troubleshooting

Published on TNWIKI: .Net Framework 3.5 Troubleshooting: installation errors (Permission issue)


Published at: .Net Framework 3.5 Troubleshooting: installation errors (Permission issue)

Applies to

  • Window Server 2016

Issue

.Net Framework 3.5 installation fails on Windows Server 2016

Troubleshooting

Tried many solutions like below

.NET 3.5 Uninstall detected

See:
MIM 2016 Troubleshooting: The installation just hanging without error, warning, log, Event-log

Windows Feature installation

See:
Windows Server 2012 R2 Troubleshooting: .NET Framework 3.5 installation failure (Offline/Online)

GPO Setting

See:
.Net Framework 3.5 Troubleshooting: installation errors (GPO)

Hotfix issue

See:
SharePoint 2013 Troubleshooting: NET 3.5 framework add feature error (the source files could not be found)

Solution

Grant read permission to the Everyone group on the installation files.

Check:
https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features

 

Important

When you are installing feature files from a remote source, the source path or file share must
grant
Read permissions either to the
Everyone
group (not recommended for security reasons), or to the computer (local system) account of the destination server; granting user account
access is not sufficient.

Servers that are in workgroups cannot access external file shares, even if the computer account for the workgroup server has
Read permissions on the external share. Alternate source locations that work for workgroup servers include installation media, Windows Update, and VHD or WIM files that are stored on the local workgroup
server.

See also

References


 

Advertisements

Fresh on TNWiki: MIM 2016 Troubleshooting: The installation just hanging without error, warning, log, Event-log


Published on TNWIKI: MIM 2016 Troubleshooting: The installation just hanging without error, warning, log, Event-log

Credits

This issue was initially reported by
Guy Horn on LinkedIN
, republished with permission.

(Guy Horn’s LinkedIn profile)

Issue

When you try to install MIM, it continuously fails.

You can’t  add .NET Framework 3.5.

Symptoms

The installation was just hanging without error, warning, log, Event-log

Root cause

The problem was that some features were removed from the Windows Server Image.

Solution

NetFx3 should be specified and not ‘Net-Framework-Core’.

After re-adding the feature just ‘Add-WindowsFeature Net-Framework-Core’.

Detecting the issue

Run this PowerShell command, to find the removed features

# This command shows removed items from the Windows Azure Server 2016 Datacenter image.

Get-WindowsFeature
| Where-Object
-FilterScript {($_.installstate
-like “Removed”)}

Solution

Restore the optional feature

# This command restores the optional feature, MyFeature, to the Online Windows image. If the files are not found in the source image, this command specifies not
to check Windows Update for the source files.

Enable-WindowsOptionalFeature
-Online -FeatureName
“NetFx3” -Source
f:\sources\sxs -LimitAccess
-All

Add .NET FW core

# Add the feature

Add-WindowsFeature
-name net-framework-core

Script

# This command shows removed items from the Windows Azure Server 2016 Datacenter image.

Get-WindowsFeature
| Where-Object
-FilterScript {($_.installstate
-like “Removed”)}

 

# This command restores the optional feature, MyFeature, to the Online Windows image. If the files are not found in the source image, this command specifies not
to check Windows Update for the source files.

Enable-WindowsOptionalFeature
-Online -FeatureName
“NetFx3” -Source
f:\sources\sxs -LimitAccess
-All

 

# Add the feature

Add-WindowsFeature
-name net-framework-core

 


 

Using SPF to block mail account spoofing

Introduction

Did you ever got a mail from yourself, but you’re sure you did not send it?

This week I got that mail from a mail alias I’m using, so it’s actually not a native mailbox, but a mail forwarder address, which makes the claim that “the mailbox is hacked” pretty silly…

But if you got this message from a native mailbox, it does sound scary, isn’t it?

I already had some similar symptoms on other mail addresses in the same domain.

Symptoms

You get a mail from your own mail address… which is called mail spoofing.
And it looks like:

mailspoof

Spoofed mail message content

Hi!

As you may have noticed, I sent you an email from your account.
This means that I have full access to your account.

I’ve been watching you for a few months now.
The fact is that you were infected with malware through an adult site that you visited.

If you are not familiar with this, I will explain.
Trojan Virus gives me full access and control over a computer or other device.
This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it.

I also have access to all your contacts and all your correspondence.

Why your antivirus did not detect malware?
Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent.

I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched.
With one click of the mouse, I can send this video to all your emails and contacts on social networks.
I can also post access to all your e-mail correspondence and messengers that you use.

If you want to prevent this,
transfer the amount of $778 to my bitcoin address (if you do not know how to do this, write to Google: “Buy Bitcoin”).

My bitcoin address (BTC Wallet) is: 1GoWy5yMzh3XXBiYxLU9tKCBMgibpznGio

After receiving the payment, I will delete the video and you will never hear me again.
I give you 48 hours to pay.
I have a notice reading this letter, and the timer will work when you see this letter.

Filing a complaint somewhere does not make sense because this email cannot be tracked like my bitcoin address.
I do not make any mistakes.

If I find that you have shared this message with someone else, the video will be immediately distributed.

Best regards!

Root cause

The DNS setting of your domain is missing SPF records, that counter mail spoofing (an unauthorized mail server, user or hacker sending mail as “you”)…

Troubleshooting

When looking at the mail properties it’s pretty difficult (if not impossible) to find out who actually has sent the mail….

Solution

Basic domain settings

Add an SPF record to your domain DNS settings.

To get started, look up your mail provider or hosting provider’s name + SFP.

FYI, I’m hosting my domains at one.com, they’ve got some straight forward advise to configure the DNS. For any other domain, at any other provider it’s similar.

Office 365

When you buy a domain, but host your mail on O365, there are some additional settings to configure. But Office 365 will explain.

The easy part, logon to your O365 tenant, and check your domain health (see video below)

For more info, check these documents:

References

SPF tooling

Other security options

See also

Hotmail/Outlook.com Solving Mass Mailing Delivery Issues

Short URL: Http://aka.ms/outlook.com/help

While SPF is the first step, you should also consider DMARC and DKIM.

 

#MIM2016 Troubleshooting: SQL Connection issues

On TNWiki you’ll find my latest article on MIM 2016 troubleshooting.

MIM 2016 Troubleshooting: SQL Connection issues

This week I got (dragged into/) involved in a MIM 2016 performance troubleshooting, on a test / dev server, facing a large bunch of errors.

The first detection happened on the sync server, but apparently rather it’s twin brother was causing the issues.

It became pretty quickly obvious that MIM was not able to connect to (one of) it’s databases on the SQL server, so the sync engine was unable to pull information from the MIM service.

Also bizar, we could still work on the MIM sync GUI, but almost any MA action in the GUI failed…

Furthermore the Portal did not respond and finally the “MIM Service” service, didn’t behave as expected, not willing to start.

The event viewer contained the obvious amount of errors…

Finally,  the SQL DBA to the rescue.

I’ve added a lot of significant technical event info into the article, to make it easy to search for you, for later reference.

Read the tech details in: MIM 2016 Troubleshooting: SQL Connection issues

#MIM2016 Troubleshooting: Uninstall fails with error – Administrator privileges are required to run installer. Please re-launch installer with administrator privileges.

I’ve got a new post up on TechNet Wiki about MIM2016 troubleshooting:

Full version at the TNWIKI: MIM2016/FIM2010 Troubleshooting: Uninstall fails with error – Administrator privileges required

Feel free to add useful information yourself, I’m looking forward to your feedback and cooperation to make it better.

The short version is below.

Rikard Strand Jump has published a similar article, which has served as baseline for this article. Rik’s article is focussed on DirSync, but the troubleshooting below is more widely applicable and even programs not related to FIM/MIM/DirSync…

When you try to uninstall or to change the component from the Control Panel > Programs (Uninstall a program), you get a error pop up, saying:

Administrator privileges are required to run installer. Please re-launch installer with administrator privileges.
There are some troubleshooting steps, including running the Control Panel in administrator mode.
If that doesn’t work, you need to find the uninstaller info in the registry and run the msiexec command with the uninstaller info.
Open the registry editor and navigate to

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

In this directory you’ll find the installed programs with their GUID, which is mostly fixed per application.

Eg

  • MIM 2016: {5A7CB0A3-7AA2-4F40-8899-02B83694085F}
  • DirSync/AADConnect: {C9139DEA-F758-4177-8E0F-AA5B09628136}

And finally, the quick and dirty option is to kill the uninstall registry key before your run the uninstall from the control panel again

In case of MIM2016
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5A7CB0A3-7AA2-4F40-8899-02B83694085F}
You know the usual warning: I didn’t tell you to delete the registry key.

Note-to-self: You lost access to your initial Office 365 admin?

Although Microsoft has built in quite some methods to regain access to your 0365 tenant/account, you might have some bad luck one day… (experience talking here)

First of all you should try the default options, meaning : the password reset options.

The direct way to get there is the first link to bookmark: https://passwordreset.microsoftonline.com/

Another way to get there is in the 0365 logon page (also for Azure),

o365_1

If you forgot your password or can’t access the account, hit the link at the bottom.
You get directed to :

o365_2

If you know the logon, you can proceed to

o365_3

You notice that the verification is pointing to your alternative mail address or your mobile number…

But what if you forgot your original logon ID (mail address), eg in case you have setup a test tenant in 0365 with an mail address you don’t use frequently? (yes, that happens)

If that is not working or you need more help, check these options:

And if you really ran out of luck: you might raise a ticket and ask for help. https://portal.office.com/support/newsignupservicerequest.aspx

Anyway, as shown there are some options when configuring 0365 that should keep you out of trouble in the first place

  • make sure to add a mobile number to your user account
  • make sure to add a secondary email address to your account (not belonging to your O365 domain)
  • Configure and test MFA (multifactor Authentication), eg with the Authenticator app
  • add a secondary admin account with sufficient rights (with the same security measures!)

Note-to-self: Windows 10 numeric keypad not working

Once they know you do “something with computers”, you can’t escape your family request fixing anything that goes wrong on machines with a CPU, right?

Last weekend a laptop was dropped of with a bizare symptom: once logged in, the numeric keypad stopped working.
Freshly migrated to Windows 10, a Toshiba Satellite c(something)…

When you quickly search for it on bing/google… you’ll find some hints like

  • updating BIOS (check, latest installed)
  • checking BIOS (well, …nah, it is working at logon)
  • registry settings (maybe, but ..nope, lets first try the normal stuff)
  • some other windows settings

This one got me started, but actually discussed the solution for Windows 7.
” if you have Windows 7, just go to Ease of Access Center >>>>>> Turn on Mouse Keys and make sure it’s unchecked”

Well, how about Windows 10?

First go to Settings.

w10settings

Find the Ease Of Access

Within Ease of Access, check the Mouse option

w10_eoa_mouse

In the Mouse settings, check the Mouse Keys settings.
Make sure the option to “use numeric keypad to move mouse around the screen” is disabled/off.

Easy, simple, but this single setting isn’t easily found, as you won’t think about mouse settings.

Certainly, when searching apps, files and settings, and the setting does not show up when typing “numeric” or “keypad”