Windows Server 2008 R2 stuck in Recovery Mode

Windows Server 2008 R2 stuck in recovery mode

Today, i came across an issue where the server Stuck in Recovery mode and not booting up. It is giving only 3 options.
1. System Image Recovery
2. Windows Memory Diagnostic
3. Command Prompt

Other than these options, i dont see aany other windows open after server powered on. I have tried to boot the server in Safe mode Or last known Or CMD win networking etc.. but none of the options were displaying.

Then i have tried below Methods one by one and tried.

Method 1:
===============
1. Put the Windows Server 2008 R2 installation disc into the disc drive, and then start the computer.
2. Press a key when the message indicating "Press any key to boot from CD or DVD …". appears.
3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type sfc /scannow, and then press ENTER.

Method 2:
===============
1. Put the Windows Server 2008 R2 installation disc in the disc drive, and then start the computer.
2. Press any key when the message indicating "Press any key to boot from CD or DVD …". appears.
3. Select a language, time, currency, and a keyboard or another input method. Then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type Bootrec /RebuildBcd, and then press ENTER.

Method 3:
===============
1. Put the Windows Server 2008 R2 installation disc into the disc drive, and then start the computer.
2. Press a key when the message indicating "Press any key to boot from CD or DVD …". appears.
3. Select a language, a time, a currency, and a keyboard or another input method, and then click Next.
4. Click Repair your computer.
5. Click the operating system that you want to repair, and then click Next.
6. In the System Recovery Options dialog box, click Command Prompt.
7. Type BOOTREC /FIXMBR, and then press ENTER.
8. Type BOOTREC /FIXBOOT, and then press ENTER.
9. Type Drive:\boot\Bootsect.exe /NT60 All, and then press ENTER.

Note: In this command, Drive is the drive where the Windows Server 2008 R2 installation media is located.

For me 3rd Method worked fine and server came to normal login page.

One More : https://arcserve.zendesk.com/hc/en-us/articles/202771725-System-boot-into-Windows-recovery-mode-after-BMR

Rebuild BCD settings

o   Boot from a Windows 2008 r2 sp1 CD then enter recovery mode console

o   Run command below in order to reset BCD

Bootrec /fixmbr
Bootrec /fixboot
BCDBoot D:\Windows  --consider D drive is the system drive
Bootrec /rebuildbcd
Bootsect /nt60 all /force

Thank You !!!

How to Check\Modify the listening port for Remote Desktop

How to change the listening port for Remote Desktop

By default, if you enable RDP on the server, it will use 3389 port number to establish the connection. For security reasons, you may change the this port number from Default value to some other port.

Below are the steps :

1.Open Registry using the command : regedit
2.Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber
3.On the Edit menu, click Modify, and then click Decimal.Type the new port number, and then click OK.
4.Quit Registry Editor and restart the computer.

Error while joining a server to Domain "Not enough storage is available to complete this operation"

Today, i cam across an error while joining a 2003 Server to Domain and the error is

Error message when you use a Windows Server 2003-based domain controller to join a Windows XP-based client computer to a domain: "Not enough storage is available to complete this operation"

There is no problem with the connectivity with the Domain Controller, DNS and Domain Admin Credentials. After some investigation on this and followed below steps to fix the error.

Cause : This problem occurs because the Kerberos token that is generated during authentication is more than the fixed maximum size. In the original release version of Microsoft Windows 2000, the default value of the MaxTokenSize registry entry was 8,000 bytes. In Windows 2000 with Service Pack 2 (SP2) and in later versions of Windows, the default value of the MaxTokenSize registry entry is 12,000 bytes.

To resolve this problem, increase the Kerberos token size. To do this, follow these steps on the client computer that logs the Kerberos event.

1.Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

Note If the Parameters key is not present, create the key. To do this, follow these steps:
Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos
On the Edit menu, point to New, and then click Key. Type Parameters, and then press ENTER.
On the Edit menu, point to New, and then click DWORD Value. Type MaxTokenSize, and then press ENTER.

3.On the Edit menu, click Modify.
4. In the Base area, click Decimal, type 65535 in the Value data box, and then click OK.

Note The default value for the MaxTokenSize registry entry is a decimal value of 12,000. We recommend that you set this registry entry value to a decimal value of 65,535.

Exit Registry Editor.

Restart the computer.

Windows Activation Error "an unauthorized change was made to windows server 2008"

While logging into one Windows 2008 servers, i got below error message and not allowing me to login to the server. 

an unauthorized change was made to windows server 2008

Windows 2008 is showing error window, "an unauthorized change was made to windows windows server 2008".

You will no longer receive notifications, including those about your license or activation.

Error No. 0xC004D401

The security processor reported a file mismatch error.

This Server is not loging to Administrator.  It showing the message upto Preparing your desktop.  after that the same error is showing. As per the error I can see that the issue is with the Windows License\Activation problem.

So, i need to verify the windows licensing options on the server but server is not showing any other consoled other than error page.

Then, below steps were worked me to get the server back to normal mode.

1) Click the option that launches an Internet Browser

2) Type: %windir%\system32 into the address field

3) Find the file cmd.exe

4) Right-click on cmd.exe and select Run as Administrator

5) Type: cscript %windir%\System32\slmgr.vbs /ilc %windir%\System32\licensing\ppdlic\Security-Licensing-SLC-ppdlic.xrm-ms

6) Hit the Enter key

7) Reboot the server. 

After executing these steps on the server, it came to normal login console and allowed me to login. 

Thank You !!!

Export Site Name and Subnet from AD Sites & Services using Powershell

Below Powershell command will help you to get the Site name and associated Subnets for that particular sites in Active Directory.


$sites = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().Sites

$sitesubnets = @()

foreach ($site in $sites)
{
foreach ($subnet in $site.subnets){
  $temp = New-Object PSCustomObject -Property @{
  'Site' = $site.Name
  'Subnet' = $subnet; }
   $sitesubnets += $temp
}
}

$sitesubnets | Export-CSV subnet.csv

Get Manager Details from User objects in Active Directory

My today Post is about to get the user manager details from user object in Active Directory using PowerShell  (this was one requirement from my management for auditing purpose J)

Below powershell command will give you the list of user accounts and manager names which are associated with those user accounts.

Get-ADUser -Filter * -SearchBase 'Distinguish Path of the OU' -Properties manager | Export-CSV "ADUsers.csv"

EX : Get-ADUser -Filter * -SearchBase 'OU=Active users,OU=Test Users,DC=Test,DC=com' -Properties manager | Export-CSV "ADUsers.csv" 

Enjoy !!!

Find the GPO name with GUID

If you run GPupdate /force command to update the Group policies in the GP clients, the results will display only GUID (Global Unique Identifier) of the GP which is failing to update. It will not show you the name of the GP. 

At that time, as a server admin, you should be able to find the GP name which is failing.

A.            Below PowerShell command will help you to find the GP name using its GUID.

1      1. Open PowerShell on Active Directory Server and type “Import-Module GroupPolicy”

2.       Get-GPO -Guid 31a09564-cd4a-4520-98fa-446a2af23b4b -Domain gmail.com

****Note: Here domain name would be your domain name where you are trying to apply the policies****

B.             We can get the GP name from Group Policy Management console as well. Below are the steps

1.       Open Group Policy Management console (GPMC.msc)

2.       Right click on domain name and click on Search, it will open a search box.

3.       Select “GUID” from the Dropdown and copy the GP GUID including {}. Click on Add

4.       Click on Search to search in Domain. You will see the GP name in search results. Below is one example.

\

Once you get the GP name, it is easier to identify the problem. 

How to Verify Authorized DNS servers for External Domain

Authorized DNS servers have the ability to Create\Modify\Delete DNS records for a Domain (Internal & External). If it is Internal Domain, Server Administrators can tell you the Authoritative DNS Server. If you would like to know for an External domain, go through the below steps.

1.       Open the URL https://www.whois.net/ Or http://www.whois.com/whois/

2.       Type the domain name for which you would like to know the DNS servers and click enter

3.       Search for the Name Servers list in the webpage after you entered the Domain name.

   

 Ex . DNS Name Servers for Gmail.com :