How to redirect Rdweb page from IIS 8 root site.

After you have successfully deployed a Remote Desktop Web Access server, users have to type sub.domain.com/rdweb/pages/ to reach it.

 
To make it easier, you can redirect sub.domain.com to sub.domain.com/rdweb/pages

Open Internet Information Services (IIS) Manager.

Choose your site. I only have one so mine is the Default Site.

Double click on HTTP Redirect.

Check the box Redirect requests to this destination.
 
Type /RDWeb/Pages as redirect destination.
 
Uncheck the box for Redirect all requests to exact destination (instead of relative to destination).
 
Check the box for Only redirect requests to content in this directory (not subdirectories).
 
Select Status code as Found (302).
 
 
Try typing https://sub.domain.com. It should now redirect you to the RDWeb page.

How to fix always need to reinstall print driver to open printer properties. (HP Laserjet 4200)

Here’s an issue that took some extra Google-Fu in order to get straightened out. Apparently there is a bug with some HP printer drivers that will make it give you an error that “The ‘(Name of Driver)’ printer driver is not installed on this computer. Some printer properties will not be accessible unless you install the printer driver. Do you want to install the driver now?”

 
 
Luckily, this one can be fixed by a registry hack. Just make sure you’re careful screwing around in the registry and you always create a backup every time unless you like to live dangerously like I do.
 
Click start, type ‘Regedit’ and then hit Ctrl-Shift-Enter to open it as an Administrator. Maybe you can just hit Enter too because I think it has to run as admin by default. I’ve gotten so used to that little key trick to always make sure I’m opening as an administrator.
 
 
Here is what you need to drill down to:
 
HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Print/Printers/”Name of HP Printer”/Printer/Driver/Data/HPTrayCount
 
 
Change HP Tray count to Decimal Value 18 instead of Hexadecimal Value 0. I don’t remember where I found this but one other contributor said they changed it to Hexadecimal value 5 and that worked too.
 
Hopefully that does it for you!
 

Printer settings could not be saved. This operation is not supported. Server 2012 R2

How to fix “Printer settings could not be saved. This operation is not supported.” (Server 2012R2)

So here’s a really annoying one and it has to do with printers. Of course right? It always printers or DNS. ALWAYS.

 
Anyway I wanted to change the driver on one of my deployed printers when I ran into this message:
 
“Printer settings could not be saved. This operation is not supported.”
 
After some digging around, I was able to find the culprit. It’s because there is little box that’s ticked called “Share This Printer” under the Sharing tab.
 
 
Untick that box, click apply, install your new driver, then go back and tick that box again.
 
 
Also make sure you tick the box to List in the directory again if you had that on too because it gets turned off by default when you un-share it.

How to schedule a restart in Windows using Task Scheduler.

Here’s one that I like to use from time to time to schedule a restart for updates.

 
 
Open Task Scheduler and click Create Basic Task… and give it a name.
 
 
Click Next >. I’ll be running this task just once so I’ll click One time.
 
 
Click Next >. Schedule it
 
 
Click Next >.  We’re going to be starting a program so click the radio button next to Start a program.
 
 
Click Next >. The name of the program is shutdown and in order for it to restart properly, we need to add some arguments. For a list of those arguments, click here
 
I will be using /r /f /t 0. /r to restart, /f to force any running applications to close and /t 0 so it waits for 0 seconds.
 
 
Click Next >. Verify your settings. This task requires some extra settings to guarantee that it runs properly so check the box next to Open the Properties dialog for this task when I click Finish and click Finish.
 

I may or may not be logged in at the time this task is going to run so I clicked the radio button next to Run whether user is logged on or not. Click OK.

 
Enter your password and click OK.
 
 
Now you should be all set.
 
 
If you would like to use Powershell instead, there is also a method for that. Instead of typing shutdown with the arguments /r /f /t 0, you can type powershell with the arguments restart-computer -force. Here is some more information about it.
 

How to fix clients not reporting to WSUS target groups.

So I came across this this morning which was a simple fix but easy to miss. I noticed that my computers still weren’t going into the target groups that I assigned via Group Policy. Here is how to fix it.

 
 
Click Options on the left-hand side.
 
 
Click Computers.
 
 
Select Use Group Policy or registry settings on computers and click OK.
 
 
Now just wait a bit and the next time your computers send their status to the WSUS server, they should begin to fall into the groups that they belong in.
 

How to find out which process is listening on a port in Windows.

 
Symantec on one of my servers keeps logging a port scan attack coming from my laptop and I can’t figure out which process is causing it. Hopefully this will help.

ex. netstat -a -b

-a Displays all connections and listening ports.

-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.

-n Displays addresses and port numbers in numerical form.

-o Displays the owning process ID associated with each connection.

For more information, click here.

P.S. This may create a lot of data to try and sift through in the command prompt so instead you can output everything to a text file by entering > filename.txt afterwards.

ex. netstat -a -b >netstat.txt

This will create a text file in the system32 folder or whatever directory you happen to be running command prompt from.

How to configure clients to pull updates from a WSUS server through Group Policy Management

 
Open Group Policy Management (above).
 
Drill down to the Organizational Unit containing the computers you would like to configure this for. This is a Computer Policy so no need to apply this to any OU containing Users. Right-click and choose Create a GPO in this domain, and Link it here…
 
 
Name it.
 
 
Click OK. Drill down to Computer Configuration –> Policies –> Administrative Templates –> Windows Components –> Windows Update.
 
 
Here are some of my settings. Notice the setting called Enable client side targeting. This is where you name the target group that these computers are listed under in the WSUS console.
 
 
The most important one is the one that tells your computers where your WSUS update server is.
 
Scroll down to find Specify intranet Microsoft update service location. Enter your WSUS server’s Fully Qualified Domain Name (FQDN) followed by the port number. I set them both the same. The default port is 8530.
 
ex. server.ad.mycompany.com:8530
 
 
That’s it. You should see the Group Policy Object (GPO) that you just created in the Organizational Unit. Assuming you’ve properly organized your computers into this group, once your clients do a Group Policy Update, they should begin pulling updates from the WSUS server you set up. You can also force a Group Policy update on the clients by opening a command prompt and typing ‘gpupdate’.
 
 

How to fix “Error: Database Error” Reset Server Node on WSUS

So after installing WSUS on Server 2012, I returned to it the next day to see this. Clicking Reset Server Node does nothing.

 
 
If you’ve ever dealt with WSUS for an extended period of time, you’re probably used to this and if you haven’t, get used to it.
 
So in the event viewer I saw these errors. Always a fun way to start your Friday…
 
 
__
 
Event 7032
 
The WSUS administration console was unable to connect to the WSUS Server via the remote API. 
 
Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.
 
The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, 
 
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%MicrosoftMMC.
 
System.IO.IOException — The handshake failed due to an unexpected packet format.
__
 
Event 7053
 
The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, 
 
Try removing the persisted preferences for the console by deleting the wsus file under %appdata%MicrosoftMMC.
__
 
Event 12072
 
The WSUS content directory is not accessible.
__
 
Event 12052
 
The DSS Authentication Web Service is not working.
__
 
Event 12042
 
The SimpleAuth Web Service is not working.
__
 
Event 12022
 
The Client Web Service is not working.
__
 
Event 12032
 
The Server Synchronization Web Service is not working.
__
 
Event 12012
 
The API Remoting Web Service is not working.
__
 
Event 12002
 
The Reporting Web Service is not working.
__
 
Event 13042
 
Self-update is not working.
__
 
That’s a lot of errors and this is right after a WSUS reinstall. When I restarted, it seemed like it would work for a bit and then crash again.
 
After going into IIS Manager, I noticed that WSUS Pool has stopped under Application Pools. I dug around a bit and found that this is a memory issue for this particular application pool. 
 
 
In order to fix this, you have to select WsusPool and click Recycling.
 
 
Deselect Private memory usage (in KB)
 
 
Leave everything else the same and click Next. Then click Finish.
 
 
Now start WsusPool.
 
 
Now WSUS should start up for you.
 
 

How to install and configure WSUS (Windows Server Update Service)

 
Open Server Manager
 
 
Click Add roles and features
 
 
Click Next, choose Role-base or feature-based installation
 
 
Click Next. Choose your server. I will be installing this on the local server.
 
 
Click Next. Scroll down and choose Windows Server Update Services.
 
 
I believe .NET Framework 3.5 is required. I don’t remember because this is a reinstall and I already have it and .NET Framework 4.5 installed as well.
 
 
Click Next.
 
 
Click Next. Here you have the option of installing it with the Windows Internal Database (which is more than capable for smaller environments) or installing to a SQL server database that you might have in your environment. You can either choose WID Database and WSUS Services or Database and WSUS Services.
 
 
Click Next. Now choose how you want to store your updates. You can choose to store them on a file share of some sort or you can have each client download directly from Microsoft update. In my environment, we have one location where the servers reside and then some remote locations. I’d still like to manage the updates for them but in my opinion, it would be better for those clients to download straight from Microsoft Update instead of over our VPN so I will uncheck the box.
 
 
Click Next. I also have a database server so I will elect to use that so I will enter the name of that here. If you elected to use the Windows Internal Database (WID), you will not see this.
 
 
Click Next. Make sure everything is the way you like it and click Install.
 
 
 
And now we wait.
 
After it is finished installing and you elected to use your own database server, you will be met with this dialog box when you open WSUS. Put in the name of your database server and click Run.
 
 
Next will be the Configuration Wizard. Click Next.
 
 
It’s obviously up to you whether you would like to share your data with Microsoft. Click Next.
 
 
This is my only server running WSUS so I will click Next.
 
 
I don’t need to use a Proxy Server so I will click Next.
 
 
This part is self explanatory. Click Start Connecting. This may take awhile.
 
 
Click Next. Now choose the products that you would like to manage updates for.
 
 
Click Next. Now choose your classifications.
 
 
Click Next. Choose how you would like to handle synchronizations. I like mine to be as automatic as I can.
 
 
Click Next. Choose whether you would like to Begin Initial Synchronization or not.
 
 
Once it opens, I’m going to turn on Automatic Approvals so I will go to Options.
 
 
Click Automatic Approvals.
 
 
You should see Default Automatic Approval Rule. (If not create it.) Check the box next to it and click Edit.
 
 
Select which updates to approve. This is up to you.
 
 
Well looks like I’ll have to wait to change that.
 
 
Eventually you’ll have to configure your clients and servers to receive updates from your WSUS server through Group Policy. When you do that, you can specify how they are grouped in WSUS. Now I don’t remember if this is done automatically after you set it and push the Group Policy or if you have to do this first manually but I’d rather be safe than sorry so I will create the two groups here. This is not necessary to do and they can be left unassigned.

Rick click All Computers and click Add Computer Group…, name each group (remember these for the group policy creation later) and click Add.

 
 
I chose Workstations and Servers so I will eventually have to create two separate group policies, one for my workstations and one for my servers. Another option I thought of would be to do this by site or location.
 
 
There are a ton more settings that you can change that I won’t go into now but maybe I’ll cover in future posts. This should get you pointed in the right direction. Your clients will not pull updates from this server unless configured to do so and that should be done through group policy. I cover that here.

UPDATE 9/12/17

I forgot a step. In order for the computers to go into their groups (after being assigned via Group Policy) a setting needs to be changed here. Click Options –> Computers –> Use Group Policy or registry settings on computers –> OK.

 
 
 

How to restart Windows from the command line.

 
This has become especially helpful for me since Windows Server 2012 (not R2) does not come with an easy option to do this. In fact I’ve become quicker doing it this way anyway so it’s a win-win.
 
Open up your handy dandy command prompt. This can be done in a few ways. 
 
I usually need to run as Administrator so I’ve made a habit of hitting the Windows key on the computer to bring up the Start menu, typing CMD and then hitting Ctrl+Shift+Enter. 
 
Otherwise, click Start, type CMD, right-click on it and click ‘Run As Administrator’. 
(You can also hit Windows+R for the Run menu, then type in CMD but this won’t run as administrator by default.)
 
 
Now type in shutdown.exe /r /t 0 and hit Enter. The /r switch means restart and the /t 0 means the time in seconds until it happens.
 
 
Now I don’t think this can be done without the /t 0 and frankly I’m too lazy to test it right now but if you want some help on some of the other switches, here is the Microsoft article.
 

Scroll to top