Recently we came across the issue that the sccm console from server and client pcs’s fails to connect to site for the first time. It will give the below error.
“The Configuration Manager console cannot connect to the Configuration Manager site database. Verify the following:
• This computer has network connectivity to the SMS Provider computer.
• Your user account has Remote Activation permission on the Configuration Manager site server and the SMS Provider computer.
• The Configuration Manager console version is supported by the site server.
• You are assigned to at least one role-based administration security role.
• You have the following WMI permissions to the Root\SMS and Root\SMS\site_<site code> namespaces: Execute Methods, Provider Write, Enable Account, and Remote Enable.”
To give a brief idea on what happened,
- Prior to database migration the SMS provider was installed on the database server.
- During migration MSSUPPORT moved the SMS provider to application/site server.
- After successfull migration, when we try to launch the console we can see that it was trying to connect to old database and then it fails.
The below steps were done by MSSUPPORT to remove the old instance name from the sms provider list.
- Checked logs file SMSAdminUI.log
- No errors
- Connected to SCCM server
- Clicked “Connect to Site”
- Clicked on SCCM primary site proprieties
- Found that there was two SMS provider” as looks like the reinstall Provider on SCCM server and before was on old SQL server
- Closed opened SCCM Console
- Opened Wbemtest
- Checked WMI & connected to Root\SMS
- Clicked on “Enum Classes” then clicked “Recursive”
- Double clicked on SMS_Providorlocaiton ()
- Opened instance
- We can see two Providers
- Selected old provider and deleted old provider
Opened SCCM console and it opened directly to site
Inrecently encountered an error on wsus server running on OS 2012 R2. The KB3159706 was the cluprit. There are some manual configuration agter installing this update.
Go to c:\program files\update services\tools\wsusutil.exe postinstall /servicing. Wait for a few minutes.
Restart wsus service
Remove wsus from %appdata%\microsoft\mmc
The wsus console should now be working.
This solved the issue for me. Hope this helps someone.
Download and install URLScan. Installation is straightforward. You do not need to consult any document.
Two main files (Urlscan.dll and Urlscan.ini) that we need for configuring URLScan is by default located in the folder C:\Windows\System32\Inersrv\urlscan\
By default after installation, URLScan will be configured as a global filter, ie in IIS on the top level. So the filter will be applied on all sites created in IIS.
The other way is to apply URLScan 3.1 filter on individual site level. In that way you can configure urlscan filter for individual sites.
For example you have 2 sites, site1 and site2 under IIS.
Open IIS and on the right hand side, open feature “ISAPI Filters”. You will see URLScan 3.1. Remove the filter.
Copy URLScan.ini and URLScan.dll from c:\windows\system32\inetsrv\urlscan\
Now right click site1 and select “browse” and paste URLScan.ini and URLScan.dll. Edit URLScan.ini according to your hardening requirements.
Now open ISAPI filter for site1 and add urlscan filter. Name : URLScan and path: path-to-site1 and move it to the top of the list. You can select ordered list and use up arrow to move urlscan to top pf list.
Similarly you can do it for site2.
You can edit URLScan.ini to point a log directory, so that any failed url’s will be registered.
open command prompt and use the command netstat -an.
To filter details for a particular ip , you may use the below syntax :
netstat -an | find ” 192.168.100.1″
Or to check for a specific port netstat -an | findstr “443”
Or to get more details like the process id which is using the port,
Netstat -bano | findstr “443”
net user username | findstr “logon”
To get all details,
net user username
Its preferred to set the advanced audit policy through command prompt/powershell other than GUI. It has to be noted that even after you apply the settings through command, in the gui it might not reflect. But that is not an issue. Thats as far as i know.
- Computer configuration-security settings-security options
- Set the policy “Audit:Force audit policy subcategory settings (windows vista or later) to override audit policy category settings” to “Enabled”.
To get full information of advanced audit policy on a server, use the command
- Auditpol.exe /get /category:*
In that you can see categories and sub categories listed with the status success/failure/not configured.
Few examples below :
- Auditpol.exe /set /subcategory:”credential validation” /success:enable /failure:enable
The below command will enable only success
- Auditpol.exe /set /subcategory:”credential validation” /success:enable
The below commmand will set credential validation to “no auditing”
- Auditpol.exe /set /subcategory:”credential validation” /success:disable /failure:disable
You can group all of them and save it as a power shell script or a bat h file and run it on required machines.
Please refer to the microsoft link for detailed info : https://technet.microsoft.com/en-us/library//dd408940(v=ws.10).aspx
Open command prompt with a user name that has access to remote server. If local and remote server are in workgroup, its easier if you have same account with password in both servers. Either you should log in with the account name on local pc and open a command promt or you can run as different user and open command prompt.
Qwinsta /server:servername or ipaddress
It will list you all the logged on sessions on the remote server. Now using the session id, we can log off the user from remote server.
Qwinsta /sessionid /servername or ipaddress