Error: DCDIAG report “Invalid service startup type: NtFrs”

On a new Windows 2012 R2 Domain Controller on a 2008 forest level with SYSVOL already migrated to DFS, I had this error running DCDIAG:

Starting test: Services
Invalid service startup type: NtFrs on DCO01, current value
DISABLED, expected value AUTO_START
NtFrs Service is stopped on [DCO01]

Starting test: VerifyReferences
Some objects relating to the DC DCO01 have problems:
[1] Problem: Missing Expected Value
Base Object:
CN=DCO01,OU=Domain Controllers,DC=mydomain,DC=local
Base Object Description: “DC Account Object”
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: “SYSVOL FRS Member Object”
Recommended Action: See Knowledge Base Article: Q312862
……………………. DCO01 failed test VerifyReferences

Every thing is working fine (at least on my DC), it’s only an incorrect error detection from DCDIAG: https://support.microsoft.com/en-us/help/3110032/dcdiag-verifyreferences-test-fails-when-you-use-dfsr-to-replicate-sysvol

On the DC with this issue I had DCDIAG.EXE version 6.3.9600.16384
Updating it with KB2919355 the DCDIAG version jumped to 6.3.9600.17031

Advertisements

How to Disable Network Card from CMD

If you need to disable a NIC from command line on windows this is the path:

WMI:

wmic nic get name, index

Check then index of the NIC you want to disable and run:

wmic path win32_networkadapter where index=[NIC number] call disable

…change the [NIC Number] with the index of the wanted network card.

Now in the control panel, you should see that the desired network connection is now disabled.

To enable it again:

wmic path win32_networkadapter where index=[NIC number] call enable

If you what to disable some type of devices (like WiFi), type this command to check the NetConnectionID attribute:

wmic nic get name, index, NetConnectionID

WMI_NIC

and disable it selecting by NetConnectionID:

wmic path win32_networkadapter where 'NetConnectionID like "%Wi-Fi%" ' call disable

or

wmic path win32_networkadapter where NetConnectionID="Wi-Fi" call disable

All these tasks can be done with netsh or powershell.

Netsh:

netsh interface show interface
netsh interface set interface "Wi-Fi" disabled

Powershell:

Get-NetAdapter
Get-NetAdapter -Name wi-fi | Disable-NetAdapter -Confirm:$false

How to – Disable Windows Search Backoff

Indexer Backoff is used to slow down background indexing activity when the system load is high. This means that your stuff will be indexing slow on certain condition.

There is a GPO or a reg key to disable this.
For do it via registry:

reg add "HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Search" /v DisableBackoff /t REG_DWORD /d 1 && net stop "Windows Search" && net start "Windows Search"

For do this via local GPO look at:

Computer Configuration > Administrative Templates > Windows Components > Search

 

Problem: Windows defender do not start

On my machine :-( Windows Defender stop working and on Event log I found this:

Activation of app Microsoft.Windows.SecHealthUI_cw5n1h2txyewy!SecHealthUI failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information

I started my troubleshooting running System File Checker.
Open CMD as Administrator:

sfc /scannow

The results of SFC can be these:
– Windows did not find any integrity violations (a good thing)
– Windows Resource Protection found corrupt files and repaired them (a good thing)
– Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

I was on third option :-(
If you get this message like me, run DISM as described below:

DISM /Online /Cleanup-Image /RestoreHealth

If the repair is successful you may want to re-run SFC just to check.

Unfortunately I get the error message “cannot find source files”.
Windows Installation ISO is then necessary (same build of installed OS). Mount the ISO file and rerun the command specifying  where it is located with the below command:

DISM /Online /Cleanup-Image /RestoreHealth /source:X:\Sources\Install.wim

Where “X” is the drive letter where the ISO is located.

 

How to prevent Multiple IP address DNS registration

If you add multiple IP addresses to a network card with “Register this connection’s address in DNS” flagged, you fill find all the IPs on your DNS. Sometime this is not nice and a workaround for that is to remove the flag and manage the DNS entry by hands.

I discovered that on Windows Server 2008 you can selectively decide which IP address can be dynamically registered from netsh setting the flag skipassource:

Netsh Int IPv4 Add Address <Interface Name> <IP Address> <Subnet mask> SkipAsSource=True

If you need to know the “Interface Name”:

Netsh Interface Show Interface

The only annoyance is that you can’t simply change this flag but you need to remove the IP address and add it again:

netsh int IPv4 delete Address "Local Area Connection" 192.168.1.2
netsh int IPv4 add Address "Local Area Connection" 192.168.1.2 255.255.255.0 SkipAsSource=True

For showing the flag Status:

Netsh int ipv4 show ipaddresses level=verbose

For Windows Server 2012 you can also use powershell for setting skipassource flag: https://blogs.technet.microsoft.com/rmilne/2012/11/30/fine-grained-control-when-registering-multiple-ip-addressespart-deux/

 
Via: https://blogs.technet.microsoft.com/rmilne/2012/02/08/fine-grained-control-when-registering-multiple-ip-addresses-on-a-network-card/

PROBLEM: PIN Sign-in is disabled on domain joined W10 machine

On Local Group Policy Editor enable this GPO:

Computer Configuration -> Administrative Templates -> System -> Logon -> Turn on pin sign-in

Or add this Reg Key:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System]
“AllowDomainPINLogon”=dword:00000001

Enabling PIN is also necessary for user/enable Windows Hello. If Windows Hello is grey, add this key.