Cisco.com.
  2. Choose either the B-Series Blade or C-Series Rack-Mount software bundle.
  3. Ensure you have Administrator privileges on the Windows target.

Phase 1: Installing the NIC Teaming Driver

The driver is installed using the enictool. You must point it to the directory containing the .inf files from the ISO.

  1. Open Command Prompt as Administrator.
  2. Run the following command:DOSenictool -p "C:\path\to\drivers" Example: C:\> enictool -p "c:\temp"

Phase 2: Creating and Configuring the Team

Once the driver is active, you can group your logical interfaces into a team.

  1. Identify your connections: Use ipconfig or ncpa.cpl to find the exact names (e.g., “Local Area Connection”).
  2. Create the Team:DOSenictool -c "Connection 1" "Connection 2" -m [mode]

Mode Reference Table

Mode IDDescriptionBest Use Case
1Active-BackupBasic redundancy; one link stays idle.
2Active-Backup (Failback)Redundancy; always reverts to the primary link when healthy.
3Active-ActiveTransmit Load Balancing; uses both links for outgoing traffic.
4802.3ad LACPLink Aggregation; requires specific configuration on the Fabric Interconnect/Switch.

Example (Active-Backup):

C:\> enictool -c "Local Area Connection" "Local Area Connection 2" -m 1

Phase 3: Management Commands

  • To Delete a Team:C:\> enictool -d "Local Area Connection" "Local Area Connection 2"
  • To View All Options:C:\> enictool /?(Use this to fine-tune Load Balancing hash methods and advanced failover settings.)

#CiscoUCS #NICTeaming #SysAdmin #DataCenter #Networking #WindowsServer #TechTutorial #LazyAdmin #ServerAdmin #Infrastructure

This entry was posted in Cisco UCS, Windows and tagged , , , , , , , , , .

Installing and Configuring MPIO on Windows Server 2008

Posted on Updated on

Multipath I/O (MPIO) is essential for providing redundancy and load balancing for storage connections. Whether you are using Fibre Channel or iSCSI, here is the definitive guide to getting MPIO running on Windows Server 2008.

🛠️ Option 1: Install MPIO via Server Manager (GUI)

  1. Open Server Manager: Click Start > Administrative Tools > Server Manager.
  2. Add Features: In the Features summary area, click Add Features.
  3. Select MPIO: On the Select Features page, check the box for Multipath I/O and click Next.
  4. Confirm: Click Install.
  5. Finish: Once the progress bar completes, click Close.

💻 Option 2: Install MPIO via Command Line (CLI)

If you are working on a Server Core installation or just prefer the speed of the CLI, use ServerManagerCmd.exe.

  1. Open Command Prompt as Administrator.
  2. Install the feature:DOSServerManagerCmd.exe -install Multipath-IO
  3. Verify installation:DOSServerManagerCmd.exe -query Ensure “Multipath I/O” appears in the list of installed packages.

🔗 Claiming iSCSI Devices for MPIO

After installation, Windows doesn’t automatically “claim” iSCSI devices for multipathing. You must enable this manually.

  1. Open the MPIO Control Panel (found in Administrative Tools).
  2. Go to the Discover Multi-Paths tab.
  3. Check the box Add support for iSCSI devices and click Add.
  4. Reboot: You will be prompted to restart the computer. Click Yes.
  5. Verify: After the reboot, check the MPIO Devices tab. You should see hardware ID MSFT2005iSCSIBusType_0x9, indicating the Microsoft DSM has successfully claimed the iSCSI bus.

🗑️ How to Remove MPIO

If you need to decommission MPIO, follow these steps:

  • Via GUI: In Server Manager, click Remove Features, uncheck Multipath I/O, and follow the prompts.
  • Via CLI:DOSServerManagerCmd.exe -remove Multipath-IO

IC347745[1]

#WindowsServer #MPIO #StorageAdmin #SysAdmin #ITPro #DataCenter #iSCSI #Networking #LazyAdmin #LegacyIT

This entry was posted in Windows and tagged , , , , , , , , .

How to Patch Air-Gapped Windows Servers using WSUS Offline

Posted on Updated on

Patching servers in an offline or “air-gapped” environment is a common challenge for SysAdmins. While Microsoft’s official WSUS role typically requires a network connection, the third-party tool WSUS Offline Update allows you to “bring the internet to the server” via a USB stick or DVD.

When to use this method?

This is an ideal solution for a one-time update or for small environments where setting up a complex, multi-tier WSUS architecture isn’t practical.

Note: This requires a “bridge” machine—a computer with internet access where you will build the update repository before moving it to the offline server.

Phase 1: Creating the Update Media (On the Online Machine)

  1. Download the Tool: Head to wsusoffline.net and download the latest version.
  2. Extract and Launch: Extract the ZIP file and run UpdateGenerator.exe.
  3. Select Your OS: Check the boxes for the operating systems you need to patch (e.g., Windows Server 2016, 2019, or legacy versions like 2008 R2).
  4. Download: Click Start. The tool will download all missing patches from Microsoft’s servers into a local folder.
    • Size Tip: Expect downloads to range from 800MB to several GBs depending on the OS version.
  5. Transfer: Copy the entire wsusoffline folder to your removable media (USB Drive, External HDD, or burn it to a DVD).

Phase 2: Patching the Offline Server

  1. Insert Media: Plug your USB drive into the offline server.
  2. Navigate to Client: Open the wsusoffline folder, then open the “client” subfolder.
  3. Run Installer: Execute UpdateInstaller.exe.
  4. Configure & Start: Select your desired options (like “Automatic reboot and recall”) and click Start.

The tool will now simulate a local Windows Update session, installing all the downloaded patches without ever needing a NIC connection.

#WSUS #AirGapped #SysAdmin #WindowsServer #CyberSecurity #ITAdmin #TechTips #OfflinePatching #LazyAdmin #ServerMaintenance

This entry was posted in Windows and tagged , , , , , , , .

Fix: “Not enough server storage is available to process this command”

Posted on Updated on

Have you ever tried to access a network share or run a command only to be met with the cryptic error: “Not enough server storage is available to process this command”?

Despite what the message says, this almost never means you are out of disk space. Instead, it usually refers to a specific memory buffer in the Windows kernel called the IRPStackSize (I/O Request Packet Stack Size).

The Fix: Increasing the IRPStackSize

When too many filter drivers (antivirus, firewall, or backup tools) are installed, the default stack size isn’t deep enough to handle the requests. We can fix this by a quick trip to the Windows Registry.

Step-by-Step Instructions:

  1. Press Win + R, type regedit, and hit Enter.
  2. Navigate to the following path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
  3. Look for a value named IRPStackSize.
    • If it exists: Double-click it.
    • If it doesn’t exist: Right-click in the right pane, select New > DWORD (32-bit) Value.
    • CRITICAL: You must name it exactly IRPStackSize. The system is case-sensitive for this specific entry.
  4. Change the Base to Decimal.
  5. Set the Value data to 16 or higher.
    • The default is 15. If you are already at 15 and seeing the error, try increments of 3 (e.g., 18, 21, 24). The maximum value is 50.
  6. Click OK, close the Registry Editor, and restart your computer (or restart the “Server” service).

#WindowsServer #SysAdmin #TechFix #RegistryEditor #ITPro #ServerStorage #WindowsTips #LazyAdmin #Troubleshooting #SoftwareEngineering

This entry was posted in Windows and tagged , , , , , , , .

Restore Missing “Help and Support” Service in Windows Server 2003

Posted on Updated on

In Windows Server 2003, you might occasionally encounter a scenario where the Help and Support service is completely missing from the services.msc console or simply refuses to start. This is usually due to a corruption in the registration of the Help Center binaries.

Instead of a full OS repair, you can re-register and re-install the service directly from the command line.

The Fix: Re-registering via Command Prompt

Follow these steps to force the system to rebuild the service entry:

  1. Open a Command Prompt (Start > Run > cmd).
  2. Switch to your system drive (usually C:):DOS%SystemDrive%
  3. Navigate to the Help Center binaries directory:DOScd %windir%\PCHealth\HelpCtr\Binaries
  4. Run the registration and installation command:DOSstart /w helpsvc /svchost netsvcs /regserver /install Note: The /w switch tells the command prompt to wait for the process to finish before returning to the prompt.

Verification

Once the command finishes, the service should start automatically. You can verify it by running:

  1. Type services.msc in the Run box.
  2. Look for Help and Support.
  3. Ensure the Status is Started and the Startup Type is Automatic.

#WindowsServer2003 #SysAdmin #LegacyIT #WindowsFix #TechSupport #ServerAdmin #ITPro #LazyAdmin #Troubleshooting #RetroIT

This entry was posted in Windows and tagged , , , , , , , .

How to Uninstall Internet Explorer 8 on Windows Server 2003 (The Hard Way)

Posted on Updated on

Sometimes you need to roll back to a previous version of Internet Explorer on Windows Server 2003, but the standard “Add/Remove Programs” fails or the uninstaller is missing. If you find yourself in this position, you can trigger the uninstaller manually—even if the files are missing.

The Standard Manual Uninstall

If your system still has the uninstallation files, you can run the following command:

  1. Click Start > Run.
  2. Type or paste: %windir%\ie8\spuninst\spuninst.exe
  3. Follow the prompts to remove IE8.

What if the “spuninst” folder is missing?

If you navigate to C:\Windows\ie8 and the spuninst folder is nowhere to be found, you aren’t out of luck.

  1. Find a Donor: Locate another Windows Server 2003 machine that still has the folder.
  2. Copy the Structure: Copy the entire spuninst folder from the donor machine to the same path on the target server.
  3. Run the EXE: Execute the spuninst.exe as mentioned above.

The “Missing File” Trick (IEENCODE.DLL.000)

During the uninstallation process, the wizard may stop and ask for specific files. A common culprit that goes missing is IEENCODE.DLL.000.

If you cannot find this file anywhere, here is the workaround:

  1. Search for the existing file IEENCODE.DLL on your system.
  2. Copy IEENCODE.DLL to a temporary location (like your desktop).
  3. Rename the copy to IEENCODE.DLL.000.
  4. When the IE8 uninstaller asks for the file, point it to your newly renamed file.

The uninstaller will accept the file, proceed with the cleanup, and successfully remove Internet Explorer 8 from your system!

#WindowsServer #InternetExplorer #SysAdmin #LegacyIT #TechHacks #ServerAdmin #Troubleshooting #LazyAdmin #WindowsFix #RetroComputing

This entry was posted in Windows and tagged , , , , , , , .

Reclaiming Space: How to Clean Up WinSxS on Windows Server 2008 R2

Posted on Updated on

The C:\Windows\WinSxS directory is notorious for growing over time as it stores multiple versions of DLLs and backup files for Windows Updates. On a long-running Server 2008 R2 instance, this folder can easily consume 10GB–20GB of precious SSD or SAN storage.

pic1[1]

Step 1: Install Disk Cleanup (Without a Reboot)

In Server 2008 R2, the Disk Cleanup utility is technically part of the “Desktop Experience” feature. Usually, installing this requires a reboot—something most admins want to avoid.

Instead, you can install the standalone update package (KB2852386) that specifically adds Disk Cleanup functionality:

pic2[1]

Step 2: Launching the Cleanup Wizard

Once the update is installed, you won’t find it in the Start Menu immediately. You can launch it via the command line:

pic8[1]
  1. Open Run (Win + R).
  2. Type cleanmgr and hit Enter.
  3. Select your C: Drive.
pic9[1]
pic10[1]

Step 3: Cleaning System Files (The “WinSxS” Secret)

To actually shrink the WinSxS folder, you must target the Windows Update files.

3348.diskcleanup3[1]
pic11[1]
  1. When the wizard opens, click the Clean up system files button (this requires Administrator privileges).
  2. The tool will scan again. Look for the new option: Windows Update Cleanup.
  3. Check this box along with any other items you want to remove (Service Pack Backup files, etc.).
  4. Click OK.

Step 4: Finalizing the Shrink

Unlike standard file deletion, the WinSxS cleanup happens during the next reboot.

  • When you restart the server, you will see a message: “Configuring Windows updates, X% complete. Do not turn off your computer.” * Do not interrupt this process. This is the system physically removing the redundant files from the WinSxS directory.
pic12[1]

The Result: After the reboot, you should see a significant drop in the size of your Windows directory—often saving several gigabytes of space.

#WindowsServer #WinSxS #SysAdmin #StorageCleanup #ITPro #DataCenter #WindowsUpdate #TechTips #LazyAdmin #ServerMaintenance

This entry was posted in Windows and tagged , , , , , , , .

Test Cluster Failures and Failover Policies

Posted on Updated on

 Test cluster failures and failover policies

 

Test group failover policy

To test group failover policy

  1. Open Cluster Administrator.
  2. In the console tree, double-click the Groups folder.
  3. In the details pane, click the group.
  4. On the File menu, click Properties.
  5. On the Failover tab, set the Threshold to 0, and then click OK.
  6. In the Cluster Administrator console tree, click the group.
  7. In the details pane, click a resource.
  8. On the File menu, click Properties.
  9. On the Advanced tab, select the Affect the group check box, if it is not already selected.
  10. On the Advanced tab, set the Threshold to 0, and then click OK.
  11. On the File menu, click Initiate Failure.

 

Test whether group resources can fail over

To test whether group resources can fail over

  1. Open Cluster Administrator.
  2. In the console tree, double-click the Groups folder.
  3. In the console tree, click a group.
  4. On the File menu, click Move Group.On a multinode cluster server, when using Move Group, select the node to move the group to.

    Make sure the Owner column in the details pane reflects a change of owner for all of the group’s dependencies.

 

Test private network failures

To test private network failures

  1. Open Cluster Administrator.
  2. Verify that there are at least two networks set up for internal cluster communication and determine which network has the highest priority for internal cluster communications.For more information, see “To change network priority for communication between nodes” in Related Topics. When you follow that procedure, Cluster Administrator will only list those networks that support internal cluster communication.
  3. If there are two or more internal networks, continue to step 4, otherwise stop here and do not continue.
  4. On one node, unplug the cable for the highest priority network identified above.
  5. In the console tree, click the cluster node and verify that the state of the node is still Up (that is, actively participating in all cluster operations).

  

Test node failure

To test node failure

  • Test node failure using one of the following four methods:
  • Stop the Cluster service on the node.This prevents clients from accessing cluster resources through that node. In this event, all resources owned by this node fail over to other nodes in the server cluster.
  • Turn off the power on the node.This tests the ability of the server cluster to fail over all the resources that were owned by the powered down node.
  • On one node, unplug the network cables for all networks enabled for intracluster communications.This test disables all intracluster network interfaces for the node and prevents the node from exchanging heartbeats with the Cluster Network Driver on the other active nodes. In this event, the Cluster service then initiates failover of the resources owned by the node to the other nodes in the server cluster.

  

Start Cluster Administrator in Microsoft Management Console

To start Cluster Administrator in Microsoft Management Console

  1. Open Computer Management.
  2. In the console tree, double-click to expand Services and Applications.
  3. Right-click Cluster, and then click

 

Pause a node

To pause a node

  1. Open Cluster Administrator.
  2. In the console tree, click the node.
  3. On the File menu, click Pause Node.

  

Resume a node

To resume a node

  1. Open Cluster Administrator.
  2. In the console tree, click the node.
  3. On the File menu, click Resume Node.

 

Stop the Cluster service

To stop the Cluster service

  1. Open Cluster Administrator.
  2. In the console tree, click the node.
  3. On the File menu, click Stop Cluster Service.

  

Start the Cluster service

To start the Cluster service

  1. Open Cluster Administrator.
  2. In the console tree, click the node.
  3. On the File menu, click Start Cluster Service.

 

Set the Cluster service to only start manually

To set the Cluster service to only start manually

  1. Open Computer Management.
  2. In the console tree, click Services.Where?
    • Computer Management/Services and Applications/Services
  3. In the details pane, click Cluster Service.
  4. On the Action menu, click Properties.
  5. In Startup type, select Manual, and then click OK.

 

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.
  • To open Cluster Administrator, click Start, click Control Panel, double-click Administrative Tools, and then double-click Cluster Administrator.

clusterrosourcemovement[1]

This entry was posted in Windows and tagged .