IIS stuck with old SSL Certificate despite of deleting it from Server

Follow me Recently one of out client requested to configure remote app publishing through windows 2012 server. After configuring all remote app setting it failed because of certificate error as Remote app requires a valid trusted certificate to be installed so that the clients can open the applications from their desktop icon.  We went ahead and generated a self signed certificate on the remote app server and assigned it correctly on the required sites in IIS by editing the binding settings. Refer the screen shot below However despite of these changes the server kept presenting the old server certificate and hence the remote app wasn’t able to connect. I even deleted the old server certificate from the server and rebooted the server but still it kept presenting the old certificate. I researched further and found the following commands to check the installed certificates on the server and delete them as needed. Following command (ran from command prompt) display the certificates installed on a server. Netsh Http Show Sslcert   As we can see in the screenshot above, this command did reveal that the old certificate (which I had already deleted from the server) was still present on the server. The old and new certificates can be identified from the certificate hash value.   I used the following command to delete the non required stale certificate from the server Following command (ran from command prompt) deleted the required certificate from the server. Netsh delete Sslcert Ipport=[::]:443 (please replace IP Port value with your required value After this SSL certificate was deleted we ran the following command again and validated that its showing only...

Windows 2012 R2: WMI failed to connect “Win32: The parameter is incorrect”

Follow me After deploying a DPM agent on Windows 2012 R2 server we weren’t able to get it communicate to DPM 2012 server. Understanding that DPM agent communication is dependent on WMI we tried to access the DPM server from Windows 2012 R2 file server via WMI and found it connecting alright.  However when we try to connect from DPM server to Windows 2012 R2 File server the connection was failing with following error. “Win32: The parameter is incorrect” After performing the usual clean boot etc on the 2012R2 server we finally figured that it had a software named VEEAM installed. Disabling and finally uninstalling the software resolved the issue for us. Hope this quick solution save you from pulling out your hairs, else feel free to report new issues at our forum for expert help or open paid support incident with us for quick help Follow me...

Windows 2012: RDP Black screen event ID 7011 A timeout (30000 milliseconds) was reached.

Follow me On a windows 2012 server, client reported RDP black screen randomly, it used to work fine for few days, probably even for months but randomly it used to get stuck on black screen and the only solution was to reboot the server. I have already written an article in this regard which covers most possible reasons for this issue.  You should make sure you  follow that before checking out this one,  this one is specifically if you have the event id 1711 on Windows Server 2012/R2 event log. Source:        Service Control Manager Date:          27-4-2012 7:28:01 Event ID:      7011 Task Category: None Level:         Error Keywords:      Classic User:          N/A Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Spooler service.   After ruling out all the obvious reasons on the server listed here, our research reveal that this RDP black screen issue is happening because of some printer drivers installed on the Windows 2012 server.  Although I am not very sure which printer drivers are causing this issue but following are the steps to resolve the concern. 1) Install all the pending windows updates on the server 2) Uninstall all possible printer drivers including PDF writers from the Server.  I recommend that you keep the drivers uninstalled for a monitoring period if possible, otherwise uninstall all the drivers and reinstall the latest copies of only the most required drivers that too, after completing all the steps below. 3) If HP drivers are installed on the server, ensure to either remove them or stop the services Net Driver HPZ12 and PML Driver HPZ12 (if present). 4) Remove...

Windows 2012 R2: Nslookup Fails to query the A record

Follow me Recently a Client reported that he was unable to access his website, We were able to ping the website but if  we  nslookup the same name it gives the error as shown in the screenshot.   It looked like the DNS wasn’t responding in that case the ping should also fail with destination not found error, but that wasn’t happening.  In any case we restarted the DNS server and DNS client service on the server ( this was the domain controller so had DNS installed on itself) but still the nslookup failed to resolve the name of the site. Interesting thing to note is that now we were able to open the website as well on the server but the nslookup was still failing. After having no progress in this troubleshooting, I thought about using some other tool, so I tried Port Query from the same server. I tried to reach google through it and surprisingly it was responding.   This step cleared explains that the server is able to resolve the names just fine ( as Portqry will also use the DNS server listed on this server to resolve the names) and its just the nslookup which is not able to resolve the names to IP. We concluded that nslookup on Server 2012 or probably just this server was buggy and the purpose to write this article was also to suggest not to entirely depend on nslookup on windows server.  Hope this information helps many of you out there. Feel free to report new issues on our forum for expert help or open a paid support incident...

Store Credentials in Remote Desktop Client

Follow me I have been facing this issue since long, Its with the Remote desktop client I use to connect to terminal server. Despite of me putting the check to remember password, it still repeatedly prompts for the credentials. This time I decided to fix the issue, hope this helps you as well The solution is really simple. Follow the steps below- 1. Open the CMD Prompt. 2. Type “gpedit.msc”, hit enter to open the local group policy editor, you can also do same from domain policies if the PC/Server is part of domain. 3. Navigate to- Computer Configuration\Administrative Templates\System\Ceredentials Delegation 4. Open the policy setting “Allow Saved Credentials with NTLM-only Server Authentication” (or “Allow Delegating Saved Credentials with NTLM-only Server Authentication”) 5. Click Enabled and click on “show” 6. Enter the server where we need to connect to with the stored credentials. Wildcard can be used so choose “TERMSRV/*” . 7. Close the screen and run “gpupdate”. After following the above steps, if it still requests for credentials then please reboot you PC. For any further assistance, feel free to start a new thread on our forum. Follow...

Transfer FSMO Roles- using GUI or Cmd Line

Follow me Active Directory has five special roles which are vital for its smooth running as a multimaster system. Some functions of AD require there is an authoritative master to which all Domain Controllers can refer to. These roles are installed automatically and there is normally very little reason to move them, however if you demoting a DC and DCPROMO fails to run correctly or have a catastrophic failure of a DC or you are Installing a new DC that is a lot more powerful than your old DC, you will need to know about these roles to recover or transfer them to another DC. The Five FSMO roles are divided in two Categories as shown in Image below The Roles There are five FSMO roles, two per forest, and three in every Domain. Forest Wide Roles:   Schema Master The schema is shared between every Tree and Domain in a forest and must be consistent between all objects. The schema master controls all updates and modifications to the schema. Domain Naming When a new Domain is added to a forest the name must be unique within the forest. The Domain naming master must be available when adding or removing a Domain in a forest. Domain Wide Roles: Relative ID (RID) Master Allocates RIDs to DCs within a Domain. When an object such as a user, group or computer is created in AD it is given a SID. The SID consists of a Domain SID (which is the same for all SIDs created in the domain) and a RID which is unique to the Domain. When moving objects between...