Wednesday, September 13, 2017

Schedule a restart using task scheduler.

Here's one that I like to use from time to time to schedule a restart for updates.


Open Task Scheduler and click Create Basic Task... and give it a name.


Click Next >. I'll be running this task just once so I'll click One time.


Click Next >. Schedule it


Click Next >.  We're going to be starting a program so click the radio button next to Start a program.


Click Next >. The name of the program is shutdown and in order for it to restart properly, we need to add some arguments. For a list of those arguments, click here

I will be using /r /f /t 0. /r to restart, /f to force any running applications to close and /t 0 so it waits for 0 seconds.


Click Next >. Verify your settings. This task requires some extra settings to guarantee that it runs properly so check the box next to Open the Properties dialog for this task when I click Finish and click Finish.


I may or may not be logged in at the time this task is going to run so I clicked the radio button next to Run whether user is logged on or not. Click OK.


Enter your password and click OK.


Now you should be all set.


If you would like to use Powershell instead, there is also a method for that. Instead of typing shutdown with the arguments /r /f /t 0, you can type powershell with the arguments restart-computer -force. Here is some more information about it.

Schedule a restart using task scheduler.

Here's one that I like to use from time to time to schedule a restart for updates.


Open Task Scheduler and click Create Basic Task... and give it a name.


Click Next >. I'll be running this task just once so I'll click One time.


Click Next >. Schedule it


Click Next >.  We're going to be starting a program so click the radio button next to Start a program.


Click Next >. The name of the program is shutdown and in order for it to restart properly, we need to add some arguments. For a list of those arguments, click here

I will be using /r /f /t 0. /r to restart, /f to force any running applications to close and /t 0 so it waits for 0 seconds.


Click Next >. Verify your settings. This task requires some extra settings to guarantee that it runs properly so check the box next to Open the Properties dialog for this task when I click Finish and click Finish.


I may or may not be logged in at the time this task is going to run so I clicked the radio button next to Run whether user is logged on or not. Click OK.


Enter your password and click OK.


Now you should be all set.


If you would like to use Powershell instead, there is also a method for that. Instead of typing shutdown with the arguments /r /f /t 0, you can type powershell with the arguments restart-computer -force. Here is some more information about it.

Tuesday, September 12, 2017

Clients not reporting to WSUS target groups.

So I came across this this morning which was a simple fix but easy to miss. I noticed that my computers still weren't going into the target groups that I assigned via Group Policy. Here is how to fix it. (I'll update my previous blog entry about setting up WSUS as well.)


Click Options on the left-hand side.


Click Computers.


Select Use Group Policy or registry settings on computers and click OK.


Now just wait a bit and the next time your computers send their status to the WSUS server, they should begin to fall into the groups that they belong in.

Clients not reporting to WSUS target groups.

So I came across this this morning which was a simple fix but easy to miss. I noticed that my computers still weren't going into the target groups that I assigned via Group Policy. Here is how to fix it. (I'll update my previous blog entry about setting up WSUS as well.)


Click Options on the left-hand side.


Click Computers.


Select Use Group Policy or registry settings on computers and click OK.


Now just wait a bit and the next time your computers send their status to the WSUS server, they should begin to fall into the groups that they belong in.

Monday, September 11, 2017

Find out which process is listening on a port in Windows.



Symantec on one of my servers keeps logging a port scan attack coming from my laptop and I can't figure out which process is causing it. Hopefully this will help.

ex. netstat -a -b

-a Displays all connections and listening ports.

-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.

-n Displays addresses and port numbers in numerical form.

-o Displays the owning process ID associated with each connection.

For more information, click here.

P.S. This may create a lot of data to try and sift through in the command prompt so instead you can output everything to a text file by entering > filename.txt afterwards.

ex. netstat -a -b >netstat.txt

This will create a text file in the system32 folder or whatever directory you happen to be running command prompt from.

Find out which process is listening on a port in Windows.



Symantec on one of my servers keeps logging a port scan attack coming from my laptop and I can't figure out which process is causing it. Hopefully this will help.

ex. netstat -a -b

-a Displays all connections and listening ports.

-b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions.

-n Displays addresses and port numbers in numerical form.

-o Displays the owning process ID associated with each connection.

For more information, click here.

P.S. This may create a lot of data to try and sift through in the command prompt so instead you can output everything to a text file by entering > filename.txt afterwards.

ex. netstat -a -b >netstat.txt

This will create a text file in the system32 folder or whatever directory you happen to be running command prompt from.

Friday, September 8, 2017

Configuring clients to pull updates from a WSUS server through Group Policy Management



Open Group Policy Management (above).

Drill down to the Organizational Unit containing the computers you would like to configure this for. This is a Computer Policy so no need to apply this to any OU containing Users. Right-click and choose Create a GPO in this domain, and Link it here...


Name it.


Click OK. Drill down to Computer Configuration --> Policies --> Administrative Templates --> Windows Components --> Windows Update.


Here are some of my settings. Notice the setting called Enable client side targeting. This is where you name the target group that these computers are listed under in the WSUS console.


The most important one is the one that tells your computers where your WSUS update server is.

Scroll down to find Specify intranet Microsoft update service location. Enter your WSUS server's Fully Qualified Domain Name (FQDN) followed by the port number. I set them both the same. The default port is 8530.

ex. server.ad.mycompany.com:8530


That's it. You should see the Group Policy Object (GPO) that you just created in the Organizational Unit. Assuming you've properly organized your computers into this group, once your clients do a Group Policy Update, they should begin pulling updates from the WSUS server you set up. You can also force a Group Policy update on the clients by opening a command prompt and typing 'gpupdate'.


Configuring clients to pull updates from a WSUS server through Group Policy Management



Open Group Policy Management (above).

Drill down to the Organizational Unit containing the computers you would like to configure this for. This is a Computer Policy so no need to apply this to any OU containing Users. Right-click and choose Create a GPO in this domain, and Link it here...


Name it.


Click OK. Drill down to Computer Configuration --> Policies --> Administrative Templates --> Windows Components --> Windows Update.


Here are some of my settings. Notice the setting called Enable client side targeting. This is where you name the target group that these computers are listed under in the WSUS console.


The most important one is the one that tells your computers where your WSUS update server is.

Scroll down to find Specify intranet Microsoft update service location. Enter your WSUS server's Fully Qualified Domain Name (FQDN) followed by the port number. I set them both the same. The default port is 8530.

ex. server.ad.mycompany.com:8530


That's it. You should see the Group Policy Object (GPO) that you just created in the Organizational Unit. Assuming you've properly organized your computers into this group, once your clients do a Group Policy Update, they should begin pulling updates from the WSUS server you set up. You can also force a Group Policy update on the clients by opening a command prompt and typing 'gpupdate'.


WSUS Reset Server Node Error

So after installing WSUS on Server 2012, I returned to it the next day to see this:

Clicking Reset Server Node does nothing.


If you've ever dealt with WSUS for an extended period of time, you're probably used to this and if you haven't, get used to it.

So in the event viewer I saw these errors:

Always a fun way to start your Friday...


__

Event 7032

The WSUS administration console was unable to connect to the WSUS Server via the remote API. 

Verify that the Update Services service, IIS and SQL are running on the server. If the problem persists, try restarting IIS, SQL, and the Update Services Service.

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, 

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.

System.IO.IOException -- The handshake failed due to an unexpected packet format.
__

Event 7053

The WSUS administration console has encountered an unexpected error. This may be a transient error; try restarting the administration console. If this error persists, 

Try removing the persisted preferences for the console by deleting the wsus file under %appdata%\Microsoft\MMC\.
__

Event 12072

The WSUS content directory is not accessible.
__

Event 12052

The DSS Authentication Web Service is not working.
__

Event 12042

The SimpleAuth Web Service is not working.
__

Event 12022

The Client Web Service is not working.
__

Event 12032

The Server Synchronization Web Service is not working.
__

Event 12012

The API Remoting Web Service is not working.
__

Event 12002

The Reporting Web Service is not working.
__

Event 13042

Self-update is not working.
__

That's a lot of errors and this is right after a WSUS reinstall. When I restarted, it seemed like it would work for a bit and then crash again.

After going into IIS Manager, I noticed that WSUS Pool has stopped under Application Pools. I dug around a bit and found that this is a memory issue for this particular application pool. 


In order to fix this, you have to select WsusPool and click Recycling.


Deselect Private memory usage (in KB)


Leave everything else the same and click Next. Then click Finish.


Now start WsusPool.




Now WSUS should start up for you.


Featured Post

How to enable WinRM via Group Policy

In order to remotely manage computers via Powershell, you must enable Windows Remote Management. Open Group Policy management. Creat...

Popular Tutorials