Note-to-self: Windows 10 numeric keypad not working

Once they know you do “something with computers”, you can’t escape your family request fixing anything that goes wrong on machines with a CPU, right?

Last weekend a laptop was dropped of with a bizare symptom: once logged in, the numeric keypad stopped working.
Freshly migrated to Windows 10, a Toshiba Satellite c(something)…

When you quickly search for it on bing/google… you’ll find some hints like

  • updating BIOS (check, latest installed)
  • checking BIOS (well, …nah, it is working at logon)
  • registry settings (maybe, but ..nope, lets first try the normal stuff)
  • some other windows settings

This one got me started, but actually discussed the solution for Windows 7.
” if you have Windows 7, just go to Ease of Access Center >>>>>> Turn on Mouse Keys and make sure it’s unchecked”

Well, how about Windows 10?

First go to Settings.

w10settings

Find the Ease Of Access

Within Ease of Access, check the Mouse option

w10_eoa_mouse

In the Mouse settings, check the Mouse Keys settings.
Make sure the option to “use numeric keypad to move mouse around the screen” is disabled/off.

Easy, simple, but this single setting isn’t easily found, as you won’t think about mouse settings.

Certainly, when searching apps, files and settings, and the setting does not show up when typing “numeric” or “keypad”

Active Directory PowerShell: List items with “Protect object from accidental deletion” setting

Freshly posted for you on TNWiki: http://social.technet.microsoft.com/wiki/contents/articles/36088.active-directory-powershell-list-items-with-protect-object-from-accidental-deletion-setting.aspx

 


Introduction

Ever got in a situation where you as AD domain admin were blocked from
deleting items?

Or did you ever receive an “Access denied” when you tried to delete items
from AD, even with full admin rights?

Then you better check if AD has the “protect from accidental deletion”
activated on the object, container or OU…

In case you want to check a larger collection of items for this setting, it
quickly becomes complicated.

This article helps you to get an overview by using Powershell, and an export
of the impacted items to a CSV file.

As explained by : James ONeill (Windows Server 2008 Protection from Accidental Deletion)

“The functionality to prevent accidental deletion is not based on a new attribute in Active Directory.  It is enabled by ticking a check box on the Object tab of the particular object you wish to protect.  The Object tab is only visible when the Advanced Features option is selected from the View menu of Active Directory Users and Computers. When the tick box is checked the permissions on the object are changed. A “Deny” permission is created which stops deletion of the object.  “

 


Overview

This script finds all AD objects protected from accidental deletions.

 


Credits

This script uses logic that has been developed by:

 


Source references



Active Directory OU Permissions Report: Free PowerShell Script Download

 


Preventing Unwanted/Accidental deletions and Restore deleted objects in Active
Directory

 


Windows Server 2008 Protection from Accidental Deletion

 


Prerequisites

This script only runs if you can load the AD PS module eg. run the analysis
on a DC.

 


Downloads (Gallery)

 


Source Code

Full Version (with progress bar)

001002

003

004

005

006

007

008

009

010

011

012

013

014

015

016

017

018

019

020

021

022

023

024

025

026

027

028

029

030

031

032

033

034

035

036

037

038

039

040

041

042

043

044

045

046

047

048

049

050

051

052

053

054

055

056

057

058

059

060

061

062

063

064

065

066

067

068

069

070

071

072

073

074

075

076

077

078

079

080

081

082

083

084

085

086

087

088

089

090

091

092

093

094

095

096

097

098

099

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122


<##############################################################################
Author: Peter Geelen

Quest For Security

October 2016
https://identityunderground.wordpress.com

This script finds all AD objects protected by accidental deletions.

Credits: This script uses logic that has been developed by:

– Ashley McGlone, Microsoft Premier Field Engineer, March 2013, http://aka.ms/GoateePFE

– Source: https://gallery.technet.microsoft.com/Active-Directory-OU-1d09f989

LEGAL DISCLAIMER

This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment.

THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,

INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object code form of the Sample Code,

provided that You agree:

(i) to not use Our name, logo, or trademarks to market Your software product in which the Sample Code is embedded;

(ii) to include a valid copyright notice on Your software product in which the Sample Code is embedded;and

(iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorneys  fees, that arise or result from the use or distribution of the Sample Code.

 

This posting is provided “AS IS” with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

##############################################################################>


#—————————————————————————–

#Source references


#—————————————————————————–


#Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory

#abizer_hazratJune 9, 2009


#https://blogs.technet.microsoft.com/abizerh/2009/06/09/preventing-unwantedaccidental-deletions-and-restore-deleted-objects-in-active-directory/


#Windows Server 2008 Protection from Accidental Deletion

#James ONeill, October 31, 2007


#https://blogs.technet.microsoft.com/industry_insiders/2007/10/31/windows-server-2008-protection-from-accidental-deletion/


#—————————————————————————–

#Prerequisites: 


#this script only runs if you can load the AD PS module

#eg. run the analysis on a DC


#—————————————————————————–

cls

import-module activedirectory


#—————————————————————————–

#initialisation


#—————————————————————————–


#the CSV file is saved in the same directory as the PS file

$csvFile = $MyInvocation.MyCommand.Definition -replace ‘ps1’,‘csv’

$report = @()

#(*) Credits 

$schemaIDGUID = @{}


### NEED TO RECONCILE THE CONFLICTS ###

$ErrorActionPreference = ‘SilentlyContinue’

Get-ADObject -SearchBase (Get-ADRootDSE).schemaNamingContext -LDAPFilter ‘(schemaIDGUID=*)’ -Properties name, schemaIDGUID |

 ForEach-Object {$schemaIDGUID.add([System.GUID]$_.schemaIDGUID,$_.name)}

Get-ADObject -SearchBase “CN=Extended-Rights,$((Get-ADRootDSE).configurationNamingContext)” -LDAPFilter ‘(objectClass=controlAccessRight)’ -Properties name, rightsGUID |

 ForEach-Object {$schemaIDGUID.add([System.GUID]$_.rightsGUID,$_.name)}

$ErrorActionPreference = ‘Continue’

#(*)


#—————————————————————————–

#Functions


#—————————————————————————–

function CheckProtection

{

    param($obj)

    $path = “AD:\” + $obj

    Get-Acl -Path $path | `

    Select-Object -ExpandProperty Access | `

    Where-Object {($_.ActiveDirectoryRights -like “*DeleteTree*”-AND ($_.AccessControlType -eq “Deny”)} | `

        #(*)

        Select-Object @{name=‘Object’;expression={$obj}}, `

        @{name=‘objectTypeName’;expression={if ($_.objectType.ToString() -eq ‘00000000-0000-0000-0000-000000000000’) {‘All’Else {$schemaIDGUID.Item($_.objectType)}}}, `

        @{name=‘inheritedObjectTypeName’;expression={$schemaIDGUID.Item($_.inheritedObjectType)}}, `

        #(*)

        ActiveDirectoryRights,

        ObjectFlags,

        AccessControlType,

        IdentityReference,

        IsInherited,

        InheritanceFlags,

        PropagationFlags

}


#—————————————————————————–

#MAIN


#—————————————————————————–

#add the top domain

$OUs = @(Get-ADDomain | Select-Object -ExpandProperty DistinguishedName)

#add the OUs

$OUs += Get-ADOrganizationalUnit -Filter * | Select-Object -ExpandProperty DistinguishedName

#add other containers

$OUs += Get-ADObject -SearchBase (Get-ADDomain).DistinguishedName -LDAPFilter ‘(|(objectClass=container)(objectClass=builtinDomain))’ | Select-Object -ExpandProperty DistinguishedName


#if you don’t want to scan the builtin container use line below instead of line above


#$OUs += Get-ADObject -SearchBase (Get-ADDomain).DistinguishedName -LDAPFilter ‘(objectClass=container)’ | Select-Object -ExpandProperty DistinguishedName


#set the target objects types to investigate


#including users, groups, contacts, computers

$ldapfilter = ‘(|(objectclass=user)(objectclass=group)(objectclass=contact)(objectclass=computer))’


#$ldapfilter = ‘(|(objectclass=user)(objectclass=group)(objectclass=contact)(objectclass=computer)(objectclass=Foreign-Security-Principal))’


#not included: Foreign-Security-Principal, msTPM-InformationObjectsContainer, msDS-QuotaContainer, lostAndFound,

$iSeqNo = 0

$OUCount = $OUs.Count

ForEach ($OU in $OUs

{

    $iSeqNo++

    $pct = ([int]($iSeqNo/$OUCount * 100))

    $activity = “Analyzing container: “+ $OU

    Write-Progress -activity $activity -status “Please wait” -percentcomplete $pct -currentoperation “now processing container $iSeqNo of $OUCount” -id 1

    #check the protection of the parent container

    $isProtected = 

    $isProtected = CheckProtection $OU

    if ($isProtected -ne $null) {$report += $isProtected}

    

    #Lookup the child target objects in the parent container

    $objects = Get-ADObject -SearchBase $OU -SearchScope OneLevel -LDAPFilter $ldapfilter | Select-Object -ExpandProperty DistinguishedName

    $iSubSeqNo = 0

    $ObjCount = $objects.Count

    

    #check the protection of the child objects

    ForEach ($object in $objects)

    {

        $iSubSeqNo++

        $iSubpct = ([int]($iSubSeqNo/$ObjCount * 100))

        $SubActivity = “Analyzing object: “+ $object 

        Write-Progress -activity $SubActivity -status “Please wait” -percentcomplete $iSubpct -currentoperation “now processing object $iSubSeqNo of $ObjCount” -ParentId 1 -id 2

    

        $isProtected = 

        $isProtected = CheckProtection $object

        if ($isProtected -ne $null) {$report += $isProtected}

    }

        Write-Progress -activity “Analyzing object completed.” -status “Proceeding” -Completed -ParentId 1 -id 2

}

$report | Format-Table -Wrap

$report | Export-Csv -Path $csvFile -NoTypeInformation

 

Light version (without progress bar)

001002

003

004

005

006

007

008

009

010

011

012

013

014

015

016

017

018

019

020

021

022

023

024

025

026

027

028

029

030

031

032

033

034

035

036

037

038

039

040

041

042

043

044

045

046

047

048

049

050

051

052

053

054

055

056

057

058

059

060

061

062

063

064

065

066

067

068

069

070

071

072

073

074

075

076

077

078

079

080

081

082

083

084

085

086

087

088

089

090

091

092

093

094

095

096

097

098

099

100

101

102


<##############################################################################
Author: Peter Geelen Quest For Security  October 2016

https://identityunderground.wordpress.com

This script finds all AD objects protected by accidental deletions.

Credits: This script uses logic that has been developed by:

– Ashley McGlone, Microsoft Premier Field Engineer, March 2013, http://aka.ms/GoateePFE

– Source: https://gallery.technet.microsoft.com/Active-Directory-OU-1d09f989

LEGAL DISCLAIMER

This Sample Code is provided for the purpose of illustration only and is not intended to be used in a production environment.

THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,

INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR PURPOSE.

We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object code form of the Sample Code,

provided that You agree:

(i) to not use Our name, logo, or trademarks to market Your software product in which the Sample Code is embedded;

(ii) to include a valid copyright notice on Your software product in which the Sample Code is embedded;and

(iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorneys  fees, that arise or result from the use or distribution of the Sample Code.

 

This posting is provided “AS IS” with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm.

##############################################################################>


#—————————————————————————–

#Source references


#—————————————————————————–


#Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory

#abizer_hazratJune 9, 2009


#https://blogs.technet.microsoft.com/abizerh/2009/06/09/preventing-unwantedaccidental-deletions-and-restore-deleted-objects-in-active-directory/


#Windows Server 2008 Protection from Accidental Deletion

#James ONeill, October 31, 2007


#https://blogs.technet.microsoft.com/industry_insiders/2007/10/31/windows-server-2008-protection-from-accidental-deletion/


#—————————————————————————–

#Prerequisites: 


#this script only runs if you can load the AD PS module

#eg. run the analysis on a DC


#—————————————————————————–

cls

import-module activedirectory


#—————————————————————————–

#initialisation


#—————————————————————————–


#the CSV file is saved in the same directory as the PS file

$csvFile = $MyInvocation.MyCommand.Definition -replace ‘ps1’,‘csv’

$report = @()

#(*) Credits 

$schemaIDGUID = @{}


### NEED TO RECONCILE THE CONFLICTS ###

$ErrorActionPreference = ‘SilentlyContinue’

Get-ADObject -SearchBase (Get-ADRootDSE).schemaNamingContext -LDAPFilter ‘(schemaIDGUID=*)’ -Properties name, schemaIDGUID |

 ForEach-Object {$schemaIDGUID.add([System.GUID]$_.schemaIDGUID,$_.name)}

Get-ADObject -SearchBase “CN=Extended-Rights,$((Get-ADRootDSE).configurationNamingContext)” -LDAPFilter ‘(objectClass=controlAccessRight)’ -Properties name, rightsGUID |

 ForEach-Object {$schemaIDGUID.add([System.GUID]$_.rightsGUID,$_.name)}

$ErrorActionPreference = ‘Continue’

#(*)


#—————————————————————————–

#Functions


#—————————————————————————–

function CheckProtection

{

    param($obj)

    $path = “AD:\” + $obj

    Get-Acl -Path $path | `

    Select-Object -ExpandProperty Access | `

    Where-Object {($_.ActiveDirectoryRights -like “*DeleteTree*”-AND ($_.AccessControlType -eq “Deny”)} | `

        #(*)

        Select-Object @{name=‘Object’;expression={$obj}}, `

        @{name=‘objectTypeName’;expression={if ($_.objectType.ToString() -eq ‘00000000-0000-0000-0000-000000000000’) {‘All’Else {$schemaIDGUID.Item($_.objectType)}}}, `

        @{name=‘inheritedObjectTypeName’;expression={$schemaIDGUID.Item($_.inheritedObjectType)}}, `

        #(*)

        ActiveDirectoryRights,

        ObjectFlags,

        AccessControlType,

        IdentityReference,

        IsInherited,

        InheritanceFlags,

        PropagationFlags

}


#—————————————————————————–

#MAIN


#—————————————————————————–

#add the top domain

$OUs = @(Get-ADDomain | Select-Object -ExpandProperty DistinguishedName)

#add the OUs

$OUs += Get-ADOrganizationalUnit -Filter * | Select-Object -ExpandProperty DistinguishedName

#add other containers

$OUs += Get-ADObject -SearchBase (Get-ADDomain).DistinguishedName -LDAPFilter ‘(|(objectClass=container)(objectClass=builtinDomain))’ | Select-Object -ExpandProperty DistinguishedName


#if you don’t want to scan the builtin container use line below instead of line above


#$OUs += Get-ADObject -SearchBase (Get-ADDomain).DistinguishedName -LDAPFilter ‘(objectClass=container)’ | Select-Object -ExpandProperty DistinguishedName


#set the target objects types to investigate


#including users, groups, contacts, computers

$ldapfilter = ‘(|(objectclass=user)(objectclass=group)(objectclass=contact)(objectclass=computer))’


#$ldapfilter = ‘(|(objectclass=user)(objectclass=group)(objectclass=contact)(objectclass=computer)(objectclass=Foreign-Security-Principal))’


#not included: Foreign-Security-Principal, msTPM-InformationObjectsContainer, msDS-QuotaContainer, lostAndFound,

ForEach ($OU in $OUs

{

    #check the protection of the parent container

    $isProtected = 

    $isProtected = CheckProtection $OU

    if ($isProtected -ne $null) {$report += $isProtected}

    

    #Lookup the child target objects in the parent container

    $objects = Get-ADObject -SearchBase $OU -SearchScope OneLevel -LDAPFilter $ldapfilter | Select-Object -ExpandProperty DistinguishedName

    #check the protection of the child objects

    ForEach ($object in $objects)

    {

        $isProtected = 

        $isProtected = CheckProtection $object

        if ($isProtected -ne $null) {$report += $isProtected}

    }

}

$report | Format-Table -Wrap

$report | Export-Csv -Path $csvFile -NoTypeInformation

 

 


Disclaimer

LEGAL DISCLAIMER

This Sample Code is provided for the purpose of
illustration only and is not intended to be used in a production environment.

THIS SAMPLE CODE AND ANY RELATED INFORMATION ARE PROVIDED “AS IS” WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED,

INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A PARTICULAR  PURPOSE.

We grant You a nonexclusive, royalty-free right to use and modify
the Sample Code and to reproduce and distribute the object code form of the
Sample Code,

provided that You agree:

(i) to not use Our name, logo, or
trademarks to market Your software product in which the Sample Code is embedded;

(ii) to include a valid copyright notice on Your software product in which
the Sample Code is embedded; and

(iii) to indemnify, hold harmless, and
defend Us and Our suppliers from and against any claims or lawsuits, including
attorneys’ fees, that arise or result from the use or distribution of the Sample
Code.

This posting is provided “AS IS” with no warranties, and confers no
rights.


#MIM2016 Troubleshooting: FIM MA Full import error 0x80070002

This post has been published on TNWiki too, and waiting for your input at: MIM 2016 Troubleshooting: FIM MA Full import error 0x80070002


Symptoms

When you try to run an Full import run profile on the MIMMA, you get an error message in the MIM GUI.

On screen

Unable to run the management agent.

The system cannot find the file specified. (Exception from HRESULT: 0x80070002)

Error message

 

Log Name:      Application
Source:        FIMSynchronizationService
Date:          10/17/2016 5:38:58 PM
Event ID:      6309
Task Category: Server
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      SERVER.SUBDOMAIN.AD.ACCEPT.ROOT
Description:
The server encountered an unexpected error while performing an operation for a management agent.
"BAIL: MMS(39888): ..\ma.cpp(3781): 0x80070002 (The system cannot find the file specified.)
Forefront Identity Manager 4.3.1935.0"
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="FIMSynchronizationService" />
    <EventID Qualifiers="49152">6309</EventID>
    <Level>2</Level>
    <Task>3</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2016-10-17T15:38:58.000000000Z" />
    <EventRecordID>409902</EventRecordID>
    <Channel>Application</Channel>
    <Computer>SERVER.SUBDOMAIN.AD.ACCEPT.ROOT</Computer>
    <Security />
  </System>
  <EventData>
<Data>BAIL: MMS(39888): ..\ma.cpp(3781): 0x80070002 (The system cannot find the file specified.)
Forefront Identity Manager 4.3.1935.0</Data>
  </EventData>
</Event>

Other symptoms

When you try to stop the run of the MIM MA you get an error.

Root cause

The option “run the management agent in a separate process” is activated.

Resolution

Uncheck the option “Run this management agent in a separate process” from the “Configure extensions” item in the management agent properties.


#FIM2010 & #MIM2016 Error 25009 fun stuff on #TNWiki

For the FIM Geeks, I’ve submitted some new FIM/MIM 25009 event troubleshooting articles on TechNet Wiki (http://aka.ms/Wiki)

Plus, a page the collects all the 25009 trroubleshooting resources, including lots of fun stuff of Tim Macauly.

If you got more of this 25009 fun stuff yourself, feel free to add your articles and add them to the collection page.

#FIM2010 upgrade/update failure and roll back

Recently I have been working with several customer that experienced a similar situation:

  • update FIM with a hotfix fails
  • upgrade FIM 2010 to FIM 2010 R2 fails
  • during installation of FIM he FIM services won’t start

All of them result in a roll-back of the installation.

Let me spoil the root cause right away (and then explain): using an SQL port number in the installation wizard.

The installation wizard is not able to connect to the database with a port number.

Solution: use an SQL alias

Background

The FIM Sync Service and/or the FIM servers check the registry for the database server and instance and then connect to SQL and start the service.

The use of a port number seems to break the wizard.
Normally the FIM Services and FIM Sync Services CAN use an SQL port…

Easy fix: set an alias in the SQL Server client network utility

c:\windows\system32\cliconfig.exe

cliconfig

port1433_1

port1433_2

setalias

Then change the registry to use the FIM SQL ALIAS (as server), you don’t need the instance and port anymore (as the alias will take care of it).

For the FIM Sync:

regedit

Check the server and instance configured for the FIM Sync database

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\Server (use SQL Alias)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMSynchronizationService\Parameters\Instance (empty)

for FIM Service

Check the server and instance configured for the FIM Service database

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FIMService\DatabaseServer

 

Reference

I’ve updated the Wiki article with more detailed info at http://social.technet.microsoft.com/wiki/contents/articles/14551.fim-2010-r2-troubleshooting-syncservice-installation-or-upgrade-failure-and-roll-back.aspx

See also:

FIM2010# MIISActivate – FIM Sync service terminated with service-specific error %%-2146234334

This article has been posted on TNWiki at: FIM2010 Troubleshooting: MIISActivate – FIM Sync service terminated with service-specific error %%-2146234334.


 

Situation

 

Failing over a FIM Sync Server to the standby FIM sync server using MIISActivate.

After using successfully MIISActivate, the FIMSync Service fails to start and logs an error in the eventviewer.


 

Symptoms

 

You’ll see 2 error messages in the event viewer, erro 7024 and error 6324.

Error 7024

 

Reference

 

This error is pretty similar or exactly like the error described in the following Wiki article:

FIM2010 Troubleshooting: FIM Sync service terminated with service-specific error %%-2146234334.

 

Screen

 

 

Error message Text

 

Log Name: System
Source: Service Control Manager
Date: 3/02/2016 15:08:59
Event ID: 7024
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: servername.domain.customer
Description:
The Forefront Identity Manager Synchronization Service service terminated with service-specific error %%-2146234334.
Event Xml:
<System>
<Provider Name=”Service Control Manager” Guid=”{555908d1-a6d7-4695-8e1e-26931d2012f4}” EventSourceName=”Service Control Manager” />
<EventID Qualifiers=”49152″>7024</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime=”2016-02-03T14:08:59.670239000Z” />
<EventRecordID>679744</EventRecordID>
<Correlation />
<Execution ProcessID=”516″ ThreadID=”1212″ />
<Channel>System</Channel>
<Computer>servername.domain.customer</Computer>
<Security />
</System>
<EventData>
<Data Name=”param1″>Forefront Identity Manager Synchronization Service</Data>
<Data Name=”param2″>%%-2146234334</Data>
</EventData>
</Event>

 

Error 6324

 

Error message Text

 

Log Name: Application
Source: FIMSynchronizationService
Date: 3/02/2016 15:08:59
Event ID: 6324
Task Category: Server
Level: Error
Keywords: Classic
User: N/A
Computer: servername.domain.customer
Description:
The server encountered an unexpected error and stopped.
“BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\sqlstore\storeimp.cpp(5096): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\sqlstore\storeimp.cpp(493): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(429): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x8023060d (The computer_id in the database does not match this computer.)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2145188339. This is retry number 0.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 1.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 2.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 3.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1041): 0x80131022 (unable to get error text)
Forefront Identity Manager 4.1.3634.0″
Event Xml:
<System>
< Provider Name=”FIMSynchronizationService” />
<EventID Qualifiers=”49152″>6324</EventID>
<Level>2</Level>
<Task>3</Task>
< Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=”2016-02-03T14:08:59.000000000Z” />
< EventRecordID>266336</EventRecordID>
<Channel>Application</Channel>
< Computer>servername.domain.customer</Computer>
<Security />
</System>
< EventData>
<Data>BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\sqlstore\storeimp.cpp(5096): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\sqlstore\storeimp.cpp(493): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(429): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x8023060d (The computer_id in the database does not match this computer.)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x8023060d (The computer_id in the database does not match this computer.)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2145188339. This is retry number 0.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 1.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 2.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\shared\utils\clrhost.cpp(224): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\rules\scriptmanagerimpl.cpp(7886): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(272): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\server.cpp(3960): 0x80131022 (unable to get error text)
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1588): 0x80131022 (unable to get error text)
ERR_: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1027): Error creating com objects. Error code: -2146234334. This is retry number 3.
BAIL: MMS(7916): d:\bt\39459\private\source\miis\server\server\service.cpp(1041): 0x80131022 (unable to get error text)
Forefront Identity Manager 4.1.3634.0</Data>
</EventData>

</Event>

 


 

Solution

 

Restart Service twice

 

At the first attempt, the service will take a very long time to try starting.

When the initial attempt fails, try restarting the FIM Synchronization again.

 

Check DB connection

 

Use a UDL file with the Data Link Properties tool to check if you can connect to the FIM Sync Database.

More info:
FIM2010 Troubleshooting: FIM Sync service terminated with service-specific error %%-2146234334.

 


 

Also on this blog

 


Using Powershell to generate eventviewer statistics and event exports

During FIM health checks we need to have a good overview of the event viewer on the FIM Servers.
In almost any case the event viewer is a good measure of the server’s health.

The more red and yellow you see, the more errors and warnings, the more work you’ll have to get your server in a healthy state.

First goal is to have a general temperature of the health.
Second goal is to have the details to fix the issues.

I’ve created a Powershell to analyse the event viewer logs.

Instead of posting the Powershell in this blog, I’ve published it on TechNet Gallery, over here:

https://gallery.technet.microsoft.com/Powershell-Event-log-ab0ded45

There is a companion Wiki article with some guidance and configuration manual.

http://social.technet.microsoft.com/wiki/contents/articles/32204.powershell-event-viewer-statistics.aspx

In short, the Powerscript below is a modular script that offers following functions:

  • display the event log properties
  • analyse number of events per category
  • analyse number of events per severity
  • overview of error events with source, severity and sample message
  • detailed list of last event per eventID

You can configure the script:

  • choice of event logs
  • history length (period of events to report on)
  • enable/disable logging
  • enable/disable result export to file

 

Before you start

  • validate your script execution policy
  • copy the script to a separate folder where you can execute the script
  • validate the script parameters

Script configuration parameters

  • $enableLogging
    • $TRUE = create a transcript of the script during run (does not work in ISE)
    • $FALSE = do not create a verbose log
  • $ExportEnabled
    • $FALSE = do not export the result to file
    • $TRUE = export the results, statistics and event details to file
  • $EventLogList
    • Default: ‘System’,’Application’,’Setup’,’Forefront Identity Manager’,’Forefront Identity Manager Management Agent’
  • $startdate
    • Defines from which point in time the event logs must be analysed
    • HINT: on a system with a large size of event logs, it’s advised to limit the history to x days or x weeks. A large volume event log will impact the usage of script memory.

I’m more than happy if you would test the script and provide me feedback to improve the script.